JP2008167086A - Electronic equipment, method for decoding data used for it, and data decoding control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide electronic equipment recording the personal information of a user while further reinforcing the security of the user data. <P>SOLUTION: In a memory 15 for storing a cipher key, a user ID for an SD card 16 used when the user data are enciphered by an encipherment block 13 by setting an off state by a switch 15a while setting the unreadable state of the user ID. Then, the user data are decoded by using the user ID read from the memory 15 for storing the cipher key by the encipherment block 13 when the memory 15 for storing the cipher key is set under the readable state of the user ID by setting an on state by the switch 15a. Consequently, the memory l5 can correspond to the decoding of the user data even when the SD card 16 is not fitted such as the case when the SD card 16 is lost. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an electronic device, a data decoding method and a data decoding control program used for the electronic device, and has a function of recording personal information of a user, such as a mobile phone, for example. The present invention relates to an electronic device that is required to enhance security, a data decoding method used for the electronic device, and a data decoding control program.

  In recent years, electronic devices having a function of recording personal information (user data) of a user, such as a mobile phone and a personal computer, frequently have problems such as leakage of personal information due to poor security. For this reason, strengthening security for personal information has become an issue. At present, password authentication is widely performed for operators, and in recent years, fingerprint authentication and face authentication have been used. In many cases, protection is not secure, and security settings are often avoided because of the cumbersome operation procedure. Further, these authentications can prevent a third party from using the device, but the user data itself written in an internal ROM (Read Only Memory) is easily read out. There is a point.

  In order to solve such problems, the user data (for example, a phone book, e-mail, a photograph taken with a mobile phone having a camera function) has a function of encrypting the data when the data is written to the ROM. Electronic devices such as mobile phones with enhanced security have been proposed by encrypting such image data. In this case, as an encryption key for encryption, for example, a unique identification ID of an external storage device such as an SD (Secure Digital) (registered trademark) card or a miniSD (registered trademark) card is used for encryption. This makes it possible to obtain security without making the encryption key known to a third party.

Conventionally, as this type of technology, for example, there is one described in Patent Document 1.
In the mobile communication terminal described in Patent Document 1, when data is written in the memory unit, a unique IMSI (International Mobile Subscriber Identifier) of a SIM (Subscriber Identity Module) card which is an external storage medium that is arbitrarily mounted is used. ) Is used as a key to encrypt and write data, and when the encrypted data is read, the IMSI is used as a key for decryption.

Further, in the portable terminal described in Patent Document 2, when user data is written in the nonvolatile memory, an encryption key based on a unique IMSI of a UIM (User Identity Module) card, which is a storage medium that is detachably mounted, is used. The user data is encrypted and written, while the encrypted user data is read out by the encryption key based on the IMSI.
Japanese Patent Laid-Open No. 2003-188981 (Abstract, FIG. 1) JP 2004-336719 A (abstract, FIG. 1)

However, the conventional electronic device has the following problems.
That is, in the mobile communication terminal described in Patent Document 1, the data once encrypted and written in the memory unit, such as when the user loses the SIM card, or when the IMSI that is the encryption key is lost, Even if read from the memory unit, it cannot be decrypted, and there is a problem that a complaint and complaint may occur from the user. Similarly, in the portable terminal described in Patent Document 2, the user data that is encrypted with the encryption key based on the unique IMSI of the UIM card and written in the nonvolatile memory is lost when the user loses the UIM card. When the secret key is lost, there is a problem that it cannot be decrypted even if it is read from the nonvolatile memory.

  The present invention has been made in view of the above-described circumstances, and it is possible to reliably and easily set security protection and to store encrypted data even when an external storage device in which a unique identification ID is registered is lost. An object of the present invention is to provide an electronic device to be decrypted, a data decryption method and a data decryption control program used for the electronic device.

  In order to solve the above-mentioned problems, the invention described in claim 1 is a data storage means for storing data, and a storage device mounting section that can be detachably mounted to an external storage device to which a unique identification ID is assigned. When the data is written into the data storage means, the data is encrypted using the identification ID of the attached external storage device as an encryption key, while the encrypted data Is read from the data storage means, the encryption / decryption means for decrypting the data using the identification ID as a decryption key, and the encryption for storing the identification ID as the encryption key and the decryption key The encryption / decryption key storage unit is provided, and the encryption / decryption key storage unit cannot be operated from outside the electronic device, and the encryption / decryption key storage unit To become comprises a read state setting means for setting the read enable / disable state of the key are characterized.

  A second aspect of the present invention relates to the electronic device according to the first aspect, wherein the read state setting means is not operable from the outside of the electronic device and the encryption / decryption key is readable / non-readable. The encryption / decryption means is set in a state in which the encryption / decryption key can be read by the switch means of the encryption / decryption key storage unit. In this case, the data is decrypted using the decryption key read from the encryption / decryption key storage unit.

  A third aspect of the present invention relates to the electronic apparatus according to the second aspect, wherein the encryption / decryption means is not connected to the encryption / decryption key storage unit when the external storage device is not attached. A configuration for decrypting the data using the decryption key read from the encryption / decryption key storage unit when the switch means is set in a state where the encryption / decryption key can be read; It is characterized by being.

  A fourth aspect of the invention relates to the electronic device according to the first, second, or third aspect, wherein the encryption / decryption means encrypts the data by offsetting the data using the identification ID. On the other hand, the encrypted data is decrypted by canceling the offset using the identification ID.

  The invention according to claim 5 relates to the electronic device according to claim 1, 2, 3 or 4, wherein the data is personal information of a user of the electronic device, and the identification ID of the external storage device is the It is a user identifier.

  The invention according to claim 6 relates to an electronic apparatus having data storage means for storing data, and a storage device mounting portion to which an external storage device to which a unique identification ID is assigned can be detachably mounted. When writing data to the data storage means, when encrypting the data using the identification ID of the attached external storage device as an encryption key, while reading the encrypted data from the data storage means In addition, the present invention relates to a data decryption method used in an electronic device having an encryption / decryption means for decrypting the data using the identification ID as a decryption key, and the identification as the encryption key and the decryption key Stores the ID, cannot be operated from the outside of the electronic device, and sets whether the encryption / decryption key can be read or not An encryption / decryption key storage unit having a read state setting means for storing the encryption / decryption key storage unit when the encryption / decryption key storage unit is set to read the decryption key. The data is decrypted by using the decryption key read out from the section.

  The invention according to claim 7 relates to the data decryption method according to claim 6, wherein the decryption key is read out by the encryption / decryption key storage unit when the external storage device is not attached. When set to, the data is decrypted by using the decryption key read from the encryption / decryption key storage unit.

  The invention described in claim 8 relates to a data decryption control program, and causes a computer to control the electronic device according to any one of claims 1 to 5.

  According to the configuration of the present invention, the identification ID as the encryption key and the decryption key is stored in the encryption / decryption key storage unit and encrypted by the read state setting means that cannot be operated from the outside of the electronic device. Since the enable / disable state of the encryption / decryption key is set, security for personal information can be enhanced. In addition, when the decryption key is set to be read by the encryption / decryption key storage unit, the data is decrypted using the decryption key read from the encryption / decryption key storage unit. Therefore, even when the external storage device is lost, the data decryption can be supported.

  A user ID as an encryption key for encrypting data is stored in an area that cannot be read by a normal key input operation by the user, and a switch for setting the read / impossible state of the identification ID is provided. Provided are an electronic device provided, a data decoding method and a data decoding control program used for the electronic device.

FIG. 1 is a block diagram showing an electrical configuration of a main part of an electronic apparatus according to an embodiment of the present invention.
As shown in the figure, the electronic apparatus in this example is a mobile phone 10, and includes a control unit 11, an SD card control unit 12, an encryption block 13, a ROM 14, and an encryption key storage memory 15. It is configured. An SD card 16 is mounted on the SD card control unit 12. The control unit 11 includes a CPU (Central Processing Unit) 11a as a computer for controlling the entire mobile phone 10 and a ROM (Read Only Memory) 11b in which a data decoding control program for operating the CPU 11a is recorded. Have.

  The SD card control unit 12 includes an SD card controller 12a and an SD card I / F (interface) 12b, and an SD card 16 to which a user ID (unique identification ID) is assigned can be detachably mounted. . The ROM 14 is composed of, for example, a readable / writable flash ROM, and stores personal information (user data) of the user of the mobile phone 10 and data other than the user data. The user data is, for example, phone book, e-mail, image data of a photograph taken with a mobile phone having a camera function. When writing the user data to the ROM 14, the encryption block 13 encrypts the user data using the user ID of the mounted SD card 16 as an encryption key, while the encrypted user data is read from the ROM 14. When reading, the user data is decrypted using the user ID as a decryption key. Further, whether the user data is to be encrypted and which user data is to be encrypted can be selected by a user performing a predetermined operation. The encryption block 13 does not perform encryption when data other than user data is written in the ROM 14.

  The encryption key storage memory 15 is composed of, for example, a flash ROM or the like, and the user ID used as the encryption key when the user data is encrypted by the encryption block 13 is used as a normal key input operation by the user. Then, it is stored in an unreadable area. The encryption block 13 stores the encryption key when the SD card 16 is not attached to the SD card control unit 12 and when an operation for reading the user ID is performed in the encryption key storage memory 15. The user data is decrypted using the user ID read from the memory 15.

FIG. 2 is a diagram for explaining a data flow when normal access is made to the ROM 14 in FIG.
As shown in FIG. 2, the ROM 14 has a ROM program area 14a and a ROM user data area 14b. In this case, the CPU 11 accesses the ROM program area 14a via the encryption block 13, but the encryption function of the encryption block 13 is invalidated and data that is not encrypted (that is, other than user data) Data) is exchanged.

FIG. 3 is a diagram for explaining a mechanism for setting the readable / unreadable state of the user ID stored in the encryption key storage memory 15 in FIG.
The encryption key storage memory 15 is provided with a switch 15a that cannot be operated from the outside of the casing of the mobile phone 10 and that sets whether or not the user ID can be read. As shown in FIG. 3A, when the switch 15a is in the off (open) state, OE (output enable) is set to the inactive mode, and the user ID is set to be writable and not readable. On the other hand, as shown in FIG. 3 (b), when the switch 15a is in an on (short circuit) state, OE (output enable) is connected to G (ground) to enter the active mode, the user ID can be written, and , Read enabled. The presence and function of the switch 15a are known only to a specific person such as a maintenance person in a specialized store, and are not disclosed to general users.

FIG. 4 is a diagram for explaining the data flow when accessing the ROM user data area 14b of the ROM 14 in FIG.
The ROM user data area 14b is accessed by the CPU 11 via the encryption block 13 as shown in FIG. In this case, the CPU 11 sets the identification ID of the SD card 16 as an encryption key in the encryption block 13, and the user data from the CPU 11 is encrypted by the encryption block 13 and stored in the ROM user data area 14b. At the same time, the encryption key is automatically stored in the encryption key storage memory 15. Further, when a single mobile phone 10 is shared by a plurality of users, the ROM user data area 14b is provided for each user, and the encryption key is different for each user data area. The address corresponding to is also saved.

FIG. 5 is a diagram for explaining a data flow when user data is encrypted and decrypted by the encryption block 13 in FIG.
In this encrypted block 13, as shown in FIG. 5A, for example, the user data “0x0123” (hexadecimal display) is offset using the identification ID “0x294A” (for example, addition). Thus, the encrypted user data “0x2A6D” is output. On the other hand, as shown in FIG. 5B, the encrypted user data “0x2A6D” is offset by using the identification ID “0x294A” to reverse the encryption (for example, subtraction) ), The decrypted user data “0x0123” is output.

FIG. 6 is a flowchart for explaining the procedure for encrypting user data and storing it in the ROM 14, FIG. 7 is a flowchart for explaining the procedure for reading encrypted user data from the ROM 14, and FIG. It is a figure explaining the data flow when reading the user data which are read from ROM14 without using the SD card 16. FIG.
With reference to these drawings, processing contents of the data decoding method used in the mobile phone 10 of this example will be described.
In the cellular phone 10, the switch 15 a is set to the OFF state in the encryption key storage memory 15, so that the user ID used when the user data is encrypted by the encryption block 13 is stored. The user ID cannot be read out. When the SD card 16 is not attached and when the encryption key storage memory 15 is set in the user ID readable state by setting the switch 15a to the ON state, the encryption block 13 is set. The user data is decrypted using the user ID read from the encryption key storage memory 15.

  That is, when the user data is encrypted and stored in the ROM 14, as shown in FIG. 6, the SD card 16 is attached to the SD card control unit 12 by a user operation (step A1). User data to be encrypted by the user is selected by the user's operation (step A2). An identification ID (user ID) is read from the SD card 16 (step A3). Since the user data is not encrypted, the encryption block 13 is set to “no encryption” (step A4). User data is read from the ROM 14 (step A5). The encryption block 13 is set to “with encryption”, and the encryption key at that time is set to the identification ID of the SD card 16 (step A6). The encrypted user data is written in the ROM user data area 14b of the ROM 14, and the encryption key is stored in the encryption key storage memory 15 (step A7).

  When reading the encrypted user data from the ROM 14, as shown in FIG. 7, the SD card 16 is mounted on the SD card control unit 12 by the user's operation (step B1). User data that the user wants to read is selected by the user's operation (step B2). An identification ID (user ID) is read from the SD card 16 (step B3). The encryption block 13 is set to “with encryption”, and the encryption key at that time is set to the identification ID of the SD card 16 (step B4). User data is read from the ROM 14, and the user data is decrypted with the identification ID (step B5).

  On the other hand, when the SD card 16 is lost, the encryption key is lost, and when the encrypted user data is read from the ROM 14 without using the SD card 16, as shown in FIG. In order to be able to read the encryption key from the key storage memory 15, for example, a maintenance person turns on the switch 15a (short circuit). Then, the CPU 11 sets the encryption key so that the encryption key is read from the encryption key storage memory 15. As a result, when the encrypted block 13 reads the encrypted user data from the ROM user data area 14b, the encrypted key is automatically read from the encrypted key storage memory 15, and the encrypted user data is encrypted. Is released and exchanged with the CPU 11. If the encryption key is different for each user data area, the area (address) requested by the CPU 11 is automatically determined by the encryption block 13, and the corresponding encryption key is stored in the encryption key storage memory 15. It is read out and the darkening is released. When the switch 15a of the encryption key storage memory 15 is in the OFF state, the encryption key is not read from the encryption key storage memory 15, and thus the encryption is not released.

  As described above, in this embodiment, in the encryption key storage memory 15, the SD card 16 used when the user data is encrypted by the encryption block 13 by setting the switch 15 a to the off state. The user ID is stored, and the unreadable state of the user ID is set. On the other hand, when the switch 15a is set to the on state, the encryption key storage memory 15 is set to the readable state of the user ID. When set, the user data is decrypted using the user ID read from the encryption key storage memory 15 in the encryption block 13, so that the SD card 16 is lost or the like. Even when the card 16 is not loaded, the user data can be decrypted.

The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiment, and even if there is a design change without departing from the gist of the present invention, Included in the invention.
For example, the SD card may be an external storage device having a unique identification ID. In the above embodiment, the encryption block 13 uses the user ID read from the encryption key storage memory 15 to store user data when the SD card 16 is not attached to the SD card control unit 12. Even if the SD card 16 is attached to the SD card control unit 12, the user data is similarly decrypted when the encryption key storage memory 15 is set in a user ID readable state. You may do it. In the above embodiment, the cellular phone is taken as an example of the electronic apparatus. However, the present invention can be applied to all apparatuses having the configuration shown in FIG. 1, such as a PDA (Personal Digital Assistants), a personal computer, and an electronic notebook. .

  Further, instead of the encryption block 13, a function equivalent to the encryption block 13 may be added to the CPU 11 or the ROM 14. Moreover, in the said Example, although offset was added by adding identification ID with respect to user data, subtraction may be sufficient. In this case, addition is performed to cancel the offset. Further, the offset may be an arbitrary calculation of the SD card identification ID and user data as long as the reversibility of encryption is maintained.

  Further, the switch 15a is provided in the encryption key storage memory 15. However, if the OE (output enable) can be set to the active mode / non-active mode, for example, between the OE terminal and the ground. Any means such as a jig for turning on / off may be used. The encryption key stored in the encryption key storage memory 15 may be protected by a password. In this case, a maintenance manager or the like sets a password, and the user cannot arbitrarily change it. When reading encrypted user data without using an SD card, a maintenance manager or the like inputs a password from the outside using a maintenance jig or the like. When the password is sent from the CPU 11 to the encryption key storage memory 15 via the encryption block 13, the encryption key is read from the encryption key storage memory 15. In this case, if the encryption key protection state is always set when the power is turned on, once the protection is canceled and the protection state is restored, the power supply only needs to be turned off once. It will be good.

  The present invention can be applied to data storage means and to all electronic devices in which an external storage device to which a unique identification ID is assigned can be detachably attached. In particular, when user data is encrypted and stored in the data storage means It is effective for use.

It is a block diagram which shows the electrical constitution of the principal part of the electronic device which is one Example of this invention. It is a figure explaining the flow of data when performing normal access to ROM14 in FIG. It is a figure explaining the mechanism which sets the readable / impossible state of the user ID memorize | stored in the encryption key preservation | save memory 15 in FIG. It is a figure explaining the flow of data when accessing the ROM user data area 14b of ROM14 in FIG. It is a figure explaining the flow of data when encrypting and decrypting user data by the encryption block 13 in FIG. It is a flowchart explaining the procedure which encrypts user data and memorize | stores it in ROM14. It is a flowchart explaining the procedure which reads the encrypted user data from ROM14. It is a figure explaining the data flow when reading the encrypted user data from ROM14 without using the SD card.

Explanation of symbols

10 Mobile phone (electronic equipment)
11 Control unit (part of electronic equipment)
11a CPU (Central Processing Unit)
11b ROM (read-only memory)
12 SD card control unit (storage device mounting unit)
12a SD card controller (part of storage device mounting part)
12b SD card I / F (interface) (part of storage device mounting part)
13 Encryption block (encryption / decryption means)
14 ROM (data storage means)
15 Encryption key storage memory (encryption / decryption key storage unit)
15a switch (reading state setting means, switch means)
16 SD card (external storage device)

Claims (8)

An electronic apparatus having data storage means for storing data, and a storage device mounting unit that can be detachably mounted to an external storage device to which a unique identification ID is assigned,
When writing the data to the data storage means, the data is encrypted using the identification ID of the attached external storage device as an encryption key, while the encrypted data is read from the data storage means An encryption / decryption means for decrypting the data using the identification ID as a decryption key;
An encryption / decryption key storage unit that stores the identification ID as the encryption key and the decryption key;
The encryption / decryption key storage unit
An electronic apparatus comprising: a read state setting unit that is inoperable from outside the electronic apparatus and sets a read / unread state of the encryption / decryption key. The read state setting means includes
It is constituted by switch means that cannot be operated from the outside of the electronic device and sets the read / impossible state of the encryption / decryption key,
The encryption / decryption means includes
When the switch means of the encryption / decryption key storage unit is set to a state where the encryption / decryption key can be read, the decryption key read from the encryption / decryption key storage unit is used. The electronic apparatus according to claim 1, wherein the electronic device is configured to decrypt the data. The encryption / decryption means includes
When the external storage device is not attached and when the switch means of the encryption / decryption key storage unit is set to a state where the encryption / decryption key can be read, the encryption / decryption is performed. 3. The electronic apparatus according to claim 2, wherein the data is decrypted using the decryption key read from the key storage unit. The encryption / decryption means includes
The data is encrypted by applying an offset using the identification ID, while the encrypted data is decrypted by releasing the offset using the identification ID. The electronic device according to claim 1, 2, or 3. The data is
Personal information of the user of the electronic device,
The identification ID of the external storage device is:
The electronic device according to claim 1, wherein the electronic device is an identifier of the user. An electronic apparatus having data storage means for storing data, and a storage device mounting unit that can be detachably mounted to an external storage device to which a unique identification ID is assigned,
When writing the data to the data storage means, the data is encrypted using the identification ID of the attached external storage device as an encryption key, while the encrypted data is read from the data storage means A data decryption method used in an electronic device having encryption / decryption means for decrypting the data using the identification ID as a decryption key,
For storing the identification ID as the encryption key and the decryption key, and being inoperable from the outside of the electronic device, and for setting the readable / unreadable state of the encryption / decryption key An encryption / decryption key storage unit having a read state setting unit is provided;
When the decryption key is set to be read by the encryption / decryption key storage unit, the data is decrypted using the decryption key read from the encryption / decryption key storage unit A data decoding method characterized by the above.   Read from the encryption / decryption key storage unit when the external storage device is not mounted and the encryption / decryption key storage unit is set to read the decryption key The data decryption method according to claim 6, wherein the data is decrypted using the decryption key.   A data decoding control program for causing a computer to control the electronic device according to any one of claims 1 to 5.

Images