TW200822669A - Control system and method using identity objects - Google Patents

Abstract

An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In another embodiment, an identity object may be stored in a non-volatile memory of a memory system as proof of identity. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the private key of the object is used to encrypt data from the host device or signals derived from said data, and the at least one certificate and the encrypted data or signals are sent to the host device. In yet another embodiment, after an entity has been authenticated by a control data structure of the memory system, the public key of the identity object and the at least one certificate to certify the public key are provided to the entity. In one practical application of this embodiment, if encrypted data encrypted by means of the public key of the identity object is received from the entity, the memory system will then be able to decrypt the encrypted data using the private key in the identity object. The identity object and the at least one certificate are stored in a non-volatile memory where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In one more embodiment, an identity object may be stored in a non-volatile memory of a memory system. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the public key of the identity object and the at least one certificate to certify the public key are provided to the host device. When encrypted data encrypted by means of the public key of the identity object is received from the host device, the memory system decrypts the encrypted data using the private key in the identity object.

Description

200822669 IX. Description of the Invention: TECHNICAL FIELD OF THE INVENTION The present invention relates generally to memory systems, and more particularly to a memory system having multi-purpose control features. [Prior Art] A storage device such as a flash memory card has become a choice for storing a storage medium such as digital content of a photo. Flash memory cards can also be used to distribute other types of media content. Furthermore, an increased variety of host devices (such as computers, digital cameras, mobile phones, personal digital assistants, and media players such as MP3 players) now have the ability to present media content stored in a flash memory card. Therefore, for flash memory cards and other types of mobile storage devices, there is a great potential to become a widely used medium for distributing digital content. For some applications, an entity associated with a memory device (e. g., a memory card) is required to provide proof of identity. If it is not easy to obtain the identity certificate, it is very inconvenient. For other applications, the data to be stored in a memory device (e.g., a memory card) needs to be protected by a secure method. SUMMARY OF THE INVENTION An object called an identity object includes a public key and a private key pair, and at least a certificate issued by the certificate authority, the at least one certificate is used to verify that the public key pair is real. In one embodiment, a T object is used as the proof of identity by using the private key to sign the material provided to the object or a token derived from the material. The identity object can be stored in a non-volatile record as an identity, wherein the device is controlled by a controller. Preferably, a housing encloses the memory and the controller. In another embodiment, an identity object can be stored in a non-volatile memory of a memory system as proof of identity. The memory system is removably coupled to a host device. After the host device has been successfully authenticated, the private key of the object is used to encrypt the bedding material from the host device or the signal derived from the poor material, and the at least one voucher and the encrypted data or signal are Transfer to the host device. In still another embodiment, after the entity has been authenticated by one of the memory systems to control the lean structure, the public key of the identity object and the at least one certificate verifying the public key are provided to The entity. In a practical application of this embodiment, if the encrypted material encrypted by the public key of the identity object is received from the entity, the memory system can use the private secret in the identity object. The key decrypts the encrypted data. The identity object and the at least one voucher are stored in a non-volatile memory and the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In yet another embodiment, an identity object can be stored in a non-volatile memory of a memory system. The memory system is removably coupled to a host device. After the host device has been successfully authenticated, the public key of the identity object and the at least one certificate verifying the public key are provided to the host device. Upon receiving the encrypted material encrypted by the public key of the identity object from the entity, the memory system decrypts the encrypted material using the private key in the identity object. 122364.doc 200822669 All patents, patent applications, articles, books, specifications, standards, other publications, and other matters referenced herein are hereby incorporated by reference in their entirety. There is some degree of inconsistency or conflict between the use of any of the five publications, documents or things cited in this document and the inner valley of this document. The time must be based on the definition and usage of this document. [Embodiment] FIG. 1 is a block diagram showing an exemplary memory system in which various aspects of the present invention can be implemented. As shown in FIG. 1, the memory system 10 includes a central processing unit (CPU) 12, a buffer management list (BMU) 14, a host interface module (HIM) 16, and a flash memory interface group ( FIM) 18, a flash memory 2 and a peripheral device access module (PAM) 22. The memory system 1 communicates with a host device 24 via a host interface bus and port 26a. Flash memory 2 (which may be of the NAND type) provides data storage for the host device 24, which may be a digital camera, a (5) person, and a PDA. , a digital media player (such as an Mp3 player), a mobile phone, a video converter or other digital device or device. The software code for the central processing unit 12 can also be stored in the flash memory. The flash memory interface module 18 is connected to the flash memory 2 via a flash memory interface bus 28 and port 28a. The host interface module is "suitable for connection to a host device. The peripheral device access module 22 selects an appropriate controller module for communicating with the central processing unit 12, such as a flash memory interface module, The host interface module and the buffer management unit. In a case of 122364.doc -10- 200822669, all components of the system 10 in the dotted square can be enclosed in a single unit, such as memory. The body card or memory strip 1 is preferably encapsulated. The memory system is removably coupled to the host device 24 such that the contents of the system 1 can be hosted by many different hosts. Each of the devices is accessed. Hereinafter, the 'memory system 丨〇 is also referred to as a memory device 丨〇, or simply as a memory device or device. Although this is explained by reference to flash memory. The present invention, but the present invention is also applicable to other types of memory, such as magnetic disks, optical disks, and other types of rewritable non-volatile memory systems. The buffer management unit 14 includes a host direct memory access (HDMA). 32, Flash Direct Memory Access (FDMA) 34, an arbiter 36, a buffered random access memory (BRAM) 38 and a cryptographic engine 4. The arbitration H 36-shared bus arbitrator allows only - a master or initiator (which may be the host direct memory access ^, the flash direct memory access 34 or the towel processing unit 12) may be active at any time, and The slave or target buffers the random access memory 3. The arbiter is responsible for channelizing the appropriate initiator request to the buffered random access device. The host direct memory access 32 and the flash The direct memory access 34 is responsible for the interface between the host interface module 16, the flash memory module 18 and the buffer random access memory 38 or the central processing single memory access memory (CPU RAM) 12a. The data transmitted between: the memory access is similar to the (4) direct access to the operating system and is not described in detail herein. The buffered random access memory ^ 122364.doc 200822669 is used for Storing the money between the host device 24 and the flash memory 2 The host direct memory access 32 and the flash direct memory access 34 are responsible for the host interface module 16/the flash memory interface module u and the buffer random access memory body 38 or The central processing unit transfers data between the random access memories 12a and is used to indicate that the segment (sect〇r) is completed. In the embodiment, the memory system 10 generates a key value for encryption and/or decryption. Wherein, the key value is preferably substantially inaccessible to an external attack (such as the host device 24). Alternatively, the key value may also be generated outside the system ίο (such as by a usage right servo) Generated by the server) and transmitted to the system 1〇. Regardless of how the key value is generated, the key value is stored in system 1 and only the authenticated entity has access to the key value. However, encryption and decryption are typically implemented in a Y-file format because the host device fetches and writes data to the memory system in the form of a file. Similar to many other types of storage sorrows, the memory device 1 does not manage files. Although the memory 2 does store the broadcast configuration table (FAT) (where the logical addresses of the files are identified), the file configuration table is typically accessed and managed by the host device 24' Rather than being accessed and managed by the controller 12. Therefore, in order to add data to the specific file, the controller 12 must rely on the host device to transfer the logical address of the data in the file in the memory 20 so that the system 10 can be used only by the system. 1. The key value that can be obtained to find and encrypt and/or decrypt the data of the particular file. In order to provide a control for both the host device 24 and the memory system 10 to point to the same key used to process the 122364.doc -12-200822669 data in the file in a cryptographically compiled manner, the host device A reference (ref(10)ce) for each of the secret values generated by or transmitted to the system 10 is provided, wherein such reference frame may be only a secret IDe, thus associating the host device 24 Each file processed in a cryptographically compiled manner by the line__key (1), and associated with the system 10 for each key used to process the material in a cryptographic manner with the key ID provided by the host Therefore, when the host requests the data processed by the cryptographic compilation method, it will transmit the request together with the -key ID and the logical address of the data stored in the memory 2 from the memory 2_ System 1 (). The system attendance or receiving a password value' and correlates the key ten provided by the host device 24 to the key value and performs a cryptographic process. In this way, there is no need to change the way the system is done, while allowing it to use the key to fully control the cryptographic compilation process, including exclusive access to the key value. In other words, once the key value is stored in the system 1 or generated by the system, the system continues to allow the host device 24 to manage the host device 24 by having exclusive control over the table configuration table. The file 'at the same time maintains exclusive control over the management of the secret value used for cryptographic compilation. After the key values are stored in the memory system 10, the host device 24 is not responsible for managing the key value for the data cryptographic process. In one embodiment, the key m provided by the host device 24 and the key value transmitted to or generated by the memory system form a quantity of two attributes, hereinafter referred to as ,, Conknt Encryption Key (CEK) or CEK". Although the host device 24 can associate each key ID with one or more files, the host device can associate each key ID with unorganized material or also 122364.doc -13 - 200822669 or The organization of the information in any way is not limited to the organization's information as a complete file. In order for a user or application to gain access to the protected valley or area within the system, it is necessary to use a certificate (credentiaD) pre-registered with the system 1 to authenticate the user or application. In conjunction with the access granted to a particular user or application having the authentication. In the pre-login procedure, system 10 stores a record containing the identity and authentication of the user or application, and The user or application determines the access rights associated with the identity and authentication provided by the host device 24. After the pre-login has been completed, when the user or application requests to write data to the memory When the device is 2, it will need to provide its identity and authentication through the host device, the secret record m used to encrypt the data, and the logical address where the data is added and the data is stored. The system generates or receives a secret. a key value, and the key value associated with the key ID provided by the host device and the key value used to encrypt the key value of the data to be written are stored for use by the user or The application's record or table. Next, the data is encrypted and the encrypted data is stored at the address specified by the host and the key value it generates or receives. The field user or application requests to read from the memory 20. When the data is encrypted, it will need to provide its identity and authentication, the key ID used to encrypt the key used to encrypt the request, and the logical address where the encrypted data is stored. System 10 then compares The identity or authentication of the user or application provided by the host and the identity and authentication stored in its records. If matched, the system 10 will then retrieve from the memory of the user or by the user or 122364.doc -14- 200822669 The key value associated with the key ID provided by the application, the secret value is used to solve the information stored in the address specified by the host device, and the decrypted data is transmitted to the use. By the separation of the authentication of the authentication and the management of the key used for the cryptographic processing, the right to access the data without sharing the authentication is possible. Therefore, a group has no The authenticated user or application can access the same key used to access the same data, and users outside the group cannot access it. Although all users or applications in a group can access it. The same information, it can still have different rights. Therefore, some users can have read-only access, while other users can have write-only access, while other users can have read-only access and only Write access both because the system 10 maintains a record of the identity and authentication of the user or application, its accessible key ID, and the access rights associated with each key. So for the system, add or delete the key ID of a specific user or application and change the access rights associated with this key (1), delegate access from one user or application to another. Any application or application, or even deletion or addition of records or representations for the user or application, may be controlled by a suitably authenticated host device. A record of storage can be referred to as a secure channel for accessing certain ciphers. A symmetric or asymmetric algorithm and a password can be used to perform the authentication. It is particularly important that the protected content of the § 己 体 system i 0 is incorporated in the memory system in which the 鍮 value is controlled by the memory system, and the memory system of the system Or the storage device is 'safe to maintain the content stored therein when transferring from one external system to another external system 122364.doc -15- 200822669. Regardless of whether the secret system is generated by or originated from the memory system, the external system cannot access such content in the system, unless it has been 70 to 3 The δ mnemonic system controls the external system. Even after this verification, the squat-wei system is completely controlled by the memory system, and the external system can be controlled only by a preset record in the system. Access. If an ancient master, seven in the month of the month, does not pay for such records, then the eye will be rejected.

In order to provide greater flexibility in protecting content, it is conceivable that only certain authenticated users or applications can access certain areas of the memory: (hereinafter referred to as partitions). When combined with the above key-based data encryption features, system 10 provides greater data protection capabilities. As shown in Fig. 2, the flash memory 2 can be divided into a plurality of partitions: a user area or a partition and a custom partition. All users and applications can access the user area or partition without the need for authentication. Although any application or manufacturer can read or write all the bit values of the data stored in the user area, if the data read is encrypted, the user or application without authorization decryption cannot. Accessing information represented by bit values stored in a user area. For example, s is displayed by files 102 and 1.4 stored in the user area Ρ0. Also stored in the user area is an unencrypted file, such as it can be read and understood by all applications and users. Thus, symbolically, the encrypted file system is shown to have locks associated with it, such as for _102 and 〇4. · Although an unauthorized application or user cannot know the encrypted file in a user's 122364.doc -16 - 200822669 area, such application or user still has the ability to delete or destroy the file. Archives, which may be undesirable for some applications. For this purpose, the memory 2〇 also contains protected custom partitions 'such as partitions P1 and P2, which cannot be accessed without prior authentication. The authentication procedures allowed in the examples in this application are described below. As also shown in Figure 2, various users or applications can access the files in the note body 20. Thus, Figure 2 shows the user and (executed on the device) applications 1-4. Before their entities are allowed to access protected content in memory 2, they are first authenticated by an authentication procedure as described below. In this program, it is necessary to identify the entity that is requesting access on the host side for role-based access control. Therefore, the entity that is requesting access first identifies itself by providing information such as "I am application 2 and I want to read file 1". Next, the controller i 2 compares the injuries, the authentication information, and the requests and the records stored in the memory 2 or the controller 12. If all the conditions are met, the access system is granted to this type of entity. As shown in Figure 2, the user 丨 is allowed to read and write the file 〇1 to the 刀吾彳区 P1, but the user 1 has the ability to read and write the file i 〇6 to the partition p〇 In addition to the restricted rights, it can only read files 1〇2 and 1〇4. On the other hand, the user 2 is not allowed to access the files 1〇1 and 1〇4, but can access and write the access file 102. As shown in Figure 2, users 2 and 2 have the same login algorithm (AES), while applications 1 and 3 have different login algorithms (for example, RSA and 001001), which are also linked to the user's login calculus. The law is different. 122364.doc -17- 200822669 The Secure Storage Application (SSA) is a security application for the memory system 10 and illustrates an embodiment of the present invention that can be used to implement many of the above features. The secure storage application can be constructed as a software or computer code having a database stored in a non-volatile memory (not shown) in the memory 20 or the central processing unit 12, and read into the random access memory. It is executed by central processing unit 12 in 12a. The abbreviations used in the reference secure storage application are described in the following table: Definitions, acronyms and abbreviations ACR Access Control Records AGP ACR Group CBC Chain Block Cipher Block Coding) CEK Content Encryption Key ECB Electronic Codebook ACAM ACR Attributes Management PCR Permissions Control Record SSA Secure Storage Application Secure Storage Application) An Entity entity that has real and individual presence (host side) and logs into the secure storage application and thus utilizes its functionality to securely store the application system to illustrate data security, integrity and access control systems. The main role of a secure storage application. The data is stored in a file on a large number of storage devices. The secure storage application system is located above the storage system and adds a security level for the stored host files and provides security functionality through the security data structure, as described below. 122364.doc -18- 200822669 The main security of this secure storage application is related to the memory: the different rights of the stored (and secure) content. The memory application needs to manage multiple users and content rights for multiple stored content. . The host application on the side of the eight sees the driver-type and castration areas visible to such applications and the file configuration table (FAT) that manages and describes the location on the storage device where the broadcast is stored. In this case, the storage device uses a reverse-flash memory chip that is divided into partitions, although other mobile storage devices may be used and are within the scope of the present invention. These partitions are consecutive logical bit threads, where a start and an end address define their boundaries. Thus, if desired, restrictions can be imposed on hidden partitions by software (such as software stored in memory) that associates such restrictions with bits within such boundaries. site. The secure storage application privately identifies the partition by the partition logical address boundary managed by the secure storage application. The secure storage application system uses a knife cut zone to virtually protect data from unauthorized host applications. For the host, these partitions are a mechanism for defining the exclusive space in which the data files are stored. These partitions may be public, wherein any one of the accessible storage devices may see and know that the partition exists on the device, or is private or hidden, wherein only the selected host application is selected. It can be accessed and known to exist on the storage device. Figure 3 is a schematic diagram of a memory, showing partitions of memory: ρ 〇, P1 P2 and P3 (obviously, less than or more than 4 partitions may be employed), wherein P0 is a public partition , which can be accessed by any entity without the need for 122364.doc -19· 200822669. The private partition (such as pj, the m for the file in it, the host is prevented from accessing the partition, the flash memory device / flash memory card) transmits the data file in the partition Protection. However, this protection is limited to access and storage in the segmentation.

The logical addresses in the area are virtual ^^M, 铒4 at the address #, and engulf all files residing in the hidden partition. In other words, the restrictions are related to a logical address range. All users/hosts that have access to the partition have unrestricted access to all internal files. 4 Isolating different files and another different (four) or slot group, the secure storage application system uses a secret key and key reference or key ID to provide another level of security for each file or file group. And integrity. A key reference or key 1 加密 used to encrypt a particular key value at a different memory address can be analogized to a container or domain containing the encrypted data (d〇 Mai illusion. Therefore, in FIG. 4, the key references or key IDs (eg, ,,,, and after, 鍮2) are displayed in a marginal manner as associated with the use. The area of the file in which the key value of the ID is encrypted. Referring to Figure 4, for example, file A can be accessed by all entities without any authentication because it is shown as not being enclosed by any key ID. Even if all entities can read or overwrite the file B in the public partition, the case B contains the data encrypted with a key with the ID π key, so that the information contained in the file cannot be An entity access, unless such entity has access to such a key. In this way, the use of the key value and the key reference or key ID provides only logical protection, which is relative to the above-mentioned sub-122364.doc -20- 200822669 The type of protection provided by ^^. Therefore, one can be accessed. Any host in the cut zone (public or filial) can read or write the data in the entire partition to the encrypted data. However, because the data is encrypted, the unauthorized user is only The data can be destroyed. Preferably, it cannot change the data without predicate. By restricting access to the encryption and/or decryption key, this feature can only allow the authorized entity to use the data. With the key ID π key 2, the key to encrypt the files B and C can provide data confidentiality and integrity through symmetric encryption. The symmetric encryption method uses content encryption (Content Encryption Key; = ΕΚ), one for each content encryption key. In the secure storage application, the secret value in the inner valley plus the sneak is generated or connected by a flash memory device (such as '(four) memory card) &, the secret value is only used internally and remains as a secret to avoid the outside world. The f-system that is encrypted or cryptographically compiled can also be hashed or cryptographically tethered to Ensure data Integrity. Not all data in the segment is encrypted with different keys and associated with different keys. In public or user files or in the operating system area (ie file configuration table) Some of the logical addresses may not be associated with any key or secret reference and are therefore available to any entity that has access to the partition itself. A request to establish a key and partition and write and The real system from which the data is read or the ability to use the keys needs to be logged into the secure storage application system via an Access Control Record (ACR). The secure storage should be 122364.doc -21 - 200822669 A special permission to access control records in the system (privUeg is called action " (action). Each access control record has the authority to perform the following three categories of actions: establishing a partition and key/key id; accessing the split area and key; and establishing/updating other access control records. . The access control record is (four) into a group, called the access control record group or the GP has successfully authenticated an access control record, then the secure storage application is opened - the session (sessi〇n), Through this session, you can perform any action of controlling access records. The access control record and the access control record group are used to control the security data structure of the access partition and the secret according to the principle. User partitioning The secure storage application system manages one or more public partitions, and is also a user partition. The partition is present on the storage device and is accessible to one or more of the cut zones via a standard read write command of the storage device. Obtaining the size of the partition and its presence on the device is preferably not hidden from the host system. The secure storage application system (4) reads the "command or the secure storage application command and can access the partition. Therefore, it is better that the security area cannot be restricted to a specific access control record." However, : ^ The program system allows these host devices to restrict access; there are four types of zones: zones that can be individually enabled/disabled... 迕 all four combinations (eg, incoming, and no access). Anti-write protection), reading and writing the secure memory application system enables the access control record to associate the secret (10) 122364.doc -22- 200822669 with the file in the user partition, and the associated use is The key of the class key ID is used to encrypt the individual files. Accessing the encrypted files in the user partitions and setting access rights to the partitions will be performed using the secure storage application command set. It is also used for data that has not been organized into a slot. Secure Storage Application partitions have hidden partitions that can be accessed only through the secure storage application command (to avoid unauthenticated parties). The secure storage application system will not allow the host device to access - securely store the application partition, except through a session established by logging into an access control record. Similarly, preferably, The secure storage application will not provide information about the existence, size and access rights of the Secure Storage Application partition unless the request is made through an established session. Derived from the access control record authority. Once an access control record is logged into the secure storage application system '^ can share the partition with other access control records (as described below). When creating a partition The host provides a reference name or ID for the partition (eg, p〇_p3 in Figures 3 and 4). This reference is used among progressive read and write commands for the partition. The partition of the storage device is relatively low. 'All available storage capacity of the device is configured for the user to partition the secure storage application partitions of the J product and the target configuration. Therefore, : = Reconfiguration of the existing partition. For this: ,, the change (the sum of the sizes of all partitions) will be zero. The 妒122364.doc -23- 200822669 The ID of the partition in the memory space is the host Defined by the system. The host system can re-segment one of the existing partitions into two smaller cut areas, or merge two existing partitions (which may or may not be adjacent) into a partition. The bedding material in the divided or merged segment can be deleted or left untouched, according to the judgment of the host. Because the re-segmentation of the storage device can result in the loss of data (because the data is deleted or the data is The strict restriction of re-segmentation in the logical address space of the storage device is managed by the secure storage application system. Only one access control record (described below) residing within an access control record group is allowed to issue a re-segmentation command, and it can only refer to the partitions owned by it. Because the secure storage application system does not know how the data is organized in the partitions (file configuration tables or other file system structures), it is the responsibility of the host to rebuild these structures whenever the device is repartitioned. The re-segmentation of the user partition will change the size and other attributes of the partition viewed by the primary operating system. / After the warning, ensure that any access to the secure storage application system is not referring to the non-existing partitions of the host system. If these access control records are not properly deleted or updated, future attempts to access non-existing partitions on behalf of these access control records will be detected and rejected by the system debt. A similar consideration is given to the deleted key and the key m. Key, Key ID, and Logic Protection When a file is written to a hidden partition, it is for the public to be 122364.doc -24- 200822669, but once an entity (hostile or hostile) The knowledge and access to the partition is obtained, and the file system becomes available and easy to understand. To secure the file for m, the secure storage application can encrypt the file in the hidden partition, where the authentication used to access the key decrypting the standard is preferably different from the authentication used to access the partition. Certification. Since the file system is actually controlled and managed entirely by the host, the content encryption key is associated with the file system __ problem. Linking the privilege to an object (the key ID) recognized by the secure storage application fixes the problem. Thus, when a secret is established by the secure storage application, the host uses the key established by the secure storage application, and the key ID used for the key is associated with the encrypted material. If the key is transmitted to the secure storage application along with the key, the key and the key m can be easily associated with each other. The threshold and the secret ID provide logical security. All data associated with a given Hunting Key ID (regardless of its location) is ciphered by the same key value in the Content Encryption Key (CEK), the reference name of the content encryption key Or the key ID is uniquely provided by the host application at the time of creation. If an entity (by authenticating through an access control record) obtains access to a hidden partition and wants to read or write an encrypted file within the partition, it needs to be accessible. The key 1D associated with the file. When the access to the key for the key ID is granted, the secure storage application loads the pin value associated with the content encryption key associated with the key ID and decrypts the data before transmitting it to the host. The material is encrypted or encrypted before it is written to the flash memory. In an embodiment 122364.doc -25-200822669, a secret value in the content encryption key associated with the - secret ID is randomly established by the resident storage application system and maintained by it. Any entity outside the Anwang storage application system does not know or can't access the key value in the current encryption. The outside world only provides and uses a reference or key ID, rather than the encrypted value in the content encryption pin. The secret value is thoroughly managed and preferably only accessible by the secure storage application or the key can be provided to the secure storage application system. The secure storage application system uses any of the following (user-defined) 2 secret modes (the real cryptographic compilation algorithm used and the 4 key value system control# in the content encryption key), and is not disclosed to the outside World): Block mode - data is divided into blocks, each of which is individually encrypted. This mode is generally considered to be less secure and vulnerable to dictionary attacks. However, it will allow the user to randomly access any of the data blocks. The chain pattern data is divided into blocks, which are chained during the encryption process. Each block is used as the input to the next_encryption program. In this mode, although considered safer, the data is written and read sequentially from start to finish, creating an over-capacity that may not be accepted by the user. Hash-up - A chain pattern with additional data summaries that can be used to confirm data integrity. Access control record and access control The secure storage application is designed to handle multiple applications, wherein each of the applications is represented in the system database as a 122364.doc -26-200822669 having核P point of the core f. The mutual exclusion between the applications is achieved by ensuring that there is no crosstalk between the branches of the trees. In order to gain access to the secure storage application system, an entity needs to establish a connection through one of the access control records. The secure program is managed by the secure storage application system based on the definitions built into the access control record that the user selects to connect. . The Hai Access Control Record is a separate entry point for the secure storage application system. The access control record retains login authentication and authentication methods. Also resident in the record are login privileges within the secure storage application system in which special permissions are read and written. This is shown in Figure 5, which shows n access control records in the same access control record group. This means that at least some of the n access control records can share access to the same key. Therefore, the access control record #1 and the access control record know that the access to the key having the key ID "key 3" is shared, wherein the access control a record #1 and the access control record #n are The access control record ID, and, the key 3, is used to encrypt the key m of the key associated with the data of the key 3". The same key can also be used to encrypt and/or decrypt multiple files, or multiple sets of data. The secure storage application system supports several types of logins to the system, where the 'Guo 忍 & 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝 贝change. Figure 5 shows the different login algorithms and authentication again. Access Control Record #1 specifies a password login algorithm and password for authentication, while the access control record specifies a public key infrastructure (pkd login algorithm and public key for identification 122364.doc -27- 200822669) To log in, an entity will need to submit a valid access control record ID along with the correct login algorithm and authentication. Once an entity logs into the *full storage application, the access control record is one of the associated access records. The access control record defines its authority (the right to use the secure storage application command) in the rights control record (PCR). In Figure 5, 'according to the displayed rights control record, access control record #1 grants the relevant In conjunction with, the read-only permission of the data of the key 3", and the access control record #2 grants the read and write permission to the data associated with the "secret 5," The common interests and special rights in the system can be shared, such as the secret input and the secret input. In order to achieve this, a total of 5 /, access control records of a certain two things are grouped in the access control record For example, the access control record and the access control record share access to a key having a key (1), a key 3". The access control records therein are organized in a tree hierarchy, and therefore, in addition to establishing the security key to keep sensitive data, an access control record may preferably be established to correspond to its secret. Other access control record entities of the key ID/segment. These access control record children will have the same or fewer rights as their parent (founder) and can be given any secret I established by the parent. Permissions. $ needs to be added, and the children get access to any of the secrets they have created. This is shown in Figure 6. Therefore, access control record group 12 (4) all access control records are accessed by access control records. 122 is established, and both of such access control records are inherited from the access control record 122 for access to the data associated with the data of 122364.doc -28- 200822669 & "key 3". Control record group login to the secure storage should The application system is implemented by designating an access control record group and an access control record in the access control record group. Each access control record group has a unique m (reference name), It is used as an index to point to its item in the secure storage application database. When the access control record group is created, the access control record group name is provided to the secure storage application system. If the provided access control record group name is already in the system, the security storage application will reject the setup operation. The access control record group is used to manage the delegation of access rights and administrative rights. The limitations, & will be described below. The two trees in Figure 6 provide the same & separate technologies (such as two different applications, or two different computer users) Access. For this purpose, it may be important for the two access procedures to be substantially independent of each other (i.e., substantially free of crosstalk), even if both occur simultaneously. This means that the identification, permissions, and establishment of additional access control records and access control record groups in each tree are not connected to other trees and are not dependent on other trees. Therefore, when the secure storage application system is used in the memory 1G, the memory system is allowed to servate a plurality of applications. It also allows two applications to access two separate sets of data (e.g., a set of photos and a set of songs) independently of each other. This is shown in Figure 6. Therefore, the application or user is accessing the phase 122364.doc -29- 200822669 through the node (access control record) in the tree in the upper part of FIG. 6 associated with the n key 3",,, key χ" And "key z,, the data can include photos. The application or user is accessing the information associated with the "key 5,,,,, key γ," via the node (access control record) in the tree in the lower portion of Figure 6, which may contain the song. The access control record of the access control record group is limited to having the right to delete the access control record group when the access control record group has no access control record item. The entity secure storage application enters Entry (entry p〇int) · access control record

C An access control record within the secure storage application system describes the manner in which the entity is allowed to log into the system. When an entity logs into the secure storage application system, it needs to specify an access control record corresponding to the authentication program it will execute. The access control record contains a Rights Control Record (PCR) which displays the user's executable actions that can be performed by the user as defined in the access control record shown in FIG. The entity at the host side provides all access control record data blocks. When the real-world system successfully logs into the access control record, the entity will be able to query all accesses (4) Jingzhilong and secret access rights as well as

Access control record attribute management (ACA chat limit (hereinafter referred to as access control record ID) When a secure storage application system entity starts the entry procedure, the system needs to specify the access control corresponding to the login method The record ID (as provided by the host when the access control record is created) is such that: the secure storage application will set the algorithm and select the correct rights control record when all entry requirements are met. When the access control 122364.doc -30-200822669 record is established, the access control record 10 is provided to the secure storage application system. The login/authentication algorithm specifies which login procedure will be The entity's use and what type of certification is required to provide proof of the user's identity. The secure storage application system supports several standard login algorithms, pre- (and non-certified) and password-based programs to - A two-way authentication protocol compiled according to = two passwords. ^ Certification of the entity corresponds to the login algorithm and is made by the secure storage application. It is used to verify and authenticate the user. A spine for authentication can be a password/personal identification number for password authentication, a login algorithm key for login verification, and the like. The type/format of such authentication (ie, personal identification number, symmetric key, etc.) is predefined and derived from the authentication mode; when the access control record is established, the authentication is Provided to the secure storage application system. The secure storage application system is not responsible for defining, distributing and managing these authentications, except for public key infrastructure-based authentication exceptions, where the device can be used (eg Flash memory card) to establish the RSA or other type of key pair, and the public key can be exported for authentication establishment. The rights control record (PCR) permission control record is displayed in the secure storage application system. The matter is then granted to the entity, and the authentication procedure for successfully transmitting the access control record. There are three types of permission categories: partition and password establishment authority; 122364.doc -31 - 200822669 Access rights for partitions and keys; 5" ^ 卩1卩, and management rights for only the body access control record attributes. Access partition

The rights control record for this paragraph contains a list of the partitions that are accessible when the access control record phase is successfully completed ((4) the ID provided to the secure storage application system). For each partition, the access type is defined as write-only or read-only or can specify full write/read entitlements. Therefore, the access control record #1 in FIG. 5 can access the partition (4) and cannot access the sub-area #i. The restrictions specified in this permission control record are used for such secure storage application partitions and public partitions. The public partition can be accessed by a regular read and write command to a device (eg, a flash memory card) that loads the secure storage application system or accessed by securely storing application commands Publicly split Q. When the root access control record (described below) is established to have the authority to restrict the disclosure, it can transfer rights to its children. Preferably, the access control record can only restrict normal read and write command accesses: Open. Preferably, the access control record within the secure storage application system can only be restricted when it is created. Once the access control record has the authority to read/write the open partition, it is preferred that its permissions cannot be removed.

Access Key ID This Noro's #Limited (4) record contains the contents of the list of secrets that the entity can access when the entity's login procedure matches Access=Record^. The specified key 1 £) is associated with one or more files that reside in the partition that appears in the control record 122364.doc -32- 200822669. Because the key mountains are not associated with logical addresses within the device (eg, a flash memory card), when more than one partition is associated with a particular access control record, the files are Can be located in any of the partitions. The key mountains specified in the rights control record may each have a different set of access rights. Access to the material pointed to by the key ID can be restricted to write-only or read-only, or a full write/read right can be specified. Access Control Record Attribute Management AM) / This paragraph describes how to change the attributes of the access control record system in some cases. Access control record attribute management action system permitted in the secure storage application system. 1. Create/delete/update access control record group and access control record. 2. Create/delete partitions and keys. 3. Delegate access to the key and partition. k A parent access control record is preferably unable to edit access (4) record attribute official authority. Preferably, this requires (4) the deletion and re-establishment of the access control record. Furthermore, preferably, access rights to one of the key IDs established by the access (four) record cannot be removed. An access control record can have the capacity to create other access control records and to access the control record group. The establishment of a depository system may also mean that the delegated access control record attribute management is owned by a certain or all-qiu left & M m. The authority to establish the 媢 古 古 古 amp amp amp ^ ^ ^ ^ 意 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 122 定义 定义 定义 定义 定义 定义 定义The setting of the access control record is set, and the silk recognition method cannot be edited. Such authentications can be changed within the boundaries of the authentication algorithms that have been defined for the children. 2. Delete an access control record. % % 3. Delegate the establishment of permissions to the child access control records (thus having access control records with the authority to establish other access control records with delegated unblocking rights to the access control established by them) The limit of the record (although it may not have the authority to unblock the access control record). The parent will place a reference to the unblocked person in the child access control record. The recording system has the only access to delete its child access control record. When the _ access control record deletes its low-level access control record, the lower level access control record: : All access control records of the street are also automatically deleted. When the record is deleted, all the secrets (10) and partitions created by it are deleted and the record can be updated to have its own record with two exceptions: The person identification code 'Although the password' personal identification number is determined by the establishment of the access control § _ ^ #'i ^t^-τ m 〇, by the access containing the password / PIN "i: recorded The password can be updated, personal identification is exhausted. The record system can delete itself and its resident access control delegate access _ to the key and sub-(4) access control record and complex / access control record group are combined in the tree step 122364.doc -34- 200822669 In the layer architecture, the root access control record group and the access control records therein are located above the tree (for example, the root access control record groups 13 and 132 in FIG. 6). There may be several access control record groups in the secure storage application system, although the access control record groups are completely separated from each other. An access control record in an access control record group can be delegated The access rights to (4) are given to all access control records in the same access control record group in which they are located, and are delegated to all access control records established by them. Preferably, the permission to establish a key includes The authority to use the access rights of the secret records is delegated. The permissions on the keys are divided into three categories: 1. Access - This defines the access rights to the key, that is, read and write. 2. Ownership - according to the definition, one establishes one The access control record of the key is its owner. This ownership can be delegated from one access control record to another access control record (provided that their access control records are in the same access control record group) Or in a child access control record group. One of the keys has the right to provide permission to delete it and delegate permissions to it. 3. Access Rights Delegation - This permission enables the access control record to be delegated The rights reserved. The access control record can delegate the access rights to the partitions it establishes and other partitions with access rights. The rights delegation is by the name and key of the partitions. It is implemented by adding to the access control record of the fingerprint access control record. The delegation key access authority can be delegated by the key ID or by narrating the access authority system 122364.doc -35- 200822669 Execution is performed by accessing all established keys of the control record. The lockout and unblocking of the access control record/an access control record may have a -blocking counter, and the entity accumulates the blocked counter when the access control record authentication procedure is unsuccessful. When a certain-maximum number of unsuccessful authentications is reached, the secure storage application private system will block the access control record. The blocked control record can be unlocked by another record, and the other access control record is referenced by the blocked access control record. The reference to the unblocked access control record is set by its creator. Preferably, the unblocking access control record is in the same access control record group as the creator of the blocked access control record, and has "unblocking, privilege." (4) within the system No other access control record can unblock the blocked access control record. An access control record can be configured to have a lock. Tens, but none of the unblocker access control records. If the access control record is blocked, it cannot be unblocked. Root access control record group - create an application database. The secure storage system m (4) is designed to handle multiple (four) applications and isolate the multiple The data of each of the applications. The tree structure of the access control record group system is used to identify and isolate application-specific negative materials. The root access control record group is tied to an application. The program securely stores the top of the application database tree and adheres to certain different behavior rules. Several root access control record groups can be configured in the secure application system. In Figure 6, two root access control record groups are displayed. 22364.doc -36 200822669 ..., memberally, more or fewer access control record groups can be used, and belong to the present invention. In the category. Login to a device for a new application (for example, a flash memory card), the authentication of the new application for the edge device is based on the group/access of the new access control record. The control record tree is implemented by adding a program to the device. The X-Awang Storage Application System supports three different modes of root access control record group establishment (and all access control records of the root access control record group and Permissions): _, non-green for any kind of authentication of any user or entity or through the system access control record identification of the user / entity (below = narrative) 'can be established - new root access control Record group. The open second implementation implements the root access control record without any security measures: and the establishment of 'all data transmission is on an open channel (also P-publishing agent ( Issuance Under the security environment of the agency), or through the access control of the system to access the control record to identify the security pass (that is, through the air (0TA) and post-release procedures). For system access control The record is not configured (this system - select feature), = root access control record group establishment mode is harvest "open ", then only 4 open channel options are available. Controlled. Only through this The system access control record identification entity can = root access control record group. If the system access control record tr group resentment, then the secure storage application system cannot be set to this mode 122364.d<-37- 200822669 3. Blocked: The establishment of the root access control record group is disabled, and the untrusted root access control record group can be added to the system. Two secure storage application commands control this feature (these commands can be used by any user/entity without having to authenticate). : Method Configuration Command - Used to configure the secure storage application system to use any of the three root access control record group establishment modes. Only the following mode changes are allowed. · Open + controlled, controlled + blocked (ie, if the secure storage application system is currently configured to be controlled, it can only be changed to Blocked). 2. Method Configuration Lock Command - Used to deactivate the method configuration command and permanently lock the currently selected method. When an access control record group is created, it is in the special state of enabling its access control U record creation and configuration (using the same access restrictions as applying to the root access control record group) Initialization mode. At the end of the root access control record group configuration program, when the entity explicitly switches it to the operation mode, the existing access control record can no longer be updated and additional access control can no longer be established. recording. Once an access control record group is placed in the standard mode, it can only be logged in by access control records via the access control record assigned to delete the root access control record group. The system can delete the root extract control record group. This is in addition to the special initialization mode of the Buken Access Control A record group; preferably, it may contain only the access control record with its own access control record group deleted. Access control record group, which is relative to the 122364.doc -38-200822669 access control record group in the next tree level. The third and final difference between an access control record and a standard access control record is that it is the only access control record in the system that has the authority to create and delete partitions. Access Control Record for Female Full Storage Application System The system access control record can be used for the following two secure storage application operations: f £ i 1. Establish an access control record under the protection of a secure channel in a hostile environment / Access control records the group tree. 2. Identify and identify the device that loads the secure storage application system. Preferably, the secure storage application system can have only system access plug-in. Once recorded, and preferably, it cannot be changed. When the system access control record is established, system authentication is not required; only one securely stores the application command. The "establish system access control record" feature can be deactivated (similar to the "establish root access control record group" feature). After the system access control record system is established, the system is established. Take control records. The special command system is not allowed. Preferably, only one system access control record is used in the private sequence established. The system access control record is not operational. The command system that needs to be released is required to be issued, indicating that the system access control record is established (4) ready to proceed. After this point, the system access control record is preferably not updated or replaced. / System, first access control reads the secure storage application towel to establish the root access control. Recorded/accessed control record group. It has the ability to increment/change the root 122364.doc -39- 200822669 f ==:' until the host is satisfied and the time is blocked. ^Hügen access control record group basically cuts off its connection to the system and presents its tamper proof (tamper pr〇〇f). At this time, the ::cannot change/edit the root access control record group and its internal record. This is done through the Secure Storage Application command. Deactivated work = The establishment of the control record group has a permanent effect and cannot be restored. The above-described privileged access control record relating to the system access control record is shown in Figure 7 for establishing three different root access controls, the recorded group. After the root access control record group is established, the secure storage application command is transmitted from the host of the 5H at the time of the capture, so that the control record is blocked from the root access control record group. / Using the shoulder to establish the root access control record group feature, as shown in Figure 7 is connected to the system, 'first access control C record and the root access control record group's dotted line. This presentation. Root access control record group anti-peep proof. The root access control record group can be established using the three root access control record groups before or after the root access control record group is blocked. Groups to form three individual trees. The above characteristics are provided by the content owner to configure the product with the security of the content of the entire product needs to be ''published,. The publishing system puts the private key to identify the key By means of the identification key, the device can identify the host, and vice versa, identifying the device (eg, a flash memory card) to enable the host to determine whether it can have its secret On the other hand, identifying the host system makes 4 devices It is sufficient to enforce the security principle (grant and execute a specific host command) only if the host is allowed. 122364.doc 200822669 Products designed as a ship's majority of applications will have several identification secrets. Being "pre-released", storing Mi Yu before shipment during manufacturing; or, post-posting, adding a new key after shipment. For post-release, memory devices (eg, memory cards) There is a need to include some sort of master or device level (10) that is used to identify entities that are allowed to add applications to the device. The above features enable a product to be configured for enable/disable after release. In addition, it can be shipped The post-release configuration is then safely performed. The device can be purchased as a retail product that does not have a key other than the primary: or device level key, and is then new The owner configures to enable or disable further post-release applications. Therefore, the features of the system access control record provide the ability to accomplish the above objectives. Factory - a memory device that does not have a system access control record will allow unlimited and no control to add an application. - A memory device without a system access control record can be configured to deactivate the system access control record creation. , which means that there is no way to control the addition of new applications (unless a new root access control record group is also disabled). '- Memory devices with system access control records will only be allowed via A full channel of the authentication program established by the access control record authentication system is used to increase the application in a controlled manner. Female - The memory device with system access control record can be configured to be in the application already Before or after being added, the joining application is deactivated: 122364.doc • 41- 200822669. The key ID list key ID is established according to a specific access control record request; however, in the memory system 1G It is only used by this secure storage application system. When a secret ID is created, the following data is provided by the establishment access control record or provided to establish an access control record: 1. Key ID. The 10 is provided by the entity through the host and is used to access the key and to encrypt or decrypt the data using the key in all further read or write accesses. 2. Key Encryption and Data Integrity Mode (the above-mentioned blocked, chained and hashed modes are described below). In addition to the properties provided by the host, the following information is maintained by the secure storage application system: 1 • Key 1D owner. The ID of the access control record is the owner. When a key ID is established, the creator access control record is its owner. However, the key ID ownership can be transferred to another access control record. Preferably, only the key ID owner is allowed to transfer ownership of a key ID and delegate a key ID. Delegate access rights to associated keys and revoke these rights can be managed by the key ID owner or any other access control record assigned to delegate authority. The secure storage application system grants this attempt whenever an attempt is made to perform any of its operations only if the access control record of the request is authorized. 2. Inner Valley Encryption Key (CEK). This is the key value used to encrypt the content associated with the key ID or the content to which the key ID is directed to encrypt the key 122364.doc -42- 200822669. The key value can be a 128-bit login algorithm random key established by the secure storage application system. 3. MAC and IV values. Dynamic information (message identification code and start vector) used in the chain block encryption algorithm. Referring to the flowchart of FIG. 8A-16, various features of the secure storage application are shown, wherein the "H" system on the left of the step means that the operation is implemented by the host, and the "C" system means This operation is performed by the memory card. Although these secure storage application features are displayed with reference to the memory card, it should be understood that these features can also be applied to memory devices in other physical forms. Access control record, the host issues a command to the secure storage application in the memory device 10 to establish a system access control record (block 2〇2). The device is checked by checking whether, The access control control system already exists and responds (block Μα, diamond 206). If the system already exists, the device 1 〇 returns failure and stops (oval 208). If the system does not exist, the memory 1 The system checks whether the access control record establishment is allowed (diamond 21〇), and if not allowed, returns a failure status (block 212). Therefore, there may be several cases in which the The issuer does not allow the establishment of a system access control record, such as where the required security profile has been predetermined so that access control records are not required. If so, the device is enabled. Returning the determination (〇Κ) status to the system access control record authentication from the host (block 214). The host checks the status of the secure storage application and if the device 10 has indicated that the system access control record is established. Is allowed (block 216 and diamond 218). If the establishment is not allowed or a system saves 122364.doc 43- 200822669, the control record is already present, then the host stops (oval 22G). Having indicated that the establishment of a system access control record is permitted, the host issues a secure-storage application* command to define its login credentials and transmits the login authentication to the device (block 222). The device 10 updates with the received authentication - the system access control records the record and returns a "determined" status (block 224). In response to this state «, the host issues a secure storage application command indicating that the system access control record is ready (block 226). The I set is 10 to lock the system access control and the response is responsive to its inability to be updated or replaced (block 228). This locks the features of the X-system, 'first access control" and its identity for identifying the device 10 for the host. The procedures used to create new trees (new root access control record groups and access control records) are determined by the way these functions are configured within the device. Figure 9 illustrates these procedures. Both the host 24 and the memory system follow this. If a new root access control record group is completely disabled, then a new root access control record group (diamond 246) cannot be added. If it is enabled but requires a system access control record, the host authenticates through the system access control record, and establishes a secure channel before issuing the root access control record group command ( Block 254). If the system access control record (diamond 248) is not required, then the host 24 can issue the "Create Root Access Control Record Group" command without authentication and proceed to block 254. If the system access control record does exist, the host can be used even if it is not required (not shown in the flowchart). If the feature is disabled, the device (such as a flash memory card) will refuse to create any attempt to create a new root access control record group for 122364.doc -44- 200822669, and if system access control records are required , then it will reject the _establishment - new root access control record group and do not attempt (magnitude 246 and 25 ()). The newly established access control record group and access control record in the block are now switched to the operation mode, so that the access control record in such access control record group cannot be updated or changed, and no access is made. Control records can be added to their access control 2 record group (block 256). The system is then optionally locked so that the server cannot create additional root access control record groups (block 258). The dashed box 258 is a convention that indicates the steps selected for this step. All the dashed lines in the flow chart in the diagram of this application are the steps selected. This allows the content owner to block the use of the device 1 for other illegal purposes that can mimic a genuine memory device with legitimate content. In order to establish an access control record (in addition to the access control record within the root access control record group, as described above), any access control record having the right to establish an access control 5 may be initiated (block 27). 〇), as shown in Figure 10. Any entity may attempt to enter through the host 24 by providing an access control record identity for the entry point and an access control record having all the attributes necessary to establish (block 272). The secure storage application checks for a match in the access control record identity and an access control having such an identity to have permission to establish an access control record (block 274). If the print request is deemed authorized, then the secure storage application within the device creates an access control record (block 276). Figure 11 shows two access control record groups showing a tree useful for the security application using the method of Figure 10. Therefore, in the marketing 122364.doc -45-200822669 access control record group having the identity ml in the access control record group has the authority to establish an access control record. The access control record ml also has the authority to use a key for taking or writing data associated with the key ID, the marketing information " and the data associated with the key ID ''price list'. Using the method of FIG. 1A, a sales access control record group having two access control records, and s 1 and s2 are established, which only have a price list associated with the key for access. , the read permission of the key of the pricing data, and the access permission of the key required for the information related to the key information, the sales information. In this way, the real system with access control records sl and s2 can only read but not the pricing data, and the marketing data will not be accessible. On the other hand, the access control record m2 does not have the authority to establish an access control record, and has only the information associated with the key m for access, the price list, and the associated key ID " marketing information The right to read the key of the data. Therefore, the access method can be delegated in the above manner, in which 81 and 82 are assigned to read the pricing data. In the case of large marketing and sales groups This is particularly useful. Under only one or a few sales people, the method of Figure 1 can be eliminated. Instead, the access rights can be delegated to the same access control record by an access control record. An access control record in a lower level or the same level within the group, as shown in Figure 12. First, the entity enters a tree for such access control record group by using the above method An access control record in the tree is designated by the host (block 280). The host then specifies the access control record and the rights delegated to it. The secure storage application checks for such access control Whether the recorded tree and the access control record have delegated rights 122364.doc -46- 200822669 Give another specified run

Access control record permissions (block 282). If 苴 is, the affiliation is delegated (block 284); if not, it is stopped. The knot %糸:1 is shown in Figure 13. In this case, the access control record ml has the authority to delegate the access to the control record si, so that after the delegation, the Sl will be used enough to access the price data. This can be implemented if the ml is the same or a larger right with access pricing information and such delegated authority. In the - item embodiment, ml maintains its access rights after delegation. Preferably, access rights can be delegated under restricted conditions, rather than permanently, such as a limited time, limited number of accesses, and the like. Figure 14 shows the procedure for establishing a secret and confidential transmission (1). The entity authenticates via access control (block 302). The entity requests to establish a key establishment with the ID specified by the host (block 3〇4). The secure storage application checks and sees if the specified access control record has the authority to do so (diamond 3G6). For example, if the key is used to access data in a particular partition, the secure storage application will check and see if the access control record has access to the partition. If the access control record is authorized, the memory device 10 establishes a key value associated with the key ID provided by the host (block 308), and stores the secret record m in the access control record. And storing the key value in its memory (the memory or memory 20 associated with the controller), and assigning rights and rights according to the information provided by the entity: for information (block 3 1 〇), The rights control records of such access control records are modified with such assigned rights and rights (block 3 12). Therefore, the creator of the key has all available rights, such as read and write permissions, delegation, and other access control records in the group with the same access control record group 122364.doc -47- 200822669 The lower level access control records the right to share and the right to transfer ownership of the key. An access control record can be changed to another access control record (or fully present) within the secure storage application system, as shown in FIG. A real system can enter a tree through an access control record as before; in a clear case, the entity is authenticated and then it specifies an access control record (blocks 330, 3 32). It requests a deletion of a target access control record or a permission within a target access control record (block 334). If the specified access control record or the access control record in the active state at this time has the right to do so (diamond 336), then the target access control record is deleted, or the target access control record has permission The control record is changed to delete such permissions (block 33 8). If this is not authorized, the system stops. After the above procedure, the target will no longer be able to access the data it was able to access before the program. As shown in Figure 16, a real system may attempt to enter the directory 'access control record' (block 35〇) and find that the authentication procedure failed 'because the pre-existing access control record ID no longer appears in the Among the secure storage applications, the access rights are denied (diamond 352). Assuming that the access control record ID has not been deleted, the entity specifies an access control record (block 354) and key hills and/or data within a particular partition, and then the secure storage application is based on such The access control record of the access control record checks whether the key mountain or partition access request is granted (diamond 3 5 8). If the permission has been deleted or has expired, the request is rejected again. Otherwise, the request is granted (block 360). The above procedure describes how the device (e.g., flash memory card) manages access to protected data of 122364.doc -48-200822669, regardless of whether the access control record and its rights control record system have just been - The access control record is changed or started to be configured as such. Session The secure storage system is designed to handle multiple users logging in at the same time. When this feature is used, only if the access control record used to identify a particular entity has the authority to perform the action requested by the poem, all the command systems (4) (4) that are purely stored by the secure storage are executed on the entity and executed. . A real system is supported through the concept of the session. A session is tied to the authentication private order _ to be built and assigned by the secure storage application system. The session m is internally associated with the access control record for the boarding (four) system, and is exported to 歹, such as ^, mouth, for use in all further secure storage application commands. / : The King Storage Application System supports two types of sessions: Open J and Women's Plenary Session. The type of session associated with a miscellaneous, 疋 ^ ^ program is defined in the access control record.兮-人 I am the Queen of the Queen's Storage Application System, which will force the implementation of the session in a manner similar to the mandatory 班 亍 班 ^ ^ ^ 1... itself. Because the sub-control § has been recorded. The real (4) yang can make the security pass, the first, so this mechanism makes the system design enemy _ associated with accessing a specific key 1D or calling a specific access control record management Hold from, 'heart is certified.' 〃 (also ~ 'Create a new access control record and set up an open session open-ended session for use -, - ^ period ID identification but not encrypted by bus bar 122364.doc -49- 200822669 period, all The commands and data are publicly transmitted. This mode of operation is preferably used in a multi-user or multi-entity environment where the real system does not constitute a threat model nor is part of the eavesdropping on the bus. While not protecting the transfer of data and not implementing an efficient firewall between the host-side applications, the open session mode enables the secure storage application system to only allow access to currently authenticated access controls. Record the information allowed. The open session can also be used in a partition or a key system needs to be protected. However, after the valid authentication procedure, access is granted to all hosts. Entity. The only thing that is required to be shared by various host applications to obtain access to the access control record (1). This is not shown in Figure 17A. The step taken by the host μ. After a real system authenticates the access control record 1 (block 402), it requests access to a file associated with a key ID X in the memory device 1 ( Blocks 4〇4, 4〇6 and 4〇8). If the access control record of the access control record 1 allows such access, the device 1〇 grants the request (diamond 410). If not, then The system returns to block 4〇 2. After the authentication is completed, the memory system 10 identifies the entity that is issuing a command only by the assigned session ID (and not the access control record authentication). The access control record is the data associated with the key IDs in the access control record that is accessed during an open session, and any other application or user can be specified by the host 24 The same session is shared by different applications to access the same data. This feature is advantageous in the application, where only 122364.doc -50- 200822669 can log in once for the user. Access to all associations It is more convenient to use the program to implement the information of the account that is logged in. Therefore, a user of a mobile phone can access the email stored in the memory 2 and listen to the stored market without multiple logins. On the other hand, the data contained in the access control record 1 is not accessible. Therefore, users of the same mobile phone can have valuable content, such as access control through a separate account. Record 2 access games and photos. This is the (10) person who does not want to borrow his phone to save 35, even if he can not care that others can access the control record through his first account丨Access to data. Access to data is split into two separate accounts during an open session and at the same time allows access control records 1 to be provided, providing easy protection and providing valuable data protection. In order to further facilitate the sharing of the session ID between the host applications, when an access control record is requesting an open session, it can explicitly request that the session be assigned "〇" ID. In this way, the application can be designed to use a predefined duration m. The only restriction is that for obvious reasons, only one access control record that is requesting session 0 can be identified at a specific time. An attempt to identify another access control record that is being requested will be rejected. Security session To add a layer of security, the session 1]0 can be used, as shown in the figure. Next, the memory The volume 10 also stores the session ID of the active session. In Figure 17B, for example, to enable access to a file associated with the key ID X, before the entity is allowed to access the file, Entity 122364.doc 200822669 will also need to provide a session ID, such as the session ID, A" (blocks 404, 406, 4 12 and 414). In this way, unless the requesting system knows the correct session ID, it cannot access the memory. Since the duration of the session is deleted after the end of the session and is different for each session, a real system can only be accessed if it is already able to provide the session number. The secure storage application system tracks whether a command system is actually from a properly authenticated entity by using the session number. The host application uses a secure session (a secure channel) for applications and usage scenarios where an attacker will attempt to use an open channel to transmit malicious commands. When a secure channel is used, the session ID and the entire command are encrypted with a secure channel encryption (session) key, and the security level is as high as the host implementation. Termination of a session In any of the following cases, the term is terminated and the access control record is logged out: 1. The system issues a clear end of session order. 2. The communication time is overdue. - A specific entity did not issue any commands during the period (as defined by one of the access control record parameters). 3 • Terminate all open sessions after the reset (eg flash memory card) reset and/or power cycle. Data Integrity Service Queen Storage Application System verifies the secure storage application data 122364.doc • 52· 200822669 ^ It contains all access control records, permission control records, etc.) In addition, it is provided through the key ID mechanism. Integrity service. If the key ID is configured to use hash as its plus hash value and the content encryption method is different, then the key record is included. In the second write, the content encryption value is 35 and the hash value is stored during the period. The hash take operation (4) is again calculated and compared to the value of the extra ^ during the previous write operation. Every time the entity is accessing the key ID, the additional data is cryptographically compiled into the data of the ¥ and the updated (for item fetch or write). It is suitable for the hash value. Because only the host knows the tributary file associated with a key m or pointed by a key 1 'the metrics of the host system in the following way: From the source of the data, the data file system 6 pointed to by a secret or by a secret (10) is "or taken. Any attempt to access the part of the (4) will be <the chaos of the reason is the secure storage application system The block cipher encryption method is being used and the hash information summary of the entire data is generated. u tm is in the continuous stream (the data stream can interleave the data stream of other poor key ids, and can be divided in multiple sessions) The hash value in the middle of the original port is maintained by the secure storage application system. However, if the data stream is restarted, the entity will need to explicitly indicate that the secure storage program "resets the material". Hash value Γ 3. When a read operation is completed, the The machine explicitly requests the secure storage application system to confirm the hash of the read by comparing the hash value of the read hash and the write operation period = 122364.doc -53 - 200822669. 4. The secure storage The application system also provides one, set read, and operate. This feature will stream the data through the encryption engine, but will not transfer it to the host. This feature can be used to actually source the device. (eg flash memory card) confirm data integrity before reading out. Random number generation ί /. The secure storage application system will enable external entities to use the internal random number generator' and request random numbers to be used for this Outside the secure storage application system. This service can be used by any host and does not require authentication. The RSA key pair generates the secure storage application system which will enable external users to use the internal RSA secret pair to create features. Request—(4) The key pair is used outside of the secure storage application system. This service can be used by any host and does not require authentication. For example, the hierarchical structure is not used, and similar results can be obtained by using the “database method” as shown in Figure 18. As shown in Figure 18, the maximum value of the method for authentication, identification, and failure of the entity is shown in Figure 18. The number of times and the list of the minimum number of authentications required to unlock the block can be entered into a database stored in the controller 12 or the memory 20, and the list causes the authentication request to be associated with the controller 2 of the memory 10. The ® π steam core principle in the database (for the reading and retrieval of keys and partitions, the safe channel needs to be gray, + h is stored in the store " is also stored in the database for the access key 122364. Doc -54- 200822669 The constraints and restrictions of the key and the knife sub-area. Therefore, some entities (for example, system B) can be on a white list, which means that these entities can access all keys and partitions. . Other real systems can be on a black list, and eight attempts to access any information will be blocked. This restriction may be global ^ or key and/or partition specific. This means that only certain entities have access to certain keys and partitions, and some entities cannot do so. The , , and the bundles are also placed on the content itself, regardless of the partition in which the content resides or the key used to encrypt or decrypt the content. Therefore, certain materials (/columns such as songs) may have attributes that they can only be accessed by the first five hosts that access them, or that other materials (eg, movies) can only be fetched a limited number of times. Attributes regardless of which entities have access rights. Identification Code protection • Exhaustion protection means that a password is required to access the protected area. Unless it cannot exceed a password, the password can be associated with different rights, such as read access and/or write access. • Password protection means that the device (e.g., a flash memory card) can verify the password provided by the host' that is, the device also has a password stored in the device management secure memory area. Publishing and Restrictions • Passwords are subject to replay attacks. Since the poor code does not change after each commit, it can be retransmitted identically. It means that if the protected data is valuable, the password should not be (4) (4), and the communication stream is easily accessible. 122364.doc •55- 200822669 • Passwords protect access to stored data, but should not be used to protect data (not a key). • In order to increase the level of security associated with a password, it can be diversified using a master key, with the result that a database of hackers does not mess up the entire system. A secure communication channel based on the session secret can be used to transfer the password. Figure 19 is a flow chart showing the use of a password for authentication. The real system transmits an account ID and password to the system 1 (for example, a flash memory card). The system checks to see if the password matches the password in its memory. If it matches, it returns the authenticated status. Otherwise, the error counter for the account is accumulated and the real system is required to re-enter an account still password. If the count is full, the system returns the status of the access denied.

Symmetric Key Symmetrical Secret Transfer algorithm means that the same key is used at both ends of the encryption and decryption. It means that the key should implement each other's inverse algorithm at each end of the communication and the decryption algorithm at the other end to communicate. It has been agreed in advance. In addition, the law, that is, the encryption at one end. Both ends do not need to implement the two types. • Symmetric key authentication means that you are 丨 '^ (for example, a flash memory card) and the host shares the same key and has a male code that returns $ gate. Compile algorithms (direct and thinking, for example, DES and DES-1). • Symmetric key authentication means that the challenge _ ^ mouth should (protect against replaying attacks 122364.do, 200822669) ° Protected devices generate a challenge for other devices, and both calculate responses. The authentication device returns the response and the protected device checks the response and, accordingly, confirms the authentication. Next, the rights associated with the authentication can be granted. Authentication can be: • External • The device (such as a flash memory card) recognizes the external world, ie the device confirms the authentication of a given host or application. • Mutual: creates a challenge on both ends. • Internal: The host application authenticates the device (i.e., flash memory card). That is, the host checks if the device is authentic for its application. In order to increase the security level of the entire system (i.e., destroy one destroys all), the symmetric key system is usually combined with diversification using a master key. • Mutual identification uses challenges from both ends to ensure that the :: mu challenge. Λ You are different. Encryption Symmetric key cryptography is also used for encryption because its algorithm, that is, it does not require a powerful central ubiquity, to handle cryptographic compilation. When the external unit § is used to make a communication channel secure, the two ends must know the session key used to make the material have the outgoing data and decrypt the &p, and the encryption must be entered. . A pre-shared security pair to avoid the warehouse ~ bucket, hanging the use of the Queen on the "key or use it V open secret Yu,,, and built 122364.doc -57- 200822669 set this session key. The same password compilation The algorithm must know and implement the phase signature wild (four) key can also be used for the signature-partial result. Keep the knot... In this case, the signature system is multi-owed, τΤόχ' is . Allowing the signature and the required one without revealing the secret value. The release and restriction of the symmetry algorithm is very efficient and safe to use its secrets, and it is based on a pre-published release. Share this secret safely in a dynamic way

: Two:: Make it random (like - session secret). This idea is one of the secrets 1. It is not easy to be safe for a long time, and it is shared by many people. In order to facilitate this operation, public key algorithms have been invented because they allow secret exchanges without sharing the secrets. Asymmetric authentication procedures Asymmetric key-based authentication uses a series of transmission commands: :: The system ultimately constructs the session key for secure channel communication. Basic: The system is fixed for the line. The protocol change allows: mutual authentication, #中' the user must identify the access control record he wants to use; and two-factor authentication. Preferably, the asymmetric authentication protocol of the secure storage application uses a public key infrastructure (PKI) and an RSA algorithm. As defined by these algorithms, each party in the authentication process is allowed to establish its own key pair. Each RSA key pair is made up of a public key and a private key set 122364.doc -58- 200822669. Because these keys are anonymous, they cannot provide proof of identity. The public infrastructure layer seeks a third party and the trusted party's signature each of the public secrets. The public street of the trusted party is pre-shared between the parties who authenticate each other and is used to verify the public key of the parties. Once the trust is established (the two parties decide that the public key provided by the other party can be trusted), the agreement is continuous authentication (verifying each party to hold the matching private key) and key exchange. This can be implemented by the challenge response mechanism shown in Figures 22 and 23, as described below. The structure containing the signed public key is called a credential. Signing Trusted parties to these credentials are referred to as Credential Authorization Units (CAs). In order for a party to be authenticated, it has an RSA key pair and a certificate proving the authenticity of the public key. The voucher is signed by a voucher authority that is authorized by another (authenticated) party. The authentication party is expected to have a public key for its trusted certificate authority on its property. The secure storage application system allows a credential chain. This means that the public key of the identified party can be signed by a different credential authority that is trusted by the identifying party. In this case, in addition to providing its own credentials, the identified party also provides credentials for the certificate authority that has signed the public secret. If the second level of credentials is still not trusted by another party (not signed by its trusted certificate authority), a third level of credentials may be provided. In this voucher chain algorithm, the 'per-t' person will hold a complete list of the public key that needs to be authenticated: 122364.doc -59- 200822669. This is shown in Figures 23 and 24. The authentication required for mutual authentication of this type of access control record is the rSA key pair of the selected length. Secure Storage Application Credentials The Secure Storage application uses the [χ·509] version 3 digital certificate. [Χ.509] is a general-purpose standard; the secure storage application voucher data file described herein further describes and limits the valley of the voucher definition field. The voucher data distribution also defines the hierarchical structure of trust defined by the credential chain, the confirmation of the secure storage application credentials, and the management of the certificate revocation list (CRL) data file. The voucher is considered to be public information (like an internal public key) and is therefore not encrypted. However, it contains an RSA signature that verifies that the public key and all other information fields have not been tampered with. [X.509] defines that each field is formatted using the ASN·1 standard, which in turn uses the DER format for data encoding. Secure Storage Application Credential Overview The device has up to 3 levels of hierarchy, however less than 3 levels. The host credential hierarchy is structured, and the embodiment of the secure storage application credential management architecture shown in Figures 20 and 21 includes an infinite hierarchical hierarchy for the host and is used for the device but more than or The device identifies the host based on two factors: : stored in the device

recording). 122364.doc 200822669 For a per-access control record, the host credential authority is the root credential authority (this is the reliance on the access control record authentication). For example, for an access control record, the root can also be a "host" certificate authority (level 2) voucher, and, for another access control record, the root certificate The authorized unit can be the second host root certificate authority unit certificate. For each access control record, each entity holding a certificate signed by the root certificate authority (or a certificate chain connecting the root certificate authority to the terminal entity certificate), The control record is taken, provided that it has a private secret for the corresponding real-time voucher of the terminal. As mentioned above, a voucher is a publicly available knowledge and is not kept secret. The fact that all the certificate holders (and corresponding private keys) issued by the root certificate authority can log into the access control record means that the authentication of the special access control record is stored in the deposit. It is determined by the issuer of the authorized unit of the root certificate within the control record certificate. In other words, the issuer of the root authorized unit can determine the entity of the access control record. Host Root Credentials This root credential is the trusted voucher authority voucher that the secure storage application is starting to verify (v) the open secret of the attempted a (host) entity. When the access control record is created as the access control record (4), it is fast. P time division' provides this certificate. It is used for the root of the trust of the public key infrastructure system and is therefore assumed to be provided by a trusted entity (a parent access control record or a manufacturing/configuration trusted environment). 122364.doc •61- 200822669 The secure storage application verifies the voucher by using its public key to verify the voucher signature. The host root certificate is stored encrypted in a non-volatile memory (not shown in the figure), and the secret key of the device is preferably stored only by the central processing unit 12 of FIG. 1 of the system 10. The host credential key The host credential chain is the credential provided to the secure storage application during the authentication process. After the processing of the host credential chain is completed, the host credential chain recall should not be stored in the device.

C 0 0, , , g show a schematic diagram of a host credential hierarchy of a number of different host credential chains. As shown in Figure 20, the host certificate can have many different credential chains, of which only three are displayed. · A1 · Host Root Credential Authorization Unit Credentials 5〇2, Host/Voucher Authorization Unit (Level 1) Voucher 504 and host certificate 506; B1. Host root certificate authority unit certificate 5〇2, host n certificate authority unit (second level) certificate 5〇8, host 1 certificate authority unit (third level) certificate 510 and host certificate 512 ; ^ - C1 · Master Remnant Credential Authorization Unit Voucher 5 〇 2, Host η Authenticated Authorized Unit (Second Level) Voucher 5 08 and Host Credential 514. The three credential chains A1, B1 and C1 above show three possible host credential chains that can be used to prove that the host's public key is authentic. Referring to the above voucher chain A1 and FIG. 2G, the disclosure information in the host i voucher authorization unit (second level) voucher 5G4 is signed by the host root voucher authorization form = private key (ie, by encrypting the Summary of the disclosure of the secret), the public key of the host root certificate authority is attached to the host root certificate authorization 122364.doc •62- 200822669

Within unit certificate 502. Yu Yudong M followed by #主$, the machine public key in the machine certificate 5〇6 is signed by the host 1 voucher s (the first level) of the private key 签名 斤, the host 1 The public key of the voucher authorization 罝^ 食食(di tier 2) is provided in the voucher authorization unit of the host 1, and the voucher 504 of the priest. Therefore, a real system with a public key of the host root certificate authorization 榷 early will be able to check and the above-mentioned credential chain A1 is straightforward. As a step of the brother, the real system uses

: The public key of the authorized unit of the host root certificate is authorized to decrypt the certificate issued by A to the host i certificate authority (second level) certificate 5〇4, and the signature of the worker is started. The decrypted signed and secretly transmitted. A summary of the unsigned public key in the host i voucher authority (second level) voucher 504 transmitted by the host. If the two match the public secret transmission of the subscriber 1 (second level) of the subscriber, the entity will then use the authentication of the host 1 certificate authority (second level). The public key is decrypted to decrypt the public key of the host signed by the private key of the host i certificate authority (second level) in the host certificate 506 transmitted by the host. If the decrypted signature value matches the value of the digest of the public key in the host credential 5 〇 6 transmitted by the child stack, then the public key of the host is then also authenticated. The credential chains B 1 and C1 can be used in a similar manner for authentication. As noted by the above-described procedure involving the credential chain A1, the first public key from the host that needs to be verified by the entity is tied to the key in the host 1 credential authorization unit (second level), and is not The host root certificate authorizes the unit credentials. Therefore, the host only needs to transfer the host i credential authorization unit (the first level) credential 504 and the host credential 506 to the entity, so that the host 1 credential authorization unit (second level) credential will be 122364.doc -63-200822669 The first credential that needs to be transmitted in the credential chain. As shown above, the sequence of voucher verification is as follows. The verification entity (in this case, the memory device 10) first verifies the authenticity of the public key in the first voucher in the voucher chain, which in this case is the voucher authorization under the root voucher authority Unit voucher 5 04. After the public key in such a voucher is verified as authentic, the device then proceeds to verify the next voucher, in this case the host credential 506. By the same token, a similar verification sequence can be applied, wherein the credential chain contains more than two credentials starting with the credentials immediately below the root and ending with the credentials of the entity to be authenticated. The device credential hierarchy architecture identifies the device based on two factors: a device root credential authorization unit voucher stored in the host and a voucher/credential chain provided by the device to the host (which is attached to the access) The control record is provided to the device as an authentication). The procedure for authenticating the device by the host is similar to the procedure described above for the device to authenticate the host. Device Credential Chain The device credential chain is the credential for the key pair of the access control record. It is provided to the card when the access control record is created. The secure storage application stores these credentials individually and will provide credentials to the host one by one during the authentication period. The secure storage application uses these credentials to authenticate the host. The device is capable of processing a voucher chain with 3 credentials, however several credentials other than 3 can be used. The number of vouchers varies depending on the access control record. It is determined when the access control record is created. The 122364.doc -64 - 200822669 device can transmit the credential chain to the host, however, it does not need to analyze them because the voucher chain data is not used. Figure 21 is a diagram showing the hierarchy of device credential hierarchy for displaying a different credential chain using a secure storage application for devices such as storage devices. The n different credential chains shown in Figure 21 are as follows: Α2·Device Root Credential Authorization Unit Credentials 52〇, Device/Voucher Authorization Unit (Manufacturer) Credentials 522 and Device Credentials 524; B2·Device Root Credential Authorization Unit Credentials 520, device n certificate authority unit C (manufacturer) certificate 526 and device certificate 528. The secure storage application device can be made by iSn different manufacturers, each manufacturer having its own device certificate authority unit =. Thus, the public key in the device credential for a particular device is signed by its manufacturer's private key, and then the manufacturer's public key is the private secret of the device's root credential authorized unit. Sign it. The manner in which the public key of the device is verified is similar to the manner in which the host's public key is described above. When in the above-mentioned case for the verification of the certificate of the host, there is no need to transmit the device root certificate authority unit von certificate ^ the first certificate system device i certificate authority (manufacturer) in the voucher chain to be transmitted The voucher followed by the device voucher, i is from 1 to _ integer. In the embodiment of Figure 21, the device will submit two voucher/device legacy licenses (manufacturing certificate, followed by its own device by alpha, »hai 4 set ι4 5 to authorize the unit (manufacturer) The voucher is the manufacturer of the device and is the manufacturer of the public key to sign the public key of the device 122364.doc -65- 200822669. When the device i certificate authority (manufacturer) certificate When received by the host, the host uses the public key of the root certificate authority that it owns to decrypt and verify the device i certificate authority (manufacturer) public key. If the verification fails, the host will Suspending the program and notifying the device that the authentication has failed. If the authentication is successful, the host transmits a request to the device for the next credential. Then, the device transmits it in a similar manner. The device credentials verified by the host. The above verification procedures are also shown in more detail in Figures 22 and 23. Figure 22 (Science " Full Service Module System" is a software module The Queen Stores the application of the private system and other functions as described below. The security service module system can be constructed as a software or computer code having a non-volatile content stored in the memory 20 or the central processing unit 12. The database in the memory (not shown) is read by the central processing unit 12 into the random access memory 12a and executed. If not in Fig. 22, there are three stages in the program, wherein The security service module system 542 in the device identifies a host system 540. In the first public key and key authentication phase, the host system 540 transmits the host certificate chain in the security service module command to the security service. Module system 542. The security service module system 542 authenticates (block 552) the host credentials 544 using the root credential authority unit public key located in the host root credential 548 within the access control record 55 The authenticity of the host public key 546. If an intermediate credential authorization unit 549 'between 4 credential authorization units and the host is involved, then at intermediate block 552, the intermediate credential authorization 549 is also used for verification. Assuming the authentication or procedure (block 552) is successful, the security service 122364.doc -66-200822669 module system 542 proceeds to the second phase. The security service module system 542 generates a random number 554 and transmits the random number 554 as a challenge to the host system 54. The system $ breaks the private key 547 of the host system to sign the random number (block 556), and transmits the signed The random number is used as a response to the challenge. The response is decrypted using the host's public key (block (4)) and compared to the random number 554 (block 56()) β assuming the decrypted response matches the random The number 554, the challenge response is successful. In the phase =, the random number 562 is encrypted using the host public secret record (10). Then, the random number 562 is intimately drawn. The host system, the charging unit 540 can obtain the session key by using the private secret recording decryption thereof (the block % sentence is from the encrypted random number 562 of the security service module system 542). The period key can then initiate a secure communication between the host system 540 and the security service module system 542. Figure U shows a one-way asymmetric authentication, wherein the host system 54 is The security service module system 542 in the device (7) is authenticated. Figure 23 is a protocol diagram showing a two-way mutual authentication procedure similar to the one-way authentication protocol of Figure 22, wherein the security in Figure 23 The service module system 542 is also authenticated by the host system 540. Figure 24 depicts a diagram of a credential chain 590 in accordance with an embodiment of the present invention. As described above, a credential chain that needs to be submitted for authentication There may be a number of vouchers so the voucher key of Figure 24 contains a total of 9 vouchers, all of which may need to be authenticated for authentication. As explained in the prior art section above, for vouchers In the existing system, the transmission is incomplete 1 22364.doc -67- 200822669 The credential chain, or if the entire voucher is transmitted, and the voucher is not transmitted in any particular order, so that the recipient will not be able to analyze the voucher until the entire voucher group has been It is received and stored as a soil because the number of voucher in a voucher chain is not known in advance, so this can present a problem. A large amount of storage space may need to be reserved for storing a voucher chain of indeterminate length. It may be a problem with the storage device that implements the authentication. An embodiment of the present invention is based on the problem that the host device can transmit it in the same order as the certificate chain will be authenticated by the storage device. The recognition of one of the voucher chains is mitigated. Thus, as shown in Figure 24, the core of the chain 590 is: starting with voucher chain 590(1), which is the voucher immediately below the host root voucher; Ending at voucher 590(9), which is the host credential. Accordingly, device 10 will first authenticate the public key in voucher 590(i), followed by the authentication of the public key in voucher 590(2), And so on Until the host public key in the credential 590 (9) is considered to be terminated. Then this is 70% of the entire credential chain 590. Therefore, if the host device is authenticated with the credential chain, By transmitting the credential key 590 to the memory device 1 in the same order or sequence, the memory device 1 can begin to authenticate each credential when each credential is received without waiting until all 9 of the credential key 590 The credentials have been received. Thus, in one embodiment, the host device transmits a voucher in the credential chain 590 to the memory device 1 at a time. Then, the memory device 1 must store a single voucher at a time. After the voucher has been authenticated, it can be overwritten by a voucher sent by the host, except for the last voucher in the voucher chain 122364.doc -68- 200822669. In this way 'at any time' the memory device 1 〇 will need to reserve space for storing only a single voucher. The memory device will need to know when the entire credential chain 590 has been received. Therefore, preferably, the last voucher 590(9) contains an indication or an indication that it is one of the last voucher in the voucher chain. This feature is shown in Figure 25, which shows a table of information for a control segment that is before the voucher buffer transmitted by the host to the memory device. As shown in Figure 25, the control section of voucher 590(9) contains an argument name "as the last flag". Next, the memory device 10 can be set by checking whether the "be the last flag system is set, and the authentication voucher 590 (9) is the last voucher in the voucher chain to determine whether the voucher received is the voucher. The last voucher in the chain. In an alternative embodiment, the voucher in the voucher chain 590 may be transmitted non-transitively, and transmitted in groups of one, two or three voucher. Obviously, The same number of credentials in a group or group with other numbers of credentials are used. Thus, credential chain 590 contains 5 consecutive credential strings 591, 593, 595, 597, and 599. Each of the credential strings contains at least a voucher. A contiguous voucher string is a voucher string containing the following voucher: a voucher (starting voucher) of the voucher string immediately preceding the voucher string in the voucher chain; immediately within the voucher chain a voucher (end credential) of the subsequent voucher string of the voucher string; and all voucher between the start voucher and the end voucher. For example, voucher string 593 contains three voucher 590(2), 590(3) and 590 (4). The five credential strings are identified by the memory device 10 in the following sequence: 591, 593, 595, 597 and 599 knots 122364.doc • 69- 200822669 bundles, if the five credential strings are associated with the memory device 10 implementations... the same sequence is transmitted and received, then the memory device will not need to store any credential string after the f-string has been authenticated, and 2: all subsequent except the credential string can be The next & 复 来自 来自 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 In order to not be the last voucher in the voucher chain. In this embodiment, the memory t will only need to store the space of the most voucher in the 5 voucher strings. Because & First of all, it is notified that the first longest voucher string is transmitted by the device, and the memory device i only needs to reserve enough space for the longest veneer string. The voucher chain is also transmitted by the 17H host. The length of each voucher within the certificate does not exceed the value verified by the voucher 4 times the length of the open key. Similarly, the 'better' is transmitted from the memory device 1 to a host device for verification. The length of the public key of the U-device is not more than The voucher is validated by 4 times the length of the public key. The above-described embodiment for the voucher chain is shown in the flow chart of Figure %, where 'for', for simplicity, within each group The number of voucher is false. Also as shown in Figure 26, the host sequentially transmits the voucher in the voucher chain to the card. The first voucher in the credential chain (typically, the credential following the root credential) As described above, the card 14 sequentially receives the credential chain of the host from the money authentication (block 6G2). Next, the card authenticates each received credential, and if the credential-authentication fails, the program is aborted. If the credentials are invalid—the authentication fails, the card notifies the 122364.doc 200822669 host (blocks 604, 606). Next, the card detects if the last voucher has been received and authenticated (diamond 608). If the last voucher has not been received and authenticated, then the card returns to block 602 to continue receiving and authenticating credentials from the host. If the last voucher has been received and authenticated, the card proceeds to the next stage (6丨〇) after the voucher is authenticated. Although the features in Figure 26 and the following figures refer to memory cards as an example, it should be understood that these features can also be applied to memory devices having a physical form other than a memory card. ^ The program implemented by the host when the card is authenticating the host is shown in Figure 27. As shown in Figure 27, the host transmits the next voucher in the voucher chain to the card (block 620), typically starting with a credential following the root credential. Then the host determines whether an abort notification (diamond 622) from one of the cards has failed to be authenticated has been received. If an abort notification has been received, the host is stopped (block 6 2 4). If a suspension notification has not been received, the host checks to see if the last voucher in the voucher chain has been transmitted by checking whether the ''last flag' has been set in the last voucher being transmitted ( Block 626). If the last voucher has been transmitted, the host proceeds to the next stage after the voucher is authenticated (block 628). As shown in Figures 22 and 23, the next stage can be a challenge response followed by a session key establishment. If the last credential in the credential chain has not been transmitted, the host returns to block 620 to transmit the next credential within the credential chain. The actions taken by the card and the host when the card is being authenticated are shown in Figures 28 and 29. As shown in Figure 28, after the start, the card waits for a request from the host to transmit one of the credentials in the voucher chain (block 63〇, 122364.doc -71 - 200822669 diamond 632). If a request from the host is not received, the card will return to diamond 632. If a request is received from the host, the card will then transmit the next voucher in the voucher chain, starting with the first voucher that should be transmitted (typically starting with the voucher following the root voucher) (block 634). The card determines if a failure notification has been received from the host (block 636). If a failure notification has been received, the card is stopped (block 637). If no failure notification is received, the card determines if the last document has been transmitted (diamond 63 8). If the last credential has not been transmitted, then (; the card returns to diamond 632 and waits until it receives the next request from the host for transmitting the next credential in the credential chain. If the last credential has been transmitted, The card proceeds to the next stage (block 639). Figure 29 shows the action taken by the host when the card is being authenticated. The host transmits a request for the next voucher in the voucher chain to the card. , which begins with a request for the first credential to be transmitted (block 640). Next, the host authenticates each received credential, and if the authentication fails, the program is aborted and the card is notified (block 642). If the authentication is passed, the host checks to see if it has received and successfully authenticated the last credential (diamond 644). If the last credential has not been received and successfully authenticated, then the host returns to block 64. In order to transmit a request for the next voucher in the voucher chain. If the last voucher has been received and successfully authenticated, then after the credential is authenticated, the host proceeds to the next stage (block 646). Abolition When a voucher is issued, it is expected to be used throughout its validity period. However, various circumstances may result in a voucher becoming invalid without the 122364.doc -72-200822669 effect before the expiration of the validity period. Such cases include name changes, subject matter. A change in the association with the authority of the voucher authority (eg '--employee termination and employment relationship with an organization'): and endangering or suspecting the compromise of the corresponding private key. In such cases, the voucher authority needs to revoke the voucher "The female full storage application enables credential revocation in different ways, and each access control record can be configured for a specific party T used to revoke the voucher. An access control record can be configured to not Support an abolition plan.

In the case, each voucher is considered valid until the expiration of its expiration. Alternatively, a voucher revocation list can be used. As yet another alternative, the scheme may be specific to the particular application, or the application may be described below. - The access control record specifies the abolition scheme used in the three abolition schemes by specifying an abolition value. If the access control record is established to have no abolition scheme, it is possible for it to adopt an abolition scheme that can be initiated by the access control record owner. The abolition of the memory device credentials is enforced by the host: 'not forced by the securely compromised application security system: The access control record owner is responsible for managing the waste of the host root certificate and implementing the mechanism by updating the credentials of the access control. Voucher Revocation List (CRL) 4 Female Full Storage Application System Use - Abolish Periodically release a firecracker authorized unit in a $# octave. - the voucher revocation list is identified by a voucher authorized unit (issuing D / early) v Zhishen. The same voucher of the voucher in the certificate is issued by 122364.doc -73- 200822669 right unit, signed by the abolition certificate, and It is implemented to be freely usable by the public. Each-dead certificate is identified in a voucher revocation list by its voucher number. The size of the voucher revocation list is arbitrary and depends on the revoked unexpired voucher. When a device uses a voucher 1 such as (4) to identify the identity of the host, the device not only checks the signature (and validity) but also compares the serial number of the voucher revocation list. And the voucher is authenticated. If an identification such as the serial number of a voucher is found on the voucher revocation list issued by the voucher authorized by the voucher issuing the voucher, then the system indicates that the voucher has been revoked and is no longer valid. The abolition list will also need to be considered to be true, so that it is the purpose of the .... Qiu's purpose. The voucher revocation list is issued using the certificate of abolishing the soap. The private secret of the unit is singularly poor, and it can be judged to be true by the use of the publicly available secrets of the authorized unit of the certificate. The child's voucher revocation list matches the summary of the non-existing and signed voucher revocation list. The illusion is that the voucher is abolished in the early morning and has not been tampered with and is true. Thirst - the heart also abolishes the early morning usually using a hash. It is a mixture of different methods, _ ^ . and a summary of the eight, and the abstract is by the private key X ^ of the private Bean Authorized Unit of the private bean X ^ in the beginning of the mountain, in order to identify whether If the voucher revocation list is valid, the voucher revocation list of the i, the name, (also P ', ,, hashed and encrypted voucher x abolished early) is used to authorize the secretary, the master,: decrypted And the hashed by early February (that is, the summary of the list of vouchers). Then, the vouchers of the vouchers are abolished. Therefore, the authentication procedure smashes the vouchers of the vouchers for use. Decrypted and hashed 122364.doc -74· 2 The step of comparing the voucher revocation list of 00822669. One of the characteristics of the voucher revocation list scheme is that the confirmation of the voucher (for the voucher revocation list) can be implemented separately from obtaining the voucher revocation list. The issuer of the voucher is signed, and in the manner described above, the voucher revocation list is authenticated in a similar manner to voucher identification using the public key of the voucher authority that issued the voucher revocation list. The device identifies that the signature belongs to the voucher revocation list and the issuer of the voucher revocation list matches the issuer of the voucher. Another feature of the voucher revocation list scheme is by means of exactly the same as the voucher itself Distribute the voucher revocation list, that is, through untrusted service and untrusted communication. The list of revoked documents and their characteristics are detailed in the X.509 standard. Secure Storage Application Infrastructure for Credential Revocation List The Secure Storage application uses this voucher to abolish the inventory scheme to provide an infrastructure for host abolition. When the RS A-based access control record is authenticated by the voucher revocation list abolition scheme, the host system will act as one of the additional fields for the voucher revocation list (if the issuer certificate authority does not revoke any voucher, then Add an empty voucher revocation list to a set of voucher commands. This block will contain a list of vouchers to be signed by the issuer of the voucher. When this field is present, the memory device 10 first authenticates the credentials within the set of credentials commands. Obtaining and accessing the voucher revocation list repository is entirely the responsibility of the host. The voucher revocation list is issued during the period in which it is valid (Certificate Revocation List Expiration Period (CET). During the identification period, 'if the current time is found to be 122364.doc -75- 200822669 is not in the current period, then The voucher revocation list is considered to be defective and cannot be used for voucher authentication. Then, the result is that the authentication of the voucher fails. In the traditional voucher authentication method, the authentication or authentication entity is expected Holding the voucher revocation list or being able to retrieve the voucher revocation list from the voucher authorization unit and comparing the serial number of the voucher submitted for verification to determine whether the submitted voucher has been revoked. In the case of a clock-recognition system, the memory device may not have been used by itself to obtain a voucher revocation list from a voucher authority. If a voucher revocation list is pre-stored in the device, then The list of classes can become expired, so that the voucher that was revoked after the installation date will not appear on the list. This will enable the user to use once abolished. Accessing the storage device. This is not desirable. In one embodiment, the above problem may be solved by a system in which an entity that is to be authenticated submits a voucher revocation list along with the identification to be authenticated. The voucher is given to the authenticating entity, and the authenticating entity can be a memory device 1. The authenticating entity then authenticates the authenticity of the received voucher and the voucher revocation list. The authenticating entity checks whether the voucher is The identification (such as the serial number of the voucher) appears on the voucher revocation list, and checks if the voucher is on the voucher revocation list. In view of the above, an asymmetric authentication scheme can be used between a host device and 3 mutual authentication between the devices 10. The host device that is to be authenticated for the recording device 10 will need to provide its credential chain and corresponding certificate revocation list. On the other hand, the host device The system has been used to connect to the voucher authorization unit to obtain the voucher revocation list, so that when the memory device 10 is to be authenticated by the host device, the record The device does not need to submit the voucher revocation list along with its voucher or voucher chain to the host devices. In recent years, there have been an expanded number of different types of portable devices that can be used to play content, such as different built-in or independent music. Players, mail 3 players, mobile phones, personal digital assistants, and notebook computers. Although it is possible to connect such devices to the World Wide Web (WWW) to verify the list of credentials from a voucher authority, typically, Many users do not go to the web every day = instead, they only get new content or update subscriptions (such as every few weeks) to connect to the web. Therefore, for such users, the credentials must be obtained from the certificate authority more frequently. The abolition list may be numb. For such users, the voucher revocation list may be stored in an earlier protection area of the storage device itself and may also be required to be handed over to the storage device. Access host credentials for protected content. In many types of storage devices (e.g., flash memory), the unprotected areas of such storage devices are managed by the host device rather than being managed by the host device. In this way, for the user (to the host device), there is no need to connect to the network to obtain more up-to-date voucher revocation lists. The host device can only take such a poor message from the unsafe area of the storage device, and then steer and submit such a voucher and list to the storage or memory device to access the protected content in the storage device. . Because the credentials used to access the protected content and their corresponding credentials are no longer valid for a certain period of time, so the user will not need to obtain the latest credentials or credentials if the system is still valid. List. The above features enable the user of 122364.doc -77-200822669 to conveniently access the voucher and voucher revocation list for a relatively long period of time when the voucher and voucher revocation list are valid, without the need to connect to the voucher authority For updated information. The above procedure is shown in the flowcharts of Figs. As shown in Figure 3, the host 24 reads from the unsecure open area of the memory device 1G a certificate revocation list that the host will submit to the memory device to recognize the voucher (block 652). Since the voucher revocation list is stored in an unsafe area of the memory, the voucher revocation list can be obtained by the host without identification. Since the voucher revocation list is stored in the public area of the name memory device, the reading of the voucher revocation list is controlled by the 4 host device 24. Next, the host transmits the voucher abolition soap along with the voucher to be authenticated to the memory device (block 654), and proceeds from the & unless it receives a failure from the memory device 1 ( Block 65 6). Referring to Figure 3, the memory device receives the heart from the host and also revokes the π-single and the voucher (block 658), and checks if the voucher number is on the voucher revocation list (block 66), and other aspects. (For example, &No"Hai vouchers list has expired). If the serial number of the voucher is found on the voucher revocation list or fails for other reasons, the memory device transmits a failure notification to the host (block 662). In this way, the host that is not the same can obtain the certificate revocation list stored in the public area of the memory device, because the same certificate revocation list can be used for different hosts 4! As described above, for the convenience of the user, the certificate to be authenticated from the abolished beta is preferably stored in an unsafe area of the memory device 10 together with the voucher. . 122364.doc •78- 200822669 However, the voucher can be used for authentication of the memory device by the host that is only issued by the voucher. In the case where the voucher revocation list is included in the block for a next update time, as shown in FIG. 32, the secure storage application in the device 10 also checks the current time against the time to see See if the current time is after this time; if it is so, then the recognition will also fail. Therefore, preferably, the secure storage application checks the time of the next viewing (or the time received by the memory device 10 against the receipt of the voucher revocation list) to check the time of the next update and the expiration of the voucher revocation list. As described above, if the voucher revocation list contains a long-term revoked voucher identification early, it may take a long time to process (eg, hash) and search the list for the serial number of the voucher submitted by the host, especially in the process. And the search system is implemented in sequence. Therefore, in order to speed up the process, the processing and search systems can be implemented simultaneously. Furthermore, the program can be time consuming if the entire voucher is revoked early and needs to be received before it is processed and searched. The applicant's department recognizes that the program can be quickly executed by (quickly) μ processing and searching as the part (4) of the voucher revocation list is received, so that the last part of the voucher revocation list is partially received. will complete. Figures 33 and 34 show the features of the abolition scheme described above. (4) (4) The entity (for example, the memory device of the memory card) receives the certificate and the certificate revocation list from the entity that is to be authenticated (block 7〇2). The portion of the unencrypted voucher revocation list is processed (e.g., hashed) and the identification of the voucher (e.g., serial number) in the submitted portion is also searched for. The compilation was completed by 122364.doc -79- 200822669

Or if the current time is not in the voucher revocation list expiring (for example, the hashed) voucher revocation list part of the hashed complete voucher revocation list, which is within the % of the full period, or if the next time has been exceeded When the time of the voucher revocation list is updated (block 710), the authentication also fails. In some embodiments, storing the hashed voucher list portion for compiling and the level decrypting the voucher revocation list portion may not require a large amount of memory space. When an entity (e.g., the host) wants to be authenticated, it will transmit its voucher and voucher revocation list to the authenticating entity (block 722) and proceed to the next stage (block 724). This is shown in Figure 34. If the real system submits a credential chain for authentication, a procedure similar to that described above can be implemented. In this event, the above procedure will need to be repeated for each voucher in the voucher chain along with its corresponding voucher revocation list. Each voucher and its voucher revocation list can be processed as it is received, without waiting to receive the remaining voucher in the voucher chain and its corresponding voucher revocation list. Identity Object (IDO) An identity object is a protected object that is designed to allow a memory such as a flash 122364.doc -80-200822669 memory card to store an RSA key pair or other type. , code compilation ID. The identity object contains any type of cryptographic compilation ID that can be used to sign and authenticate, as well as encrypt and decrypt data. The identity object also contains g - a voucher from a voucher authority (or a voucher chain from multiple voucher authorities) to verify that the public key within the pair is authentic. The identity object can be used to provide identification of an external entity or an internal card entity (i.e., the device itself, an internal application, etc., referred to as the owner of the identity object). Therefore, the card is not being used by the challenge response mechanism to compile the RS A password or other types of passwords, and to use the data stream provided to it by the signature as proof of identity. In other words, the identity object contains the password compilation ID of its owner. In order to access the password in the identity object, the host will first need to be authenticated. As described above, the authentication procedure is controlled by an access control record. After the host system has been successfully authenticated, the identity object owner can use the password to compile the ID to establish the identity of the owner for another party. For example, the cryptographic compilation m (e.g., a public-private key pair private key) can be used to sign the data that is being passed over by the other party through the host. The signed information and the voucher in the identity object are submitted to other parties on behalf of the owner of the identity object. The publicity of the public-private key pair in the voucher is verified by a voucher authorization unit (ie, a trusted letter " Any public key is true.苴 ♦ The public key in the voucher is used to decrypt ^ Tian can use the boat... The signed information, and compare the unsuccessful material and the other materials sent by A & data. If the information decrypted 122364.doc -81- 200822669 matches the information transmitted by other t-sectors, then it indicates that the owner of the identity object has the right to access the real private secret. And thus its representative system is real. The second use of one of the injuries is to use the password to compile the information such as the RSA key itself to protect the information assigned to the owner of the identity object. The beta shell is expected to be encrypted using the identity object public key. The memory device 1G, such as a memory card, will use the private key to decrypt the material.

"Parts are objects that can be created for any type of access control record. In an embodiment, the access control record can have only one object. The data signature and protection features are both secure storage applications. Cheng 2: Γ: The 4 level of the service object of any entity that can identify the access control record is the same as the login number of the access control record. The material is tied to have the identity object. - Access Control =, any authentication algorithm can be selected. Build: Estimate: An algorithm can best protect the identity object usage. The access control record of the identity object provides the second The order of the identity object public key. The mouth should be in the decrypted data when the identity object is being used. It may be mf self-emerging output. The host system is encouraged to use _ transparent... In this case, the secure channel is established. (4) When any of the algorithms (4) and the algorithm are used to establish the identity object, in the embodiment, the secret key is selected: key two and KCS#1 version 1 in the key and private key Being used as 122364.doc -82- 2008 22669 PKCS#1 (index, modulo) representation defined by version 2. 1 In one embodiment, the data contained during the establishment of an identity object has an RSA key pair of a selected length and a credential chain. It recursively proves the authenticity of the public key. The access control record with the identity object will allow the signature of the user data. This is implemented through two secure storage application commands: • Hanting user data : Provide a free-form data buffer to be signed. • Obtain a secure storage application signature. · The card will provide an rsa signature (using the access control to record the private key). Depending on the type of object, The format and size of the signature are set according to PKCS#1 version 1.5 or version 2.1. The operation system for using the body injury object is shown in Fig. 3 5-37, wherein the memory device 1 is a flash memory card. And the card is the owner of the identity object. Figure 35 shows that the private order of the data transmitted from the card to the host is shown in Figure 35, after the host is authenticated (block 8〇2), As mentioned above One of the structures is controlled by one of the access control records, the card is waiting for the -voucher-host request (diamond 804). After receiving the request, the card transmits the voucher and returns to diamond 8 ( 4) for the next host solicitation (block 806). If the disclosure of the identity object owned by the card is to transmit a voucher chain to verify the key', then repeat the above actions until the voucher chain The voucher has been transmitted to the host (diamond 808). If one has been transmitted to the host, each voucher <爰' the card waits for other ambassadors from the host to regain the period The command from the main 122364.doc -83 - 200822669 machine was not received' then the card returns to diamond 804. Upon receiving the data from the host and a command, the card checks to see if the command is for signature information (diamond 810). If the command is for signature material, the card signs the material with the private key in the identity object, and then transmits the signed material to the host (block 812) and returns to diamond 8.4. If the command from the host is not used to sign material from the host, the card uses the private key in the identity object to decrypt the received data (block 814) and returns to diamond 8.4. Figure 36 shows the procedure implemented by the host when the card signed data is transferred to the host. Referring to Figure 36, the host transmits authentication information to the card (block 822). After successful authentication controlled by one of the access control records at one of the nodes of one of the tree structures above, the host transmits a request to the card for use in the credential chain and receives the credential chain (block 824). After the public key of the card has been authenticated, the host transmits the data to the card for signing and receives the information signed by the private key of the card (block 826). Figure 37 is a diagram showing the procedure implemented by the host when the host decrypts the material using the card's public key and transmits the decrypted material to the card. Referring to Figure 37, the host transmits authentication information to the card (block 862). After successfully implementing authentication by an access control record control, the host transmits a request to the card to request a credential chain (block 864) that identifies the public key of the card within the identity object. And send a request to the card to request information. After having 4 acknowledged the public key of the card in the identity object, the host encrypts the data from the card using the card's authenticated public key and transmits it to the card (blocks 866, 868). ). 122364.doc -84- 200822669 Query Host and application systems need to hold certain information about the memory device or card they are working on to perform system operations. For example, hosts and applications may need to know which applications stored on the memory card are invocation. The information required by this host is sometimes not publicly available, which means that not every real system has the right to own it. In order to authenticate authorized and unauthorized users, it is necessary to provide two methods that can be used by the host. General Information Query this query to publish system public information without restriction. The confidential information stored in the memory devices consists of two parts: a shared part and a non-shared part. A portion of this confidential information contains a message that is exclusive to each other, so that each entity should be allowed to access only its own proprietary poor business' without accessing proprietary confidential information of other entities. Such confidential information types are not shared and form an unshared portion of the confidential information. f Some of the information that is considered to be public is in some cases may be considered as the name of the machine, such as the name of the application residing in the card and its life cycle state. Another example of this is the root access control record name, which is considered A-open but is available for some secure storage application usage. For these cases, the system should receive a batch _ in response to a general information query. The option 'keep this information available only to all authenticated users.' However, it cannot be used by unidentified users. This kind of stomach news constitutes the common part of the machine 3, the poor news. The consumption portion of the shared portion of the confidential information may include a list of access control records, i.e., a list of all root access control records currently present on the 122364.doc -85-200822669 device. Accessing the public information through the general poor query does not require the host/user to log in to an access control record. Therefore, any entity with knowledge of secure storage application standards can execute and receive this information. In the case of a secure storage application, this query command is placed under a no-session number. However, if it is desired that the shared portion of the confidential information is accessed by an entity, the entity must first be authenticated by any control structure (eg, any access control record) that controls access to the data within the memory device. . After a successful authentication, the entity will be able to access the shared portion of the confidential information through general information enquiries. As explained above, the authentication procedure will result in accessing one of the secure storage application session numbers or IDs. Prudentially poor queries Private information about individual access control records and their system access and assets is considered prudent and requires explicit identification. Therefore, such a query requires access control record entry and authentication (if the authentication is specified by the access control record) before receiving the authorization for the information inquiry. This query requires a secure storage application session number. Before describing two types of queries in detail, it would be useful to first describe the concept of index groups as a practical solution for implementing such queries. Index Group The application executed on the possible secure storage application host is specified by the operating system and system driver requirements on the host. Next, this means that the host application needs to know how many segments 0 need to be read for each secure storage application read operation of 122364.doc -86 - 200822669 because the query operation is intended to supply An entity that asks for information is usually information that is not known, so it is difficult for the host application to publish the query and guess the number of segments required for the operation.

To solve this problem, the secure storage application (4) query output buffer contains only per-query request-segments (512 octets). Objects that are part of the output information are organized into groups called index groups. Each type of object can have a different byte size, taking into account the number of objects that can be adapted to a single segment. This defines the index group for this object. If an object has a size of -20 bytes, the index cluster for that object will contain up to 25 objects. If there are a total of 56 such objects, it will have been organized into 3 index groups, where the object, 〇" (first object) starts the first index group, and the object "25" The second index group and the object "5〇> start: three is the last index group. System Enquiry (General Information Enquiry) This inquiry provides general public information about the supported secure storage application system and the current system being set up in the device, such as different trees and applications executing on the device. Similar to the record query (careful query) described below' The system query is structured to: Query options: Sigh • General - Secure Storage Application Support Version All security currently on the device contains its execution status . • Secure Storage Application - A list of applications that currently store applications, 122364.doc -87- 200822669 ι, and Bechengwei public information. As the access control record checks, 'in order for the host to not need to know more about the query output buffer to be read = section, there will be - the segment returned from the device, while still enabling the host to further query additional So, the home group can be connected. Therefore, if the number of root access control records is too large for the index group "G," the output buffer size is 1, the host can be connected. Come - query request. The index group that has been smashed down, i"transfers another Ο\access control record query (careful information query) The secure storage application access sniper record query command is intended to supply the access control record user about the deposit Take control of the resources of the system resources, such as the key and application, 梓W knife and child access control records. The query information is only about login, u ^ > 径 径 5 has recorded and other access control records on the system, first tree. In other words, access is limited to the rights of the access control records only involved. Users of the confidential information that can be accessed under the authority can query the following two special access control record objects: • Partition-name and access rights (owner, read, write • Key ID and application ID meaning, flying name % and access rights (owner, read, horse entry) 〇 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代 代And access control record group name. Identity object and security data you are born. 枓 Object (described below) _ name and access rights (owner, read, write). Because it is far worse than an access control record The number of connected objects can be changed, and 122364.doc -88- 200822669 This asset may be more than 512 bytes (one segment). The user cannot know the need without knowing the number of objects in advance. How many zones &amps are read from the secure storage application system in the device to obtain a full list. Therefore, each object list provided by the secure storage application system is divided into several index groups. Its system is similar to the above In the case of an inquiry, an index group is adapted to the number of objects in a section, that is, how many objects are transferred to the host in a section from the secure storage application system in the location. The secure storage application system transmits a segment of the requested index group. The host/user will receive a buffer of the object being queried, the number of objects in the buffer. If the system is full, the user can query the next object index group. Figure 38 shows a flow chart of the operation involving the general information query. Referring to Figure 38, when the secure storage application system receives general information from an entity. Upon query (block 902), the system determines if the entity has been authenticated (diamond 904). If the entity has been authenticated, the system supplies the entity with the public information and the shared portion of the confidential information (block 9〇) 6) If the entity has not been authenticated, the system supplies the entity with only public information (block 908). Figure 39 shows a flow diagram involving an operation of a cautious information query. Referring to Figure 39, when the secure storage application system receives a cautious information query from an entity (block 922), the system determines if the entity has been authenticated (diamond 924). If the entity has been authenticated, The system then provides confidential information to the entity (block 926). If the entity has not been authenticated, then 122364.doc -89- 200822669 the system denies the entity access to confidential information (block 928). Feature Group Extension (FSE) In many cases, it is advantageous to perform data processing activities within the secure storage application (eg, DRM usage rights object confirmation) on the card. An alternative solution is performed on the host relative to all data processing operations. The solution, the resulting system will be more secure, more efficient, and less dependent on the host. The Secure Storage Application Security System consists of a group of interesting and authoritative principles designed to control access to and use of a collection of objects stored, managed and protected by the memory card. Once a host gains access, the host will then process the data stored in the memory device, and the access to the memory device is controlled by the secure storage application. However, assuming that the (4) essence is often application specific and (4), the data format and the bedding processing system are not defined in the secure storage system, the secure storage application does not process the storage on the device. data. = phase: item implementation (four) series w · · full storage application 2 =, , = is enhanced to allow the host to perform some of the functions normally implemented by the host. Therefore, the host: the program can be divided into two parts, a dry body; and now implemented by the card, which enhances the security and efficiency of data processing. In order to force the ability to fly into a mechanism called feature group extension. In this paper, the card is used to store the host application in the application, which is also called the internal feature group extension application private, or the device internal application 122364.doc 200822669 program. The enhanced secure storage application system provides a mechanism for extending the basic secure storage application command set, which provides authentication and access control of the card through a guide card program. The card application is assumed to also implement services other than the services of the secure storage application (e.g., DRM mechanism 'e-commerce transactions). The Secure Storage Application Feature Group extension is a mechanism that does not enhance the standard security storage application security system with data processing software/hardware modules, which can be proprietary. In addition to the information that can be obtained using the above query, the service defined by the secure storage application feature set extension system enables the host device to query the card for available applications, select and communicate with a particular application. The above-mentioned general query and cautious inquiry can be used for this purpose. A method of using two extended cards to securely store an application feature set to extend an intra-feature group: • Provide a service - this feature is achieved by allowing the authorized entity to use a command channel called a pipe directly Internal application communication, the communication pipeline can be proprietary. • Extension of the standard access control principle for female full storage applications - this feature is achieved by associating internal protected data objects (eg, content plus (four) keys, security data objects (SD〇) described below) Internal card application. Whenever such an object is accessed, if the secure storage application principle of the defined criteria is met, the associated application is invoked, in addition to using the standard secure storage application principles 122364.doc -91 · In addition to 200822669, at least one du is also utilized. The conditions are better than the conditions. The condition will not conflict with the standard of the Angkor storage application. Access is granted only if the additional conditions are met. Before proceeding with further details on the ability of the feature set to extend, the feature set extension and the architectural aspects of the communication pipeline and the full data object will now be described. Female full service module (SSM) and related module diagram 40A is a functional block diagram of the system architecture of the host device 24 (such as a flash memory card) to explain this Invention - Item Embodiment. The main components of the software module in the memory device of the card 2G are as follows: Secure Storage Application Transport Layer 1〇〇2 The Secure Storage Application Transport Layer is card-dependent. It handles the host-side secure storage application request (command) on the protocol layer of the card 10 and then relays it to the security service module AP] ^ all host-card synchronization and secure storage application command identification is Implemented within this module. The transport layer is also responsible for all data transfer between the host 24 and the card. Security Services Module Core 1004 This module is an important part of this secure storage application implementation. The security service module core implements the secure storage application architecture. More specifically, the security service module core implements the secure storage application tree and access control record system and all of the above pairs of rules that make up the system. The security service module core module uses a cryptographic compilation library MU to support the secure storage application security and cryptographic compilation features such as encryption, decryption and hashing. 122364.doc -92- 200822669 Security Service Module Core API 1006 This host and internal application will be interfaced to the core of the security service module to implement a secure storage application layer. As shown in Fig. 4A, the host 24 and the internal application 1〇1〇 will use the same Αρι. Security Application Administrator Module (SAMM) 1008 The Female Full Application Administrator Module is not part of the Secure Storage Application System. However, it controls the internal application of the Secure Storage Application System. An important module within the card. The security application manager module manages all of the internal applications of the device, including: 1 • Application lifecycle monitoring and control. 2. Application initialization. 3. Application/host/security service module interface. Device Internal Application 1 0 1 装置 The internal application of the device is approved for execution on the card. Their internal applications are managed by the Security Application Administrator module and are accessible to the Secure Storage Application System. The core of the security service module also provides a communication channel between the host applications and the internal applications. The examples for such internal execution applications are the DRM application and the single-password (〇T time) application, as further explained below. Device Management System (DMS)101 This module contains the system and application firmware for updating the card in a post-shipment (commonly referred to as post-release) mode and the processing required to add/remove services. 122364.doc -93 - 200822669 Procedures and agreements.

Figure 40B is a functional block diagram of the internal software module of the core module 4 of the security service module. As shown in Fig. 40B, the core 1〇〇4 includes a secure storage application spear-type command processing routine (command)^ηο^Γ) 1022. The processing routine 1022 analyzes the secure storage application commands originating from the host or originating from the internal application of the device before the command is transmitted to the secure storage application administrator. All secure storage application security data structures (such as access control record groups and access control records) and all secure storage application rules and principles are stored in the secure storage application private database 1026. The secure storage application manager 1 24 performs the control exercised by the access control record and access control record groups and other control structures stored in the database 1026. Other items (such as identity items) and security data items are also stored in the secure storage application private database 1026. The secure storage application administrator performs the control exercised by the access control record and access control record groups and other control structures stored in the database 1026. The non-secure operation of the secure storage application is handled by the secure storage application non-secure operating module 1028. The secure storage application security operating module 1030 handles security operations under the secure storage application architecture. The module 1032 is an interface between the connection module 1030 and the cryptographic compilation library 〇12. The module 1034 is a connection module 1〇26 and 1028 to the layer 0 communication (or Pass-Through) pipeline of the flash memory 2 in FIG. 1 when the security service module core and security application are used. Program tube 122364.doc -94- 200822669

When controlled, the transfer pipeline objects enable entities of the authorized host to communicate with the internal applications. Data transfer between the host and the internal application is performed via the SEND& RECEIVE command (defined below). The actual commands are application specific. The entity that establishes the pipe (access control record) will need to provide the pipe name and the ID of the application to which a channel will be opened. As with all other protected objects, the access control record becomes its owner and is allowed to delegate usage rights and ownership to other access control records in accordance with standard Z rules and restrictions. If the CREATE_PIPE privilege is set in the access control record attribute management of the authenticated entity, then the authenticated entity will be allowed to create a pipe object. Communication with internal applications is allowed only if the authority to write or read pipes is set in the entity's permission control record. Ownership and access delegation are allowed only if the pipeline owner of the real system or delegate access is set in the entity's privilege control record. As with all other rights, when the ownership is delegated to another access control record, preferably the original owner has the exclusive right to the device application. Preferably, for a particular application, only one communication conduit is established. Preferably, an attempt to establish a second conduit and connect the second conduit to an already connected application will be rejected by the secure service module system 1000. Therefore, preferably, there is a one-to-one relationship between one of the device internal applications 1010 and a communication pipe. However, multiple access control records can be communicated to an internal application (through a delegation mechanism). A single 122364.doc -95- 200822669 Control Record can communicate with several device applications (through delegation or ownership of multiple pipes connected to different applications). Preferably, the access control records that control different official channels are located on nodes of a completely separate tree such that there is no crosstalk between the communication pipes. Transferring data between the host and a particular application is performed using the following commands: • WKITE PASS THROUGH - An unformatted data buffer will be transferred from the host to the internal application of the device. • KEAD PASS THROUGH will transfer an unformatted data buffer from the host to the internal application of the device, and once the internal processing is complete, an unformatted data buffer will be output back. The host. The write transfer command and the read transfer command provide the device that the host wants to communicate with. The internal application 1010 is a parameter. The entity privilege will be confirmed, and if the requesting entity (ie, the access control record hosting the session in use by the entity) has the right to use the pipe connected to the requested application, The buffer will be interrupted and the command executed. This communication method allows the host application to transmit the vendor/specific specific commands to an internal application via the secure storage application private access control session channel. Object (SDO) Month b is a useful object to be used in conjunction with the extension of the feature set. The appetite of the Queen of the Moon is used as a general information for the safe storage of sensitive information. 122364.doc -96- 200822669

Use container. Similar to a content encryption key object, it is owned by an access control record and can delegate access and ownership between access control records. Safety beakers contain information that is protected and used in accordance with pre-defined principles and, optionally, * has a link to a device 1010. Preferably, the sensitive material is not used or interpreted by the secure storage application system, but is used or interpreted by the owner and user of the object. In other words, the secure storage application system does not identify the information in the data it disposes. In this way, when the data is transferred between the data objects on the host disk, the owner and user of the data in the object can be less concerned with the connection to the secure storage application system. Loss of sensitive information. Therefore, the secure data object is created by the host system (or internal application) and assigned a string of IDs similar to the way in which content encryption is created. At the time of establishment, in addition to providing the name, the host also provides an application ID linked to the secure data object and a data area to be stored, integrity authenticated and received by the secure storage application. Piece. Wang is similar to the content encryption key. The security data object is preferably created only during a secure storage application session. The access control record used to open the session becomes the owner of the secure data object, and has the right to delete (4) security data objects, write and read sensitive information, and delegate money: and access to the security data object. Permissions are given to another access control record (either a child of /, or within the same access control record group). These write and read operations are reserved exclusively for the owner of the secure data item. - for the human operation, the provided data buffer to overwrite the existing security. 122364.doc -97· 200822669 The read operation will retrieve the security data from the full data object. The complete data record of the piece. The non-owner access control record of the SHI艮 access right JI艮 is allowed to perform the security data object access operation system. The following operations are defined: SDO Set, Application 1 is defined • The data will be processed by the internal secure application with the application ID. The application is invoked by being associated with the secure data object. As a result of the selection, the application will write the safety data object. • SDO Set (safe data object setting), application 1 is null (null) • This option is beneficial, and the gland is – and the k is not legal command error. The Set command needs to be executed on the internal application of the card.

Get (secure beak object gets), the application (1) is defined: = by, there is the app! The device internal application of D handles the request to call the application by being associated with the security data object. The output ("undefined") will be passed back to the requester. The application will select the item to take the security data item. , .SD such as (secure data object acquisition), application (four) is null: This k item is invalid, and will prompt - illegal command error. The (10) command needs to be executed on the internal application of the card. (4) Permitted permissions: - Access control records can be full data object owner σ 9 authors take permissions (Set, Get, or two, an access control record can be allowed to pass access to non-owned objects) Right to another access control record. If -^子二'° has recorded access control record attribute management authority, the access control 122364.doc -98- 200822669 system can be explicitly allowed to establish security information Object and delegate access. Internal Access Control Record The internal access control record is similar to any access control record with an access control record, except that entities outside the device 10 cannot log into the access control record. When the object or the associated application under the control of the secure storage application manager 1024 of FIG. 40B is invoked, the secure storage application administrator of FIG. 40B automatically logs in to the internal access. Controlling the record. Because the attempt is to gain access to the real system of the card or the entity inside the memory device, no authentication is required. The secure storage application administrator 24 will only transmit a session key to the internal access control record to enable internal communication. Two examples will be used to show the ability to extend feature sets: single-password generation and digital rights management. Before the example, the release of two-factor authentication will be explained first. Example of single-password i Two-factor authentication (DFA) Two-factor authentication is a recognition agreement designed to incorporate an additional secret. The second factor "to standard user authentication (ie, user name and weight)" enhances the security of the individual's login to, for example, a web service server. The second secret is also used by the general It holds a thing stored in the physical security token of 35. During the boarding process, the user needs to provide proof of possession as part of the denial certification. A single-password, which is only suitable for a single-login password, which is generated and output by the security token. If the user is able to provide the correct single-time secret, the 122364.doc -99-200822669 Code, it is considered to be sufficient proof, yes, the possession of the token, because there is no such code to compile the password:: The early password is not practicable. Because the single password is only suitable for the flat login. 'So the user should have this token when they log in, because the old password captured from the login will no longer be valid. The i-series described in the following paragraph use the safe storage application security. The data structure, plus the feature group extension design, to calculate the next password in the single password series, to execute a flash memory card with multiple, virtual security tokens, each token generated - different series of passwords (which can be used in different web sites). A block diagram of this system is shown in Figure 41. The system 1050 contains an authentication server 1〇52, an internetwork. The router 1〇54 and the user (7) with the token 1〇58. The first step is to agree that a shared secret (also known as a seed) between the authentication server and the user will request a secret or seed to be posted and will store it. This security token is in the middle of 1058. The next step is to tie the secret or seed to a specific web service server. Once the system is completed, the identification takes place. The user will instruct the token to generate a single password. A one-time password with the username and password is transmitted to the Internet server 1054. The Internet server 1 〇 54 forwards the one-time password to the authentication server 1052 and asks it to authenticate the user. The authentication server will also generate a single password, and since the single password is generated from a common secret along with the token, it should match the single password generated from the token. If a match is found, the user's 122364.doc -100-200822669 ID is authenticated' and the authentication server will send back a positive confirmation to the internet server 1054, the Internet The route server 1 〇 54 will complete the user login procedure for the feature set extension implementation of the single cipher generation with the following characteristics: • Securely store (encrypt) the single cipher seed within the card. • The password generation algorithm is executed within the card. r • The device U) can simulate multiple virtual tokens, each of which holds a different seed and can generate algorithms using different passwords. • The device 1 provides a - safety agreement from which the feeder delivers the seed to the device. The secure storage application feature for single cipher seed provisioning and single cipher generation is shown in Figure 42, where the solid arrow indicates ownership or access and the dashed arrow indicates association or association. As shown in Figure Bamboo, the security feature application group extension (4) (four) is called, can be more: communication pipeline 1104 to access the software code feature group extension 1102;; the communication pipeline 1104 is controlled by n shore shovel six ^ &gt ^ Each of the access control records (10), "in the yoke example, only the display - feature group extension, and for each feature group extension application, it should be understood that the / communication channel can be utilized. In order to utilize the application of more than one feature set, the Yin Tuo 42 system only displays the - communication pipeline. It should be understood that: a plurality of communication pipelines can be used. All such variations are feasible. 40A, side and 42, the feature group The extension (10) can be applied to the application code of the second code, and is used to form a subset of the device internal application 122364.doc 200822669 1〇10 of FIG. 4A. The control structure (access control record 11G1, 1103, 1106 111G) is part of a secure data structure within the secure storage application and stored in the secure storage application database 1026. For example, identity object 1120, identity object, and communication pipe u〇k data node The structure is also stored in the secure storage application database. Referring to Figures 40A and 40B, φ relates to the security-related operations of the access control records and data structures (e.g., data transfer during the session, and such as Lishan solution and hash operation are handled by module 1〇3〇 with the help of interface 1032 and password compilation library 1012. Security service module core API _6 does not distinguish between access to host interaction The operation of the control record (external access control record) and the internal access control of the unfamiliar host interaction. The recorded operation 'and thus does not distinguish the operation involving the host relative to the operation of the internal application ΠΠ0. In this way, the access controlled by the host entity and the access control implemented by the internal application of the device use the same control mechanism. This results in the partitioning of the host application and the internal application of the device. Resilience of data processing between the internal applications 1(), such as the feature group extension ιι〇2 in Figure 42, is associated with the internal access control records (eg, Figure 42). Access control records 1103) 'and are controlled by such internal access control records, such as access control records and access control record groups with associated secure storage application rules and principles The security data structure is more than the land system control of the important information, such as the information contained in the information object, or the information that can be derived from the contents of the security data object, so that the external or internal application system The content or information can only be accessed in accordance with the rules and principles of the secure storage application. For example, if two different users can call one of the internal applications of the device, one of the individual application internal applications To process the data, the internal access control records located in the separate tree hierarchy are used to control the access performed by the two users so that there is no crosstalk between them. In this manner, both users are able to access a common set of device internal applications 1010 for processing data without fear that the owner of the content or information within the secure data object loses the content or information. control. For example, access to stored secure material object data accessed by the device internal application 1010 can be controlled by access control records located within a separate tree hierarchy such that there is no crosstalk between them . This type of control is similar to the way the secure storage application privately controls access to data. This provides the content owner and user with the security of the data stored in those data items. Referring to FIG. 42, a portion of the software application code required for the single-password-related host application is stored (for example, the uranium issued by the memory card is pre-stored or loaded after the memory card is released) in the memory. It is possible within the device 10 to extend the application within the 1102 as a feature set. In order to execute such a code, the host will first need to authenticate (N is a positive integer) through one of the N authentication access control records 1106 to gain access to the pipeline 1104. The host will also need to provide an application m for identifying the application associated with the single password that it wants to invoke. After a successful authentication, such code can be accessed for execution via Pipe 1 1 04 associated with the 122364.doc -103 - 200822669 single weight related application. As noted above, preferably, there is a one-to-one relationship between a pipe 1104 and a particular application, such as a single-password-related internal application. As shown in Figure 42, a plurality of access control records 丨丨〇6 may share control of a common pipe 1104. An access control record can also control more than one pipe. Figure 42 shows a security data item 1, a security data item 2, and a security data item 3, collectively referred to as object 1114, each containing information, such as one seed for a single password generation, which is valuable and preferred. To be encrypted. A link or association between the three data objects and the feature set extension 11 〇 2 indicates that the attributes of the objects are: when accessing any of the objects, having the secure data object The application within the feature set extension 1102 of an application ID will be invoked and the application will be executed by the central processing unit 12 of the memory device without receiving any further host commands (Figure 丨) . Referring to FIG. 42, the security profile (access control records 11〇1, 11〇3, 11〇6, and 1110) has been established to have control before a user can start the one-time password procedure. The permission control record of the single password program. The user will need to have access rights to invoke a single cryptographic device internal application 1102 through one of the authentication server access control records 110. The user will also need to have access to a single password generated by accessing one of the N user access controls δ1. The secure data item 1114 can be created during the single gift, code seeding process. Preferably, the internal access control record 丨1〇3 has established and controlled the identity object 1116. The internal access control record 11〇3 also controls the secure data items 1114 after it is established 122364.doc -104-200822669. When the secure data item 1114 is accessed, the secure storage application manager 1024 in Figure 4B automatically logs into the internal access control record 1103. The internal access control record 1103 is associated with the feature set extension 1102. During the single cryptographic seeding process, the secure material items 1114 may become associated with the feature set extension as indicated by the dashed line 11〇8. After the association is ready, when the host accesses the secure data objects, the association 将1〇8 will cause the feature group extension 1102 to be invoked without requiring a further look from the host. When the communication channel 1104 is accessed through one of the N access control records 11〇6, the secure storage application manager 1〇24 in Fig. 40B also automatically logs in to the access control record 11〇3. In both cases (accessing the security lean object 1114 and the pipe 1104), the secure storage application administrator will transmit a session number to the feature group extension 11〇2, the session number will be identified to the internal Access control record 1103 channel. The single cryptographic operation involves two phases: one is shown in the seed supply phase of Figure 43; and the single cryptographic generation phase is shown in Figure 44. Reference will also be made to Figures 40-42. Figure 43 is a diagram showing the agreement of the seed supply procedure. As shown in Figure 43, various actions are taken by the host (such as host 24) and by the card. The security service module system of FIG. 4A and 40B, which is a real system on the card of various actions, includes another real system on the card in which the security service module core 1004 takes various actions, as shown in FIG. The feature set extends 1 102. In two-factor authentication, the user requests a child to be published, and once the seed is published, the seed is stored in a security token. 122364.doc -105- 200822669 In this example, the security token is the memory device or card. The user authenticates one of the authentication access control records 11〇6 in Fig. 42 to gain access to the security service module system (arrow 1122). Assuming the authentication is successful (arrow 1124), the user requests a child (arrow 1126). The host transmits the request to sign the seed request to the card by selecting a particular application 1102 for signing the seed request. If the user does not know the particular application m to be called, the poorness can be obtained from the device 10, for example, through a cautious inquiry for the device. Then, the user inputs the application ID of the application to be called, thereby selecting a communication channel corresponding to the application. Then, the user command is forwarded to the application specified by the application m from the user via the corresponding communication pipe 'in the delivery command (arrow 1128). The called application requests a signature by the public key in the specified identity object (identity object 1112 in Figure 42). The security service module system signs the seed request using the public key of the identity object and notifies the application that the signature is complete (arrow 1132). The invoked application then requests the credential chain of the identity object (arrow 1134). In response, the security service module system provides a credential chain (arrow 1136) of the body object controlled by the access control record 1103. Then, the called application provides the signed seed request and the credential chain of the identity object to the security service module system through the communication pipeline, and the security service module system forwards the signed seed request And the credential chain of the identity object is linked to the host (arrow ιΐ38). Transmitting the signed seed request and the identifier of the identity object through the communication pipeline through the security application manager module 1008 and the security service of FIG. 40A The callback function between the module cores 1 and 4 'where' will be explained below. Next, the signed seed request received by the host and the credential chain of the identity object are transmitted to the authentication server 1052 as shown in FIG. The credential chain provided by the card verifies that the signed seed request originates from a trusted token such that the authentication server 1〇52 wants to provide a secret seed to the card. Therefore, the authentication server 丨OK transmits the seed of the public key encryption of the identity object to the host along with the user access control record. The user information indicates an access control record that gives the user the right to access the single password to be generated in the N user access control records. The host invokes the feature set to extend a single-password application within 11〇2 by providing the application ID, thereby selecting a communication channel corresponding to the application, and forwarding the user access control Funding to the security service module system (arrow 丨丨 4〇). The filtered seed and the user access control record information are then forwarded through the communication conduit to the selected application (arrow 1142). The invoked application transmits a request to the security service module system for decrypting the seed using the private key of the body object (arrow 1. The security service module system decrypts the seed and transmits a Decrypting the completed notification to the application (arrow 1146). The invoked application 3 then seeks to create the female full data item and store the security object in the secure data object. It also requests the security information. The object is associated with the single cipher application for generating the early password (which may be the same as the application being requested by 122364.doc • 107-200822669) 10 (arrow 1148) β the security service module The system establishes one of the security data objects 1114, and stores the seed in the security data object, and associates the security data object with the ID of the single password application type, and transmits a notification to the Application (arrow 1150). Then the application requests the security service module system to delegate the (four) access control record based on the user dragon provided by the host. The access rights for accessing the secure data item 1114 are given to the appropriate usage control access record (arrow 1152). After the delegation has been completed, the Anjun service core group system notifies the application (arrow 154) Then, the application transmits the security data through the communication pipe by a callback function, and the name (slot ID) of the component is sent to the security service module system (arrow ιΐ56). Then, the security service module system is Transmitting the name of the secure data item to the host (arrow 1158). The host then binds the name of the secure data item to the user access control record so that the user system can now access the secure data object The procedure for single-password generation will now be described with reference to the co-$ diagram in Figure 44. To obtain the single-password, the user will log in with the access rights 3 user access control record (arrow 1172). Assuming that the authentication is successful, the security service module (4) notifies the host, and the host transmits a "(4) SDO" command to the security service module (arrow 76). As described in the text, the security data item storing the seed has been associated with an application for generating the single password. Since f does not select an application through the communication channel, the early-person The code generation application is invoked by the association between the security object 122364.doc 200822669 (arrow 1176) accessed by the command and the single password generation application (arrow H78). The secondary password generation application requests the security service module system to read the content (ie, the seed) from the security data object (arrow 1180). Preferably, the security service module does not know the content of the security data object. The information contained in the information, and the information in the security data object will be processed only according to the feature group extension indication. If the seed is encrypted, then the system may be involved in deciphering the seed before reading the feature set extension command. The security service module system reads the seed from the secure data item and provides the seed to the single password generation application (arrow 1182). Then, the single password generation application generates the single password and & provides a single password to the security service module system (arrow 1 1 8 sentences. Then 4 single weights are transferred by the security service module Delivered to the host (arrow 1186) 'Next' the host forwards the single password to the authentication server 1052 to complete the two-factor authentication and authentication process. The callback function is shown in Figure 40. A universal callback function is established between the core device 4 and the security application blind controller module 1008. Different device internal applications and communication pipes can be logged in to have such functions. Therefore, although one is called When the device is internally applied, the application can use the callback function to transmit the processed data to the security service module system through the same communication channel used to transmit a host command to the application. Embodiment FIG. 45 is a functional block diagram of a DRM system using a communication official channel 1104' and a link to a feature group extension application u〇2, the link 122364.doc -109-200822669 11 0 8 ' Encryption key 1114, and control structures 11〇1, 1103, and U06 for controlling these functions to implement DRM functions. As will be noted, the architecture of Figure 45 is quite similar to the architecture of Figure 42. However, the security data, the σ structure now includes the right to use the 4 server access control record Chuan 6, and the play access control record 1 1 10, (instead of the authentication server access control record and the user save The control record is taken as well as the content encryption key 1114, except (instead of the security data object). Furthermore, the identity object is not involved, and thus the identity object is omitted in Figure 45. Such content may be created in the usage rights provisioning program. Encryption key 1114. The protocol diagram of Figure 46 shows a procedure for usage rights provisioning and content downloading in which a key is provided in the usage rights object. As in the embodiment of the single password, one wants to obtain An authorized user will first need to gain access under one of the N access control records 11〇6, one of &# N access control records 1110, such that a media player can be used (such as a media player The application is rendered. As shown in Figure 46, the host authenticates to a usage right server access control record U〇6f (arrow 1202). If the authentication is successful (arrow 12〇4), then 4 is used. The rights server provides a license file (license fUe) to the host with the same content encryption key (key ID and key value). The host also provides the application ID to the security service mode on the card. Group the system and select the called application. The host also transmits player information (for example, information on a media player software application) (arrow 12〇6). The player will indicate the N The player access control record 111 〇, which of the following 'the player has access rights. The security service module system forwards the usage right 122364.doc -110 200822669 file and the content encryption key to the DRM application (arrow 12〇8) through a communication pipeline corresponding to the selected application. . The invoker's called application requests the security service module system to write the usage rights file into the hidden partition (arrow 121). When the usage rights (4) are written in this way, the security service module (4) notifies the application (arrow 1212). Next, the DRM application requests an established content encryption key object 1114'' and stores the threshold value from the usage rights file in the created content encrypted secret object 1114. The drm application also requests that the content encryption key object be associated with an ID of the application (the DRM application check is associated with the provided secret_authorization K arrow 1214). The security service module system performs these tasks and thus notifies the application (arrow 1216). Next, the application requests to delegate read access to the content encryption key 1114' to a player access control record based on the player information transmitted by the host (the player has the player stored in the player) Taking the permission arrow for controlling the access of the record 1218^ the security service module system performs the delegation, and thus notifies the application (arrow 122〇). The application transmits the authorization through the communication pipe. The message to the security service module system, and the security service module system forwards the message to the usage server (arrows 1222 and 1224). The use-callback function performs this action through the communication pipe... At the time of the notification, the usage right server then provides a content file encrypted with the key value in the content encryption key provided to the card. The encrypted beta content is stored by the host in the public card area. The storage of the encrypted content file does not involve security features, so that the security service module system does not involve the storage. 122364.doc -111 - 200822669 The system is shown in Figure 47. The user accesses the appropriate access control record through the host (i.e., the playback access control record has been delegated to the above arrows 1152 and 1154). An authentication is made (arrow 1242). Assuming the authentication is successful (arrow 1244), the user then transmits a request to read the content associated with the key ID (arrow 1246). Upon receiving the request, the The security service module system will discover that the ID of a DRM application is associated with the content encryption key object being accessed, and thus will result in invoking the identified DRM application (arrow 1248). The DRM application requests The security service module system reads the data (ie, usage rights) associated with the key m (arrow 1250). The security service module does not know the information in the data it is requested to read, and only processes A request from the feature set extension to implement the data reading process. The security service module system retrieves data (i.e., usage rights) from the δ海13⁄4藏分区, and provides the data to the DRM application. Program (arrow 1252). The drm application then interprets the data and checks the usage rights information in the data to see if the usage right is valid. If the usage right is still valid, the DRM application will serve the security service. The module system notifies permission to decrypt the content (arrow 1254). The female full service module system then decrypts the requested content using the key value in the content encryption key object and provides the decrypted content to the Host, for playback (arrow 1256). If the usage right is no longer valid' then the request for the inner valley access is rejected. If no key is provided from the usage right server, then The usage rights supply and content downloading will be slightly different from the manner shown in FIG. Such different schemes are shown in the agreement diagram of Figure 48. The same steps between Figure 46 and 122364.doc • 112- 200822669 Figure 48 are identified by the same component symbols. Therefore, the host and the security service module system first authenticate (arrows 1202, 1204). The usage right server provides the usage rights file and the key ID (but no such key value) to the host, and the host will forward the provided usage rights file and the key ID together with the host The ID of the application is called to the security service module system. The host also transmits player information (the arrow causes the security service module system to transmit the usage right standard and the password ID to the selected DRM application through a communication pipeline corresponding to the selected application. Program (arrow 12〇8). Next, the DRM should rely on the request to write the usage rights file to the hidden partition area (arrow 121〇). When the usage rights file has been written in this way, the security service The module system notifies the D-test application (arrow 1212). The DRM application then requests the security service module to generate a secret correction value, establish a content encryption key object, store the secret key and make it The content encryption key object is associated with the job application 1214J. After the request has been met, the sAJ is notified to the application (arrow 1216). , the = will = = full „ module system according to the transmission by the host (four) broadcast: machine; ^: 』 亥 内 + + encryption secret object read access to the = machine access control money (arrow 1218 ). The "material, the safety - spear system" And notifying the DRM application (arrow (4)). The DRM application notifies the security system that the user has stored the usage rights, wherein the notification is by _callback ... is transmitted (arrow 1222). This notification: the communication pipe is forwarded to the usage right servo 122364.doc -113- 200822669 (arrow 1224). The usage right server then transmits the associated one secret. The content file of the key ID is sent to the security service module system (arrow η%b) the security service module system encrypts the content by the key value identified by the key mountain, without involving any application. The content stored on the card can be played using the protocol of Figure 47. In the single-password and DRM embodiment described above, the feature set extension lamps (10) and 1102 can contain many different single-passwords and drm applications. The program is selected by the #host device. The user has a selection machine for selecting and calling the internal device of the desired device. However, the overall relationship between the security service module and the extension of the feature group remains the same. In order for the user and the data provider to use a standard set of protocols for interacting with the security service and for invoking the feature set extension. The user and provider do not need to become involved in many different devices. The nature of the application, some of the internal applications of the devices may be proprietary. Furthermore, the supply agreements may be slightly different 'as in Figures 46 and 48. In the case of Figure 46, the use The weight object contains a key value, but: v In the case of Figure 48, the usage object has no key value. This difference requires a slightly different agreement, as described above. However, the playback in Figure 47 is the same. And regardless of how the right to use is supplied. Thus, this difference will only be with respect to content providers and distributors, but typically is independent of the consumer, who typically only involves the playback phase. As a result, this architecture provides great flexibility to content providers and distributors to customize agreements while maintaining customer ease of use. Obviously, information derived from data supplied by more than two supply agreements can still be accessed using the second agreement. 122364.doc -114- 200822669 Another advantage provided by the above embodiments is that external entities (such as users) and internal applications of the devices can share the use of data controlled by the security data structure. However, the user can only access the results derived from the stored data by the internal applications of the devices. Therefore, in the embodiment of the single-password, the user who passes through the host devices can only obtain the single-password and cannot obtain the seed value. In the DRM embodiment, the user of the host device is only able to obtain the presented content, but does not access the usage rights file or password compilation key. This feature allows the consumer to be convenient without compromising security. In the DRM embodiment, the internal application and the host of the device do not access the 4th start code compiling key; only the security data structure can access the cryptographic key. In other embodiments, the real system other than the security data structure can also access the password compilation secret. The secret transmissions can also be generated by the internal applications of the devices and then controlled by the security data structure. Access to internal applications and access to information (eg, single passwords and presented content) is controlled by the same security data structure. This reduces the complexity of the control system and cost. The fine access is provided from the internal access control record (which controls access to the in-device/application know) to delegate access to the access control record (which controls the access to the device by calling the device) The ability of the internal application to obtain the above-mentioned features and functions makes it possible to achieve the above-mentioned features and functions. Application-specific abolition scheme 122364.doc -115- 200822669 When called - device internal application system, can also be Modifying the access control agreement of the security data structure. For example, the certificate revocation agreement may be a standard agreement or a proprietary agreement for revoking the list by 35. Therefore, by calling a feature group extension, the standard The voucher revocation list revocation agreement can be replaced by a feature group extension exclusive agreement. In addition to supporting the voucher revocation list abolition scheme, the secure storage application enables a specific internal application residing in the device to pass through the internal wave The host shall be abolished by applying a private communication channel between the authoring unit or any other abolition authority. The program-specific abolition scheme is limited to the host-application relationship. The configuration application-specific abolition scheme will be rejected. The φ full storage application system will reject the certificate revocation list (if provided), otherwise it will Use. Haixin and δHai exclusive application data (previously provided through an application-specific communication channel) to determine whether the given certificate is revoked. As mentioned above, an access control record is specified by Abolish the value, and specify which of the three abolition schemes (no abolition scheme, standard certificate abolition scheme, and application scheme abolition scheme) is adopted. When the application private specific abolition scheme option is selected, the access is selected. The control record will also specify one of the IDs of the internal application IDs used to manage the abolition scheme, and the value of the voucher revocation list expiration period/APPJD field will correspond to the internal application ID that manages the abolition scheme. When the device is recognized, the secure storage application system will then support the proprietary solution of the internal application. A set of protocols, a device internal application call can add additional access conditions to the access control that has been exercised by the secure storage application 122364.doc -116- 200822669. For example, + heart ^ can be a feature The group extends the right to a key value in a ^^。. After the access right, the key value will be granted. This feature allows the content owner to control the trait. The big bomb of the valley access is

While the invention has been described above with reference to the various embodiments of the invention, it is understood that the invention may be modified and modified without departing from the scope of the invention, and the scope of the present invention is defined only by the scope of the appended claims and their equivalents. . [Simple description of the drawings] ° Figures 1, and 曰 do not help to explain the block diagram of the memory system of the present invention which is connected to the main body and the machine. 2 is a schematic diagram of assistance in explaining different partitions of memory of different embodiments of the present invention and unencrypted and encrypted files stored in different partitions, wherein for certain partitions and encrypted files Access is controlled by access principles and authentication procedures. FIG. 3 is a schematic diagram showing the memory of different partitions in the memory. 4 is a schematic diagram of a file location table for facilitating the interpretation of different partitions of the memory of FIG. 3 in accordance with various embodiments of the present invention, wherein certain files in the salt temple division are encrypted. 5 is a diagram of an access control record and associated key reference in an access group for facilitating the interpretation of various embodiments of the present invention. 6 is a schematic diagram of a tree structure formed by an access control record group and an access control record to facilitate the explanation of various embodiments of the present invention. 122364.doc -117- 200822669 Figures 7, 3, and 3 show a schematic diagram of a tree of three tree hierarchy structures of an access control record group in the form of a release tree. 8A and 8B are flow diagrams showing a procedure for establishing and using a system access control record by a host device and a memory card such as a memory card. Figure 9 is a flow diagram of a process for facilitating the use of a system access control record to establish an access control record group in accordance with one embodiment of the present invention. Figure 10 depicts a flow chart for a procedure for establishing an access control record. Figure 2 shows a schematic diagram of two access control record groups for a particular application of the tree hierarchy. Figure 12 depicts a flow chart for a procedure for delegating a particular right. Figure 13 depicts a schematic diagram of an access control record group and an access control record to illustrate the delegated procedure of Figure 12. Figure 14 is a flow chart showing a procedure for establishing a key for encryption and/or decryption purposes. Figure 15 depicts a flow diagram of a procedure for removing access rights and/or data access rights based on an access control record. Figures 16, and θ show flowcharts of programs for accessing * when access rights and/or access rights have been deleted or have expired. Figures 17A and 17B are diagrams showing an organization of a rule structure for facilitating the identification and granting of access to a cryptographic key for different embodiments of the present invention. Figure 18 depicts a block diagram of the data structure of an alternative method for controlling access to protected information in accordance with the principles of 122364.doc • 118- 200822669. Figure 19 is a flow chart showing the authentication procedure using a password. Figure 20 depicts a diagram of a number of host credential chains. Figure 2 U shows a diagram of several device credential chains. Figures 22 and 23 (including Figures 23A and 23B) show the agreement diagram for the one-way and mutual authentication schemes. Figure 24! shows a diagram of the voucher key that facilitates the release of the embodiment of the present invention. ' ® 25 is shown before the voucher buffer - the information in the control section t ' the information is transmitted by the host, used to transfer the last - voucher to a L-package f 'the system displays the voucher An indication of the last voucher in the voucher key to illustrate another embodiment of the present invention.囷 and 27 series cutters show the flow chart of the card and host program for the authentication scheme, in which a memory card is authenticating a host device. Figures 28 and 29 are flow diagrams showing the card and host program for the authentication scheme, respectively, wherein the host device is authenticating a memory card. 〇 〇 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机 主机To illustrate another embodiment of the invention. Figure 32 is a diagram showing a list of vouchers for listing the fields in the vouchers list to illustrate another embodiment of the present invention. Figures 33 and 34 are flow diagrams showing the card and host program for verifying the voucher using the voucher revocation list, respectively. Figure 35 is a flow chart showing the card program used by the card to sign the data transmitted to the host and for the I22364.doc • 119-200822669 card program to decrypt the data from the host. Figure 36 is a flow diagram of a host program in which a card signs a message transmitted to the host. Figure 37 is a flow diagram of a host program in which the host transmits encrypted data to the memory card. 38 and 39 are flowcharts showing procedures for general information inquiry and cautious information inquiry, respectively. Figure 40A is a functional block diagram of a architecture of a memory device (such as a flash memory card) coupled to a host device to illustrate an embodiment of the present invention. Figure 40B is a functional block diagram of the internal software module of the core of the security service module of Figure 40A. Figure 41 shows a block diagram of a system for creating a one-time password. Figure 42% shows the functional block diagram of the single-password (〇τρ) seed supply and single-password generation. Figure 43 depicts an agreement diagram for the seed supply phase. Figure 44 illustrates a protocol diagram for a single password generation phase. Figure 45 is a functional block diagram of the DRM system. Fig. 46 is a green diagram showing a protocol for the procedure of use right supply and content download, in which the key is provided in the use right object. Figure 47 shows an agreement diagram for the program for the playback operation. Figure 48 shows an agreement for the procedure for use rights provisioning and content downloading ® 'where the key is not provided in the usage rights object. [Main component symbol description] 122364.doc 200822669

/ 10 Memory System 10, Memory Card or Memory Bar 12 Central Processing Unit 12a Central Processing Unit Random Access Memory 14 Buffer Management Unit (BMU) 16 Host Interface Module (HIM) 18 Flash Memory Interface Module (FIM) 20 Flash Memory 22 Peripheral Access Module (PAM) 24 Host Device 26 Host Interface Bus 26a 埠 28 Flash Memory Interface Bus 28a 埠 32 Host Direct Memory Access (HDMA) 34 Fast Flash Direct Memory Access (FDMA) 36 Arbiter 38 Buffered Random Access Memory (BRAM) 40 Password Compilation Engine 101 Files 102 and 104 Files 106 Unencrypted Files 130 Root Access Control Record Group 132 Root Access Control Record Group 122364.doc -121 - 200822669 400 Line 402 Authentication 404 Access File 406 associated with a Key ID X File + Key ID X 410 OK? 412 Open Session Related Data Table 414 Access Using Session A and Key ID X 502 Host Root Credential Authorization Unit Credential 504 Host 1 Credential Authorization Unit (Second Level) Credential 506 Host Credential 508 Host n Credential Authorization Unit (Second Level) Document 510 Host 1 Document Authorization Unit (Level 3) Document 512 Host Document 514 Host Document 520 Device Root Document Authorization Unit Document 522 Device 1 Document Authorization Unit (Manufacturer) Document 524 Device Document 526 Device η Document Authorized Unit (Manufacturer) Voucher 528 Device Credentials 542 Security Service Module System 540 Host System 550 Access Control Record 548 Host Root Credentials 544 Host Credentials 122364.doc -122- 200822669 546 Host Public Directory 549 Intermediate Credential Authorization Unit 554 Random Number 547 Private Key 562 Random Number 590 Credential Chain 590(1) Credential Key 590(2) Credentials (590(9) Credentials 591, 593, 595, 597, and 599 Credential String 1000 System Architecture 1002 Secure Storage Application Transport Layer 1004 Security Service Module Core 1012 Password Compilation Library 1006 Ann Full Service Module Core API % 1010 Device Internal Application 1008 Security Application Administrator Module 1011 Device Management System 1022 Secure Storage Application Command Processing 1024 Secure Storage Application Administrator 1026 Secure Storage Application Database 1028 Security Storage Application Non-Security Operating Module 1030 Secure Storage Application Security Operation Module 122364.doc -123- 200822669 1032 Module 1034 Module 1050 System 1052 Authentication Server 1054 Internet Server 1058 Symbol 1056 User 1100 Secure Storage Application Feature Group Extension System 1102 Software Code Feature Group Extension 1104 Communication Pipeline 1106 Application Access Control Record 1101 Access Control Record 1103 Access Control Record 1106 Access Control Record 1110 Access Control Record 1120 Identity Object 1122 Identity Object 1114 Security Data Object 1116 Identity Object 1104f Communication Pipe 1102f Feature Group Extension Application 1108f Link (Affinity) 1114f Content Encryption Key 1101, 1103, and Control Structure 122364.doc -124- 200822669 11 06f 1110’ Access Control Record 122364.doc 125-

Claims (1)

200822669 X. Patent Application Range · 1 · A non-volatile memory system comprising: at least one control data structure; a controller using the operation of the at least one suppression device; The system controls the memory one::: hair memory's storage-object, the object contains a key pair with at least ": key: - public key", at least - a voucher and the r (four) ^ An educational structure, the at least control data structure controlling the fraud, wherein the controller uses the private key to sign a signal derived from the poor material; and the wind body 'covers the non-volatile memory With the controller. • The system of claim 1, the at least one charge data-twist mechanism, which controls the existence of the object?冓 ", access to the object. Access 'to make a system that only recognizes the entity to claim item 1, the shell has the shape of a - card. Body. System of month length 1 'The non-volatile memory contains _ Flash memory 5. A non-volatile memory system, comprising: at least one control data structure; a controller that transmits the operation of the 兮P body device;, ...-control data structure controls the memory army I 1± σ a memory object, which stores an object, a private key and a key pair with at least one of the keys, and at least one voucher. The technical bedding structure is controlled by a clock. To control the access of the object to the object that only the authenticated entity has access to the object, wherein the controller uses the authentication mechanism to authenticate an entity and supply the at least one certificate to a Identifying the public key by the entity, wherein the system receives the data encrypted by the public key, the controller uses the private key to decrypt the data encrypted by the public key; and a casing, the package Overlay the non-volatile memory and Is prepared. 6. The system according to item 5 of the request, the housing having a card shape. 7. The system according to item 5 of the request, but the non-volatile I know that "the hex" contains a flash memory. 8. By a non-volatile method, it comprises: at least one control data structure; and a non-volatile memory, which stores a tangible, far The object includes a key pair owned by the entity, identifying the entity, at least one credential and the control data structure, the method comprising: removably connecting the memory system to a host device · Authenticating the host device with the at least one control data structure. After the host device has been successfully authenticated, the tenth uses the private key to encrypt the host device. a data or a self-number of the device; and a letter derived from the χ 枓 传送 transmitting the at least one voucher and the encrypted data, the ten and the nickname to the data of the host device 0 entity. The memory system protects a method of 122364.doc 200822669, the non-volatile memory system comprising: at least one control data structure; and a non-volatile memory storing an object, the object comprising a key pair having a private key and a public key, at least one credential and at least one control data structure, the method comprising: removably connecting the memory system to a host device; by the at least one control The data structure authenticates the host device to the memory system; after successfully authenticating the host device, supplying the at least one credential to the host device to authenticate the public key; receiving the encrypted by the public key Data; and use the private key to decrypt the data. 122364.doc