US20040059916A1 - Memory card - Google Patents

Memory card Download PDF

Info

Publication number
US20040059916A1
US20040059916A1 US10/636,666 US63666603A US2004059916A1 US 20040059916 A1 US20040059916 A1 US 20040059916A1 US 63666603 A US63666603 A US 63666603A US 2004059916 A1 US2004059916 A1 US 2004059916A1
Authority
US
United States
Prior art keywords
card
controller
command
chip
host apparatus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/636,666
Inventor
Nagamasa Mizushima
Motoyasu Tsunoda
Kunihiro Katayama
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Renesas Technology Corp
Original Assignee
Renesas Technology Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Renesas Technology Corp filed Critical Renesas Technology Corp
Assigned to RENESAS TECHNOLOGY CORPORATION reassignment RENESAS TECHNOLOGY CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KATAYAMA, KUNIHIRO, MIZUSHIMA, NAGAMASA, TSUNODA, MOTOYASU
Publication of US20040059916A1 publication Critical patent/US20040059916A1/en
Priority to US11/984,010 priority Critical patent/US7650503B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the invention relates to a storage device having a security function, a host apparatus into which the storage device can be inserted, and the host apparatus having the storage device. More particularly, the invention relates to a memory card having a flash memory chip and a controller, an information processing apparatus into which the memory card can be inserted, and the information processing apparatus having the memory card.
  • An IC card is constructed by embedding an IC (Integrated Circuit) chip into a plastic card substrate and has external terminals of the IC chip on its surface.
  • external terminals of the IC chip there are a power terminal, a clock terminal, data input/output terminals, and the like.
  • a connected apparatus directly supplies a power source and a drive clock to the IC chip from the external terminals, thereby making the IC chip operative.
  • the IC card exchanges information with the connected apparatus such as a terminal device or the like by transmitting and receiving an electric signal to/from the connected apparatus via the external terminals. As a result of the information exchange, the IC card sends a calculation result and stored information and changes the stored information.
  • the IC card can have a function for executing a security process such as protection of secret data, personal identification, and the like.
  • the IC card is used as a user device for the personal identification in a system in which security of secret information in a credit settlement, banking, or the like is necessary.
  • JP-A-2000-242750 discloses a personal identification system comprising: a personal digital assistant which has tamper-resistant and in which registration information has been stored; and a personal identification apparatus which has the tamper-resistant and can make personal identification on the basis of the registration information in the personal digital assistant and input information which is newly inputted when communication with the personal digital assistant can be made, wherein encrypting means for encrypting the registration information and sending an obtained cipher text to the personal identification apparatus when the personal identification is made is provided as a personal digital assistant, and decrypting means for obtaining the registration information by decrypting the cipher text sent from the encrypting means and collating means for collating the registration information obtained by the decrypting means with the input information are provided as a personal identification apparatus.
  • JP-A-2000-338868 discloses a first issuing method of the public key certificates such that: among a plurality of basic information for public key certificates formed on the basis of predetermined applying information, signature data for the one format is formed with respect to the basic information for the one format as a target; a public key certificate for another format is formed by including signature data for another format with respect to the formed basic information and signature data and the basic information for that another format as targets; the basic information for the one format, the signature data for the one format, the basic information for that another format, and the signature data for that another format are obtained from the formed public key certificates; and a public key certificate for the one format is formed on the basis of the obtained basic information and signature data.
  • JP-A-2000-338868 also discloses a second issuing method of the public key certificates such that: signature data is formed with respect to a coupling hash value, as a target, in which basic information of a plurality of formats for public key certificates formed on the basis of predetermined applying information are arranged in predetermined order and hash values of the basic information are coupled; and a public key certificate is formed by including the basic information corresponding to a format which can be used on an applicant side, the hash values formed from the basic information of formats other than the format of the basic information, and the formed signature data.
  • JP-A-2001-357365 discloses a data storage device comprising: input/output control means for controlling an input and an output of data to/from an information processing apparatus; first storage control means for controlling storage of the data corresponding to a plurality of services; and second storage control means for controlling storage of a first service ID corresponding to a first service among the plurality of services and a second service ID corresponding to a second service, among the plurality of services, in which the input/output of the data are permitted in the case where the input/output of the data regarding the first service are controlled by the input/output control means.
  • JP-A-2002-024773 discloses an IC card service addition permitting apparatus comprising: service addition information storing means for holding service addition information regarding an IC card; and service addition permitting means for receiving service addition request data to the IC card and encrypted IC card issuer data recorded in the IC card, authenticating the encrypted IC card issuer data by key information given in order to confirm an issuer of the IC card, sending service addition permission data when the issuer of the IC card is confirmed, writing information regarding the permitted service addition to the service addition information storing means, and sending service addition inhibition data when the issuer of the IC card is not confirmed.
  • a controller in a memory card executes a managing process for managing digital certificates and a random number generating process for generating pseudo random numbers by using a seed of random numbers
  • an IC card chip in the memory card executes an authenticating process for authenticating personal identification number (PIN) inputted from a host apparatus and an encrypting process for encrypting the seed of the random numbers by using a key corresponding to a key held in a server.
  • PIN personal identification number
  • the series of security processes denotes, for example, processes such that in the case where the host apparatus having the memory card and the server exchange information or the host apparatus reproduces information, hacking or alteration which is made by the third party without browsing/using authorization of the information is prevented by using an encrypting technique or the like.
  • FIG. 1 is a diagram showing an internal construction of a memory card to which the invention is applied;
  • FIG. 2 is a flowchart showing an executing process of security processes by the memory card to which the invention is applied;
  • FIG. 3 is a flowchart for a security process program which is executed by an IC card chip in the flowchart shown in FIG. 2;
  • FIG. 4 is a flowchart for a security process program which is executed by a controller chip in the flowchart shown in FIG. 2;
  • FIG. 5 is a flowchart showing a process for confirming whether the security processes in FIG. 2 can operate or not;
  • FIG. 6 is a diagram showing an example of formats of secure write data and secure read data.
  • FIG. 1 simply shows an internal constructional diagram of a memory card to which the invention is applied. It is preferable that a memory card 1001 conforms with the MultiMediaCard specifications. MultiMediaCard is a registered trademark of Infineon Technologies AG.
  • the memory card 1001 has a function for executing two kinds of processes: a storage process for reading or writing file data which is used by a host apparatus when an external terminal 1002 connected to an outside issues a memory card command; and a security process such as a cryptographic operation or the like which is necessary for secret data protection, user authentication, or the like.
  • the secret data denotes a private key, a digital certificate, and the like which are peculiar to the owner of the memory card 1001 .
  • the user authentication denotes a function such that before the owner is permitted to use those secret data, the memory card 1001 itself discriminates whether the person who accesses is the owner himself of the memory card 1001 or not.
  • a user authentication system which is used in the embodiment is a system whereby personal identification information (hereinafter, abbreviated to PIN) such as personal identification number, biometrics information, or the like which the owner individually memorizes is inputted to the memory card 1001 via a host apparatus 1401 and whether it coincides with reference data (hereinafter, referred to as a reference PIN) in the memory card 1001 or not, thereby specifying that he is the true owner.
  • PIN personal identification information
  • reference data hereinafter, referred to as a reference PIN
  • the memory card 1001 has: an external terminal 1002 for connecting to the host apparatus 1401 ; a controller chip 1101 for controlling the writing of file data into a flash memory chip 1301 , the reading of the file data from the flash memory chip 1301 , and the erasure of the file data in the flash memory chip 1301 ; the flash memory chip 1301 which can store data; and an IC card chip 1201 for encrypting or decrypting the data by using a public key or a private key.
  • the memory card 1001 receives a standard memory card command (command for accessing the flash memory chip 1301 ) and a secure command for executing the security processes via a single external interface.
  • the controller chip 1101 has a function for selecting the chip (either the flash memory chip 1301 or the IC card chip 1201 ) to be accessed in accordance with whether the command received by the memory card 1001 is the standard memory card command or the secure command and, further, in the case of the secure command, in accordance with contents of the requested security process and distributing command processes.
  • the controller chip 1101 receives the standard memory card command, it selects the flash memory chip 1301 , issues a flash memory command to it, and reads or writes data for the host apparatus.
  • the controller chip 1101 receives the secure command, it discriminates whether the security process instructed by the command should be executed by the IC card chip 1201 or not.
  • the controller chip 1101 selects the IC card chip 1201 , issues an IC card command, and executes the desired security process. If the security process is not the process which should be executed by the IC card chip 1201 , the security process is executed in the controller chip 1101 .
  • the host apparatus 1401 corresponds to, for example, a cellular phone, a PDA (Personal Digital Assistant), a personal computer, a music player, a camera, a video camera, an automatic teller machine, a kiosk, a settlement terminal, or the like.
  • a cellular phone for example, a cellular phone, a PDA (Personal Digital Assistant), a personal computer, a music player, a camera, a video camera, an automatic teller machine, a kiosk, a settlement terminal, or the like.
  • PDA Personal Digital Assistant
  • the flash memory chip 1301 is a memory chip using a non-volatile semiconductor memory as a storing medium and can read and write file data by a flash memory command which is transmitted from the controller chip 1101 .
  • the flash memory chip 1301 stores digital certificate 1302 which is used for the security process that is executed in the controller chip 1101 and a seed 1303 of random numbers serving as an origin of generation of the random numbers.
  • the external terminal 1002 is constructed by a plurality of terminals and includes a power supply terminal, a clock input terminal, a command input/output terminal, a data input/output terminal, and a ground terminal in order to exchange information with the external host apparatus 1401 .
  • the IC card chip 1201 is a microcomputer chip to be embedded into a plastic substrate of the IC card. Its external terminal, electric signal protocol, and commands conform with the ISO/IEC7816 standard. As external terminals of the IC card chip 1201 , there are a power supply terminal, a clock input terminal, a reset input terminal, an I/O (input/output) terminal, and a ground terminal.
  • the controller chip 1101 issues an IC card command (command which can be interpreted by the IC card chip 1201 ) to the IC card chip 1201 from the external terminal of the IC card chip 1201 , so that it can execute arithmetic operations necessary for the security processes.
  • the controller chip 1101 is connected to other component elements (the external terminal 1002 , the flash memory chip 1301 , the IC card chip 1201 ) in the memory card 1001 and is a microcomputer chip which plays a main role for controlling them.
  • a CPU 1111 provided in the controller chip 1101 controls all other elements constructing the controller chip 1101 in accordance with a program built therein.
  • a host interface control logic 1102 is a logic circuit for executing an electric signal protocol when the CPU 1111 in the memory card 1001 receives the memory card command from the external host apparatus 1401 or transmits a memory card response to the received command to the external host apparatus 1401 .
  • a flash memory interface control logic 1103 is a logic circuit for executing an electric signal protocol when the CPU 1111 sends the flash memory command for transferring the file data being read or to be written between the CPU 1111 and the flash memory chip 1301 or when the CPU 1111 receives a response to such a command.
  • An IC card interface control logic 1104 is a logic circuit for executing an electric signal protocol when the IC card command is transmitted between the CPU 1111 and the IC card chip 1201 or when the CPU 1111 receives a response to such a command.
  • the CPU 1111 includes not only a program for controlling the above three kinds of control logics 1102 , 1103 , and 1104 but also the programs 1112 and 1113 for executing the foregoing security processes.
  • the PIN process program 1112 describes processes which are executed in the controller chip 1101 upon user authentication.
  • the security process B program 1113 describes other security processes which are executed in the controller chip 1101 .
  • certificate management 1114 and random number generation 1115 are included.
  • the digital certificate 1302 and the seed 1303 of random numbers which have been stored in the flash memory chip 1301 are used, respectively.
  • the controller chip 1101 includes a PIN authentication register B 1105 for temporarily holding a state of the user authentication.
  • the words “temporarily holding” denote that when a power source is supplied, the data can be held and when the power supply is stopped, the held data is extinguished (abandoned).
  • the IC card chip 1201 comprises: a CPU 1202 for executing an arithmetic operating process; a PIN authentication register A 1203 for temporarily holding the state of the user authentication; an EEPROM (Electrically Erasable Programmable Read Only Memory) 1211 as a non-volatile memory; and a cryptography coprocessor 1204 for executing a process regarding RSA cryptography as a kind of asymmetric cryptography.
  • the cryptography coprocessor 1204 executes the security processes based on the RSA cryptography.
  • the security processes denote, for example, creation and verification of a digital signature and cryptography and decryption of secret data.
  • the IC card chip 1201 can also execute the security processes by using not only the cryptography coprocessor 1204 (hardware) but also a program (software) in the CPU 1202 . It is assumed that program processing performance of the CPU 1202 is lower than that of the CPU 1111 (however, the memory card to which the invention is applied can be a card in which the program processing performance is not lower).
  • the EEPROM 1211 stores data and programs which are used for the security processes which are executed in the CPU 1202 or by the cryptography coprocessor 1204 . Specifically speaking, the EEPROM 1211 stores a private key 1217 for the RSA cryptography, a PIN reference 1218 for the user authentication, and a security process A program 1212 describing the security processes which are executed in the IC card chip.
  • a program 1212 PIN verification 1213 for the user authentication, key setting 1214 for RSA cryptography calculation, a private key arithmetic operation 1215 by the RSA cryptography, and a public key arithmetic operation 1216 by the RSA cryptography are included.
  • the RSA cryptography coprocessor 1204 is used for execution of remainder multiplication which is necessary in the processes of the arithmetic operations 1215 and 1216 .
  • a memory capacity of the EEPROM 1211 of the IC card chip 1201 is smaller than that of the flash memory chip 1301 .
  • the memory capacity of the EEPROM 1211 of the IC card chip 1201 can be also equal to or larger than that of the flash memory chip 1301 .
  • a product which has already been authenticated by the Evaluation/Authentication Office of ISO/IEC15408 as an international standard of the security evaluation reference is used as an IC card chip 1201 .
  • the IC card needs to be subjected to the evaluation and authorization by the Evaluation/Authentication Office of ISO/IEC15408.
  • the memory card 1001 has therein the IC card chip 1201 which has already been authenticated by the Evaluation/Authentication Office.
  • the memory card 1001 has a structure in which a part of the security processes can be executed by using this IC card chip 1201 .
  • the controller chip 1101 does not always need to be subjected to the evaluation and the authorization mentioned above.
  • the memory card 1001 obtains the function for executing the security processes which need to assure intensity higher than that of the security which can be assured in the security processes which are executed in the controller chip 1101 .
  • the power supply terminal, clock input terminal, reset input terminal, and I/O (input/output) terminal of the external terminals of the IC card chip 1201 are connected to the controller chip 1101 .
  • the controller chip 1101 controls a power supply and a clock supply to the IC card chip 1201 via the power supply terminal and the clock input terminal.
  • the power supply to the IC card chip 1201 is started and a resetting process (including the start of the clock supply) based on the ISO/IEC7816-3 standard is executed.
  • the controller chip 1101 can start the power supply to the IC card chip 1201 via the power supply terminal by using such reception timing as a trigger.
  • the controller chip 1101 can execute the resetting process of the IC card chip 1201 via the reset input terminal by using such reception timing as a trigger. It is desirable that as for the memory card 1001 , the clock signal which is supplied to the IC card chip 1201 via the clock input terminal of the IC card chip 1201 is generated in the controller chip 1101 independently of the clock input signal from the outside of the card and a frequency, supply start timing, and supply stop timing of the clock signal are controlled.
  • the memory card 1001 mainly executes the following four kinds of security processes.
  • the host apparatus 1401 having the function of connecting to the network and the user who operates it make secured data communication (for example, download of personal information) which does not permit wiretapping or impersonation with a remote server 1501 on the network by using the security processes.
  • the verification or the like of the digital certificate is made by the process (4) on the basis of the user authentication by the process (1) and mutual authentication is executed between the server 1501 and the host apparatus 1401 .
  • both of them can share the secret data. It is a seed for generation of the pseudo random numbers.
  • the controller chip 1101 generates the pseudo random numbers from such a seed by the process (3) and encrypts or decrypts information to be exchanged between the server 1501 and the host apparatus 1401 by those random numbers. Both of them transmit the encrypted information via the network.
  • the host apparatus 1401 encrypts the information which is transmitted to the server 1501 by using the pseudo random numbers or decrypts the information received from the server 1501 .
  • the controller chip 1101 can also generate the pseudo random numbers in (3) in response to the command from the host apparatus 1401 each time the host apparatus 1401 and the server 1501 establish a communication session (that is, the pseudo random numbers are valid only for a period of time from the establishment of the communication session to its disconnection).
  • the communication data can be securely exchanged by the above method.
  • a digital certificate of the user himself, a digital certificate of the host apparatus 1401 , a digital certificate of a communication partner (server 1501 ) of the host apparatus 1401 , a certificate of a certificate authority which issued them, and the like can be managed in the memory card 1001 by the process (2).
  • the host apparatus 1401 downloads file data from the server 1501 the host apparatus 1401 transmits the digital certificates to the server 1501 .
  • the server 1501 verifies validity of the host apparatus 1401 by using the digital certificates sent from the host apparatus 1401 .
  • the host apparatus 1401 If it is determined as a result of the verification that the host apparatus 1401 is valid, the host apparatus 1401 permits the download of the file data. If it is determined that the host apparatus 1401 is invalid, the host apparatus 1401 refuses the download of the file data. It is preferable that the digital certificate of the user himself is used for settlement or the like. It is preferable that the digital certificate of the host apparatus 1401 is used for the host apparatus 1401 to obtain the information from the server 1501 .
  • the processes of (2) and (3) among the four kinds of security processes which are executed by the memory card 1001 are executed in the controller chip 1101 and the processes of (1) and (4) are executed in the IC card chip 1201 . That is, since tamper-resistant of the IC card chip 1201 is higher than that of the controller chip 1101 , that is, the IC card chip 1201 is stronger against an attack from the outside, it is more safe if the PIN reference 1218 is held by the IC card chip 1201 . All of the four kinds of processes can be also executed in the IC card chip 1201 in consideration of a purpose for assuring higher security intensity.
  • the above distributing method has the following two advantages from a viewpoint of improvement of a convenience for the user.
  • the number of digital certificates (indicating 1302 stored in the flash memory chip 1301 ) which can be handled by the process of (2) can be set to be larger than the number of digital certificates which can be stored in the EEPROM 1211 of the IC card chip 1201 .
  • a processing time which is required for execution of (3) can be set to be shorter than that in the case where it is executed by the IC card chip 1201 (in dependence on a difference of performance of the CPU). That is, since processing ability of the CPU 1111 of the controller chip 1101 is higher (its processing speed is higher) than that of the CPU 1202 of the IC card chip 1201 , as a speed of the processes to be executed by software, the speed of the processes executed by the controller chip 1101 is higher.
  • FIG. 2 is a flowchart showing detailed processes at the time of allowing the memory card 1001 in FIG. 1 to which the invention is applied to execute the security processes.
  • the secure write command is a command for transmitting data including contents of the security processes which are required by the host apparatus 1401 (hereinafter, such data is referred to as secure write data) to the memory card 1001 .
  • the secure read command is a command for allowing the host apparatus 1401 to read out data including results of the security processes (hereinafter, such data is referred to as secure read data).
  • the host apparatus 1401 issues those two kinds of commands and allows the memory card 1001 to execute the security processes.
  • the security processes include a plurality of processes, one of them can be executed by issuing one set of the secure write command and the secure read command.
  • the host apparatus 1401 transmits the secure write command to the memory card 1001 ( 2101 ) and, subsequently, transmits the secure write data including contents of the requested security process ( 2102 ).
  • the controller chip 1101 converts the secure write data into an IC card command ( 2201 ). Whether the IC card command is a command for verifying a PIN input or not is discriminated ( 2202 ). If it is the PIN verification, a PIN input portion in the IC card command is replaced with the portion obtained by encrypting the original PIN input by the PIN process program 1112 ( 2203 ).
  • the processing routine advances to step 2205 .
  • a secret key which has previously been shared between the controller chip 1101 and the IC card chip 1201 (hereinafter, such a key is referred to as a chip common key) is used as a key for encrypting the PIN input.
  • a chip common key has been described in the PIN process program 1112 . If the IC card command is not the PIN verification command in step 2202 , whether the IC card command is a command which should be executed in the IC card chip or not is discriminated ( 2204 ). If it should be executed in the IC card, step 2205 follows. If NO, step 2206 follows.
  • step 2205 the IC card command is transmitted to the IC card chip 1201 and step 2301 follows.
  • step 2206 the security process B program 1113 is executed on the basis of the IC card command. Details in the program 1113 will be described hereinlater with reference to FIG. 3.
  • a processing result is converted into secure read data ( 2209 ).
  • the IC card chip 1201 receives the IC card command in step 2301 and executes the security process A program 1212 on the basis of the IC card command ( 2302 ). Details in the program 1212 will be described hereinlater with reference to FIG. 4.
  • a processing result is transmitted as an IC card response to the controller chip 1101 ( 2303 ).
  • the controller chip 1101 receives the IC card response ( 2207 ) and discriminates whether the IC card response is a response to the PIN verification command or not ( 2208 ). If it is not the response to the PIN verification, step 2209 follows and a processing result is converted into the secure read data. If it is the response to the PIN verification, step 2210 follows. A data portion showing the verification result in the response to the PIN verification has been encrypted by the chip common key in the IC card chip 1201 . In step 2210 , the controller chip 1101 decrypts the encrypted verification result by the chip common key by the PIN process program 1112 , thereby reconstructing the verification result.
  • the controller chip 1101 discriminates whether the PIN verification result is data showing “coincides with the PIN reference” or data showing “does not coincide with the PIN reference” ( 2212 ). If it is the data showing “coincides with the PIN reference”, data showing “authenticated” is set into the PIN authentication register B 1105 in the controller chip 1101 ( 2213 ) and step 2209 follows.
  • step 2209 the memory card 1001 enters a mode to wait for the next command by the host apparatus 1401 ( 2211 ).
  • the memory card 1001 transmits the secure read data obtained in step 2209 ( 2214 ).
  • the host apparatus 1401 receives it ( 2104 ). In this manner, the execution of one of the security processes is completed.
  • FIG. 3 shows a detailed processing flow for the security process A program 1212 in the IC card chip 1201 in step 2302 in FIG. 2.
  • a program 1212 determines whether the IC card command is the PIN verification command or not is discriminated ( 3103 ). If YES, the PIN input (which has been encrypted by the PIN process program 1112 ) inputted by this command is decrypted by the foregoing chip common key ( 3104 ) and its value is compared with the value of the PIN reference 1218 ( 3105 ). Whether a comparison result indicates “coincides” or “does not coincide” is discriminated ( 3106 ).
  • step 3109 If it is “coincides”, “authenticated” is set into the PIN authentication register A 1203 ( 3107 ) and step 3109 follows. Since an object of the PIN authentication register A 1203 is to temporarily hold the data, it is desirable to install it by a volatile RAM in a manner similar to the PIN authentication register B 1105 and it is desirable that the contents in the PIN authentication register A 1203 cannot be freely rewritten from the outside of the IC card chip 1201 . If the verification result is “does not coincide”, a verification error process is executed ( 3108 ) and step 3109 follows.
  • the verification error process denotes a process for counting the number of times of accumulation of the discrimination result indicative of “does not coincide”, or the like.
  • the PIN verification result is encrypted by the chip common key in step 3109 .
  • the processing routine advances to step 3118 and an IC card response including the encrypted PIN verification result is formed. If the IC card command is not the PIN verification command in step 3103 , whether it is a public key setting command (command for presetting a key which is used for a public key arithmetic operation by the RSA cryptography system) or not is discriminated ( 3110 ). If YES, the public key inputted with the public key setting command from the host apparatus 1401 is set into a register (RAM is desirable) in the CPU 1202 ( 3111 ).
  • Step 3118 follows and an IC card response including information showing whether the public key has successfully been set or not is formed. If the IC card command is not the public key setting command in step 3110 , whether it is the public key arithmetic operation command by the RSA cryptography system or not is discriminated ( 3112 ). If YES, whether “authenticated” has been set in the PIN authentication register A 1203 or not is discriminated ( 3113 ). If “authenticated” has been set, the RSA cryptography arithmetic operation is executed to the inputted data by the cryptography coprocessor 1204 by using the public key set by the public key setting command ( 3114 ). If “authenticated” is not set, step 3114 is not executed.
  • the processing routine advances to step 3118 and an IC card response including the output data by the public key arithmetic operation or the information showing whether the arithmetic operation has successfully been executed or not is formed. If the IC card command is not the public key arithmetic operation command in step 3112 , whether it is a private key arithmetic operation command by the RSA cryptography system or not is discriminated ( 3115 ). If YES, whether “authenticated” has been set in the PIN authentication register A 1203 or not is discriminated ( 3116 ). If “authenticated” has been set, the RSA cryptography arithmetic operation is executed to the inputted data by the cryptography coprocessor 1204 by using the private key 1217 ( 3117 ).
  • step 3117 is not executed.
  • the processing routine advances to step 3118 and an IC card response including the output data by the private key arithmetic operation or the information showing whether the arithmetic operation has successfully been executed or not is formed. If the IC card command is not the private key arithmetic operation command in step 3115 , step 3118 follows and an IC card response including information showing that the command could not be interpreted is formed. In this manner, the security process A program 1212 is completed.
  • One of the input data to be subjected to the cryptographic operation in step 3114 is seed data for generating the pseudo random numbers mentioned above and has been stored as random number seed 1303 in the flash memory chip 1301 .
  • FIG. 4 is a detailed processing flow for the security process B program 1113 in the controller chip 1101 in step 2206 in FIG. 2.
  • a first step of the security process B program 1113 whether the IC card command is a file selecting command (command for selecting the digital certificate to be accessed) or not is discriminated ( 4103 ). If YES, a certificate file indicated by an ID (IDentification) number which is inputted by such a command is searched from the file (or from a plurality of files) of the digital certificate 1302 in the flash memory chip 1301 by a program of the certificate management 1114 and the ID number of the found certificate file is set into a register (RAM is desirable) in the CPU 1111 .
  • ID ID
  • Step 4113 follows and an IC card response including information showing a file selection result is formed. If the IC card command is not the file selecting command in step 4103 , whether it is a file read command (command for reading out the digital certificate) or not is discriminated ( 4105 ). If YES, the digital certificate shown by the ID number set in the register is read out from the flash memory chip 1301 by the program of the certificate management 1114 ( 4106 ). Step 4113 follows and an IC card response including the read-out digital certificate is formed.
  • step 4105 If the IC card command is not the file read command in step 4105 , whether it is a file updating command (command for updating the digital certificate) or not is discriminated ( 4107 ). If YES, whether “authenticated” has been set in the PIN authentication register B 1105 or not is discriminated ( 4108 ). If “authenticated” has been set, the update data inputted together with this command is overwritten into the file area on the flash memory chip 1301 occupied by the digital certificate shown by the ID number set in the register by the program of the certificate management 1114 . If a size of update data is larger than a size of such a file area, or the like, the data is not updated ( 4109 ). If “authenticated” is not set in step 4108 , step 4109 is not executed.
  • Step 4113 follows and an IC card response including information showing whether the update is successful or not is formed. If the IC card command is not the file updating command in step 4107 , whether it is a random number generating command or not is discriminated ( 4110 ). If YES, whether “authenticated” has been set in the PIN authentication register B 1105 or not is discriminated ( 4111 ). If “authenticated” has been set, the pseudo random numbers are generated by a program of the pseudo random number generation 1115 by using the random number seed 1303 in the flash memory chip 1301 ( 4112 ). If “authenticated” is not set, step 4112 is not executed. Step 4113 follows and an IC card response including the generated random number data or information showing whether the generation is successful or not is formed.
  • step 4113 follows and IC card response including information showing that the command could not be interpreted is formed.
  • the security process B program 1113 is completed.
  • the digital certificate 1302 can be also stored into the flash memory chip 1301 in a state where the data has been encrypted or a signature has been added to the data.
  • decryption of the certificate and verification of the signature are also executed in step 4106 and creation of the signature and cryptography of the certificate are also executed in step 4109 .
  • FIG. 5 is a flowchart showing processes which are executed by the memory card 1001 in order to improve the execution stability of the security processes so as to cope with such a problem.
  • the memory card 1001 has a function for interpreting a command called “security process confirming command”.
  • the security process confirming command is a command for allowing the memory card 1001 to previously confirm whether the security processes can operate normally or not.
  • the IC card chip 1201 has a function for interpreting a command called “program existence confirming command”. Processing steps of the “security process confirming command” will be described in detail in accordance with the flowchart of FIG. 5.
  • the host apparatus 1401 transmits the “security process confirming command” ( 5101 ).
  • the controller chip 1101 receives such a command and transmits the “program existence confirming command” to the IC card chip 1201 ( 5201 ).
  • the IC card chip 1201 searches whether the security process A program exists in the EEPROM 1211 or not and if such a program is found, the program is set into a mode in which it can be used ( 5301 ). Subsequently, a search result (existence or absence) is transmitted as an IC card response to the controller chip 1101 ( 5302 ). The controller chip 1101 knows the existence of the security process A program 1212 from the received IC card response ( 5202 ). If the security process A program 1212 exists, the security process B program 1113 is set into a mode in which it can be executed ( 5203 ). If the security process A program 1212 does not exist, the process in step 5203 is not executed. By the above processes, the execution stability of the security processes is improved.
  • FIG. 6 shows an example of a format of each of the secure write data which is transmitted to the memory card 1001 in step 2102 in FIG. 2 and the secure read data which is received by the host apparatus 1401 in step 2104 . It is preferable to apply those formats to the case where the contents of the requested security processes can be expressed by one IC card command and results of the security processes can be expressed by one IC card response. As mentioned above, both of the IC card command which is transmitted to the IC card chip 1201 and the IC card response which is received from the IC card chip 1201 conform with the ISO/IEC7816-4 standard.
  • a header of 4 bytes (a class byte CLA, an instruction byte INS, and parameter bytes P 1 and P 2 ) are indispensable and an input data length indication byte Lc, input data DataIn, and an output data length indication byte Le follow as necessary.
  • statuses SW 1 and SW 2 of 2 bytes are indispensable and output data DataOut is followed by them as necessary.
  • Secure write data 6001 in the format is constructed in a manner such that a format identifier FID 6003 and an IC card command length Lca 6004 are followed by an IC card command 6002 and, further, dummy data 6005 is padded after the IC card command 6002 .
  • the FID 6003 includes an identification number of the format or attribute data of the format.
  • a value of the Lca 6004 is equal to a value obtained by summing lengths of component elements of the IC card command 6002 .
  • Secure read data 6101 is constructed in a manner such that a format identifier FID 6103 and an IC card response length Lra 6104 are followed by an IC card response 6102 and, further, dummy data 6105 is padded after the IC card response 6102 .
  • the FID 6103 includes an identification number of the format or attribute data of the format.
  • a value of the Lra 6104 is equal to a value obtained by summing lengths of component elements of the IC card response 6102 .
  • the diagram shows the examples of the formats in the case where Lc, DataIn, and Le are included in the IC card command and DataOut is included in the IC card response.
  • Lc, DataIn, and Le are included in the IC card command and DataOut is included in the IC card response.
  • a size of each of the secure write data 6001 and the secure read data 6101 is made to coincide with a block size according to the specification of the standard memory card command of the memory card 1001 .
  • the dummy data 6005 and 6105 is applied to make the size of each of the secure write data 6001 and the secure read data 6101 coincide with the block size.
  • a sector size (512 bytes) in the FAT system which a general small memory card uses in a logical file system is used as a value which is used as a block size.
  • the dummy data 6005 and 6105 to be padded can be set to all 0, random numbers, or a checksum which is used for the CPU 1111 or the host apparatus 1401 to detect or correct data errors.
  • the value of the Lca 6004 is used for the CPU 1111 to remove the dummy data 6005 from the secure write data 6001 .
  • the value of the Lra 6104 is used for the host apparatus 1401 to remove the dummy data 6105 from the secure read data 6101 .

Abstract

A memory card has: a flash memory chip for storing digital certificates and a seed of random numbers; a controller chip which can execute a managing process for managing the digital certificates and a random number generating process for generating the pseudo random numbers by using the seed of random numbers; and an IC card chip which can execute an authenticating process for authenticating personal identification information (PIN) inputted from a host apparatus and an encrypting process for encrypting the seed of random numbers. Thus, a processing time of security processes is reduced while assuring safety of the security processes.

Description

    BACKGROUND OF THE INVENTION
  • The invention relates to a storage device having a security function, a host apparatus into which the storage device can be inserted, and the host apparatus having the storage device. More particularly, the invention relates to a memory card having a flash memory chip and a controller, an information processing apparatus into which the memory card can be inserted, and the information processing apparatus having the memory card. [0001]
  • An IC card is constructed by embedding an IC (Integrated Circuit) chip into a plastic card substrate and has external terminals of the IC chip on its surface. As external terminals of the IC chip, there are a power terminal, a clock terminal, data input/output terminals, and the like. A connected apparatus directly supplies a power source and a drive clock to the IC chip from the external terminals, thereby making the IC chip operative. The IC card exchanges information with the connected apparatus such as a terminal device or the like by transmitting and receiving an electric signal to/from the connected apparatus via the external terminals. As a result of the information exchange, the IC card sends a calculation result and stored information and changes the stored information. On the basis of specifications of those operations, the IC card can have a function for executing a security process such as protection of secret data, personal identification, and the like. The IC card is used as a user device for the personal identification in a system in which security of secret information in a credit settlement, banking, or the like is necessary. [0002]
  • JP-A-2000-242750 discloses a personal identification system comprising: a personal digital assistant which has tamper-resistant and in which registration information has been stored; and a personal identification apparatus which has the tamper-resistant and can make personal identification on the basis of the registration information in the personal digital assistant and input information which is newly inputted when communication with the personal digital assistant can be made, wherein encrypting means for encrypting the registration information and sending an obtained cipher text to the personal identification apparatus when the personal identification is made is provided as a personal digital assistant, and decrypting means for obtaining the registration information by decrypting the cipher text sent from the encrypting means and collating means for collating the registration information obtained by the decrypting means with the input information are provided as a personal identification apparatus. [0003]
  • JP-A-2000-338868 discloses a first issuing method of the public key certificates such that: among a plurality of basic information for public key certificates formed on the basis of predetermined applying information, signature data for the one format is formed with respect to the basic information for the one format as a target; a public key certificate for another format is formed by including signature data for another format with respect to the formed basic information and signature data and the basic information for that another format as targets; the basic information for the one format, the signature data for the one format, the basic information for that another format, and the signature data for that another format are obtained from the formed public key certificates; and a public key certificate for the one format is formed on the basis of the obtained basic information and signature data. JP-A-2000-338868 also discloses a second issuing method of the public key certificates such that: signature data is formed with respect to a coupling hash value, as a target, in which basic information of a plurality of formats for public key certificates formed on the basis of predetermined applying information are arranged in predetermined order and hash values of the basic information are coupled; and a public key certificate is formed by including the basic information corresponding to a format which can be used on an applicant side, the hash values formed from the basic information of formats other than the format of the basic information, and the formed signature data. [0004]
  • JP-A-2001-357365 discloses a data storage device comprising: input/output control means for controlling an input and an output of data to/from an information processing apparatus; first storage control means for controlling storage of the data corresponding to a plurality of services; and second storage control means for controlling storage of a first service ID corresponding to a first service among the plurality of services and a second service ID corresponding to a second service, among the plurality of services, in which the input/output of the data are permitted in the case where the input/output of the data regarding the first service are controlled by the input/output control means. [0005]
  • JP-A-2002-024773 discloses an IC card service addition permitting apparatus comprising: service addition information storing means for holding service addition information regarding an IC card; and service addition permitting means for receiving service addition request data to the IC card and encrypted IC card issuer data recorded in the IC card, authenticating the encrypted IC card issuer data by key information given in order to confirm an issuer of the IC card, sending service addition permission data when the issuer of the IC card is confirmed, writing information regarding the permitted service addition to the service addition information storing means, and sending service addition inhibition data when the issuer of the IC card is not confirmed. [0006]
  • According to the conventional techniques, since all security processes are executed by the IC card chip, a processing time is long. That is, since processing ability of a CPU of the IC card chip is lower than that of a CPU of a controller of a memory card, processes which are executed by software among the security processes take time. In the case of executing all of the security processes by the controller of the memory card, since tamper-resistant of the controller of the memory card is lower than that of the IC card chip, the controller is easily subjected to attack from the outside, and safety of the security processes cannot be assured. [0007]
    • SUMMARY OF THE INVENTION
  • It is an object of the invention to provide a storage device in which a processing time of security processes is reduced while assuring safety of the security processes. [0008]
  • According to the invention, among a series of security processes, a controller in a memory card executes a managing process for managing digital certificates and a random number generating process for generating pseudo random numbers by using a seed of random numbers, and an IC card chip in the memory card executes an authenticating process for authenticating personal identification number (PIN) inputted from a host apparatus and an encrypting process for encrypting the seed of the random numbers by using a key corresponding to a key held in a server. [0009]
  • The series of security processes denotes, for example, processes such that in the case where the host apparatus having the memory card and the server exchange information or the host apparatus reproduces information, hacking or alteration which is made by the third party without browsing/using authorization of the information is prevented by using an encrypting technique or the like. [0010]
  • According to the invention, there is an effect such that the processing time of the security processes is reduced while assuring safety of the security processes of the storage device. [0011]
  • Other objects, features and advantages of the invention will become apparent from the following description of the embodiments of the invention taken in conjunction with the accompanying drawings.[0012]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a diagram showing an internal construction of a memory card to which the invention is applied; [0013]
  • FIG. 2 is a flowchart showing an executing process of security processes by the memory card to which the invention is applied; [0014]
  • FIG. 3 is a flowchart for a security process program which is executed by an IC card chip in the flowchart shown in FIG. 2; [0015]
  • FIG. 4 is a flowchart for a security process program which is executed by a controller chip in the flowchart shown in FIG. 2; [0016]
  • FIG. 5 is a flowchart showing a process for confirming whether the security processes in FIG. 2 can operate or not; and [0017]
  • FIG. 6 is a diagram showing an example of formats of secure write data and secure read data.[0018]
    • DESCRIPTION OF THE EMBODIMENTS
  • An embodiment of the invention will be described hereinbelow. [0019]
  • FIG. 1 simply shows an internal constructional diagram of a memory card to which the invention is applied. It is preferable that a [0020] memory card 1001 conforms with the MultiMediaCard specifications. MultiMediaCard is a registered trademark of Infineon Technologies AG. The memory card 1001 has a function for executing two kinds of processes: a storage process for reading or writing file data which is used by a host apparatus when an external terminal 1002 connected to an outside issues a memory card command; and a security process such as a cryptographic operation or the like which is necessary for secret data protection, user authentication, or the like. The secret data denotes a private key, a digital certificate, and the like which are peculiar to the owner of the memory card 1001. The user authentication denotes a function such that before the owner is permitted to use those secret data, the memory card 1001 itself discriminates whether the person who accesses is the owner himself of the memory card 1001 or not. A user authentication system which is used in the embodiment is a system whereby personal identification information (hereinafter, abbreviated to PIN) such as personal identification number, biometrics information, or the like which the owner individually memorizes is inputted to the memory card 1001 via a host apparatus 1401 and whether it coincides with reference data (hereinafter, referred to as a reference PIN) in the memory card 1001 or not, thereby specifying that he is the true owner.
  • The [0021] memory card 1001 has: an external terminal 1002 for connecting to the host apparatus 1401; a controller chip 1101 for controlling the writing of file data into a flash memory chip 1301, the reading of the file data from the flash memory chip 1301, and the erasure of the file data in the flash memory chip 1301; the flash memory chip 1301 which can store data; and an IC card chip 1201 for encrypting or decrypting the data by using a public key or a private key. The memory card 1001 receives a standard memory card command (command for accessing the flash memory chip 1301) and a secure command for executing the security processes via a single external interface. The controller chip 1101 has a function for selecting the chip (either the flash memory chip 1301 or the IC card chip 1201) to be accessed in accordance with whether the command received by the memory card 1001 is the standard memory card command or the secure command and, further, in the case of the secure command, in accordance with contents of the requested security process and distributing command processes. When the controller chip 1101 receives the standard memory card command, it selects the flash memory chip 1301, issues a flash memory command to it, and reads or writes data for the host apparatus. When the controller chip 1101 receives the secure command, it discriminates whether the security process instructed by the command should be executed by the IC card chip 1201 or not. If the security process is a process which should be executed by the IC card chip 1201, the controller chip 1101 selects the IC card chip 1201, issues an IC card command, and executes the desired security process. If the security process is not the process which should be executed by the IC card chip 1201, the security process is executed in the controller chip 1101.
  • The [0022] host apparatus 1401 corresponds to, for example, a cellular phone, a PDA (Personal Digital Assistant), a personal computer, a music player, a camera, a video camera, an automatic teller machine, a kiosk, a settlement terminal, or the like.
  • The [0023] flash memory chip 1301 is a memory chip using a non-volatile semiconductor memory as a storing medium and can read and write file data by a flash memory command which is transmitted from the controller chip 1101. The flash memory chip 1301 stores digital certificate 1302 which is used for the security process that is executed in the controller chip 1101 and a seed 1303 of random numbers serving as an origin of generation of the random numbers.
  • The [0024] external terminal 1002 is constructed by a plurality of terminals and includes a power supply terminal, a clock input terminal, a command input/output terminal, a data input/output terminal, and a ground terminal in order to exchange information with the external host apparatus 1401.
  • The [0025] IC card chip 1201 is a microcomputer chip to be embedded into a plastic substrate of the IC card. Its external terminal, electric signal protocol, and commands conform with the ISO/IEC7816 standard. As external terminals of the IC card chip 1201, there are a power supply terminal, a clock input terminal, a reset input terminal, an I/O (input/output) terminal, and a ground terminal. The controller chip 1101 issues an IC card command (command which can be interpreted by the IC card chip 1201) to the IC card chip 1201 from the external terminal of the IC card chip 1201, so that it can execute arithmetic operations necessary for the security processes.
  • The controller chip [0026] 1101 is connected to other component elements (the external terminal 1002, the flash memory chip 1301, the IC card chip 1201) in the memory card 1001 and is a microcomputer chip which plays a main role for controlling them. A CPU 1111 provided in the controller chip 1101 controls all other elements constructing the controller chip 1101 in accordance with a program built therein. A host interface control logic 1102 is a logic circuit for executing an electric signal protocol when the CPU 1111 in the memory card 1001 receives the memory card command from the external host apparatus 1401 or transmits a memory card response to the received command to the external host apparatus 1401. A flash memory interface control logic 1103 is a logic circuit for executing an electric signal protocol when the CPU 1111 sends the flash memory command for transferring the file data being read or to be written between the CPU 1111 and the flash memory chip 1301 or when the CPU 1111 receives a response to such a command. An IC card interface control logic 1104 is a logic circuit for executing an electric signal protocol when the IC card command is transmitted between the CPU 1111 and the IC card chip 1201 or when the CPU 1111 receives a response to such a command. The CPU 1111 includes not only a program for controlling the above three kinds of control logics 1102, 1103, and 1104 but also the programs 1112 and 1113 for executing the foregoing security processes. The PIN process program 1112 describes processes which are executed in the controller chip 1101 upon user authentication. The security process B program 1113 describes other security processes which are executed in the controller chip 1101. As specific contents of them, certificate management 1114 and random number generation 1115 are included. In those processes, the digital certificate 1302 and the seed 1303 of random numbers which have been stored in the flash memory chip 1301 are used, respectively. Further, the controller chip 1101 includes a PIN authentication register B 1105 for temporarily holding a state of the user authentication. The words “temporarily holding” denote that when a power source is supplied, the data can be held and when the power supply is stopped, the held data is extinguished (abandoned).
  • The [0027] IC card chip 1201 comprises: a CPU 1202 for executing an arithmetic operating process; a PIN authentication register A 1203 for temporarily holding the state of the user authentication; an EEPROM (Electrically Erasable Programmable Read Only Memory) 1211 as a non-volatile memory; and a cryptography coprocessor 1204 for executing a process regarding RSA cryptography as a kind of asymmetric cryptography. By using the cryptography coprocessor 1204, the IC card chip 1201 executes the security processes based on the RSA cryptography. The security processes denote, for example, creation and verification of a digital signature and cryptography and decryption of secret data. The IC card chip 1201 can also execute the security processes by using not only the cryptography coprocessor 1204 (hardware) but also a program (software) in the CPU 1202. It is assumed that program processing performance of the CPU 1202 is lower than that of the CPU 1111 (however, the memory card to which the invention is applied can be a card in which the program processing performance is not lower). The EEPROM 1211 stores data and programs which are used for the security processes which are executed in the CPU 1202 or by the cryptography coprocessor 1204. Specifically speaking, the EEPROM 1211 stores a private key 1217 for the RSA cryptography, a PIN reference 1218 for the user authentication, and a security process A program 1212 describing the security processes which are executed in the IC card chip. As contents of the security process A program 1212, PIN verification 1213 for the user authentication, key setting 1214 for RSA cryptography calculation, a private key arithmetic operation 1215 by the RSA cryptography, and a public key arithmetic operation 1216 by the RSA cryptography are included. The RSA cryptography coprocessor 1204 is used for execution of remainder multiplication which is necessary in the processes of the arithmetic operations 1215 and 1216.
  • A memory capacity of the [0028] EEPROM 1211 of the IC card chip 1201 is smaller than that of the flash memory chip 1301. However, when the invention is applied, the memory capacity of the EEPROM 1211 of the IC card chip 1201 can be also equal to or larger than that of the flash memory chip 1301.
  • A product which has already been authenticated by the Evaluation/Authentication Office of ISO/IEC15408 as an international standard of the security evaluation reference is used as an [0029] IC card chip 1201. Generally, when an IC card having a function for executing the security processes is used for actual electronic fund transfer service or the like, the IC card needs to be subjected to the evaluation and authorization by the Evaluation/Authentication Office of ISO/IEC15408. It is preferable that the memory card 1001 has therein the IC card chip 1201 which has already been authenticated by the Evaluation/Authentication Office. The memory card 1001 has a structure in which a part of the security processes can be executed by using this IC card chip 1201. The controller chip 1101 does not always need to be subjected to the evaluation and the authorization mentioned above. By using the IC card chip 1201, the memory card 1001 obtains the function for executing the security processes which need to assure intensity higher than that of the security which can be assured in the security processes which are executed in the controller chip 1101.
  • The power supply terminal, clock input terminal, reset input terminal, and I/O (input/output) terminal of the external terminals of the [0030] IC card chip 1201 are connected to the controller chip 1101.
  • The controller chip [0031] 1101 controls a power supply and a clock supply to the IC card chip 1201 via the power supply terminal and the clock input terminal. In order to set the IC card chip 1201 to which no power source is supplied into a mode where it can receive the IC card command, first, the power supply to the IC card chip 1201 is started and a resetting process (including the start of the clock supply) based on the ISO/IEC7816-3 standard is executed. For example, when the memory card 1001 receives the command for executing the security processes from the host apparatus 1401, the controller chip 1101 can start the power supply to the IC card chip 1201 via the power supply terminal by using such reception timing as a trigger. Or, even if no security process is executed, the power supply to the IC card chip 1201 is maintained and, when the memory card 1001 receives the command for executing the security processes from the host apparatus 1401, the controller chip 1101 can execute the resetting process of the IC card chip 1201 via the reset input terminal by using such reception timing as a trigger. It is desirable that as for the memory card 1001, the clock signal which is supplied to the IC card chip 1201 via the clock input terminal of the IC card chip 1201 is generated in the controller chip 1101 independently of the clock input signal from the outside of the card and a frequency, supply start timing, and supply stop timing of the clock signal are controlled.
  • Subsequently, contents of the security processes which are executed in the [0032] memory card 1001 in FIG. 1 to which the invention is applied will be described. The memory card 1001 mainly executes the following four kinds of security processes. (1) PIN verification for the user authentication. (2) Reading/updating of the digital certificate. (3) Generation of pseudo random numbers. (4) Arithmetic operations by the RSA cryptography system. Among them, the execution of the processes (2) to (4) is permitted only after the user is correctly authenticated by the process (1). However, when the power supply to the memory card 1001 is stopped, it is assumed that the authentication result by the process (1) is abandoned (the system enters a state where the user is not authenticated). To execute the processes (2) to (4) after the power supply is restarted, first, the user needs to be again correctly authenticated by the process (1). An example of the system to which the security processes are applied will be described hereinbelow. The host apparatus 1401 having the function of connecting to the network and the user who operates it make secured data communication (for example, download of personal information) which does not permit wiretapping or impersonation with a remote server 1501 on the network by using the security processes. First, the verification or the like of the digital certificate is made by the process (4) on the basis of the user authentication by the process (1) and mutual authentication is executed between the server 1501 and the host apparatus 1401. Thus, both of them can share the secret data. It is a seed for generation of the pseudo random numbers. Subsequently, the controller chip 1101 generates the pseudo random numbers from such a seed by the process (3) and encrypts or decrypts information to be exchanged between the server 1501 and the host apparatus 1401 by those random numbers. Both of them transmit the encrypted information via the network. For example, the host apparatus 1401 encrypts the information which is transmitted to the server 1501 by using the pseudo random numbers or decrypts the information received from the server 1501. The controller chip 1101 can also generate the pseudo random numbers in (3) in response to the command from the host apparatus 1401 each time the host apparatus 1401 and the server 1501 establish a communication session (that is, the pseudo random numbers are valid only for a period of time from the establishment of the communication session to its disconnection). Only the server 1501 and the host apparatus 1401 having the random number seed 1303 can decrypt the cipher. The communication data can be securely exchanged by the above method. A digital certificate of the user himself, a digital certificate of the host apparatus 1401, a digital certificate of a communication partner (server 1501) of the host apparatus 1401, a certificate of a certificate authority which issued them, and the like can be managed in the memory card 1001 by the process (2). When the host apparatus 1401 downloads file data from the server 1501, the host apparatus 1401 transmits the digital certificates to the server 1501. The server 1501 verifies validity of the host apparatus 1401 by using the digital certificates sent from the host apparatus 1401. If it is determined as a result of the verification that the host apparatus 1401 is valid, the host apparatus 1401 permits the download of the file data. If it is determined that the host apparatus 1401 is invalid, the host apparatus 1401 refuses the download of the file data. It is preferable that the digital certificate of the user himself is used for settlement or the like. It is preferable that the digital certificate of the host apparatus 1401 is used for the host apparatus 1401 to obtain the information from the server 1501.
  • The processes of (2) and (3) among the four kinds of security processes which are executed by the [0033] memory card 1001 are executed in the controller chip 1101 and the processes of (1) and (4) are executed in the IC card chip 1201. That is, since tamper-resistant of the IC card chip 1201 is higher than that of the controller chip 1101, that is, the IC card chip 1201 is stronger against an attack from the outside, it is more safe if the PIN reference 1218 is held by the IC card chip 1201. All of the four kinds of processes can be also executed in the IC card chip 1201 in consideration of a purpose for assuring higher security intensity. The above distributing method has the following two advantages from a viewpoint of improvement of a convenience for the user. First, the number of digital certificates (indicating 1302 stored in the flash memory chip 1301) which can be handled by the process of (2) can be set to be larger than the number of digital certificates which can be stored in the EEPROM 1211 of the IC card chip 1201. Second, a processing time which is required for execution of (3) can be set to be shorter than that in the case where it is executed by the IC card chip 1201 (in dependence on a difference of performance of the CPU). That is, since processing ability of the CPU 1111 of the controller chip 1101 is higher (its processing speed is higher) than that of the CPU 1202 of the IC card chip 1201, as a speed of the processes to be executed by software, the speed of the processes executed by the controller chip 1101 is higher. On the other hand, since a processing speed of the cryptography or decryption which is executed by the cryptography coprocessor 1204 as hardware is higher than that of the cryptography or decryption which is executed by the software, a processing speed of the cryptography or decryption which is executed by the IC card chip 1201 is higher. Since the discrimination about the permission of the execution of the processes (2) and (3) is made on the basis of a processing result of (1), a mechanism for correctly transferring the processing result of (1) in the IC card chip 1201 to the controller chip 1101 is needed. As will be explained hereinlater, such a problem is solved by applying the invention.
  • FIG. 2 is a flowchart showing detailed processes at the time of allowing the [0034] memory card 1001 in FIG. 1 to which the invention is applied to execute the security processes. To execute the security processes, there are two kinds of commands as secure commands mentioned above: the first is a secure write command; and the second is a secure read command. The secure write command is a command for transmitting data including contents of the security processes which are required by the host apparatus 1401 (hereinafter, such data is referred to as secure write data) to the memory card 1001. The secure read command is a command for allowing the host apparatus 1401 to read out data including results of the security processes (hereinafter, such data is referred to as secure read data). The host apparatus 1401 issues those two kinds of commands and allows the memory card 1001 to execute the security processes. Although the security processes include a plurality of processes, one of them can be executed by issuing one set of the secure write command and the secure read command.
  • An executing procedure for the security processes will be described in detail with reference to a flowchart of FIG. 2. First, the [0035] host apparatus 1401 transmits the secure write command to the memory card 1001 (2101) and, subsequently, transmits the secure write data including contents of the requested security process (2102). The controller chip 1101 converts the secure write data into an IC card command (2201). Whether the IC card command is a command for verifying a PIN input or not is discriminated (2202). If it is the PIN verification, a PIN input portion in the IC card command is replaced with the portion obtained by encrypting the original PIN input by the PIN process program 1112 (2203). The processing routine advances to step 2205. A secret key which has previously been shared between the controller chip 1101 and the IC card chip 1201 (hereinafter, such a key is referred to as a chip common key) is used as a key for encrypting the PIN input. Thus, the PIN input which is transferred between the two chips can be protected against the illegal alteration. The chip common key has been described in the PIN process program 1112. If the IC card command is not the PIN verification command in step 2202, whether the IC card command is a command which should be executed in the IC card chip or not is discriminated (2204). If it should be executed in the IC card, step 2205 follows. If NO, step 2206 follows. In step 2205, the IC card command is transmitted to the IC card chip 1201 and step 2301 follows. In step 2206, the security process B program 1113 is executed on the basis of the IC card command. Details in the program 1113 will be described hereinlater with reference to FIG. 3. A processing result is converted into secure read data (2209). The IC card chip 1201 receives the IC card command in step 2301 and executes the security process A program 1212 on the basis of the IC card command (2302). Details in the program 1212 will be described hereinlater with reference to FIG. 4. A processing result is transmitted as an IC card response to the controller chip 1101 (2303). The controller chip 1101 receives the IC card response (2207) and discriminates whether the IC card response is a response to the PIN verification command or not (2208). If it is not the response to the PIN verification, step 2209 follows and a processing result is converted into the secure read data. If it is the response to the PIN verification, step 2210 follows. A data portion showing the verification result in the response to the PIN verification has been encrypted by the chip common key in the IC card chip 1201. In step 2210, the controller chip 1101 decrypts the encrypted verification result by the chip common key by the PIN process program 1112, thereby reconstructing the verification result. By this means, the PIN verification result which is transferred between the two chips can be protected against the illegal alteration in a manner similar to that mentioned above. Subsequently, the controller chip 1101 discriminates whether the PIN verification result is data showing “coincides with the PIN reference” or data showing “does not coincide with the PIN reference” (2212). If it is the data showing “coincides with the PIN reference”, data showing “authenticated” is set into the PIN authentication register B 1105 in the controller chip 1101 (2213) and step 2209 follows. Since an object of the PIN authentication register B 1105 is to temporarily hold the data, it is desirable to install it by a volatile RAM (Random Access Memory) and it is desirable that the contents in the PIN authentication register B 1105 cannot be freely rewritten from the outside of the memory card 1001. On the other hand, if the PIN verification result is the data showing “does not coincide with the PIN reference”, the data showing “authenticated” is not set into the PIN authentication register B 1105 but step 2209 follows. After step 2209, the memory card 1001 enters a mode to wait for the next command by the host apparatus 1401 (2211). When the secure read command is transmitted to the memory card 1001 by the host apparatus 1401 (2103), the memory card 1001 transmits the secure read data obtained in step 2209 (2214). The host apparatus 1401 receives it (2104). In this manner, the execution of one of the security processes is completed.
  • FIG. 3 shows a detailed processing flow for the security process A program [0036] 1212 in the IC card chip 1201 in step 2302 in FIG. 2. As a first step of the security process A program 1212, whether the IC card command is the PIN verification command or not is discriminated (3103). If YES, the PIN input (which has been encrypted by the PIN process program 1112) inputted by this command is decrypted by the foregoing chip common key (3104) and its value is compared with the value of the PIN reference 1218 (3105). Whether a comparison result indicates “coincides” or “does not coincide” is discriminated (3106). If it is “coincides”, “authenticated” is set into the PIN authentication register A 1203 (3107) and step 3109 follows. Since an object of the PIN authentication register A 1203 is to temporarily hold the data, it is desirable to install it by a volatile RAM in a manner similar to the PIN authentication register B 1105 and it is desirable that the contents in the PIN authentication register A 1203 cannot be freely rewritten from the outside of the IC card chip 1201. If the verification result is “does not coincide”, a verification error process is executed (3108) and step 3109 follows. The verification error process denotes a process for counting the number of times of accumulation of the discrimination result indicative of “does not coincide”, or the like. For example, if the number of times of accumulation exceeds a predetermined number, use of the present security process is perfectly stopped, thereby improving the safety from illegal use. The PIN verification result is encrypted by the chip common key in step 3109. The processing routine advances to step 3118 and an IC card response including the encrypted PIN verification result is formed. If the IC card command is not the PIN verification command in step 3103, whether it is a public key setting command (command for presetting a key which is used for a public key arithmetic operation by the RSA cryptography system) or not is discriminated (3110). If YES, the public key inputted with the public key setting command from the host apparatus 1401 is set into a register (RAM is desirable) in the CPU 1202 (3111). Step 3118 follows and an IC card response including information showing whether the public key has successfully been set or not is formed. If the IC card command is not the public key setting command in step 3110, whether it is the public key arithmetic operation command by the RSA cryptography system or not is discriminated (3112). If YES, whether “authenticated” has been set in the PIN authentication register A 1203 or not is discriminated (3113). If “authenticated” has been set, the RSA cryptography arithmetic operation is executed to the inputted data by the cryptography coprocessor 1204 by using the public key set by the public key setting command (3114). If “authenticated” is not set, step 3114 is not executed. The processing routine advances to step 3118 and an IC card response including the output data by the public key arithmetic operation or the information showing whether the arithmetic operation has successfully been executed or not is formed. If the IC card command is not the public key arithmetic operation command in step 3112, whether it is a private key arithmetic operation command by the RSA cryptography system or not is discriminated (3115). If YES, whether “authenticated” has been set in the PIN authentication register A 1203 or not is discriminated (3116). If “authenticated” has been set, the RSA cryptography arithmetic operation is executed to the inputted data by the cryptography coprocessor 1204 by using the private key 1217 (3117). If “authenticated” is not set, step 3117 is not executed. The processing routine advances to step 3118 and an IC card response including the output data by the private key arithmetic operation or the information showing whether the arithmetic operation has successfully been executed or not is formed. If the IC card command is not the private key arithmetic operation command in step 3115, step 3118 follows and an IC card response including information showing that the command could not be interpreted is formed. In this manner, the security process A program 1212 is completed. One of the input data to be subjected to the cryptographic operation in step 3114 is seed data for generating the pseudo random numbers mentioned above and has been stored as random number seed 1303 in the flash memory chip 1301.
  • FIG. 4 is a detailed processing flow for the security [0037] process B program 1113 in the controller chip 1101 in step 2206 in FIG. 2. As a first step of the security process B program 1113, whether the IC card command is a file selecting command (command for selecting the digital certificate to be accessed) or not is discriminated (4103). If YES, a certificate file indicated by an ID (IDentification) number which is inputted by such a command is searched from the file (or from a plurality of files) of the digital certificate 1302 in the flash memory chip 1301 by a program of the certificate management 1114 and the ID number of the found certificate file is set into a register (RAM is desirable) in the CPU 1111. If the certificate file cannot be found, a special number showing the failure in selection can be set (4104). Step 4113 follows and an IC card response including information showing a file selection result is formed. If the IC card command is not the file selecting command in step 4103, whether it is a file read command (command for reading out the digital certificate) or not is discriminated (4105). If YES, the digital certificate shown by the ID number set in the register is read out from the flash memory chip 1301 by the program of the certificate management 1114 (4106). Step 4113 follows and an IC card response including the read-out digital certificate is formed. If the IC card command is not the file read command in step 4105, whether it is a file updating command (command for updating the digital certificate) or not is discriminated (4107). If YES, whether “authenticated” has been set in the PIN authentication register B 1105 or not is discriminated (4108). If “authenticated” has been set, the update data inputted together with this command is overwritten into the file area on the flash memory chip 1301 occupied by the digital certificate shown by the ID number set in the register by the program of the certificate management 1114. If a size of update data is larger than a size of such a file area, or the like, the data is not updated (4109). If “authenticated” is not set in step 4108, step 4109 is not executed. Step 4113 follows and an IC card response including information showing whether the update is successful or not is formed. If the IC card command is not the file updating command in step 4107, whether it is a random number generating command or not is discriminated (4110). If YES, whether “authenticated” has been set in the PIN authentication register B 1105 or not is discriminated (4111). If “authenticated” has been set, the pseudo random numbers are generated by a program of the pseudo random number generation 1115 by using the random number seed 1303 in the flash memory chip 1301 (4112). If “authenticated” is not set, step 4112 is not executed. Step 4113 follows and an IC card response including the generated random number data or information showing whether the generation is successful or not is formed. If the IC card command is not the random number generating command in step 4110, step 4113 follows and IC card response including information showing that the command could not be interpreted is formed. In this manner, the security process B program 1113 is completed. For the purpose of protecting the data, the digital certificate 1302 can be also stored into the flash memory chip 1301 in a state where the data has been encrypted or a signature has been added to the data. In this case, decryption of the certificate and verification of the signature are also executed in step 4106 and creation of the signature and cryptography of the certificate are also executed in step 4109.
  • Subsequently, functions which the [0038] memory card 1001 to which the invention is applied has in order to improve the stability upon execution of the security processes will be explained. As will be obviously understood from the above explanation, the security processes are normally executed only when the security process A program (1212) and the security process B program (1113) existing in the two chips cooperate. Therefore, if the security process A program 1212 does not exist in the IC card chip 1201 due to some cause (for example, destruction or the like of the storage data due to deterioration of the EEPROM 1211), the security processes are not normally executed. FIG. 5 is a flowchart showing processes which are executed by the memory card 1001 in order to improve the execution stability of the security processes so as to cope with such a problem. The memory card 1001 has a function for interpreting a command called “security process confirming command”. The security process confirming command is a command for allowing the memory card 1001 to previously confirm whether the security processes can operate normally or not. The IC card chip 1201 has a function for interpreting a command called “program existence confirming command”. Processing steps of the “security process confirming command” will be described in detail in accordance with the flowchart of FIG. 5. First, the host apparatus 1401 transmits the “security process confirming command” (5101). The controller chip 1101 receives such a command and transmits the “program existence confirming command” to the IC card chip 1201 (5201). Thus, the IC card chip 1201 searches whether the security process A program exists in the EEPROM 1211 or not and if such a program is found, the program is set into a mode in which it can be used (5301). Subsequently, a search result (existence or absence) is transmitted as an IC card response to the controller chip 1101 (5302). The controller chip 1101 knows the existence of the security process A program 1212 from the received IC card response (5202). If the security process A program 1212 exists, the security process B program 1113 is set into a mode in which it can be executed (5203). If the security process A program 1212 does not exist, the process in step 5203 is not executed. By the above processes, the execution stability of the security processes is improved.
  • FIG. 6 shows an example of a format of each of the secure write data which is transmitted to the [0039] memory card 1001 in step 2102 in FIG. 2 and the secure read data which is received by the host apparatus 1401 in step 2104. It is preferable to apply those formats to the case where the contents of the requested security processes can be expressed by one IC card command and results of the security processes can be expressed by one IC card response. As mentioned above, both of the IC card command which is transmitted to the IC card chip 1201 and the IC card response which is received from the IC card chip 1201 conform with the ISO/IEC7816-4 standard. According to this standard, in the construction of the IC card command, a header of 4 bytes (a class byte CLA, an instruction byte INS, and parameter bytes P1 and P2) are indispensable and an input data length indication byte Lc, input data DataIn, and an output data length indication byte Le follow as necessary. In the construction of the IC card response, statuses SW1 and SW2 of 2 bytes are indispensable and output data DataOut is followed by them as necessary. Secure write data 6001 in the format is constructed in a manner such that a format identifier FID 6003 and an IC card command length Lca 6004 are followed by an IC card command 6002 and, further, dummy data 6005 is padded after the IC card command 6002. The FID 6003 includes an identification number of the format or attribute data of the format. A value of the Lca 6004 is equal to a value obtained by summing lengths of component elements of the IC card command 6002. Secure read data 6101 is constructed in a manner such that a format identifier FID 6103 and an IC card response length Lra 6104 are followed by an IC card response 6102 and, further, dummy data 6105 is padded after the IC card response 6102. The FID 6103 includes an identification number of the format or attribute data of the format. A value of the Lra 6104 is equal to a value obtained by summing lengths of component elements of the IC card response 6102. The diagram shows the examples of the formats in the case where Lc, DataIn, and Le are included in the IC card command and DataOut is included in the IC card response. In many memory cards, according to the specification of the read/write command of the file data, it is a standard manner that the data to be read/write accessed is processed on a unit basis of a block of a fixed length. Therefore, it is preferable that a size of each of the secure write data 6001 and the secure read data 6101 is made to coincide with a block size according to the specification of the standard memory card command of the memory card 1001. The dummy data 6005 and 6105 is applied to make the size of each of the secure write data 6001 and the secure read data 6101 coincide with the block size. It is desirable that a sector size (512 bytes) in the FAT system which a general small memory card uses in a logical file system is used as a value which is used as a block size. The dummy data 6005 and 6105 to be padded can be set to all 0, random numbers, or a checksum which is used for the CPU 1111 or the host apparatus 1401 to detect or correct data errors. The value of the Lca 6004 is used for the CPU 1111 to remove the dummy data 6005 from the secure write data 6001. The value of the Lra 6104 is used for the host apparatus 1401 to remove the dummy data 6105 from the secure read data 6101.
  • It should be further understood by those skilled in the art that although the foregoing description has been made on embodiments of the invention, the invention is not limited thereto and various changes and modifications may be made without departing from the spirit of the invention and the scope of the appended claims. [0040]

Claims (14)

What is claimed is:
1. A memory card comprising a flash memory, a controller, and an IC card chip, wherein
said flash memory stores a digital certificate necessary for an external host apparatus to obtain data from a server which can communicate with said host apparatus and a seed of random numbers serving as an element of random numbers which are used for mutually exchanging said data between said server and said host apparatus,
said controller can execute a managing process for managing said digital certificate and a random number generating process for generating said pseudo random numbers by using said seed of random numbers, and
said IC card chip can execute an authenticating process for authenticating personal identification number information inputted from said host apparatus and an encrypting process for encrypting said seed of random numbers by using a key corresponding to a key held by said server.
2. A card according to claim 1, wherein
said controller has a register to which an access from said host apparatus is limited, and
said controller sets predetermined data into said register on the basis of an authentication result of said personal identification information by said IC card chip before said random number generating process is executed.
3. A card according to claim 2, wherein
said IC card chip encrypts the authentication result of said personal identification information by using a common key which is shared between said IC card chip and said controller and outputs the encrypted authentication result of said personal identification information to said controller, and
said controller decrypts the encrypted authentication result of said personal identification number information by using said common key and sets said predetermined data into said register on the basis of the decrypted authentication result of said personal identification information.
4. A card according to claim 2, wherein
said register abandons said predetermined data set in said register when a supply of a power source to said controller is stopped.
5. A card according to claim 2, wherein
said controller starts the execution of said random number generating process if it is determined that said personal identification information has successfully been authenticated with reference to said predetermined data in said register.
6. A card according to claim 1, wherein said managing process includes a process for updating or adding said digital certificate.
7. A card according to claim 1, wherein said IC card chip has a cryptography coprocessor for encrypting said seed of random numbers.
8. A memory card according to claim 1, wherein
tamper-resistant of said IC card chip is higher than that of said controller, and
said IC card chip holds reference information which is used for authenticating said personal identification information inputted from said host apparatus and compares said reference information with said personal identification information, thereby authenticating said personal identification information.
9. A storage device comprising:
a non-volatile memory;
a controller for executing a predetermined process in response to a command from an external host apparatus; and an IC for executing a predetermined process in response to a command from said controller, wherein
said controller can executes a part of a series of security processes necessary for exchanging information between a server and said host apparatus via a network, and
said IC executes another part of said series of security processes.
10. A device according to claim 9, wherein
a part of said series of security processes includes a random number generating process for generating random numbers for encrypting or decrypting said information, and
another part of said series of security processes includes an authenticating process for authenticating said personal identification information inputted from said host apparatus when said series of security processes is started.
11. A device according to claim 10, wherein
said IC has a first register for temporarily holding predetermined data,
said controller has a second register for temporarily holding predetermined data,
said IC can set said predetermined data into said first register when said personal identification information has successfully been authenticated, and executes another part of said series of security processes when said predetermined data has been set in said first register, and
said controller can set said predetermined data into said second register when said personal identification information has successfully been authenticated, and executes a part of said series of security processes when said predetermined data has been set in said second register.
12. A device according to claim 10, wherein
said non-volatile memory stores a seed of random numbers serving as an element of said random numbers,
said random number generating process falsely generates the random numbers by using said seed of random numbers, and
another part of said series of security processes includes an encrypting process for encrypting said seed of random numbers by using a key corresponding to a key held in said server.
13. A device according to claim 10, wherein
said non-volatile memory stores a digital certificate issued by a certificate authority, and
a part of said series of security processes includes a managing process for reading out said digital certificate from said non-volatile memory and outputting it to said host apparatus.
14. A device according to claim 9, wherein
said controller converts the command from said host apparatus into a command which can be interpreted by said IC and outputs the converted command to said IC.
US10/636,666 2002-09-11 2003-08-08 Memory card Abandoned US20040059916A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/984,010 US7650503B2 (en) 2002-09-11 2007-11-13 Memory card

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2002-264893 2002-09-11
JP2002264893A JP2004104539A (en) 2002-09-11 2002-09-11 Memory card

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/984,010 Continuation US7650503B2 (en) 2002-09-11 2007-11-13 Memory card

Publications (1)

Publication Number Publication Date
US20040059916A1 true US20040059916A1 (en) 2004-03-25

Family

ID=31986551

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/636,666 Abandoned US20040059916A1 (en) 2002-09-11 2003-08-08 Memory card
US11/984,010 Expired - Fee Related US7650503B2 (en) 2002-09-11 2007-11-13 Memory card

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/984,010 Expired - Fee Related US7650503B2 (en) 2002-09-11 2007-11-13 Memory card

Country Status (3)

Country Link
US (2) US20040059916A1 (en)
JP (1) JP2004104539A (en)
CN (1) CN1269071C (en)

Cited By (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050066199A1 (en) * 2003-09-19 2005-03-24 Hui Lin Identification process of application of data storage and identification hardware with IC card
US20050167513A1 (en) * 2004-02-04 2005-08-04 Sharp Kabushiki Kaisha IC card with built-in coprocessor for auxiliary arithmetic, and control method thereof
US20050246546A1 (en) * 2003-07-16 2005-11-03 Yoshihiko Takagi Access method
US20060010328A1 (en) * 2004-07-07 2006-01-12 Sony Corporation Semiconductor integrated circuit and information processing apparatus
US20060059345A1 (en) * 2004-09-10 2006-03-16 International Business Machines Corporation System and method for providing dynamically authorized access to functionality present on an integrated circuit chip
US20060190996A1 (en) * 2005-02-23 2006-08-24 Samsung Electronics Co., Ltd. Apparatus and system for remotely verifying integrity of memory for mobile platform, and method therefor
US20060195691A1 (en) * 2005-02-28 2006-08-31 Xuemin Chen Method and system for random data access for security applications
US20070061897A1 (en) * 2005-09-14 2007-03-15 Michael Holtzman Hardware driver integrity check of memory card controller firmware
US20070061581A1 (en) * 2005-09-14 2007-03-15 Micky Holtzman Methods used in a secure yet flexible system architecture for secure devices with flash mass storage memory
US20070113071A1 (en) * 2004-08-03 2007-05-17 Siemens Aktiengesellschaft Method for a secure data transmission
US20070130439A1 (en) * 2005-12-01 2007-06-07 Sony Ericsson Mobile Communications Ab Secure digital certificate storing scheme for flash memory and electronic apparatus
US20070198856A1 (en) * 2000-01-06 2007-08-23 Super Talent Electronics Inc. Secure Flash-Memory Card Reader with Host-Encrypted Data on a Flash-Controller-Mastered Bus Parallel to a Local CPU Bus Carrying Encrypted Hashed Password and User ID
US20070226793A1 (en) * 2004-05-28 2007-09-27 Matsushita Electric Industrial Co., Ltd. Parent-Child Card Authentication System
US20080065887A1 (en) * 2002-11-05 2008-03-13 Safenet, Inc. Secure authentication using hardware token and computer fingerprint
DE102007019541A1 (en) * 2007-04-25 2008-10-30 Wincor Nixdorf International Gmbh Method and system for authenticating a user
US20080282088A1 (en) * 2007-05-09 2008-11-13 Rudelic John C Authenticated nonvolatile memory signing operations
WO2005081891A3 (en) * 2004-02-23 2009-03-19 Lexar Media Inc Secure compact flash
US20090121028A1 (en) * 2007-11-12 2009-05-14 Mehdi Asnaashari System and Method for Updating Read-Only Memory in Smart Card Memory Modules
US20090121029A1 (en) * 2007-11-12 2009-05-14 Micron Technology, Inc. Intelligent controller system and method for smart card memory modules
US20090125643A1 (en) * 2007-11-12 2009-05-14 Gemalto Inc System and method for drive resizing and partition size exchange between a flash memory controller and a smart card
US20090271876A1 (en) * 2006-09-11 2009-10-29 Nobuya Takagi Ic card, and access control method thereof
US20100023747A1 (en) * 2007-11-12 2010-01-28 Micron Technology, Inc. Critical Security Parameter Generation and Exchange System and Method for Smart-Card Memory Modules
US20100023777A1 (en) * 2007-11-12 2010-01-28 Gemalto Inc System and method for secure firmware update of a secure token having a flash memory controller and a smart card
US20100115200A1 (en) * 2006-05-29 2010-05-06 Paschalis Papagrigoriou Method for communication with a multi-function memory card
US7743409B2 (en) 2005-07-08 2010-06-22 Sandisk Corporation Methods used in a mass storage device with automated credentials loading
US20100228991A1 (en) * 2009-03-03 2010-09-09 Goldkey Security Corporation Using Hidden Secrets and Token Devices to Control Access to Secure Systems
US20100229004A1 (en) * 2009-03-03 2010-09-09 Micron Technology, Inc. Protection of security parameters in storage devices
US20100318790A1 (en) * 2009-06-11 2010-12-16 Hiroshi Kuno Card management device and card management system
CN101465732B (en) * 2007-12-19 2011-04-27 联想(北京)有限公司 Method and terminal for ensuring digital certificate safety
US20110131639A1 (en) * 2009-11-27 2011-06-02 International Business Machines Corporation Secure PIN Management of a User Trusted Device
US20110161678A1 (en) * 2009-12-24 2011-06-30 Yasuyuki Niwa Controller for controlling nand flash memory and data storage system
US20130166902A1 (en) * 2010-09-06 2013-06-27 Gemalto Sa Simplified smartcard personalization method, and corresponding device
JP2013531288A (en) * 2010-05-20 2013-08-01 ナチュラル セキュリティー Mobile communication device, system and method for communicating between local terminal and multiple mobile devices
US8549659B2 (en) 2010-09-10 2013-10-01 Samsung Electronics Co., Ltd. Non-volatile memory for anti-cloning and authentication method for the same
US20130275702A1 (en) * 2012-04-13 2013-10-17 Lapis Semiconductor Co., Ltd. Semiconductor memory device and method for reading out data
US20140281552A1 (en) * 2013-03-15 2014-09-18 Panasonic Corporation Recording medium
TWI455136B (en) * 2010-07-01 2014-10-01 Silicon Motion Inc Method for performing data shaping, and associated memory device and controller thereof
US20150026484A1 (en) * 2007-11-12 2015-01-22 Micron Technology, Inc. Smart storage device
US20150324591A1 (en) * 2004-09-29 2015-11-12 Sony Corporation Information processing apparatus and method, recording medium, and program
USRE47638E1 (en) * 2004-07-12 2019-10-08 Toshiba Memory Corporation Storage device including flash memory and capable of predicting storage device performance based on performance parameters
US10705738B2 (en) 2017-09-20 2020-07-07 Shanghai Xiaoyi Technology Co., Ltd. Method, apparatus, storage medium, and terminal for optimizing memory card performance

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4555613B2 (en) * 2004-06-03 2010-10-06 株式会社日立製作所 Data storage
EP2278518B1 (en) * 2004-12-21 2012-03-14 SanDisk Corporation Memory system with in-stream data encryption/decryption
CN1801701B (en) * 2004-12-31 2010-08-25 联想(北京)有限公司 Method for applying digital signature
CN100346249C (en) * 2004-12-31 2007-10-31 联想(北京)有限公司 Method for generating digital certificate and applying the generated digital certificate
EP2230622B1 (en) * 2005-07-08 2014-08-20 SanDisk Technologies Inc. Mass storage device with automated credentials loading
WO2007105926A1 (en) * 2006-03-16 2007-09-20 Ktfreetel Co., Ltd. Ic chip of supporting large size memory and method thereof
WO2008090779A1 (en) * 2007-01-26 2008-07-31 Nec Corporation Right management method, its system, server device used in the system, and information device terminal
EP2407908A4 (en) * 2009-03-13 2014-03-19 Fujitsu Ltd Person authentication system and person authentication method
JP5198379B2 (en) * 2009-07-23 2013-05-15 株式会社東芝 Semiconductor memory card
US8949989B2 (en) 2009-08-17 2015-02-03 Qualcomm Incorporated Auditing a device
US8544089B2 (en) * 2009-08-17 2013-09-24 Fatskunk, Inc. Auditing a device
JP2011088330A (en) * 2009-10-21 2011-05-06 Dainippon Printing Co Ltd Label printing system
KR101305740B1 (en) * 2010-09-10 2013-09-16 삼성전자주식회사 Authentication method and apparatus for non volatile storage device
US9064116B2 (en) * 2010-11-08 2015-06-23 Intel Corporation Techniques for security management provisioning at a data storage device
CN103312500B (en) * 2012-03-13 2016-10-05 北京海泰方圆科技股份有限公司 A kind of method protecting intelligent code key information
JP5395937B2 (en) * 2012-09-24 2014-01-22 株式会社東芝 Memory chip
JP6079208B2 (en) * 2012-12-19 2017-02-15 株式会社ソシオネクスト Microcomputer, its middleware and microcomputer operating method
US20140281570A1 (en) * 2013-03-13 2014-09-18 Kabushiki Kaisha Toshiba Method of performing an authentication process between data recording device and host device
EP3172886A1 (en) * 2014-07-23 2017-05-31 Diebold Self-Service Systems Division of Diebold, Inc. Encrypting pin receiver
KR102200108B1 (en) * 2014-10-10 2021-01-08 삼성전자주식회사 Non-volatile memory device and method for operating the same
JP6710942B2 (en) * 2015-11-25 2020-06-17 凸版印刷株式会社 IC card, data protection method, security-related program, and communication system
DE102015225651A1 (en) * 2015-12-17 2017-06-22 Robert Bosch Gmbh Method and apparatus for transmitting software
SG11201908931TA (en) 2019-03-29 2019-10-30 Alibaba Group Holding Ltd Cryptographic key management based on identity information
CA3057398C (en) 2019-03-29 2021-07-06 Alibaba Group Holding Limited Securely performing cryptographic operations
AU2019204710C1 (en) 2019-03-29 2021-07-08 Advanced New Technologies Co., Ltd. Managing cryptographic keys based on identity information
WO2019120324A2 (en) 2019-03-29 2019-06-27 Alibaba Group Holding Limited Cryptography chip with identity verification
US11520596B2 (en) 2020-02-26 2022-12-06 Microsoft Technology Licensing, Llc Selective boot sequence controller for resilient storage memory
CN112347446A (en) * 2020-11-16 2021-02-09 深圳安捷丽新技术有限公司 Multi-security-level storage access method and device based on user face recognition
US20220166762A1 (en) * 2020-11-25 2022-05-26 Microsoft Technology Licensing, Llc Integrated circuit for obtaining enhanced privileges for a network-based resource and performing actions in accordance therewith

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5293424A (en) * 1992-10-14 1994-03-08 Bull Hn Information Systems Inc. Secure memory card
US5359569A (en) * 1991-10-29 1994-10-25 Hitachi Ltd. Semiconductor memory
US5623637A (en) * 1993-12-06 1997-04-22 Telequip Corporation Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys
US6243812B1 (en) * 1997-08-29 2001-06-05 International Business Machines Corporation Authentication for secure devices with limited cryptography
US6606707B1 (en) * 1999-04-27 2003-08-12 Matsushita Electric Industrial Co., Ltd. Semiconductor memory card
US6782477B2 (en) * 2002-04-16 2004-08-24 Song Computer Entertainment America Inc. Method and system for using tamperproof hardware to provide copy protection and online security
US6810479B1 (en) * 1996-03-11 2004-10-26 Microsoft Corporation System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4176898B2 (en) 1999-02-19 2008-11-05 株式会社東芝 Personal authentication system, portable device and storage medium used therefor
JP3617789B2 (en) 1999-05-26 2005-02-09 株式会社エヌ・ティ・ティ・データ Public key certificate issuance method, verification method, system, and recording medium
JP2001357365A (en) 2000-06-15 2001-12-26 Sony Corp Data storage, data storage method and recording medium
JP2002024773A (en) 2000-07-07 2002-01-25 Ntt Communications Kk Ic card service addition authorizing device, ic card issuing device, issuing method, issuing system, and storage medium recording ic card service addition authorization program

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5359569A (en) * 1991-10-29 1994-10-25 Hitachi Ltd. Semiconductor memory
US5293424A (en) * 1992-10-14 1994-03-08 Bull Hn Information Systems Inc. Secure memory card
US5623637A (en) * 1993-12-06 1997-04-22 Telequip Corporation Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys
US6810479B1 (en) * 1996-03-11 2004-10-26 Microsoft Corporation System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer
US6243812B1 (en) * 1997-08-29 2001-06-05 International Business Machines Corporation Authentication for secure devices with limited cryptography
US6606707B1 (en) * 1999-04-27 2003-08-12 Matsushita Electric Industrial Co., Ltd. Semiconductor memory card
US6782477B2 (en) * 2002-04-16 2004-08-24 Song Computer Entertainment America Inc. Method and system for using tamperproof hardware to provide copy protection and online security

Cited By (88)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070198856A1 (en) * 2000-01-06 2007-08-23 Super Talent Electronics Inc. Secure Flash-Memory Card Reader with Host-Encrypted Data on a Flash-Controller-Mastered Bus Parallel to a Local CPU Bus Carrying Encrypted Hashed Password and User ID
US7814337B2 (en) * 2000-01-06 2010-10-12 Super Talent Electronics, Inc. Secure flash-memory card reader with host-encrypted data on a flash-controller-mastered bus parallel to a local CPU bus carrying encrypted hashed password and user ID
US8065718B2 (en) * 2002-11-05 2011-11-22 Safenet, Inc. Secure authentication using hardware token and computer fingerprint
US20080065887A1 (en) * 2002-11-05 2008-03-13 Safenet, Inc. Secure authentication using hardware token and computer fingerprint
US7559090B2 (en) * 2003-07-16 2009-07-07 Matsushita Electric Industrial Co., Ltd. Memory, information apparatus for access to the memory, and method for the information apparatus
US20050246546A1 (en) * 2003-07-16 2005-11-03 Yoshihiko Takagi Access method
US20050066199A1 (en) * 2003-09-19 2005-03-24 Hui Lin Identification process of application of data storage and identification hardware with IC card
US7364083B2 (en) * 2004-02-04 2008-04-29 Sharp Kabushiki Kaisha IC card with built-in coprocessor for auxiliary arithmetic, and control method thereof
US20050167513A1 (en) * 2004-02-04 2005-08-04 Sharp Kabushiki Kaisha IC card with built-in coprocessor for auxiliary arithmetic, and control method thereof
WO2005081891A3 (en) * 2004-02-23 2009-03-19 Lexar Media Inc Secure compact flash
US20070226793A1 (en) * 2004-05-28 2007-09-27 Matsushita Electric Industrial Co., Ltd. Parent-Child Card Authentication System
US7913307B2 (en) * 2004-07-07 2011-03-22 Sony Corporation Semiconductor integrated circuit and information processing apparatus
US20060010328A1 (en) * 2004-07-07 2006-01-12 Sony Corporation Semiconductor integrated circuit and information processing apparatus
USRE47638E1 (en) * 2004-07-12 2019-10-08 Toshiba Memory Corporation Storage device including flash memory and capable of predicting storage device performance based on performance parameters
US20070113071A1 (en) * 2004-08-03 2007-05-17 Siemens Aktiengesellschaft Method for a secure data transmission
US7818574B2 (en) * 2004-09-10 2010-10-19 International Business Machines Corporation System and method for providing dynamically authorized access to functionality present on an integrated circuit chip
US20060059345A1 (en) * 2004-09-10 2006-03-16 International Business Machines Corporation System and method for providing dynamically authorized access to functionality present on an integrated circuit chip
US9785780B2 (en) * 2004-09-29 2017-10-10 Sony Corporation Information processing apparatus and method, recording medium, and program
US20150324591A1 (en) * 2004-09-29 2015-11-12 Sony Corporation Information processing apparatus and method, recording medium, and program
US8078871B2 (en) * 2005-02-23 2011-12-13 Samsung Electronics Co., Ltd. Apparatus and system for remotely verifying integrity of memory for mobile platform, and method therefor
US20060190996A1 (en) * 2005-02-23 2006-08-24 Samsung Electronics Co., Ltd. Apparatus and system for remotely verifying integrity of memory for mobile platform, and method therefor
US20060195691A1 (en) * 2005-02-28 2006-08-31 Xuemin Chen Method and system for random data access for security applications
US7959073B2 (en) * 2005-02-28 2011-06-14 Broadcom Corporation Method and system for random data access for security applications
US20100306556A1 (en) * 2005-02-28 2010-12-02 Xuemin Chen Method and system for random data access for security applications
US7743977B2 (en) * 2005-02-28 2010-06-29 Broadcom Corporation Method and system for random data access for security applications
US7743409B2 (en) 2005-07-08 2010-06-22 Sandisk Corporation Methods used in a mass storage device with automated credentials loading
US8220039B2 (en) 2005-07-08 2012-07-10 Sandisk Technologies Inc. Mass storage device with automated credentials loading
US7748031B2 (en) 2005-07-08 2010-06-29 Sandisk Corporation Mass storage device with automated credentials loading
US7934049B2 (en) 2005-09-14 2011-04-26 Sandisk Corporation Methods used in a secure yet flexible system architecture for secure devices with flash mass storage memory
US20080215847A1 (en) * 2005-09-14 2008-09-04 Sandisk Corporation And Discretix Technologies Ltd. Secure yet flexible system architecture for secure devices with flash mass storage memory
US20070061897A1 (en) * 2005-09-14 2007-03-15 Michael Holtzman Hardware driver integrity check of memory card controller firmware
US8966284B2 (en) 2005-09-14 2015-02-24 Sandisk Technologies Inc. Hardware driver integrity check of memory card controller firmware
US20070061581A1 (en) * 2005-09-14 2007-03-15 Micky Holtzman Methods used in a secure yet flexible system architecture for secure devices with flash mass storage memory
US20070061597A1 (en) * 2005-09-14 2007-03-15 Micky Holtzman Secure yet flexible system architecture for secure devices with flash mass storage memory
US20070061570A1 (en) * 2005-09-14 2007-03-15 Michael Holtzman Method of hardware driver integrity check of memory card controller firmware
US20070130439A1 (en) * 2005-12-01 2007-06-07 Sony Ericsson Mobile Communications Ab Secure digital certificate storing scheme for flash memory and electronic apparatus
US8195945B2 (en) * 2005-12-01 2012-06-05 Sony Mobile Communications Ab Secure digital certificate storing scheme for flash memory and electronic apparatus
US20100115200A1 (en) * 2006-05-29 2010-05-06 Paschalis Papagrigoriou Method for communication with a multi-function memory card
US20090271876A1 (en) * 2006-09-11 2009-10-29 Nobuya Takagi Ic card, and access control method thereof
US9311470B2 (en) 2007-04-25 2016-04-12 Schaumburg und Partner Patentanwälte mbB Method and system for authenticating a user
DE102007019541A1 (en) * 2007-04-25 2008-10-30 Wincor Nixdorf International Gmbh Method and system for authenticating a user
USRE48324E1 (en) 2007-04-25 2020-11-24 Wincor Nixdorf International Gmbh Method and system for authenticating a user
US20100146264A1 (en) * 2007-04-25 2010-06-10 Wincor Nixdorf International Gmbh Method and system for authenticating a user
US20080282088A1 (en) * 2007-05-09 2008-11-13 Rudelic John C Authenticated nonvolatile memory signing operations
US8539238B2 (en) * 2007-05-09 2013-09-17 Intel Corporation Authenticated nonvolatile memory signing operations
US20090125643A1 (en) * 2007-11-12 2009-05-14 Gemalto Inc System and method for drive resizing and partition size exchange between a flash memory controller and a smart card
EP2227777A4 (en) * 2007-11-12 2013-01-30 Micron Technology Inc Critical security parameter generation and exchange system and method for smart-card memory modules
US9979540B2 (en) 2007-11-12 2018-05-22 Micron Technology, Inc. System and method for updating read-only memory in smart card memory modules
US8898477B2 (en) * 2007-11-12 2014-11-25 Gemalto Inc. System and method for secure firmware update of a secure token having a flash memory controller and a smart card
US8156322B2 (en) 2007-11-12 2012-04-10 Micron Technology, Inc. Critical security parameter generation and exchange system and method for smart-card memory modules
US8162227B2 (en) 2007-11-12 2012-04-24 Micron Technology, Inc. Intelligent controller system and method for smart card memory modules
WO2009064632A3 (en) * 2007-11-12 2009-07-30 Micron Technology Inc Intelligent controller system and method for smart card memory modules
US20090121029A1 (en) * 2007-11-12 2009-05-14 Micron Technology, Inc. Intelligent controller system and method for smart card memory modules
US8286883B2 (en) * 2007-11-12 2012-10-16 Micron Technology, Inc. System and method for updating read-only memory in smart card memory modules
US8307131B2 (en) 2007-11-12 2012-11-06 Gemalto Sa System and method for drive resizing and partition size exchange between a flash memory controller and a smart card
US9483632B2 (en) 2007-11-12 2016-11-01 Micron Technology, Inc. Intelligent controller system and method for smart card memory modules
US9529734B2 (en) * 2007-11-12 2016-12-27 Micron Technology, Inc. Smart storage device
US9413535B2 (en) 2007-11-12 2016-08-09 Micron Technology, Inc. Critical security parameter generation and exchange system and method for smart-card memory modules
EP2227777A2 (en) * 2007-11-12 2010-09-15 Micron Technology, Inc. Critical security parameter generation and exchange system and method for smart-card memory modules
US20090121028A1 (en) * 2007-11-12 2009-05-14 Mehdi Asnaashari System and Method for Updating Read-Only Memory in Smart Card Memory Modules
US9111045B2 (en) 2007-11-12 2015-08-18 Micron Technology, Inc. Intelligent controller system and method for smart card memory modules
US20100023747A1 (en) * 2007-11-12 2010-01-28 Micron Technology, Inc. Critical Security Parameter Generation and Exchange System and Method for Smart-Card Memory Modules
US9088418B2 (en) 2007-11-12 2015-07-21 Micron Technology, Inc. System and method for updating read-only memory in smart card memory modules
US20100023777A1 (en) * 2007-11-12 2010-01-28 Gemalto Inc System and method for secure firmware update of a secure token having a flash memory controller and a smart card
US8746578B2 (en) 2007-11-12 2014-06-10 Micron Technology, Inc. System and method for updating read-only memory in smart card memory modules
US20150026484A1 (en) * 2007-11-12 2015-01-22 Micron Technology, Inc. Smart storage device
US8930711B2 (en) 2007-11-12 2015-01-06 Micron Technology, Inc. Critical security parameter generation and exchange system and method for smart-card memory modules
CN101465732B (en) * 2007-12-19 2011-04-27 联想(北京)有限公司 Method and terminal for ensuring digital certificate safety
US8370645B2 (en) 2009-03-03 2013-02-05 Micron Technology, Inc. Protection of security parameters in storage devices
US20100228991A1 (en) * 2009-03-03 2010-09-09 Goldkey Security Corporation Using Hidden Secrets and Token Devices to Control Access to Secure Systems
US8949626B2 (en) 2009-03-03 2015-02-03 Micron Technology, Inc. Protection of security parameters in storage devices
US20100229004A1 (en) * 2009-03-03 2010-09-09 Micron Technology, Inc. Protection of security parameters in storage devices
US10289826B2 (en) * 2009-03-03 2019-05-14 Cybrsecurity Corporation Using hidden secrets and token devices to control access to secure systems
US20100318790A1 (en) * 2009-06-11 2010-12-16 Hiroshi Kuno Card management device and card management system
US8312524B2 (en) * 2009-06-11 2012-11-13 Sony Corporation Card management device and card management system
US8423783B2 (en) * 2009-11-27 2013-04-16 International Business Machines Corporation Secure PIN management of a user trusted device
US20110131639A1 (en) * 2009-11-27 2011-06-02 International Business Machines Corporation Secure PIN Management of a User Trusted Device
US20110161678A1 (en) * 2009-12-24 2011-06-30 Yasuyuki Niwa Controller for controlling nand flash memory and data storage system
JP2013531288A (en) * 2010-05-20 2013-08-01 ナチュラル セキュリティー Mobile communication device, system and method for communicating between local terminal and multiple mobile devices
TWI455136B (en) * 2010-07-01 2014-10-01 Silicon Motion Inc Method for performing data shaping, and associated memory device and controller thereof
US9292992B2 (en) * 2010-09-06 2016-03-22 Gemalto Sa Simplified smartcard personalization method, and corresponding device
US20130166902A1 (en) * 2010-09-06 2013-06-27 Gemalto Sa Simplified smartcard personalization method, and corresponding device
US8549659B2 (en) 2010-09-10 2013-10-01 Samsung Electronics Co., Ltd. Non-volatile memory for anti-cloning and authentication method for the same
US9021603B2 (en) 2010-09-10 2015-04-28 Samsung Electronics Co., Ltd Non-volatile memory for anti-cloning and authentication method for the same
US20130275702A1 (en) * 2012-04-13 2013-10-17 Lapis Semiconductor Co., Ltd. Semiconductor memory device and method for reading out data
US9432194B2 (en) * 2013-03-15 2016-08-30 Panasonic Intellectual Property Management Co., Ltd. Recording medium with authentication and encryption/decryption functions
US20140281552A1 (en) * 2013-03-15 2014-09-18 Panasonic Corporation Recording medium
US10705738B2 (en) 2017-09-20 2020-07-07 Shanghai Xiaoyi Technology Co., Ltd. Method, apparatus, storage medium, and terminal for optimizing memory card performance

Also Published As

Publication number Publication date
JP2004104539A (en) 2004-04-02
US7650503B2 (en) 2010-01-19
US20080082825A1 (en) 2008-04-03
CN1269071C (en) 2006-08-09
CN1495666A (en) 2004-05-12

Similar Documents

Publication Publication Date Title
US7650503B2 (en) Memory card
TWI524275B (en) Storage device and method of operating a storage device
US9413535B2 (en) Critical security parameter generation and exchange system and method for smart-card memory modules
US7469837B2 (en) Storage device
JP4222509B2 (en) Storage device
JP4127862B2 (en) IC card delivery key set
US7844819B2 (en) Application authentication system
US8239681B2 (en) Information processing device and method, recording medium, program and information processing system
JP4118092B2 (en) Storage device and information processing device
JP3865629B2 (en) Storage device
US20040255119A1 (en) Memory device and passcode generator
CN107846396B (en) Memory system and binding method between memory system and host
JP2001525956A (en) Integrated circuit card with application history list
EP1082710A1 (en) Preloaded ic-card and method for authenticating the same
JP4236830B2 (en) Storage device with upload function
JP2004139242A (en) Ic card, and system and method for issuing ic card
KR20150017374A (en) Method for Settlement by using IC Chip
JP2003324421A (en) Method and system for reissuing ic card
JP2004252578A (en) Ic card of providing source and of providing destination, intermediary device for information transfer, system for transferring information between ic cards ic card program, program, and method for transferring information between ic cards
KR20180127297A (en) Method for Security Processing based on Contactless IC Chip by using Non-secure Terminal
KR20180029010A (en) Method for Security Processing based on Contactless IC Chip by using Non-secure Terminal
KR20170094095A (en) Method for Security Processing of Contactless IC Chip by using Non-secure Terminal
JP2004118726A (en) System and method for controlling reading of ic card

Legal Events

Date Code Title Description
AS Assignment

Owner name: RENESAS TECHNOLOGY CORPORATION, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MIZUSHIMA, NAGAMASA;TSUNODA, MOTOYASU;KATAYAMA, KUNIHIRO;REEL/FRAME:014706/0642

Effective date: 20030923

STCB Information on status: application discontinuation

Free format text: EXPRESSLY ABANDONED -- DURING EXAMINATION