Semiconductor memory board and data-reading device

FIELD: digital memory technologies.

SUBSTANCE: board has rewritable power-independent memory and control circuit, means for storing address, pointing at limit between authentication area and non-authentication area, circuit for changing size of said areas. Reading device contains estimation means, reading information, pointing at number of times, for which digital data can be read, and playback means. Second device variant additionally has means for digital output of contents.

EFFECT: higher efficiency.

3 cl, 23 dwg

 

The technical field to which the invention relates.

The present invention relates to a map of a semiconductor memory for storing digital content and a data reader for reading digital content card with a semiconductor memory. More specifically the present invention relates to a map of a semiconductor memory and a data reader, suitable for copyright protection of digital content.

The level of technology

Technology multimedia network has evolved to such an extent that digital content, such as music content distributed via the communications network, for example via the Internet. This makes it possible to access the home of many music or the like, broadcast around the world. For example, music content can be downloaded to a personal computer (hereinafter referred to as PC), and then stored in the map semiconductor memory, is loaded into PC. Also a map of the semiconductor memory can be retrieved from a PC and can be downloaded in portable music player. This gives you the opportunity to listen to music while walking. Maps semiconductor memory are compact and light, contain semiconductor memory (e.g. flash memory), which is non-volatile and have a lot of for ominaisuus capacity.

This expansion of the digital music contents recorded on the map semiconductor memory must be pre-encrypted using a key or the like, to prevent unauthorized copying of digital content. You also need to take steps to program the software file management, many of which are standard on commercially available PC could not copy the digital content to other storage media.

One possible way to prevent unauthorized copying only specialized software program can access the map of the semiconductor memory. For example, when the authentication process between the PC card and the semiconductor memory is completed in the affirmative, the PC can access the map of the semiconductor memory, and when the authentication process is not completed in the affirmative due to the lack of specialized software program, a PC can't access the map of the semiconductor memory.

However, in the above method, in which the PC should always have the special program software for card access semiconductor memory, a free exchange of information with users across the map of poluprovodn is a similar memory is not available. In the above-mentioned method loses quality normal maps semiconductor memory, namely the quality of that program management software files, which are standard on commercially available PC, can be used for card access semiconductor memory.

Maps semiconductor memory, access to which can only be done through specialized software program, are the best storage media for storing digital content, such as maps of the semiconductor memory performs the function of copyright protection for digital content. Maps, however, the semiconductor memory has a problem in that they cannot be used as external storage devices in computer systems for General use.

The invention

Thus, the aim of the present invention is to develop a map of a semiconductor memory, which can be used as a storage medium for storage of digital content and as a storage media for storing computer data General purpose (which is not the object of copyright protection), as well as devices for reading data from storage media.

The above objective is achieved by card poluprovodn the ikovoy memory which can be used in an electronic device and retrieved from an electronic device containing a rewritable non-volatile memory; and a driver circuit which controls accesses by the electronic device to the authentication area and reauthentications area in a rewritable nonvolatile memory, in which the control circuit includes: a device access control reauthentication region, which controls access of the electronic device to reauthentications region; a device authentication that performs an authentication process to check whether the electronic device authorized for use of the card, a semiconductor memory, and thus affirmatively authenticated; and a control device to access the authentication area, which allows the electronic device to access the authentication area only when the device authentication in the affirmative authenticates the electronic device.

In the above-mentioned data structure, which is the object of copyright protection, can be stored in the authentication area, and other data can be stored in reauthentication area, which makes it possible to perform such a map a semiconductor memory, to which I can store digital content protected by copyright, and other data together.

In the map above semiconductor memory device authentication can generate the key, reflecting the result of the authentication process, and the device access control authentication area decrypts the encrypted command using the key generated by the device authentication, in accordance with the decoded command and the decrypted command is sent from the electronic device.

In the above structure, even if the connection between the card semiconductor memory and an electronic listening device, a command for access authentication of the encrypted area, reflecting the result of the previous authentication. Thus, this card is a semiconductor memory has a robust security feature authentication area from unauthorized access.

In the map above semiconductor memory device authentication can perform mutual authentication challenge-response type of electronic device and generates a key from the request data and response data, and query data are sent to an electronic device for checking whether the electronic device is correct, and the response data are generated to demonstrate that the device authentication is correct.

In the above structure the round key is shared card is a semiconductor memory and an electronic device only when both devices are in the affirmative authenticate each other. In addition, the key is changed for each authentication. This increases the degree of protection of the authentication field, since the authentication area cannot be accessed without using the key.

In the map above semiconductor memory encrypted command sent from the electronic device can include a field characteristic and the address field, and a field of characteristic not encrypted and specifies the type of access to the authentication area, the address field is encrypted and specifies the address to be accessed, in which the device access control authentication area decrypts the address field using the key, and controls accesses by the electronic device to the authentication area so that the access type defined in the field of sign occurs in the area specified by the address decoded address fields.

In the above-mentioned structure is encrypted only the address field of the command. This facilitates the decryption and decoding of the command card, a semiconductor memory, which accepts the command.

The above card is a semiconductor memory may further comprise a circuit storing identification data, which previously stores the identification data is e, which are unique to map a semiconductor memory, and gives the map a semiconductor memory different from the other cards in the semiconductor memory, in which the device authentication performs mutual authentication with the electronic device using the identification data stored in the schema memory identification data.

In the aforementioned structure in the process of mutual authentication takes place, the exchange of data unique to each card is a semiconductor memory. It supports the best level of protection from unlawful decoding of mutual authentication.

The above card is a semiconductor memory may further comprise a circuit changes the size of the area, which changes the size of the authentication area and reauthentications area.

In the above structure map of the semiconductor memory can be used dynamically. Then there is a map of the semiconductor memory can be used mainly as a recording media for digital content and can be used as an external storage device in a computer system.

In the map above semiconductor memory authentication area and reauthentication region can be created by splitting a continuous predetermined region is of size in the rewritable non-volatile memory into two regions, and scheme changes the size of the area changes the size of the authentication area and reauthentications area change of address, marking the border between the authentication area and reauthentications area.

In the above structure, the size of the authentication and deauthentication areas can only be changed by moving the boundaries. This reduces the size of the schema.

In the map above semiconductor memory circuit changes the size of the area may include a mapping table of the authentication field, which shows correspondence between logical addresses and physical addresses in the authentication area; a conversion table reauthentication region, which shows correspondence between logical addresses and physical addresses in reauthentication region; and a device to change the conversion table, which changes the contents of the conversion table of the authentication area and the mapping table reauthentication region, in accordance with the command from the electronic device, in which the device access control authentication field controls accesses by the electronic device to the authentication area by referring to the conversion table of the authentication area and the control device is a start to reauthentications the field controls access of the electronic device to reauthentications region by referring to the conversion table reauthentication area.

In the above structure, it is possible to separately control the authentication area and reauthentications area in relation to the size of the area and relationships between logical addresses and physical addresses, as conversion tables for these areas are managed independently.

In the map above semiconductor memory region addressed by higher physical addresses, and the area addressed by lower physical addresses that comprise a region having a predefined size, can, respectively, be allocated to the authentication area and reauthentications area conversion table reauthentication region shows correspondence between logical addresses, arranged in ascending order, and physical addresses, arranged in ascending order, and the conversion table of the authentication field shows correspondence between logical addresses, arranged in ascending order and physical addresses arranged in descending order.

In the above structure, which enables the use of logical addresses in ascending order, the size of the area can be easily changed, since the probability of using the area near the border between the authentication area and neaten ifications area becomes low.

This also reduces the likelihood of maintaining or moving data that you want to move the border, with the simplified change the size of the area.

The above card is a semiconductor memory may further comprise a circuit constant memory which pre-stores data.

In the above structure, the function of copyright protection increases the storage of the identity card of the semiconductor memory dedicated memory and storing the digital content based on the identification results based on the identification data.

In the map above semiconductor memory, each of the authentication area and reauthentications region may include a memory read/write from/to which the electronic device can read/write data; and a permanent storage area, from which the electronic device can read the data, but in which the electronic device is unable to write data, the control circuit further includes: a random number generator that generates a random number each time the electronic device writes the data into the rewritable non-volatile memory, and each of the device control access to the authentication area and make the Batwa access control reauthentication region encrypts data using a random number, and writes the encrypted data in the memory read/write and writes a random number in the permanent storage area.

In the above structure unlawful attempts, such as spoilage memory read/write, can be detected by checking the compatibility with the random number stored in continuous memory. This increases the protection of the data record.

In the map above semiconductor memory, the control circuit may further include a conversion table that shows correspondence between logical addresses and physical addresses in each of the authentication area and reauthentications region; and schema changes in the mapping table, which modifies the content of the conversion table, in accordance with the command from the electronic device, and the device control access to the authentication area and the device access control reauthentication area accessing electronic device to the authentication area and reauthentication area with reference to the conversion table.

In the above structure, even if the set of logical blocks constituting the same file to become fragmented, they can be easily modified to be logically accessible. This is valitsimet speed access to the same file.

In the map above semiconductor memory management scheme may additionally include a device encryption/decryption, which encrypts data written to the authentication area and reauthentication region and decrypts data read from the authentication area and reauthentications area.

In the above structure, it is possible to protect the authentication area and reauthentication the area from illegal intrusion, such as disabling maps semiconductor memory and a direct reading of the contents of these fields.

In the map above semiconductor memory long-term memory may be flash memory, and the control circuit further includes a reader undeletable list, which, in accordance with the command from the electronic device, identifies a non-removable field in the authentication area and reauthentications area and sends information indicating the undeletable region in the electronic device.

In the above structure, the electronic device can identify a non-removable area and remove identified uninstallable area before the flash memory is overwritten. This increases the speed of transfer.

In the map above semiconductor memory in which trojstvo authentication may prompt the user of the electronic device to enter a user key, which is information unique to the user during the authentication process, and the control circuit further includes a storage device of the user key, which stores the key of the user; a storage device identification, which stores a portion of the identification information identifying the electronic device, which affirmatively authenticated by the device authentication; and the device prohibition request key of the user that receives a portion of the identification information of the target electronic device after the identification device begins the process of identification, checks, stored whether a portion of the authentication information received from the target electronic device, the storage device identification, and prevents the device authentication prompt the user of the electronic device to enter the key of the user, when a portion of the authentication information received from the target electronic device is already stored in the storage device authentication information.

In the above structure, the user need not enter a password or personal data every time a user accesses a map of the semiconductor memory. This prevents a case of illegal wiretapping and ISOE is isawanya personal data.

The above objective is also achieved by a data reader for reading digital content with the above card is a semiconductor memory, and the digital content is stored in reauthentication map area of the semiconductor memory, and the information indicating the number of times the digital content can be read, pre-stored in the authenticated area, and a data reader contains an assessment tool that, when the digital content should be read from reauthentication region, reads the information indicating the number of times the digital content can be read from the authentication area, and evaluates whether to be read digital content based on the number of times specified information; and a playback tool for reading digital content from reauthentication region only when the evaluator assesses that the digital content can be read, and reduces the number of times the digital content can be read, the information stored in the authentication area.

In the above structure, it is possible to limit the number of times the digital content can be read from the card is a semiconductor memory. This allows you to apply the present izopet the tion paid for the rental of musical content.

The above objective is also achieved by a data reader for reading digital content with the above card is a semiconductor memory and play a few digital content as an analog signal, and digital content that can be reproduced as an analog signal, is stored in reauthentication map area of the semiconductor memory, and the information indicating the number of times the digital content can be digitally displayed by the electronic device, is stored in the authentication area, and a data reader contains playback tool for reading digital content from reauthentications the field and play a few digital content as an analog signal; an assessment tool for reading information indicating the number of times which digital content can be displayed in digital form by electronic device, and evaluating whether the digital content to be displayed in digital form on the basis of the number of times specified in the information; and means digital output to be output in digital form digital content only when the evaluator assesses that the digital content can be displayed in digital form, and reducing the number of times that the digital is obsessed can be displayed in digital form, the information stored in the authentication area.

In the above structure, it is possible to limit the number of times the digital content is copied in digital form from the map of the semiconductor memory. This provides protection of copyright, detailed warning and warning, as implied by the copyright owner.

As described above, the present invention is a map of a semiconductor memory, working as a recording device for storing digital content, and as an external storage device of the computer. The present invention, in particular, protects the secure distribution of digital content for distribution to electronic music, which is useful in practice.

Brief description of drawings

Figure 1 depicts the device of the PC, which is an embodiment of the present invention and refers to the spread of electronic music, and depicts the appearance of the card is a semiconductor memory that can be loaded into the PC and removed from your PC.

Figure 2 depicts the appearance of the player whose card is a semiconductor memory is used as the recording media.

Figure 3 is a block diagram depicting the structure of a technical PC support.

4 is a block diagram depicting the structure of the technical about the especiany player.

Figure 5 depicts the appearance and structure of the technical support card is a semiconductor memory.

6 depicts the different areas of the memory map semiconductor memory, which can be recognized by the PC and the player.

Figa, figv and figs represent constraints and formats of commands, when the PC or the player performs the access area on the card is a semiconductor memory. Figa depicts the rules that are followed to access each area. Figv depicts the rules that are followed to change the size of each area. Figs - schematic representation of the regions in the map of the semiconductor memory.

Fig is a block diagram depicting the process by which PC (or player) records music content or the like in the map of the semiconductor memory.

Fig.9 is a block diagram depicting the process by which a music content or the like is read from the card, a semiconductor memory and played back (reproduced) by the player (or PC).

Figure 10 is a block diagram depicting a procedure in which the player (or PC) controls the number of readings stored in the authentication area maps semiconductor memory.

11 is a block diagram depicting a procedure in which the player (or PC) controls the number of authorized digital output stored in the authentication area of the map floor is conductive memory.

Fig depicts a data structure which is common to the authentication area and reauthentications map area of the semiconductor memory, and also depicts a block diagram of the process of reading/writing corresponding data structure.

Figa - fig.13D depict the change in the relationship between logical addresses and physical addresses. Figa depicts the relationship before the change. Figv depicts the relationship after the change. Figs depicts the conversion table corresponding to figa. Fig.13D depicts the conversion table corresponding to figv.

Figa-fig.14D represent functions related to a non-removable blocks in the map of the semiconductor memory. Figa depicts the use of the logical and physical blocks. Figv depicts the list of uninstallable blocks corresponding to the usage status of the blocks depicted in figa. Figs is a flowchart depicting the procedure of the PC or the player to remove blocks before using the list of uninstallable blocks and delete commands. Fig.14D - table showing the state of use of logical blocks.

Fig depicts the sequence of interaction in authentication between the player and the card is a semiconductor memory, and also depicts the main components used in autentificat is I.

Fig depicts the sequence of interaction in the embodiment, authentication of the present invention between a memory card and an external device.

Fig depicts the sequence of interaction in the detailed procedure of mutual authentication, depicted on Fig.

Figa-pigs represent the state before changing the boundary between the authentication area and reauthentications area of the semiconductor memory. Figa card depicting the structure of the physical blocks in the flash memory. Figv depicts the conversion table, specialized for reauthentication area. Figs depicts the conversion table, specialized for authentication field.

Figa-pigs represent the state after changing the boundary between the authentication area and reauthentications area of the semiconductor memory. Figa card depicting the structure of the physical blocks in the flash memory. Figv depicts the conversion table, specialized for reauthentication area. Figs depicts the conversion table, specialized for authentication field.

The best variant embodiment of the invention

The embodiment of the present invention will be described with reference to the drawings.

Figure 1 - scheme is eticheskoe image PC, which downloads the digital content, as, for example, via the communications network and map a semiconductor memory (hereinafter referred to as a memory card), which can be downloaded to a PC or removed from the PC.

PC 102 includes a display 103, a keyboard 104 and a speaker 104 and is connected to the line 101 communication via modem, built-in PC 102. Unit 107 records the memory card inserted in the card slot (slot 105 input of a recording device, a memory card) PC 102. The slot 105 input of a recording device, the memory card is based on the standards of the international Association of manufacturers of memory cards for personal computers (PCMCIA) or the like. Unit 107 records the memory card is an adapter that electrically connects the PC 102 and map memory 109. Card memory 109 is inserted into the slot 108 of the card device 107 records the memory card.

The user receives the music data from the content provider over the Internet, using the above system and the following procedure.

First, the user loads the desired music content to the hard disk in the PC 102 via line 101 communication. However, because of the musical content is encrypted, the user is required to perform a specific procedure for playing the received music content on your PC 102.

For playing the received format music-detachab the aqueous content, the user must pay costs to the content provider, using a credit card or the like in advance. When the user will bear the cost, the user receives the password and information rights from the content provider. The password is the key used by the user to decrypt the encrypted music content. Information rights shows the various conditions under which the user is authorized to play content on your PC, such as the number of playbacks allowed, the number of allowed entries in the memory card, the expiration date that specifies the amount of time allowed for the user to play the content.

After receiving the password and information rights the user when it intends to bring the music from the loudspeakers 106 PC 102, enters the password through the keyboard 104 to the PC 102, simultaneously running on the PC 102 specialized application program (hereinafter referred to as the application), having the function of copyright protection. The application then checks the information of the rights, decrypts the encrypted music content using the password, loses encrypted music contents to output audio information from the speaker 106.

When information rights specifies that the contents is allowed to write to the memory card, the application can write the encrypted music data, password, and information Ave is in on the map 109 memory.

Figure 2 is a schematic depiction of a portable device copy/playback (hereinafter referred to as the player) 201 for which card memory 109 is used as the recording media.

On the upper surface of the player 201 installed device 201 of the liquid crystal display and operating keys 203. On the front side of the player 201 is formed the slot 206 of the card and the communication port 213, where the card memory 109 is inserted into the slot 206 of the card, the communication port 213 is in the form of upsh (universal serial bus) or similar device and is connected to the PC 102. On the side of the player 201 is formed analog output pin 204, a digital output pin 205 and the analog input pin 223.

The player 201 after map 109 memory that stores music data, password, and information rights, is loaded into the player 201, checks the information rights. When the music is allowed to play, the player 201 reads the music data, decrypts the read music data, converts the decoded music data to an analog signal and outputs the sounds of the analog signal through the headphones 208 connected to the analog output pin 204. Alternative player 201 outputs digital data of music data in the digital output pin 205.

The player 201 can also pre is brazability analog audio, which is inserted in the player 201 through a microphone or the like through the analog input pin 223, into digital data and stores the digital data in the map memory 109. The player 201 can also download music data, password, and information copyright from the PC 102 via the communication port 213 and write the downloaded information in the map memory 109. That is, the player 201 can replace the PC 102 and the device 107 records the memory card depicted in figure 1 in terms of recording musical data on the map 109 memory and playback of music data recorded on the card memory 109.

Figure 3 - block diagram depicting the structure of the technical support of PC 102.

PC 102 includes a CPU (Central processing unit) 110, a persistent storage device (ROM) 111, pre-storage key 111a device and a control program 111b, a RAM 112, a display 103, a communication port 113, which includes a modem port is used to connect to line 101 communication, and upsh (universal serial bus), used to communicate with the player 201, a keyboard 104, the internal bus 114, the unit 107 records the memory card connecting map 109 memory and the internal bus 114, the decoder 117 to decrypt the encrypted music data read from the card memory 109 the decoder 118 AAS (async-address communication), corresponding to the international standard of communication services in under the Erika network media the recording media MPEG2-AAC (IS13616-7) for decoding the decrypted music data, D/a (digital to analog) Converter 119 for converting the decoded digital music data into an analog audio signal, a speaker 106 and the hard disk 120, which stores a software program for managing files and application.

PC 102 can perform the following:

(1) use map 109 memory as an external storage device having an independent file system (for example, IS9293), which have hard drives when running program, software management files stored on the hard disk 120,

(2) download music contents or the like from the line 101 communicate through the modem port communication port 113 when running a specialized application that is stored on the hard disk 120,

(3) remember the music content or the like on the map 109 memory after mutual authentication, and

(4) to read music contents or the like from the map 109 memory and outputting the read contents to the speaker 106 for playback.

Key 111a device, stored in the ROM 111 is a secret key that is unique to the PC 102, and is used, as will be described later, for mutual authentication or the like.

4 is a block diagram depicting the structure of the technical support of the player 201.

The player 201 includes a CPU 210, a ROM 211, Zara is it keeps the key 211A device and a control program 211b, random access memory (RAM) 212, the device 203 of the liquid crystal display, a communication port 213 performed upsh or the like, is used to connect to the PC 102, operating keys 202, the internal bus 214, the device 215 And/f (interface)connecting map 109 memory and the internal bus 214, the circuit 216 authentication to perform mutual authentication with the card 109 memory, the decoder 217 to decrypt the encrypted music data read from the card memory 109, the decoder 218 AAS, corresponding to the international standard MPEG2-AAC (IS13818-7) for decoding the decrypted music data, a d/a Converter 219 for converting the decoded digital music data into an analog audio signal, the speaker 224, the a/d Converter 221 for converting the analog audio signal derived from an analog input pin 223 in the digital music data, the encoder 220 AAC compliant MPEG2-AAC (ISO13818-7), to encode the music data decoder 222 for decoding the encoded music data, analog output pin 204, a digital output pin 205 and the analog input pin 223.

Player 211 loads the control program 211b from the ROM 211 in the RAM 212, to allow the CPU 210 to execute the control program. When the player 201 can please take the to music content from the card memory 109, play and display a few of the musical content in the speaker 224. and can remember the music content that is input through the analog input pin 223 and the communication port 213 in the map memory 109. That is, the user can use the player 201 not only backup and play music personally, as with ordinary player, but also for copying and playing of such music content (copyrighted), when distributed by the distribution system of electronic music and loads the PC 102.

Figure 5 depicts the appearance and structure of the technical support card 109 memory.

The memory card 109 contains a rewritable long-term memory, in which data can be recorded again. Rewritable long-term memory has a capacity of 64 MB and is controlled by the supply voltage of 3.3 V and a clock signal supplied from external sources. Card memory 109 is a rectangular parallelepiped with a thickness of 2.1 mm, a width of 24 mm and a length of 32 mm memory Card is provided by the security key entry on his side and electrically connected with the external device via the 9-pin connector formed on the end of the map 109 memory.

Map 109 memory contains three chip IC (integrated circuits): managing IP 302, memory 303, a ROM 304.

Flash PA is the best 303 is erasable, a rewritable non-volatile flash memory block erase and includes a logical memory areas: authentication area 332 and reauthentication region 331. Access to the authentication area 332 may be carried out only by devices that are authenticated as authorized to use the card of the semiconductor memory device. Access to reauthentications area 331 can be carried out by devices, whether authenticated or not. In the present variant embodiment of the authentication area 332 is used to store important data relating to the protection of copyright and reauthentication region 331 is used as an external storage device in a conventional computer system. Note that a specific address in the flash memory 303 is used as the boundary between these two areas of memory.

The ROM 304 includes a memory area which is an area to read-only and is called the special area. Special area pre-stores information that includes: an identifier (ID) 341 media, which is the ID card 109 memory; and the name 342 manufacturer, which specifies the name of the manufacturer of the card memory 109. Note that the ID 341 media is unique to the card memory 109 and the difference of the map 109 memory from other cards in the semiconductor memory, and that ID 341 media is used for mutual authentication between the device and is used to prevent unauthorized access to authentication region 332. The control IC 302 is a control scheme consisting of active elements (logic gates or the like) and includes a device 321 authentication device 322 management of teams, the device 323 storage master key, device 324 control access to a specific area, the device 325 control access to the authentication area, the device 326 access control reauthentication area and circuit 327 encryption/decryption.

The device 323 authentication is a scheme that performs mutual authentication challenge-response type with remote device attempting to access the map memory 109. Device authentication 321 includes a random number generator and encryption appliance and authenticates the remote device as authorized to use the card of the semiconductor memory device upon confirmation that the remote device is the same device encryption as a logical device. Note that when mutual authentication challenge-response type both of two devices when communicating perform the following: a logical device first sends the data call to the remote device, the remote device in response generates response data by processing the received data visually certification of the correctness of the remote device and sends the generated response data to the logical device, but the logical device evaluates whether the remote device is correct by comparing the data call response data.

The device 322 management of teams is the controller comprising a decoding circuit and the drive circuit. Decoding scheme identifies the command (the command to the card memory 109)entered via command-contact, and performs the identified command. The device 322 management of teams controls the components 321 through 327, in accordance with the received commands.

Commands received by the unit 322 controls the evaluation of the received commands include commands to read, write, and delete data from/in the flash memory 303, and the commands for controlling the flash memory 303 (commands related to the address space, irremovable data and so on).

For example, relative to the read/write data command protected read account address and the command is write protected account addresses are defined as commands to access the authentication area 332, and the read command account address and the write command account addresses are defined as commands to access reauthentication region 331. In the above commands "address" is the serial number of the first sector of a sequence of sectors from which data is read or to which Zap the studying team. "Account" is the total number of sectors from which data is read or to which data is written by the team. "Sector" is a unit representing the amount of data read from the card memory 109 or recorded on the card memory 109. In the present embodiment, one sector is 512 bytes.

The device 323 storing the master key in advance stores a master key a used remote device during the mutual authentication, and is used to protect data in the flash memory 303.

Device 324 control access to a special area is a circuit for reading information, such as ID 341 media from a specific area (ROM) 304.

Device 325 control access to the authentication area and the device 326 access control reauthentication region are diagrams for read/write data from/in the authentication area 332 and reauthentications region 331, respectively. Each device 325 and 326 sends/receives data to/from an external device (PC 102, the player 201 and so on) through four contact data.

It should be noted here that the device access control 325 and 326, each contains the buffer memory is equal to one block (32 sector or 16 Kbytes), and logically introduces/outputs data in units of sectors to/from region 332 or 31 in response to a command issued by the Yu from the external device, although it introduces/outputs data in units of blocks, when the flash memory 303 is overwritten. More specifically, when a sector in the flash memory 303 should be overwritten, the device 325 or 326 access control reads data from a block including the sector of the flash memory 303, immediately remove the block in the flash memory 303, overwrites the sector in the buffer memory, then writes the data block, including the overwritten sector in the flash memory 303.

Diagram of the encryption/decryption 327 is a circuit that performs encryption and decryption using the master key a stored in the device 323 storage master key, running devices 325 control access to the authentication area and the device 326 access control reauthentication area. Scheme 327 encryption/decryption encrypts data before writing data in the flash memory 303 and decrypt the data after reading the data from the flash memory 303. These operations of encryption and decryption are performed to prevent illegal actions, such as actions decryption card 109 memory, analyzing the contents of the flash memory 303 directly and theft of the password from the authentication area 332.

It should be noted that the control IC 302 includes a synchronization scheme, the area of the volatile memory and the region of non-volatile memory, and basically the components 321 through 327. The timing circuit generates an internal clock signal synchronous with a clock signal supplied from a clock contact, and supplies the generated clock signal to each component.

To protect information stored in a special area (ROM) 304 against tampering by unauthorized persons special area (ROM) 304 may be embedded in the management of IP. Alternative information can be saved in the flash memory 303. In this case, the device 324 control access to a special area may impose restrictions on the entry of data into information or circuit 327 encryption decryption can encrypt the information before the information is stored in the flash memory 303.

6 depicts various memory areas in the map memory 109, which can be recognized by the PC 102 and the player 201. Memory card 109 of the memory are divided into three main areas: special area 304; authentication area 332; and reauthentication region 331.

Special area 304 is an area only for reading. Specialized command is used to read data from a specific area 304. Read/write data from/in the authentication area 332 is possible only when the authentication between the PC 102 or the player 201 and card memory 109 confirmed. The encrypted command is used the La access to the authentication area 332. Access to reauthentications area 331 can be performed by teams of open source, as, for example, the commands corresponding to the standard ATA (connection AT (advanced technology)or SCSI (small computer system interface). That is, data can be read/written from/to reauthentications region 331 without authentication process. Thus, the software program file management as a standard tool on the PC 102, can be used to read/write data from/to reauthentications region 331, as with ATA flash or compact flash.

The three main areas of store types of information as shown below, which provides a function as an external memory device of conventional PCs and function to protect the copyright of the music data distributed by the distribution system of electronic music.

Reauthentication region 331 stores the encrypted content 426, data 427 user, etc. Encrypted content 426 is music data, which is the subject of copyright protection and encrypted. Data 427 user are normal data unrelated to copyright protection. The authentication area 332 stores the key 425 encryption, which is the secret key used to decrypt encrypted the CSOs content 426, stored in reauthentication region 331. Special area 304 stores the ID 341 media, which is required to access the authentication area 332.

PC 102 or the player 201 first reads the ID 341 media from a specific area in the map 304 109 memory, loaded it, and then extracts the key 425 encryption and information rights of the authentication area 332, using ID 341 media. When confirmed from the information rights that the encrypted content 426 stored in reauthentication region 331, allowed to lose, the encrypted content 426 can be read and played at the same time, being decrypted using the key 425 encryption.

Now suppose that the user writes only the music data that is obtained illegally in reauthentication area 331 in the map 109 memory using the PC 102 or the like, and then trying to play music data from the map memory 109 loaded in the player 201. In this case, despite the fact that reauthentication area 331 in the map memory 109 stores the music data, the key 425 encryption or information copyright, the corresponding music data is not stored in the authentication area 332. Therefore, the player 201 is unable to play back music data. With such a structure, in which, when only the musical content koperweis the map 109 memory without authorized encryption key or information rights music content cannot be played, the unauthorized copying of digital content is prevented.

Figa, figv and figs represent constraints and formats of commands, when the PC 102 or the player 201 accesses a region in the map memory 109. Figa depicts the rules that are followed in order to access each area. Figv depicts the rules that are followed to change the size of each area. Figs - schematic representation of the regions in the map memory 109.

Special area 304 is an area to read-only and can only be accessed by a specialized team without authentication process. ID 341 media, stored in a special area 304, is used to generate or decryption of the encrypted command, which is used to access the authentication area 332. More specifically, the PC 102 or the player 201 reads the ID 341 media, encrypts the command used to access the authentication area 332, and sends the encrypted command in map memory 109. After receiving the encrypted command card memory 109 decrypts the encrypted command using the ID 341 media, interprets and executes the command.

Authentication area may be available only when confirmed by the authentication between the device attempting to access carte memory 109, as, for example, the PC 102 or the player 201 and card memory 109. The size of the authentication area 332 is equal to the size (YYYY+1) sectors. That is, the authentication area 332 consists of sector 0 to sector YYYY (YYYY-th sector) logically and consists of sectors with the address XXXX-th sector to address (XXXX+YYYY)-th sector in the flash memory physically. Note that the addresses of the sectors are numbered sequentially assigned a unique all sectors constituting the flash memory 303.

Reauthentication area 331 can be available a standard command corresponding to the standard ATA or SCSI. Size reauthentication region 331 is equal to XXXX sectors. That is reauthentication region 331 is logically and physically consists of sector 0 - (XXXX-1)-th sector.

It should be noted here that the alternative block area 501 can be allocated in the flash memory in advance. Alternative block area 501 is a group of alternative blocks that are used to replace defective blocks (blocks that have defective memory area from which data cannot be read/written normally in the authentication area 332 or deauthentication region 331.

In the present variant embodiment of the special region 304 may not be accessible without authentication. However, to prevent illegal analysis Liu is diversified individuals special region 304 may be made available only in this device, which is authenticated in the affirmative, or the commands used to access a special area 304 can be encrypted.

Now change the size of the authentication area 332 and reauthentications region 331 will be described with reference to figv and 7C.

The full capacity of the memory of the authentication area 332 and reauthentications area 331 in the flash memory 303 is equal to the capacity (XXXX+YYYY+1) sectors, which is a fixed value obtained by subtracting the alternative block area 501 and from all other memory locations in the flash memory 303. The sizes of areas 332 and 331 are each variable and can be changed by changing the value of XXXX address boundaries.

The first step in the procedure to change the size of the region is performing user authentication. This authentication is performed to prevent any users to easily change the size of the area using one of the standard programs, equipment, common among PC users, or a software program intended for illegal access. After authentication is completed, the size reauthentication region 331 (number of new sectors XXXX) is sent to the map 109 memory, using a specialized command to resize the area.

Map memory 108 after receiving the above is a specialized command to change the size of the area remembers the value of XXXX in long-term memory or the like in the map memory 109, then controls subsequent accesses to the authentication area 332 and reauthentications region 331, using the value of XXXX as the new address of the border. More specifically, the map memory 109 assigns physical sector 0 - XXXX-th sector in the flash memory 202 for reauthentication region 331, and XXXX-St - (XXXX+YYYY)-th sector to the authentication area 332. Device 325 and 326 access control performs the address conversion between a logical address and a physical address, and controls the generation of incorrect access outside the allocated area of memory. It should be noted here that the logical addresses recognized by the external device as the address space map data memory 109, corresponding to the values used in commands, and that physical addresses are addresses in the data space of the flash memory 303 contained in the map memory 109.

If the authentication area 332 is increased in size by reducing the address of the border, from the device you will need to maintain the logical compatibility before and after the change of address. To this end, all the data stored in the authentication area 332, for example, are moved (copied) to smaller locations on the value of reduction of the address boundaries. With this device the physical addresses correspond to the new logical addresses, starting with the new address of the border. With this device the space data of the authentication area 332 is increased, while the logical address for the data stored in the authentication area 332 are supported.

Specialized command to change the size of the area can be encrypted before using to prevent unauthorized access.

Fig is a block diagram depicting a procedure in which the PC 102 (or the player 201) writes music content or the like in the map memory 109. In the following description assumes that the PC 102 writes the music data in the map memory 109 (s601).

(1) PC 102 performs authentication challenge-response type device 321 authentication card 109 memory using the key device 111a and the like, and extracts the key a from the map memory 109, when authentication is confirmed (s602).

(2) PC 102 then retrieves the ID 341 media from a specific area in the map 304 109 memory, using specialized team (s603).

(3) PC 102 then generates a random number and generates the password used to encrypt the music data extracted from the master key a and ID 341 media (s604). In the above step, a random number is generated, for example, the data encryption key (random number)that is sent to the map 109 of the memory during the authentication process the requirements.

(4) the Generated password is encrypted using the master key a and ID 341 media, is then recorded in the authentication area 332 as key 425 encryption (s605). By this time, before the data (key 425 encryption) are transmitted, the command to write data to the authentication area 332 will be encrypted and sent in a card memory 109.

(5) Musical data is encrypted using the password and stored in reauthentication region 331 as encrypted content 426 (s606).

Fig.9 is a block diagram depicting a procedure in which a music content or the like is read from the map memory 109 and is played by the player 201 (or PC 192). In the following description assumes that the music data stored in the map memory 109, played by the player 201 (s701).

(1) the Player 201 performs authentication challenge-response type device 321 authentication card 109 memory using the key 211A device and the like, and extracts the key a from the map memory 109, when authentication is confirmed (s702).

(2) the Player 201 then retrieves the ID 341 media from a specific area in the map 304 109 memory, using specialized team (s703).

(3) the Player 201 then retrieves the key 425 encryption music data of the authentication area 332 in the map memory 109 (S704). By this time, peredam, as data (key 425 encryption) read command to read data from the authentication area 332 will be encrypted and sent in a card memory 109.

(4) the key 425 encryption is decrypted using the master key a and ID 341 media to retrieve password (s705). This step is the reverse of encryption step step s605 encryption depicted on Fig.

(5) the Encrypted content 426 is read from reauthentication region 331 and is decrypted using the password that you extracted in step s705, at the same time the decrypted content is played as music (s706).

As described above, music data stored in reauthentication area 331 in the map 109 memory cannot be decrypted without the key 425 encryption stored in the authentication area 332. Thus, even if illegal music data is copied to another memory card, the copied music data cannot be normally played. Thanks to this structure protected by the copyright of the music data.

As described above, only the devices that are authenticated Yes, it is allowed to access the authentication area in the memory card. This structure provides protection of copyright, in which only devices that meet certain conditions, the resolution is trying to access the authentication area in the memory card. This is performed by using a key device, the encryption algorithm or the like, which are used for authentication.

In the above example, when the encrypted content is recorded in the card memory 109, the first password used in the encryption is encrypted using the master key and the media ID, then the encrypted password is stored in the authentication area 332 as the encryption key (s605). However, either the master key or media ID can be used to encrypt the password. This structure simplifies the encryption and provides such quality that the size of the circuit card memory 109 or the player 102 is reduced, although there is a probability that the intensity weakens encryption.

In the above example, the player 201 and the PC 102 can retrieve the master key a from the map memory 109 only when the authentication is confirmed. However, the main key a can be built into the player 201 or PC 102 in advance. Alternate master key a can be encrypted and stored in a special area 304 as encrypted master key.

Now will be described two examples of use of the authentication area of the memory card. In two examples, the number of reads and the number of permitted digital outputs" are stored in the authentication area, respectively.

Figure 10 is a Ki is a block diagram, depicting a procedure in which the player 201 (or PC 102) controls the number of readings 812 stored in the authentication area in the map memory 109. In this example, the player 201 can play back music data stored in reauthentication area 331 in the map memory 109 as audio as many times as indicated by the number of readings 812 stored in the map memory 109 (s801).

(1) the Player 201 performs authentication challenge-response type device 321 authentication card 109 memory using the key 211A device and the like, and extracts the key a from the map memory 109, when authentication is confirmed (s802).

(2) the Player 201 then retrieves the ID 341 media from a specific area in the map 304 109 memory, using specialized team (s803).

(3) the Player 201 then retrieves the key 425 encryption music data of the authentication area 332 in the map memory 109 (s804). By this time, before the data (key 425 encryption) is read, the command to read data from the authentication area 332 will be encrypted and sent in a card memory 109.

(4) the Player 201 then retrieves the number of readings 812 of the authentication area 332 in the map 109 memory and checks the number of readings 812 (s804). When the number specifies the permits unrestricted read, the player 201 plays music in accordance with the procedure of the Oh (s704 no s706), depicted in Fig.9 (s806 on s808).

(5) When the number of readings 812 0 estimated that no reading is not allowed (s805), and the playout process ends (s809). When the number of readings 812 is equal to some value other than 0, and does not specify a valid unrestricted read, the player 201 reduces the number by one, writes the resulting number in the authentication area 332 (s805), then plays music in accordance with the procedure (s704 in s706), depicted in Fig.9 (s806-s808).

As described above, the player 201 has the ability to control the number of times the player 201 plays music, pre-storing the number of reads 812, which show the number of times that can be played the music. This gives the possibility to apply this method to the analog music playback obtained, for example, through rolling CDs or terminal kiosks (interactive vending machines for music distribution that is connected to the network).

It should be noted here that the "reading time" may be stored instead of the number of reads 612 for the imposition of restrictions on the total time that the musical content can be played. An alternative may instead store the combined information of the number of times the playing time. As another example, the number of readings 812 can is to be reduced, when the content is supported by playing a certain period (for example, 10 seconds). As another example, the number of readings 812 may be encrypted, and then stored, so that information is protected from a fake.

11 is a block diagram depicting a procedure in which the player 201 (or PC 102) controls the number of authorized digital output 913 stored in the authentication area in the map memory 109. In this example, the player 201 can read music data from reauthentication area 331 in the map 109 memory and outputting the read music data as many times as indicated by the number of authorized digital output 913 stored in the map memory 109 (s901).

(1) the Player 201, as in steps s701-s705 shown in Fig.9, performs authentication with the card memory 109 to retrieve the master key a (s902), extracts the ID 341 media (s903), extracts the key 425 encryption (s904), and retrieves the password (s905).

(2) the Player 202 then retrieves the number of authorized digital output 913 of the authentication area 332 in the map 109 memory and checks the number of allowed numeric conclusions 913 (s906). When the number indicates the validity unlimited digital output, the player 201 reads the encrypted content 426 of reauthentications region 331 and decrypts the encrypted content 426 in the digital data using the password retrieved n is the step s905, and outputs the decrypted digital data from a digital output pin 205 as music data (s909).

(3) When the number of authorized digital output 913 0 estimated that no digital output is not allowed (s908), and the data is played back only analog output (s908). More specifically, the encrypted content 426 is read from reauthentication region 331 and the music is playing, while the content is encrypted using the password (s908).

(4) When the number of authorized digital output 913 is set to a value other than 0, and shows the validity of unlimited digital output, the player 201 reduces the number by one, writes the resulting number in the authentication area 332 (s907), then reads the encrypted content 426 of reauthentications region 331, decrypts the encrypted content 426 in the digital data using the password that you extracted in step s905, and outputs the decrypted digital data from a digital output pin 205 (s909).

As described above, the number of digital output from the player 201 can be controlled by keeping the number of authorized digital output 813 in the authentication area 332 in the map memory 109. This gives the possibility to apply this method to digital music playback, obtained, for example, through rolling CDs or terminals, kiosks, i.e. digits is the possibility of duplication of music data, stored in the memory card, may be allowed a certain number of times in the authority of the copyright owner.

It should be noted here that, as with the "number of readings", "allowed time digital output can be stored instead of the number of authorized digital output 913 for the imposition of restrictions on the total time that can output digital data of the music content. An alternative may instead store the combined information on the number of digital pins and play time. As another example, the number of authorized digital output 913 can be reduced when the content is supported output after a certain period (for example, 10 seconds). As another example, the number of authorized digital output 913 may be encrypted, and then stored, so that information is protected from a fake.

May be added the feature that the number of authorized digital output can be increased to a number that is determined by the copyright owner, in accordance with the responsibility that is given to the copyright owner.

Now will be described the physical data structure (the structure of the sector and block QC (correcting code) card memory 109.

Card memory 109 receives such a data structure, suitable to prevent illegal dei is of textbooks, related to copying or restoring the data stored in the flash memory 303 and to prevent illegal actions related to the fake data. This data structure is adopted because of the need to deal with the illegal operations that can be performed with respect to the above-mentioned ways in which the "number of readings" or "the number of permitted digital outputs" is stored in the authentication area 332 and the value decreases each time the process is running.

More specifically, the music can be re-played after all the data recorded in the flash memory 303, copied to the external auxiliary memory device or the like. However, when the number of allowed operations playback becomes 0, the music can be played again and again restoring the copied data. Also music can be illegally lost again fake number of readings. In the result, you should take some measures to prevent such illegal activities.

Fig depicts a data structure that is shared authentication and deauthentication areas 332 and 331 card memory 109, and also depicts a block diagram of the process of reading/writing corresponding data structure.

In this example, the counter value generated by the generator is Thor 103 random number device 321 authentication from the control IC 302, used as a key variable conversion.

16-byte region 1005 extension is assigned to each of the 512-th byte sectors 1004 in the flash memory 303. Each sector stores data that is encrypted using the value of the counter. Region 1005 extension consists of data 1006 QC and field 1007 with a variable conversion. Data 1006 QC (correcting code) are 8-byte data, which is the QC for the encrypted data stored in the current sector. Region 1007 variable round trip time is equal to 8 bytes and stores the counter value used to generate the encrypted data stored in the current sector.

It should be noted here that only the sectors 1004 can be accessed logically (i.e. by using the open command or the like) and that only the region 1005 extensions can be available physically (i.e. to be a managed device that reads/writes data from/in the memory card).

With the above structure unlawful tampering can be prevented by comparing the data sector with the contents of the field 1007 with a variable time of treatment, even if the data sector are forged using the command or the like, the contents of the field 1007 with a variable conversion is not changed.

More specifically, the PC 102 or the player 201 writes/is cityway data to/from the authentication area 332 or deauthentication area 331 in the flash memory 109, following the procedure shown below in units of sectors 1004. First will be described a procedure in which the PC 102 writes the data in the map memory 109 (S1001).

(1) PC 102 requests a map memory 109 to give the value of the counter. In response to this request, the control IC 302 in the map memory 109 generates a random number using the generator 1003 random number contained in the control IC 302 (S1005), and sends the generated random number in the PC 102 as the value of the counter (s1002).

(2) the Password is generated from the received counter value and the master key a and ID 341 media, which has already been obtained (s1003).

(3) One sector of the recorded data is encrypted using a password, and is sent to the map memory 109 (s1004). Together with the encrypted data (i) information that identifies the location of the sector, which should be written to the encrypted data, and (ii) the value of the counter used for encryption, sent to map 109 memory.

(4) Card memory 109 writes the encrypted data in a particular sector 1004 (s1006).

(5) QC is obtained by calculation of the encrypted data and the obtained QC is recorded in the region 1005 expansion as data 1006 QC (s1007).

(6) the counter Value received together with the encrypted data, is recorded in the region 1007 variable access time (s1008).

Next will be described a procedure in which the PC 102 read the em data from the map memory 109 (s1001).

(1) PC 102 requests a map 109 memory to read the data defining the location of the sector from which the data should be read. After receiving the query, the map memory 109 first reads the encrypted data from a particular sector 1004 and outputs the read data to the PC 102 (s1016). PC 102 receives the encrypted data (s1012).

(2) Card memory 109 then reads the counter value from the current sector of the region 1007 with a variable conversion in the field 1005 extension corresponding to a particular sector 1004, and sends the read value of the counter in the PC 102 (s1017).

(3) the Password is generated from the read counter value and the master key a and ID 341 media, which has already been obtained(s1014).

(4) the encrypted data is decrypted using the password (s1005).

Here, if the data in the sector 1004 changed by the forgery or the like, illegal action, decryption fails because of a mismatch between the counter value read from the field 1007 with a variable conversion.

As described above, the flash memory 303 contains the region 1007 with varying degrees of conversion, the invisible region, which may not be visible (available) users. Data is encrypted and stored using a password, which is generated using a counter value stored in the field 1007 with a variable conversion. With this structure the swarm data are protected against unauthorized tampering by users.

In the above example, the region 1007 with a variable time treatment is provided in a region 1005 extension for storage of QC. However, it is possible to provide the region 1007 with a variable conversion to another area in the flash memory 303, provided that the data stored in the field cannot be changed from outside the memory card.

In the above example, a random number is used as the value of the counter. However, the counter value may be a value of the timer indicating the time, which varies every moment, or it may be the number of times that data is written in the flash memory 303.

Now will be described an example relationship between logical addresses and physical addresses in the flash memory 303.

Figa-fig.13D represent a change in the relationship between logical addresses and physical addresses. Figure 1 depicts a dependence FOR before the change. Figv depicts the dependence after the change. Figs depicts a table 1101 conversion corresponding figa. Fig.13D depicts a table 1101 conversion corresponding figv.

Table 1101 conversion is a table in which all the logical address (on figa-fig.13D sequence number of logical blocks) are stored with the corresponding physical addresses (figa-fig.13D serial numbers of the physical blocks composing the x flash memory). Table 1101 conversion is stored in long-term field in the control IC 302 or the like and the link to it is performed by a device 325 control access to the authentication area or device 326 access control reauthentication area when, for example, a logical address is converted to a physical address.

The device that accesses the map 109 memory, cannot write data in all the storage space that physically exist in the map memory 109 (i.e., all the physical blocks constituting the flash memory 303), but can only write data in the logical data space (logical blocks), which are logical addresses.

The above device is made, for one reason, with the option to save to an alternative area that was filling the area from which data cannot be read/written from the partial defect in the flash memory 303. Even if a defective block is replaced by an alternative unit, this change mapping table to reflect the change in compliance between logical and physical block, enables the flash memory 303 is not to inform the external device that any defect has occurred. This is due to the fact that each file is supported logical continuity, which corresponds to the noreste contiguous physical blocks.

However, the fragmentation of logical blocks is increased when, for example, a file consisting of many blocks, re-memorized or deleted to/from the card memory 109. A concrete example of this is depicted in figa on which logical addresses (0 and 2) logical blocks that make up the "file 1", are discontinuous.

When, for example, such nutriwest logical blocks takes place, the music data cannot be written into the continuous logical area in the map memory 109. This makes it necessary issuing a write command to write the bill addresses" for each block, resulting in a decrease in the recording speed. Similarly, it makes necessary the issuance of a read command to read the bill addresses" for each block, even in the case when music data of one motif must be read, making playback in real-time musical data difficult.

To solve the above problem, the management IP 302 card memory 109 has the function to overwrite the table 1101 conversion on the basis of commands issued from an external device. More specifically, when a specialized command to overwrite the table 1101 conversion is entered from the command-contact control IC 302 card memory 109 interprets specialized team and overwrites the table 1101 conversion using the parameter, to the that is sent after a specialized team.

The above operation will be detailed using the example depicted in FIGU-fig.13D. Suppose that before a specialized command is accepted, the flash memory 303 contains data constituting the file "file 1" in the locations specified physical addresses 0 and 2, and data constituting the file "file 2", in the location specified by the physical address 1, as shown in figa, and that table 1101 conversion represents that the logical addresses correspond to physical addresses. That is, in the logical addresses and the physical addresses of data "file 2" is located in the middle of the data "file 1".

With the intention of solving the above-mentioned state of the external device sends the above-mentioned specialized command and option in the flash memory 303, pointing to preserve the continuity of "file 1". The device 322 management assessment team card memory 109, in accordance with a specialized command and parameter overwrites the table 1101 conversion, as shown in fig.13D. Figv depicts the relationship between logical and physical addresses in the flash memory 303 after the above sequence of operations.

As is clear from FIGU, although the location of the physical blocks has not changed, the logical blocks that make up the "file 1", moved to be consistent. With these the device, the external device can access the "file 1" with greater speed, than previously, in subsequent accesses.

Table 1101 conversion can be overwritten, as described above, not only to solve the fragmentation of logical blocks, but also to change the size of each of the authentication area 332 and reauthentications area 331 in the flash memory 303. In the latter case, it is possible to move an area with high speed, because the table 1101 conversion is rewritten so that the physical block to be small, is in a physical block to become large.

Now will be described the function card 109 memory relating to a non-removable blocks. More specifically, will be described operation of the card 109 memory when receiving a command list, a non-removable blocks and delete commands. Here, a non-removable blocks are physical blocks in the flash memory 303, which contain data that is not physically deleted. That is, data in a non-removable blocks must be removed immediately, before the blocks are then (before other data is written in a non-removable blocks).

Command list uninstallable blocks is one of the commands that the device 322 management assessment team may interpret and execute, and is issued for a list of all non-removable blocks in the flash memory 303.

Existing data stored in the flash memory card 303 109 pam is ti, must be removed in units of blocks before the data is again written into the flash memory 303. Time to remove approximately half of the full-time recording. A total recording time is reduced if the removal is completed in advance. Thus, to achieve this card 109 memory provides the external device with the command list, a non-removable blocks and removal team.

Suppose that the current state of the use of logical blocks and the physical blocks of the flash memory 303 depicted in figa. As shown in figa, logical blocks 0 to 2 are used in the current moment, and the physical blocks 0, 2, 4, and 5 are non-removable blocks.

The list 1203 uninstallable blocks is stored in the device 322 management assessment team in the above condition. The contents of the list 1204, a non-removable blocks corresponding to the usage status of the blocks depicted in FIGU depicted on figv. Here is a list 1203, a non-removable block is a storage table, consisting of items that match all the physical blocks constituting the flash memory 303, and having values that indicate the status of the removal of data blocks whose data is deleted, specified as "0", and blocks, the data are not deleted, indicated as "1") of the respective physical blocks running device 322 management assessment is the commands themselves.

Figs is a flowchart depicting the procedure of the PC 102 or the player 201 to remove blocks in advance, using the list of uninstallable blocks and the delete command in the above condition. Here it is assumed that the flash memory 303 contains a table, such as TRF (file allocation table), which indicates the status of the use of logical blocks, as shown in fig.14D.

An external device, such as, for example, the PC 102 or the player 201, issues a command to the list of uninstallable blocks in map 109 memory during idle time, in which map 109 memory is unavailable (s1201). After receiving the command, the device 322 management assessment team card 109 memory accesses list 1203 uninstallable blocks contained in the device 322 management assessment team, reveals that the physical blocks 0-2, 4 and 5 is set to "1" state, and sends the number of physical blocks in the external device.

The external device then accesses the table that shows the status of the use of logical blocks in the flash memory 303 depicted in fig.14D to identify blocks that are not logically (s1202).

External device identifies, based on the information received at steps s1201 and s1202 "deleted" blocks that are not used logically and not physically removed (physical blocks 4 and 5 in esteem example (s1203). The external device then issues a delete command that specifies rooms 4 and 5, the physical blocks in the map memory 109 (s1204). After receiving the command, the device 322 management assessment team card memory 109 removes the physical blocks 4 and 5 by sending commands to the device 325 control access to the authentication area and the device 326 access control reauthentication area.

After the above operation is completed, the data is written into the physical blocks 4 and 5 with high speed, because the removal process is not required for entry.

Now will be described the function of the card memory 109 relating to the protection of personal data. More specifically, the function of protection of personal data used when the card memory 109 checks the external device for authentication and requires personal data of the user of the external device. Here each piece of personal data is unique to the user and is used to identify the user. The user with the correct personal data is recognized by the card memory 109 as an authorized user who is allowed access to the authentication area 332 in the map memory 109.

Here, if the user is asked to enter personal information each time the user accesses the authentication of the region 332, or, if you enter personal data is stored in the authentication area 332 for each of these accesses may be the problem, namely, that personal data are listened by someone or read illegally by another user who has permission to access the authentication area 332.

One possible solution for this problem could be the encryption of personal data using the password provided personally by the user, and storing encrypted personal data in some way, as music data.

However, in the above case, the user needs to enter the password each time tested personal data. The procedure is difficult and you also want to control password. Thus, the map memory 109 provides the function to solve the problem of excessive and re-enter your personal data.

Fig depicts the sequence of interaction in authentication between the player 201 and card memory 109, and also depicts the main components used in authentication. Note that the processes depicted in Fig mainly performed by the circuit 216 authentication of the player 201 and device 321 authentication card 109 memory.

As shown in Fig, circuit 216 authentication of the player 201 has functions of encryption the project and decryption, and also pre-stores the master key 1301, which is a secret key that matches the key a stored in card memory 109, and ID 1302 device, which is a unique ID for the player 201, such as the serial number (s/n) of the product.

Device 321 authentication card memory 109 has a function of encryption, decryption and comparison, and also has two areas of long-term memory: a region 1310 memory group ID of the device and the region 1311 memory key user. Region 1310 memory group ID of the device stores device identifiers of all devices that are allowed access to the authentication area 332 in the map memory 109. Region 1311 memory key user stores the user's key is sent from the device as personal data. The authentication procedure will be described in detail below. Note that when the transmissions and receptions all data is encrypted before transmission and encrypted data is decrypted at the receiving side. The key used in the encryption and decryption is generated during the following procedure.

(1) Once the map memory 109 is connected to the player 201, first player 201 encrypts the ID 1302 device using the master key 1301, and sends the encrypted ID 1302 of the device in the map memory 109.

(2) Card memory 109 decrypts the received ciphered ID 1302 of the device using the main the key a, and checks the memory if already received ID 1302 devices in the field 1310 memory group ID of the device.

(3) When it is estimated that ID 1302 device already saved, the map memory 109 notifies the player 201 that the authentication is confirmed. When it is estimated that ID 1302 device is not stored, the card memory 109 requests the player 201 to send the user's key.

(4) the Player 201 prompts the user to enter the key of the user gets the key of the user as the user's personal data and sends the received user key in the map memory 109.

(5) Card memory 109 compares the received user key user key, pre-memorized in the field 1311 memory key user. When it is estimated that two user keys match each other, or when the area 13311 memory key user is vacant, the map memory 109 notifies the player 201 that the authentication is confirmed, and stores the ID 1302 of the device obtained in the above step (3) in the field 1310 memory group ID of the device.

With the above device, when the user's device connects to the map memory 109 for the first time, the user is asked to enter personal data (user key). However, the second connection and subsequent connections, the user is no longer prompted to enter personal data to the authenticating terminates automatically in the affirmative, using the device ID.

Now will be described variant of the Protocol between the card 109 memory and an external device such as the PC 102 or the player 201, with reference to Fig and Fig.

Fig depicts the sequence of interaction in the embodiment, the authentication between the card 109 memory and an external device (in this example, the player 201).

Note that the processes depicted in Fig mainly performed by the circuit 216 authentication of the player 201, the control program 111b PC 102 and device 321 authentication card memory 109. It is assumed here that the device 323 storage master key card memory 109 stores the encrypted master key (encrypted master key 323) and that special area 304 stores a secure ID 342 media, as well as ID 341 media, and secure ID 343 carrier is generated by encrypting ID 341 media.

First, the player 201 issues a command in the map memory 109 to obtain the master key 323b of the card 109 memory and decrypts the received master key 323b, using the key 211A of the device. The decryption algorithm used in the decryption corresponds to the encryption algorithm used to encrypt the master key 323b, which is now read from the card memory 109.

Thus, when the key 211A of the device that the player 201 has as an authorized key, it is assumed decryption to repeat REGO remember the original master key.

The player 201 then issues a command in the map memory 109 to obtain ID 341 media card 109 memory and encrypts the received ID 341 media, reusing the stored master key. The encryption algorithm used in the encryption is the same as the encryption algorithm used to encrypt the secure ID 343 media, which is stored in the map memory 109. Thus, encryption provides a secure ID 343 media, which is the same as secure ID 343 media contained in the map memory 109.

The player 201 and map 109 memory perform mutual authentication using reserved identifiers that they have. Through this mutual authentication, each device generates information (OK/NG) and the protected key, and the information (OK/NG) specifies the authenticated whether the remote device and the secure key is a temporary key, which depends on the authentication result. Protected keys owned both devices match each other only when both devices 201 and 109 in the affirmative authenticate other devices, and secure the keys change every time you perform mutual authentication.

After mutual authentication is completed in the affirmative, the player 201 generates a command that IP is alzueta to access the authentication area 332 in the map memory 109. More specifically, for example, when data is read from the authentication area 332, the parameter (24-bit address and 8-bit account "account") command "protected reading of the bill addresses is encrypted using a secure key, and the encrypted command, which is generated by combining the encrypted parameter and characteristic (6-bit code indicating the type of command "protected read"command is sent to the map 109 memory.

After receiving the encrypted command card memory 109 evaluates the command type. In this example, the command is evaluated as a "protected read" to read data from the authentication area 332.

When the command is evaluated as a command to access the authentication area 332, the parameter contained in the command is decrypted using the secure key obtained through mutual authentication. The decryption algorithm used in the decryption corresponds to the encryption algorithm used in the encryption command, the player 201. Thus, when the mutual authentication is completed in the affirmative, that is, when the protected keys used by both devices match each other, the parameter obtained by the decryption, must be equal to the original parameter used by the player 201.

Card memory 109 then reads the encryption key 425 of the sector is in the authentication area 332, specified decrypted parameter, encrypts the read encryption key 425, using a secure key and sends the encrypted encryption key in the player 201.

The player 201 decrypts the received data using a secure key obtained through mutual authentication. The decryption algorithm used in the decryption corresponds to the encryption algorithm used in the encryption key 425 encryption card memory 109. Thus, when the mutual authentication is completed in the affirmative, that is, when the protected keys used by both devices match each other, the data obtained by the decryption, must be equal to the original key 425 encryption.

Map 109 memory each time the command is executed to access the authentication area 332, unload (remove) a secure key that is used when executing commands. With this device the external device attempting to access the authentication area 332 in the map memory 109 requires to perform mutual authentication each time the external device issues a command, and to be sure of authentication in advance.

Fig depicts the sequence of interaction in the detailed procedure of mutual authentication, depicted on Fig. In this example, the map memory 109 and the player 201 performs the mutual the authentication challenge-response type.

Card memory 109 generates a random number and sends the random number to the player 201 as data call to verify the correctness of the player 201. The player 201 encrypts the data call and returns the encrypted data call in the map memory 109 as response data for certification of the player 201, as authorized for use. Card memory 109 encrypts the random number sent as a data call, and compares the received response data with the encrypted data call. When the received response data and the encrypted data call match, map 109 memory estimates that the authentication of the player 201 is confirmed (OK) and accepts the command to access the authentication area 332 of the player 201. When the received response data and the encrypted data call does not match, the card memory 109 estimates that the authentication of the player 201 is not confirmed (NG) and, if the player 201 sends a command to access the authentication area 332 after evaluation, the map memory 109 rejects the command.

The player 201 performs a similar authentication procedure to verify card memory 109. That is, the player 201 generates a random number and sends the random number in the map memory 109 as a data call to verify sanctimoniousness card memory 109. Card memory 109 encrypts the data call and returns the encrypted data is key player 201 as response data for certification sanctimoniousness card memory 109. The player 201 encrypts the random number sent as a data call, and compares the received response data with the encrypted data call. When the received response data and the encrypted data call match, the player 201 estimates that the authentication card memory 109 confirmed (OK), and accesses the authentication area 332 in the map memory 109. When the received response data and the encrypted data call does not match, the player 201 estimates that the authentication card memory 109 is not confirmed (NG), and leaves access to the authentication area 332.

All encryption algorithms used in the mutual authentication must be the same, since the card memory 109 and the player 201 are authorized. Card memory 109 and the player 201 receives a secure key by performing the exclusive OR operation using the encrypted data call and response data received through the authentication and certification sanctimoniousness. Received secure key or the result of the above operation XOR is used to access the authentication area 332 in the map memory 109. With this device it is possible for both devices 109 and 201 to share temporary protected key that is common to them only when they are approved in authentication. is it creates an affirmative authentication is a necessary condition for access to the authentication area 332.

The secure key may be the result of exclusive OR operation using the encrypted data call response data protected media ID.

Now will be described version of the function to change the boundaries between the authentication area 332 and reauthentications area 331 in the map memory 109 with reference to Fig and Fig.

Figa-figs depict the usage status of the flash memory 303 before boundary changes. Figa is a memory card, depicting the structure of the physical blocks in the flash memory 303.

Figv depicts a table 1103 conversion, which is specialized for reauthentication region 331 and is stored in the field of long-term memory in the device 326 access control reauthentication area. Table 1103 conversion depicts the relationship between logical blocks and physical blocks in reauthentication region 331. Device 328 access control reauthentication region refers to the conversion table 103 for converting the logical address into a physical address, or to detect improper access, accessing outside the allocated memory.

Figs depicts a table 1102 conversion, which is specialized for authentication area 332 and stored in the field of long-term memory in the device is ve 325 control access to the authentication area. Table 1102 conversion depicts the relationship between logical blocks and physical blocks in the authentication area 332. Device 325 access control authentication field accesses a table 1102 conversion for converting the logical address into a physical address, or to detect improper access performed by the access outside the allocated memory.

As shown in figa before changing the border of the flash memory 303, consisting of physical blocks 0000 - FFFF, the physical blocks F000 - FFFF allocated for the variable region 501 of memory, the physical blocks 0000 - ffff, whose address is less than the limit allocated for reauthentication region 331, and the physical blocks E - EFFF, whose address is greater than the limit assigned to the authentication area 332.

As is clear from table 1103 transformation depicted in FIGU, non logical blocks correspond to the numbers of the physical blocks in reauthentication region 331. On the other hand, as is clear from table 1102 transformation depicted in figs, there is an inverse relationship between the logical blocks and the numbers of the physical blocks in the authentication area 332, that is, the logical blocks 0000 - 0FFf correspond to physical blocks EFFF on E respectively. This arrangement is made on the assumption that th is logical blocks are used in ascending order and that, when the boundary is moved, the data is transferred in physical units, it is necessary to store or move.

Figa-figs depict the usage status of the flash memory 303 after the boundary changes. Figa-figs correspond figa-pigs respectively. Note that changing the boundary is the following procedure:

(1) there is a specialized team that identifies the address of the border, the device 322 management assessment team through team contact; and (2) this device 322 management assessment team rewrites the table 1102 conversion device 325 control access to the authentication area and the table 1103 conversion in reauthentication region 331.

As shown in figa-19S, the boundary is moved from between the physical blocks E and DFFF in between the physical blocks and CFFF D000. This means that the size reauthentication region 331 is reduced by 1000 (hexadecimal numbers) units, and the size of the authentication area 332 is increased by 1000 (hexadecimal numbers) units.

As shown in figv, along with the change of the above-mentioned boundary table size 1103 conversion reauthentication region 331 is reduced by 1000 (hexadecimal numbers) elements, and the size of the authentication area 332 is increased by 1000 (hexadecimal number) elem is now, so the table 1103 conversion shows logical blocks 0000 - CFFF with the corresponding physical blocks 0000 - CFFF. On the contrary, as shown in figs, the size of the table 1102 conversion of the authentication area 332 is increased by 1000 (hexadecimal numbers) elements, and the size of the authentication area 332 is increased by 1000 (hexadecimal numbers) elements, so that the table 1102 conversion shows logical blocks 0000 - 1FFF with the corresponding physical blocks EFFF - D000.

As described above, the boundary is established between the authentication area and reauthentications area in the flash memory 303, and the size of both areas is changed by moving the boundaries. This enables you to use the card 109 memory for different purposes. For example, a map memory 109 may be used primarily for the storage of digital content, which must be protected by copyright, or card memory 109 can be used for another purpose other than storage of such digital content.

As in the authentication area, and reauthentications region, the amount of processing moves and save data with changing boundaries may be reduced in accordance logical blocks to physical blocks so that the physical blocks are used in order adalines and, since most of the remote unit.

The above correspondence between logical and physical blocks is easily performed when the table 1102 conversion, specialized for authentication area 332, and table 1103 conversion, specialized for reauthentication region are independently provided.

In the example above, in the authentication area 332 there is an inverse relationship between logical addresses and physical addresses in units of blocks. However, there may be used other units. For example, there may be an inverse relationship between logical addresses and physical addresses in units of sectors or bytes.

Up to this point, the memory card of the present invention is described in its preferred and other embodiments of the incarnation. However, the present invention is not limited to the preferred embodiment and other options. In the above embodiment, the embodiment of the PC 102 or the player 201 is required to perform mutual authentication with the card 109 memory, use the same procedure each time it issues a command to access the authentication area 332 in the map memory 109. However, a simplified authentication procedure can be used to access the authentication area 332, depending on the command type.

For example, when issued write command "write-protected", the encrypted master key and 323b ID 341 media can be obtained from the map memory 109, but the card memory 109 can execute the command "write-protected" even when only one-way authentication (authentication device card memory 109) concludes in the affirmative. With this device commands that are only indirectly related to the protection of copyright, will be executed at high speed.

Flash memory 303 in the map memory 109 of the present invention can be replaced with another storage medium (for example, long-term storage media, such as hard disk, optical disk, magnetic optical disk). Portable memory card, capable of protecting copyright in the stored data according to the present invention, may be accomplished using any of these media.

Industrial applicability

As clear from the above description, the semiconductor device of the present invention is suitable for use as recording media for recording music content when the spread of electronic music, using such a network, such as the Internet. The semiconductor device of the present invention is also suitable for use as a recording medium for recording a computer is characteristic of programs or data, and in particular, suitable for use as the recording media for a portable recording/reproducing device.

1. The card is a semiconductor memory that can be used in an electronic device to be removed from the electronic device containing a rewritable nonvolatile memory and a control circuit that controls accesses by the electronic device to the authentication area and reauthentications area in a rewritable nonvolatile memory, and the control circuit includes a device access control reauthentication region, which controls access of the electronic device to reauthentications region, device authentication, which performs the authentication process to check whether the electronic device has authority to access semiconductor memory, and the affirmative authenticates the electronic device when the electronic device is authorized for card access semiconductor memory device access control authentication area, which allows the electronic device to access the authentication area only when the device authentication in the affirmative authenticates the electronic device is in, wherein the authentication area and reauthentication area created by dividing a continuous region of a predetermined size in a rewritable non-volatile memory into two parts, and the map of the semiconductor memory also includes a means for storing addresses, marking the border between the authentication area and reauthentications area, the scheme changes the size of the areas, which changes the size of the authentication area and reauthentications region, the circuit changes the size of the fields changes the size of the authentication area and reauthentications region by changing the address, which marks the border, and the device control access to the authentication area and the device access control reauthentication area control accesses by the electronic device to the authentication region and to reauthentications area by accessing the address, which marks the border.

2. Map of the semiconductor memory according to claim 1, characterized in that the device authentication generates a key that reflects the result of the authentication process, and the device access control authentication area decrypts the encrypted command using the key generated by the device authentication, and manipulated the accesses by the electronic device to the authentication area in accordance with the encrypted command, moreover, the encrypted command is sent from the electronic device.

3. Map of the semiconductor memory according to claim 2, characterized in that the device performs authentication mutual authentication challenge-response type of electronic device and generates a key from the request data and response data, and query data are sent to an electronic device for checking whether the electronic device has authority to access semiconductor memory, and response data are generated to demonstrate that the device authentication has the authority to access semiconductor memory.

4. Map of the semiconductor memory according to claim 3, characterized in that the encrypted command sent from an electronic device, includes a field characteristic and the address field, and a field of characteristic not encrypted and specifies the type of access to the authentication area and the address field is encrypted and specifies the address to be accessed, the device access control authentication area decrypts the address field using the key, and controls accesses by the electronic device to the authentication area so that you access type defined in the field of the sign, to the area specified by address decoded address fields.

5. Cartolibreriafani memory according to claim 4, characterized in that it further includes a circuit storing identification data, which previously stores identification data that is unique to the card, a semiconductor memory, and enables us to distinguish the mentioned map semiconductor memory from other cards in the semiconductor memory, and the device authentication performs mutual authentication with the electronic device using the identification data stored in the storage schema identification data, and generates the key from the identification data.

6. Map of the semiconductor memory according to claim 1, characterized in that the circuit changes the size of the regions includes a conversion table of the authentication field, which shows correspondence between logical addresses and physical addresses in the authentication area conversion table reauthentication region, which shows correspondence between logical addresses and physical addresses in reauthentication region, and a device to change the mapping tables, which changes the contents of the conversion table of the authentication area and the mapping table reauthentication region in accordance with a command from the electronic device, and the device access control authentication is being used the include field controls accesses by the electronic device to the authentication area by referring to the conversion table authentication region, and device access control reauthentications the field controls access of the electronic device to reauthentications region by referring to the conversion table reauthentication area.

7. Map of the semiconductor memory according to claim 6, characterized in that region, addressed the older physical addresses, and the area addressed more younger physical addresses, together form a region having a predefined size, and selected, respectively, to the authentication area and reauthentications region, and the conversion table reauthentication region shows correspondence between logical addresses, arranged in ascending order, and physical addresses, arranged in ascending order, and the conversion table of the authentication field shows correspondence between logical addresses, arranged in ascending order, and physical addresses, arranged in descending order.

8. Map of the semiconductor memory according to claim 1, characterized in that it further comprises a circuit constant memory which pre-stores data.

9. Map of the semiconductor memory according to claim 1, characterized in that the control circuit additionally includes a conversion table that shows compliance is a journey between logical addresses and physical addresses in each of the authentication area and reauthentications region, and schema changes in the mapping table, which modifies the content of the conversion table in accordance with a command from the electronic device, and the device control access to the authentication area and the device access control reauthentications the field of control, respectively accesses by the electronic device to the authentication area and reauthentications region by referring to the conversion table.

10. Map of the semiconductor memory according to claim 1, characterized in that the control circuit additionally includes device encryption/decryption, which encrypts data written to the authentication area and reauthentication region, and decrypts the data read from the authentication area and reauthentications area.

11. Map of the semiconductor memory according to claim 1, wherein the nonvolatile memory is a flash memory, and the control circuit additionally includes a storage device undeletable list, which stores the undeletable a list that shows a list of uninstallable areas in the authentication area and reauthentications region, and a device for sending information about the undeletable areas, which in accordance with the command from the electronic device accesses the list of uninstallable the x regions to identify the undeletable fields in the authentication area and reauthentications region and sends the information pointing identified uninstallable region, in the electronic device.

12. Map of the semiconductor memory according to claim 1, characterized in that the device authentication during the authentication process prompts the user of the electronic device to enter a user key, which is information unique to the user, and the control circuit additionally includes a storage device of the user key, which stores the user's key, the storage device identification, which stores a portion of the identification information identifying the electronic device, which affirmatively authenticated by the device authentication, and the device prohibition request key of the user that receives a portion of the identification information of the target electronic device after the device authentication begins the authentication process, checks, stored Lee already a portion of the authentication information received from the target electronic device, the storage device identification, and disables the device authentication request of the user of the electronic device to enter the key of the user, when a portion of the authentication information received from the target electronic device is already stored in the storage device and the formation of identity.

13. A data reader for reading digital content maps semiconductor memory according to claim 1, whereby the digital content stored in reauthentication map area of the semiconductor memory, and the information indicating the number of times the digital content can be read, pre-stored in the authentication area, and the data reader includes an assessment tool that reads out the authentication region information indicating the number of times the digital content can be read, in the case when the digital content should be read from reauthentication region, and evaluates whether the digital content to be read, based on the number of times specified in the above-mentioned information, and playback tool that reads the digital content from reauthentication region only when the evaluator assesses that the digital content can be read, and to reduce the number of times the digital content can be read, in the above-mentioned information stored in the authentication area.

14. A data reader for reading digital content maps semiconductor memory according to claim 1 and playback of digital content as an analog signal, and the digital content is saved in my reauthentication map area of the semiconductor memory, and information indicating the number of times the digital content can be digitally displayed by the electronic device stored in the authentication area, and the data reader includes a playback tool that reads the digital content from reauthentication area and reproducing the read digital content as an analog signal, an assessment tool that reads information indicating the number of times the digital content can be displayed in digital form by electronic device, and evaluates whether the digital content to be displayed in digital form on the basis of the number of times specified in the above-mentioned information, and means digital output output in digital form, the digital content only when the evaluator assesses that the digital content can be displayed in digital form, and reducing the number of times the digital content can be displayed in digital form, in the above-mentioned information stored in the authentication area.



 

Same patents:

The invention relates to protected memory, in particular memory, providing multiple layers of protection for areas of application

The invention relates to a semiconductor memory device with multiple memory cells and is used mainly in the cards with an embedded microchip, such as card ID, credit cards, payment cards, etc

FIELD: microprocessors.

SUBSTANCE: device has central processing devices, including first cryptographic block, at least one peripheral block, including second cryptographic block, device also has data bus, random numbers generator, conductor for supplying clock signal, conductor for providing random numbers signal, set of logical communication elements, while each cryptographic block has register of displacement with check connection.

EFFECT: higher level of unsanctioned access protection.

7 cl, 1 dwg

FIELD: electronics.

SUBSTANCE: device has signaling bus, loaded with clock signal, at least one couple of buses serving for encoding one bit, detector circuit, multiplexer. According to method in case of first value of signal of signal bus two buses of one couple detect same level of signal, and in case of second value of signal of signal bus two buses of one couple detect different signal levels, detect forbidden states during operation of board, change process of system functioning, to generate alarm in that way.

EFFECT: higher reliability of protection.

2 cl, 7 dwg

FIELD: copy protection.

SUBSTANCE: system has content distribution block, multiple recording and playback devices for digital data, calculations processing block, meant to perform communications with recording and playback devices and performing calculations processing for transferring license payments.

EFFECT: higher reliability of copy protection.

5 cl, 55 dwg

FIELD: computers.

SUBSTANCE: method includes, on basis of contents of central processor registers, received after processor performs some sort of command, by means of mathematical logical operation, forming certain finite control sum and storing it in memory, and on basis of contents of registers, received before start of execution by said processor of directly next command, certain starting checksum is formed, while if starting checksum mismatches finite checksum, error message is generated, which can be followed by halting of processor operation or blocking of chip board with its removal from circulation.

EFFECT: higher reliability.

2 cl, 2 dwg

FIELD: technologies for authentication of information.

SUBSTANCE: method includes performing absolute identification for confirming legality of data carrier according to first rule in preset time. Authentication information is recorded on this data carrier in previously set position. Process of arbitrary authentication is performed for confirming legality of said data carrier in accordance to second rule in arbitrary time. First rule includes announcing confirmation of standard match, if information for authentication is detected as registered in selected preset position. Second rule in given arbitrary authentication process includes announcing standard match, if information for authentication is detected as not registered in arbitrary positions, different from given preset position.

EFFECT: higher reliability.

6 cl, 12 dwg

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

The invention relates to computing
The invention relates to computing, and in particular to information and computer systems and networks, and can be used in the network integrity monitoring for protection of information resources in workstations, informational, and functional servers, etc

The invention relates to computer technology and may find application in the organization of authorized access to resources of the computing system

The invention relates to the field of information security with cryptographic transformation of data

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

FIELD: technologies for authentication of information.

SUBSTANCE: method includes performing absolute identification for confirming legality of data carrier according to first rule in preset time. Authentication information is recorded on this data carrier in previously set position. Process of arbitrary authentication is performed for confirming legality of said data carrier in accordance to second rule in arbitrary time. First rule includes announcing confirmation of standard match, if information for authentication is detected as registered in selected preset position. Second rule in given arbitrary authentication process includes announcing standard match, if information for authentication is detected as not registered in arbitrary positions, different from given preset position.

EFFECT: higher reliability.

6 cl, 12 dwg

FIELD: computers.

SUBSTANCE: method includes, on basis of contents of central processor registers, received after processor performs some sort of command, by means of mathematical logical operation, forming certain finite control sum and storing it in memory, and on basis of contents of registers, received before start of execution by said processor of directly next command, certain starting checksum is formed, while if starting checksum mismatches finite checksum, error message is generated, which can be followed by halting of processor operation or blocking of chip board with its removal from circulation.

EFFECT: higher reliability.

2 cl, 2 dwg

FIELD: copy protection.

SUBSTANCE: system has content distribution block, multiple recording and playback devices for digital data, calculations processing block, meant to perform communications with recording and playback devices and performing calculations processing for transferring license payments.

EFFECT: higher reliability of copy protection.

5 cl, 55 dwg

FIELD: electronics.

SUBSTANCE: device has signaling bus, loaded with clock signal, at least one couple of buses serving for encoding one bit, detector circuit, multiplexer. According to method in case of first value of signal of signal bus two buses of one couple detect same level of signal, and in case of second value of signal of signal bus two buses of one couple detect different signal levels, detect forbidden states during operation of board, change process of system functioning, to generate alarm in that way.

EFFECT: higher reliability of protection.

2 cl, 7 dwg

FIELD: microprocessors.

SUBSTANCE: device has central processing devices, including first cryptographic block, at least one peripheral block, including second cryptographic block, device also has data bus, random numbers generator, conductor for supplying clock signal, conductor for providing random numbers signal, set of logical communication elements, while each cryptographic block has register of displacement with check connection.

EFFECT: higher level of unsanctioned access protection.

7 cl, 1 dwg

FIELD: digital memory technologies.

SUBSTANCE: board has rewritable power-independent memory and control circuit, means for storing address, pointing at limit between authentication area and non-authentication area, circuit for changing size of said areas. Reading device contains estimation means, reading information, pointing at number of times, for which digital data can be read, and playback means. Second device variant additionally has means for digital output of contents.

EFFECT: higher efficiency.

3 cl, 23 dwg

FIELD: computer science.

SUBSTANCE: method includes protective mathematical conversion of service data of network frame prior to transfer to environment for transfer of a LAN. To said protective conversion the data is subjected, which is contained in headers of network frames of channel level, and also in headers of all encapsulated network packets and segments. As a result the very possibility of interception is prevented.

EFFECT: higher efficiency.

7 cl, 2 dwg

FIELD: data carriers.

SUBSTANCE: device for reproduction of data from data carrier, program zone of which is used for recording a set of files, and control zone - for controlling copy protection data concerning the file, recorded in program zone, has computer for calculating copy protection information for each time file is reproduced, comparison means for comparing value, calculated on reproduction command, being prior to current one, to value, calculated on current reproduction command, and if these values coincide, the last value is stored as copy protection value, calculated on reproduction command , prior to current one and control means for allowing reproduction of file, appropriate for current command, if value, calculated as response to command, previous relatively to current command, coincides as a result of comparison to value, calculated as a response to current command.

EFFECT: higher reliability, higher efficiency.

4 cl, 46 dwg

Up!