1. Field of the Invention
The present invention relates to a removable information storage apparatus connected to an external appliance by way of a predetermined interface, to which data can be written and from which data can be read by means of a predetermined file system. More particularly, the present invention relates to an information storage apparatus having an enhanced degree of security for accessing a security means that the information storage apparatus is provided with and a password collation method to be used with such an information storage apparatus.
2. Description of the Related Art
Removable information storage apparatus including an information storage means connected to an external appliance such as a PC (personal computer) by way of a predetermined interface, to which data can be written and from which data can be read by means of a predetermined file system are becoming popular. Such information storage apparatus has a large storage capacity and allows to be accessed at high speed for writing data to and reading data from it if compared with magnetic disc storage mediums that have hitherto been very popular because they include a semiconductor memory such as a large capacity flash memory as an information storage means.
Such information storage apparatus control accesses to the information storage means so that any person other than the user who bought the information storage apparatus may not use it. For known information storage apparatus, it is necessary to install an application software dedicated to control accesses to the information storage means. In other words, such an application software has to be installed and a password has to be registered in all the PCs that are adapted to use the information storage apparatus.
For example, when a user purchases such an information storage apparatus, he or she installs an application software for controlling accesses to the information storage means in all the PCs that are adapted to be connected to the information storage apparatus for use and registers a password. When the user actually uses the information storage apparatus, he or she can control accesses to the information storage means by inputting the password by way of an input interface such as the keyboard of one of the PCs (see, referred to Patent Document 1: PCT Laid-Open Publication No. 2003-524842).
Generally, techniques of building a security system that uses a password input by the user are advantageous in terms of suppressing the cost of building the security system because such a security system requires neither a costly security device nor a costly security application software. Such a security system is also advantageous because the user can use it conveniently if he or she selects numbers and/or characters that he or she can memorize with ease as password.
However, a password that is convenient to the user is mostly formed by arranging a string of characters that the user can memorize with ease and hence may be accompanied by a problem that a fraudulent user can also guess it with ease. For example, the user may highly probably select his or her date of birth or some other piece of information that is closely related to the user for the password. Then, the fraudulent user may be able to easily guess the password.
Additionally, the length of a password is mostly limited in view of the easiness with which the user can memorize it. For example, a four digits number is often used as password. When the length of passwords is limited in such a way and if an application software that allows a fraudulent user to generate and input four digits numbers randomly without limitation for analyzing a password, the fraudulent user may eventually succeed in completely analyzing and acquiring the password in a relatively short period of time.
In a security system where the information storage means of an information storage apparatus can be accessed by inputting a password by way of the keyboard of a PC connected to the information storage apparatus, the password may be skimmed off by injecting a computer virus such as Trojan Horse designed to fraudulently acquire passwords.
As described above, security systems designed to authorize an access to the information storage means of an information storage apparatus when the right password is input from a PC connected to the information storage apparatus can be reduced to security systems of a low degree of security that are very fragile in terms of security.