The present invention relates to a removable information storage device connected to external equipment by way of a predetermined interface and adapted to write and read data via a predetermined file system. More particularly, the present invention relates to an information storage device provided with an enhanced level of security for accessing the information storage area which the information storage device includes, a security system having such an information storage device, as well as an access permission method, a network access method and a security process execution permission method using such an information storage device.
Removable information storage devices connected to external equipment such as PCs (personal computers) by way of a predetermined interface and having a formation storage device adapted to write and read data via a predetermined file system are being popularly used. Since such an information storage device includes a semiconductor memory such as a large capacity flash memory as the information storage area, it can store a large volume of data if compared with magnetic disc storage mediums that have been very popular and allows data access at high speed.
Such an information storage device is provided with a feature of controlling accesses to the information storage area it includes so that any person other than the proper user, who typically may be the person who has purchased the information storage device, cannot use it. Conventional information storage devices require installation of dedicated application software for controlling accesses to the information storage area in all the PCs authorized to use the information storage device and registration of a password.
For example, when a user purchases such an information storage device, he or she installs the application software for controlling accesses to the information storage area the information storage device includes in all the PCs authorized to be connected to the information storage device for use and registers a password. When the user wants to actually use the information storage device, he or she is authorized to access the information storage area by way of one of the PCs as the user inputs the password through the input interface that may be the keyboard that the PC is equipped with (see, inter alia, Patent Document 1: Jpn. Pat. Appln. Laid-Open Publication No. 2003-524842).
Generally, a security system involving the use of a password to be input by the user provides an advantage of low cost of designing and building the security system because it does not require costly security devices and security application software and an additional advantage of easiness of using the system to the user because the user can define as a password a string of numerals and/or characters that the user can easily memorize.
However, when passwords, that are used for such systems are mostly defined by using strings of numerals and/or characters to a great convenience on the part of users, they also provide an advantage to fraudulent users that they can easily guess the passwords. For example, many users define their passwords, using the numerals of their birthdays or some other numerals that are closely related to them, so that a fraudulent user can easily guess the passwords.
Additionally, such passwords are typically limited to four digit numbers for the purpose of providing easiness of memorizing to users. When the length of passwords is limited in such a way, a fraudulent user may use an application software that is designed to infinitely generate passwords and analyze the password in question. Then, the password will be perfectly analyzed within a very short period of time.
In the case of a security system in which the user can access the information storage area by inputting his or her password by way of the keyboard of the PC connected to the information storage device, the password can be easily stolen by injecting a computer virus such as Trojan Horse for the purpose of illegally acquiring the password.
Thus, a security system that authorizes an access to the information storage area of an information storage device as a password is input by way of a PC connected to the information storage device is a very fragile security system whose security strength is very weak.