1. Field of the Invention
The present invention relates to a storage system using a storage medium, a storage device, an access device, a storage medium controller and a method for protecting data, and, more particularly, to a storage system for encoding data and storing the encoded data, a storage device, an access device, a storage medium controller and a method for protecting data.
2. Description of the Related Art
As storage mediums which are accessible by computers or the like (i.e., mediums from and onto which data is read, written and erased), a hard disk drive, an MO (Magneto-Optical disk) and a flash memory are known. Such storage mediums are utilized for the purpose of storing data and transferring data between a plurality of computers.
In order to protect data stored on such storage mediums from any access which is not permitted, conventionally, data has been stored after being encoded.
Generally speaking, data to be stored on a storage medium includes boot data showing conditions to access the storage medium (e.g., parameters representing the structure of a storage area within the storage medium, or parameters for designating a process or a speed for and at which data is to be read and written).
Hence, in order to access such a storage medium, the boot data needs to be decoded first. Those computers for accessing the storage medium has to prepare in advance a code key or the like for use in decoding the boot data.
A function for analyzing the contents of the boot data and accessing the storage medium in accordance with an analyzed result may be provided within an operating system (OS). In such a case, however, there is required a process, which is quite complicated, for acquiring the boot data, which has been encoded without going through the function included in the OS, and supplying the OS with the decoded boot data.
The present invention has been made in consideration of the above, and it is accordingly an object of the present invention to provide a storage system, a storage device, a storage medium controller, an access device and a method for protecting data, so that stored data is so encoded as to be protected and that the encoded data can be accessed in accordance with an easy process.
In order to achieve the above object, according to the first aspect of the present invention, there is provided a storage system comprising:
a storage medium and an access device, and
wherein the storage medium includes a storage area for storing
code data representing encoded data,
a code key for use in decoding the code data and in creating the code data, and
boot data representing in plaintext form a condition to access the storage medium, and
the access device
obtains the boot data and the code key from the storage medium,
obtains the code data from the storage medium in accordance with the condition represented by the obtained boot data, and decodes the obtained code data using the obtained code key, and
creates code data by encoding data to be stored on the storage medium with utilization of the obtained code key, and stores on the storage medium the created code data in accordance with the condition represented by the obtained boot data.
In the storage system having the above structure, the access device prepares the conditions in which the code data can be accessed simply by obtaining the boot data in the plaintext form. Hence, the data stored on the storage medium is protected simply being encoded, and the encoded data can be accessed in accordance with an easy process.
The code key stored on the storage medium is not necessarily presented in the plaintext form, thus can be encoded.
The storage medium so stores the code key and the boot data as not to substantially be rewritten. Accordingly, such a coed key and boot data are prevented from being updated by any means which is not permitted to do so, thereby satisfactory ensuring the confidentially of the encode data.
The storage system may further comprise a storage medium controller which controls the storage medium to be removably installed in the controller and which is removably installed in the access device.
In this case, the storage medium controller may
obtain the code data from the storage medium and supplies the access device with the obtained coded, in response to a read instruction which is sent from the access device,
obtain from the access device the coded data which the access device has created, and stores the code data on the storage medium, in response to a write instruction which is sent form the access device, and
the access device may
provide the storage medium controller with the read instruction to obtain the code data from the storage medium in accordance with the condition represented by the boot data, and
request the storage medium controller for storing the created code data on the storage medium in accordance with the condition represented by the boot data.
Accordingly, the storage medium satisfactorily functions independently or in a state in which it is installed in the storage medium controller. This enhances the portability of the storage medium. The process to be performed by the access device can be simplified, if the access device accesses the storage medium through the storage medium controller.
The storage medium controller may store certification data representing at least one piece of proper boot data, determine whether the stored certification data coincides with the boot data stored on the storage medium, and, when determined that the stored certification data does not coincide therewith, substantially reject the read and write instructions sent from the access device.
The storage medium may store ID data for identifying itself. In this case, the storage medium controller may determine the storage medium is a proper medium based on the ID data supplied from the storage medium, and, when determined that the storage medium is not a proper medium, substantially rejects the read and write instructions sent from the access device.
In this structure, the access device is prevented from obtaining data from an improper storage medium, and the data on the storage medium is prevented from being copied by any means which is permitted to do so. This ensures the desired confidentiality of the data. Furthermore, the access device is prevented from being infected with a computer virus.
The storage medium so stores the ID data substantially as not to substantially be rewritten. This ensure the confidentiality of the data, and this prevents any unauthorized data from accessing the access device.
According to the second aspect of the present invention, there is provided a storage device comprising means for storing code data representing encoded data, a code key for use in decoding the code data and in creating the code data, and boot data showing in a plaintext form a condition to access the storage device, wherein the device
sends the code data to an external device which obtains the boot data and the code key from itself and which requests for reading the code data in accordance with the conditions represented by the boot data, and
obtains data to be written and stores the data from the external device which obtains the boot data and the code key from itself and, which requests for writing code data to be written in accordance with the condition represented by the boot data.
Such a storage device accepts any access directed to code data from the external device which has obtained the boot data. Hence, the data stored on the storage device is so encoded so as to be produced, and the encoded data can be accessed in accordance with a simple process.
The code key which the storage device itself stores is not necessarily represented in the plaintext form, and can be encoded.
The storage device so stores the code key and the boot data substantially as not to be rewritten. Accordingly, the code key and the boot data are prevented from being updated by any means which is not permitted to do so, thereby ensuring the confidentiality of the code data.
The storage device may store ID data for identifying itself, and supply, with the ID data, the external device which requests for reading and/or writing the code data.
In this structure, the external device performs identifying the storage device based on the ID data, thereby the access device is prevented from obtaining data from any inappropriate storage medium and the data stores on the storage medium is prevented from undesirably copied. This ensure the desired confidentiality of the data, and this also prevents the access device from being infected with a computer virus.
In this case, the storage device so stores the ID data substantially as not to be rewritten. The ID data is prevented from being rewritten in an inappropriate manner, and the confidentiality of the data can be highly achieved. In addition, any unauthorized data, such as any unwanted computer virus or the like, is prevented from entering the access device.
According to the third aspect of the present invention, there is provided a storage medium controller,
which is removably installed in a storage medium having a storage area for storing:
ID data for identifying itself,
code data representing encoded data,
a code key used in decoding the encoded data and in creating the code data, and
boot data representing in a plaintext form a condition to access the storage medium, and
which is removably installed in an access device which
obtains the boot data and the code key from the storage medium,
obtains the code data from the storage medium in accordance with a condition represented by the obtained boot data,
decodes the obtained code data using the obtained code key,
creates code data by encoding with the obtained code key data to be written on the storage medium, and
stores on the storage medium the created code data in accordance with the condition represented by the obtained boot data, and the controller comprising:
an output circuit which obtains the code data from the storage medium and supplies the access device with the obtained data, in response to a read instruction, to obtain the code data from the storage medium in accordance with the condition represented by the boot data, which is supplied from the access device;
an input circuit which obtains from the access device the code data created by the access device and which stores the code data on the storage medium in response to a write instruction, to store on the storage medium the code data created by the access device in accordance with the condition represented by the boot data, which is supplied from the access device; and
a determination circuit which determines whether the storage medium is a proper medium based on the ID data supplied from the storage medium, and, when determined that the storage medium is not a proper medium, substantially prevents the output and input circuits to respond to the read and write instructions.
According to the fourth aspect of the present invention, there is a provided storage medium controller
which is removably installed in a storage medium including a storage area for storing
code data representing encoded data,
a code key for use in decoding the code data and creating the code data, and
boot data representing in a plaintext form a condition to access the storage medium, and
which is removably installed in an access device which
obtains the boot data and the code key from the storage medium,
obtains the code data from the storage medium in accordance with the condition which the obtained boot data represents,
decodes the obtained code data using the obtained code key,
creates code data by encoding data to be stored on the storage medium using the obtained code key, and
stores the created code data on the storage medium in accordance with the condition which the boot data represents, and the controller comprising:
a memory which stores certification data representing at least one piece of proper boot data; and
a control circuit which
obtains the code data from the storage medium and supplies the access device with the obtained code data, in response to a read instruction, which is supplied from the access device, to obtain the code data from the storage medium in accordance with the condition which the boot data represents,
obtains from the access device the code data created by the access device, in response to a write instruction, which is sent form the access device, to write the created code data on the storage medium in accordance with the condition which the boot data represents,
stores the code data on the storage medium in response to the write instruction, and
determines whether the stored certification data coincides with the boot data stored on the storage medium, and
rejects the read and write instructions sent from the access device, when determined that the stored certification data does not coincide with the boot data stored on the storage medium.
Such an access device being installed in the storage medium controller simply obtains the boot data in the plaintext form via the storage medium controller from the storage medium installed in the storage medium controller, thereby to prepare the conditions in which the code data can be accessed. Thus, the data stored on the storage medium is so encoded as to be protected without being damaged, and the encoded data can be accessed in accordance with a simple process. The storage medium can satisfactorily function independently from any other devices or in a state where it is installed in the storage medium controller, enhancing the portability of the storage medium.
According to the storage medium controller, the storage device can be identified based on the ID data or the boot data. This prevents the access device from obtaining data from any inappropriate storage medium, and the data stored on the medium from being copied by any means which is not permitted to do so. As a result of this the confidentiality of the data can be high achieved, and the access device is protected against any unwanted computer virus.
According to the fifth aspect of the present invention, there is provided an access device comprising:
an input device which obtains boot data and a code key from a storage medium including a storage area for storing
code data representing encoded data,
a code key for use in decoding the code data and in creating the code data, and
the boot data representing in a plaintext form a condition to access the storage medium;
a decoder which decodes the code data using the obtained code key, after obtained the code data from the storage medium, in accordance with the condition which the obtained boot data represents; and
an encoder which creates code data by encoding data to be stored on the storage medium using the obtained code key, and which stores the created code data on the storage medium in accordance with the condition which the obtained boot data represents.
Such an access device simply obtains the boot data, thereby preparing the conditions in which the code data stored on the storage medium can be simply accessed. The code data can be accessed in accordance with a simply process.
In such an access device, the boot data in the plaintext form can be acquired, thereafter the encoded data stored on the storage medium can be accessed in accordance with an easy process.
According to the sixth aspect of the present invention, there is provided a method for protecting data, comprising the steps of:
obtaining boot data and a code key which are stored on a storage medium storing the boot data representing, in a plaintext form,
code data representing encoded data,
the code key for use in decoding the code data and in creating the code data, and
a condition to access the code data and the code key;
obtaining the code data in accordance with the condition which the obtained boot data represents, and decoding the obtained code data using the obtained code key; and
creating code data by encoding data to be stored with utilization of the code key, and storing on the storage medium the created code data in accordance with the condition which the boot data represents.
According to the method for protecting data, once the boot data in the plaintext form stored on the medium is obtained, the conditions in which the code data can be accessed are thus prepared. The data stored on the medium is so encoded as to be protected, the encoded data is accessed in accordance with a simple process. The code key is not necessarily presented in the plaintext form, instead can be encoded.
The storage medium may store ID data for identifying the storage medium.
In this case, the storage medium may determine whether the storage medium is a proper medium based on the ID data, and substantially reject, when determined that the storage medium is not a proper medium, to obtain the code data from the storage medium and to store the code data on the storage medium.
The method may include the steps of:
storing certification data representing at least one piece of proper boot data; and
determining whether the certification data coincides with the boot data stored on the storage medium, and substantially rejecting, when determined that the certification data does not coincide therewith, to obtain the code data from the storage medium and to store the code data on the storage medium.
According to this structure, any data stored on an inappropriate storage medium can be prevented from being read out, and the data on the storage medium can be prevented from copied by any means which is not permitted to do so. As a result of this, the confidentiality of the data is highly achieved, and unwanted data such as a computer virus or the like is prevented.
According to the seventh aspect of the present invention, there is provided a computer readable storage medium which stores a program for controlling a computer,
which is removably installed in a storage medium including a storage area for storing ID data for identifying the storage medium, code data representing encoded data, a code key for use in decoding the code data and in creating the code data, and boot data representing a condition to access the storage medium, and
which is removably installed in an access device, which obtains the boot data and the code key from the storage medium, obtains the code data from the storage medium in accordance with the condition represented by the obtained boot data, decodes the obtained code data using the obtained code key, creates code data by encoding data to be stored on the storage medium with utilization of the obtained code key, and stores the created code data on the storage medium in accordance with the condition represented by the obtained boot data, and the program controlling the computer to function as:
an output circuit which obtains the code data from the storage medium and supplies the access device with the obtained code data, in response to a read instruction, which is sent from the access device, to obtain the code data from the storage medium in accordance with the condition represented by the boot data;
an input device which obtains from the access device the code data created by the access device, when the access device supplies the input device with a write instruction to store the created code data on the storage medium in accordance with the condition represented by the boot data, and which stores the code data on the storage medium in response to the write instruction; and
a determination circuit which determines whether the storage medium is a proper medium based on the ID data sent from the storage medium, and, when determined that the storage medium is not a proper medium, substantially prevents the output and input circuits is respond to the read and write instructions.
According to the eighth aspect of the present invention, there is provided a computer data signal embodied in a carrier wave and representing a program for controlling a computer,
which is removably installed in a storage medium including a storage area for storing
ID data for identifying the storage medium,
code data representing encoded data,
a code key for use in decoding the code data and in creating the code data, and
boot data representing in a plaintext form a condition to access the storage medium, and
which is removably installed in an access device which
obtains the boot data and the code key from the storage medium,
obtains the code data form the storage medium in accordance with the condition represented by the obtained boot data,
decodes the obtained code data using the obtained code key,
creates code data by encoding data to be stored on the storage medium with utilization of the obtained code key, and
stores the created code data on the storage medium in accordance with the condition represented by the obtained boot data, and the program controlling the computer to function as:
an output circuit which obtains the code data from the storage medium and supplies the access device with the obtained code data, in response to a read instruction, which is sent from the access device, to obtain the code data from the storage medium in accordance with the condition represented by the boot data;
an input circuit which obtains from the access device the code data created by the access device, when the access device supplies the input device with a write instruction to store the created code data on the storage medium in accordance with the condition represented by the boot data, and which stores the obtained code data on the storage medium in response to the write instruction; and
a determination circuit which determines whether the storage medium is a proper medium based on the ID data sent from the storage medium, and, when determined that the storage medium is not a proper medium, substantially prevents the input and output circuits to respond to the read and write instructions.
According to the ninth aspect of the present invention, there is provided a computer readable storage medium storing a program for controlling a computer,
which is removably installed in a storage medium including a storage area for storing
code data representing encoded data,
a code key for use in decoding the code data and in creating the code data, and
boot data representing in a plaintext form a condition to access the storage medium, and
which is removably installed in an access device which
obtains the boot data and the code key from the storage medium,
obtains the code data from the storage medium in accordance with the condition represented by the boot data,
decodes the obtained code data with utilization of the obtained code key,
creates code data by encoding data to be stored on the storage medium with utilization of the obtained code key, and
stores the created code data on the storage medium in accordance with the condition represented by the boot data, and the program controlling the computer to function as:
a memory which stores certification data representing at least one piece of proper boot data; and
a controller circuit which obtains the code data from the storage medium and supplies the access device with the obtained code data, in response to a read instruction, which is sent from the access device, to obtain the code data from the storage medium in accordance with the condition represented by the boot data, obtains from the access device the code data created by the access device, when the access device supplies the controller with a write instruction to store the created code data on the storage medium in accordance with the condition represented by the boot data, stores the code data on the storage medium in response to the write instruction, and substantially rejects the read and write instructions from the access device when determined that the certification data does not coincides with the boot data stored on the storage medium.
According to the tenth aspect of the present invention, there is provided a computer data signal embodied in a carrier wave and representing a program for controlling a computer,
which is removably installed in a storage medium including a storage area for storing
code data representing encoded data,
a code key for use in decoding the code data and in creating the coded data, and
boot data representing in a plaintext form a condition to access the storage medium, and
which is removably installed in an access device which
obtains the boot data and the code key from the storage medium,
obtains the code data from the storage medium in accordance with the condition represented by the obtained boot data,
decodes the obtained code data using the obtained code key,
creates code data by encoding data to be stored on the storage medium with utilization of the obtained code key, and
stores the created code data on the storage medium in accordance with the condition represented by the boot data, and the program for controlling the computer to function as:
a memory which stores certification data representing at least one piece of proper boot data; and
a control circuit which obtains the code data from the storage medium and supplies the access device with the obtained code data, in response to a read instruction, which is sent from the access device, to obtain the code data from the storage medium in accordance with the condition represented by the boot data, obtains from the access device the code data created by the access device, when the access supplies the control circuit with a write instruction to store the created code data on the storage medium in accordance with the condition represented by the boot data, stores the code data on the storage medium in response to the write instruction; and substantially rejects, when determined that the certification data does not coincide with the boot data stored on the storage medium, the read and write instructions sent from the access device.
The access device, installed in the computer executing the program stored on the storage medium according to the seventh and ninth aspects of the present invention or executing the program represented by the computer data signal according to the eighth and tenth aspects of the present invention, simply obtains boot data in the plaintext form from the storage medium installed in the computer via the computer, thereby preparing the conditions in which the code data can be accessed. Hence, the data stored on the storage medium is so encoded as to be protected, and the encoded data can be accessed in accordance with an easy process by the access device being lightly loaded. The storage medium can satisfactorily function independently from any other devices or in a static where it is installed in the storage medium controller, enhancing the portability of the storage medium.
According to the eleventh aspect of the present invention, there is provided a computer readable storage medium which stores a program for controlling a computer
which is connected to a storage medium including a storage area for storing
code data representing encoded data, a code key for use in decoding the code data and in creating the code data, and boot data representing in a plaintext form a condition to access the storage medium, and the program making the computer function as:
an input device which obtains the boot data and the code key from the storage medium;
a decoder which obtains the code data from the storage medium in accordance with the condition represented by the obtained boot data, and which decodes the obtained code data using the obtained code key; and
an encoder which creates code data by encoding data to be stored on the storage medium with utilization of the obtained code key, and which stores the created code data on the storage medium in accordance with the condition represented by the boot data.
Accordingly to the twelfth aspect of the present invention, there is provided a computer data signal embodied in a carrier wave and representing a program for controlling a computer
which is connected to a storage medium including a storage area for storing
code data representing encoded data,
a code key for use in decoding the code data and in creating the code data, and
boot data representing in a plaintext form a condition to access the storage medium, the program making the computer function as:
an input device which obtains the boot data and the code key from the storage medium;
a decoder which obtains the code data from the storage medium in accordance with the condition represented by the obtained boot data, and which decodes the obtained code data using the obtained code key; and
an encoder which creates code data by encoding data to be stored on the storage medium with utilization of the obtained code key, and which stores the created code data on the storage medium in accordance with the condition represented by the obtained boot data.
The computer, executing the program stored on the storage medium or executing the program represented by the computer data signal, obtains boot data in the plaintext form, thereby to prepare the conditions in which the code data stored on the storage medium is accessed. At the same time, the code data can be accessed in accordance with a simple process.