1. Patent Search
  2. Details

METHODS AND SYSTEMS FOR SESSION-BASED AND SECURE ACCESS CONTROL TO A DATA STORAGE SYSTEM

20230274016 · 2023-08-31

    Inventors

    Cpc classification

    International classification

    Abstract

    A method, in particular a computer-implemented method, for session-based and secure access control to a data storage system, comprising: detecting an activation signal for initiating access to the data storage system; and at least one write session to write write session-related data to the data storage system. In the method, each of the at least one write sessions comprises: in response to detecting the activation signal, determining a free physical storage subarea of the data storage system to be used during the write session to write the data, and selectively assigning this storage subarea to this write session; receiving or generating the data to be written in the context of the write session; protecting the data using an access protection, in particular assigned individually to the write session, which protects it from later access from unauthorized other access sessions to the data storage system; and outputting the access-protected data in order to write it to the storage subarea of the data storage system that is selectively assigned to the write session, or to cause this to be done.

    Claims

    1. A method for session-based and secure access control to a data storage system, the method comprising: detecting an activation signal to initiate access to the data storage system; and at least one write session to write write session-related data to the data storage system; wherein each of the at least one write sessions comprises: in response to detecting the activation signal, determining a free physical storage subarea of the data storage system to be used during the write session to write the data and selectively assigning this storage subarea to this write session; receiving or generating the data to be written in the context of the write session; protecting the data using an access protection which protects it from later access from unauthorized other access sessions to the data storage system; and outputting the access-protected data in order to write it to the storage subarea of the data storage system that is selectively assigned to the write session, or to cause this to be done.

    2. The method according to claim 1, wherein the received or generated write session-related data is at least partially recording data which represents one or more real events or states of objects acquired continuously or repeatedly over a specific period of time by means of a recording system.

    3. The method according to claim 1, wherein the access protection comprises at least one of the following measures: a cryptographic encryption of the write session-related data; the or each further write session is only opened subject to a preceding successful authentication of a write request requesting the write session.

    4. The method according to claim 3, wherein the encryption of the write session-related data takes place by means of an integrity-protecting and/or symmetric encryption.

    5. The method according to claim 3, wherein encrypting of the write session-related data for each write session takes place using a cryptographic key which is individually assigned to this respective write session.

    6. The method according to claim 1, wherein: the method comprises multiple write sessions; determining the physical storage subarea of the data storage system to be assigned to the respective write session in the context of a direct or indirect address mapping from an address space with logical storage addresses to an address space with physical storage addresses of the physical storage area to be assigned to the respective write session; and for at least two of the write sessions, the respective logical address spaces for the address mapping match at least with regard to their logical start address.

    7. The method according to claim 1, furthermore comprising: receiving or generating an additional secret defined independently of the cryptographic key; wherein, for encrypting the data to be written, the additional secret is employed for each write session in addition to the respective cryptographic key provided for encryption, so that targeted decryption of the encrypted data is only possible if both a secret decryption key corresponding to the cryptographic key and the additional secret are known.

    8. The method according to claim 1, wherein determining a free physical storage subarea of the data storage system to be used during a respective write session to write the write session-related data and selectively assigning this storage subarea to this write session take place subject to a session counter, which is changed each time the activation signal is detected so that each counter reading of the session counter is selectively assigned exactly one write session and exactly one specific storage subarea corresponding thereto.

    9. The method according to claim 8, wherein the changes in the counter reading always take place in the same counting direction.

    10. The method according to claim 1, wherein at the beginning of each write session for the storage subarea assigned to the respective write session, a file management structure which is individually adapted and assigned to this storage subarea is defined, which is used for the later writing of data in the context of the write session.

    11. The method according to claim 10, wherein the size of the assigned physical storage subarea available for writing in the context of the respective write session (W.sub.i) via the file management structure adapted thereto, is offered by the file management structure as one of the following two options: a) the entire physical residual storage size of the data storage system which has not yet been written to or has been released for overwriting; and b) a predefined storage size or, if it is no longer available in its entirety, a physical residual storage size of the data storage system that is actually still available and has not been written to or released for overwriting.

    12. The method according to claim 11, wherein in the context of option b) the storage size is configurable in the context of the physical residual storage size which is actually still available and has not been written to or released for overwriting and is predefined subject to the respective write session.

    13. The method according to claim 1, further comprising at least one read session for read accessing data previously written to the data storage system during at least one write session, the read session comprising: checking the permissibility of the respective pending read access by authenticating an object to be granted read access; if the check reveals that the read access is permissible, determining (170) at least one storage subarea assigned to the authenticated object from the set of storage subareas assigned to one or more of the previous write sessions in each case; reading access-protected data from the one or more storage subareas determined in this way; making the read data accessible by canceling the access protection in the context of the current reading session; and outputting the data that has been made accessible.

    14. The method according to claim 13, wherein the check is or will be defined in such a way that it shows that the read access is a) the entire physical residual storage size of the data storage system which has not yet been written to or has been released for overwriting; and b) a predefined storage size or, if it is no longer available in its entirety, a physical residual storage size of the data storage system that is actually still available and has not been written to or released for overwriting.

    12. The method according to claim 11, wherein in the context of option b) the storage size is configurable in the context of the physical residual storage size which is actually still available and has not been written to or released for overwriting and is predefined subject to the respective write session.

    13. The method according to claim 1, further comprising at least one read session for read accessing data previously written to the data storage system during at least one write session, the read session comprising: checking the permissibility of the respective pending read access by authenticating an object to be granted read access; if the check reveals that the read access is permissible, determining (170) at least one storage subarea assigned to the authenticated object from the set of storage subareas assigned to one or more of the previous write sessions in each case; reading access-protected data from the one or more storage subareas determined in this way; making the read data accessible by canceling the access protection in the context of the current reading session; and outputting the data that has been made accessible.

    14. The method according to claim 13, wherein the check is or will be defined in such a way that it shows that the read access is permissible if and to the extent that at least one of the following conditions applies in the context of the read access: the data to be read in the context of the read access was written after an activation signal was last detected; the data to be read in the context of the read access is classified as data which should be readable with every permitted read access.

    15. The method according to claim 13 in conjunction with any one of claims 10 to 12, wherein reading the access-protected data from a respective specific storage subarea comprises: checking whether the respective read access relates to a storage address in the specific storage subarea, in which storage address data has already been written in the context of a previous write session relating to the storage subarea; if this is the case according to the result of the check for the respective read access, reading the access-protected data using a mapping of logical storage addresses to physical addresses of the storage subarea; and otherwise, reading the access-protected data using the file management structure individually assigned to the storage subarea.

    16. The method of claim 15, further comprising: checking whether the respective read access relates to a logical storage address for the specific storage subarea which is accessible via the file management structure assigned to the storage subarea; if this is the case, reading the access-protected data according to the method according to claim 15; and otherwise, reading the access-protected data using a mapping of this logical storage address to a physical address of the storage subarea which is not accessible via the file management structure.

    17. The method according to claim 10, wherein the file management structure assigned to the storage subarea for the respective write session is written to the storage subarea.

    18. A data processing system for session-based and secure access control to a data storage system, the data processing system comprising a processor: and a memory coupled with and readable bv the processor and storing therein a set of instructions which, when executed bv the processor, causes the processor to: detect an activation signal to initiate access to the data storage system: and at least one write session to write write session-related data to the data storage system: wherein each of the at least one write sessions comprises: in response to detecting the activation signal, determine a free physical storage subarea of the data storage system to be used during the write session to write the data and selectively assigning this storage subarea to this write session; receive or generate the data to be written in the context of the write session; protect the data using an access protection which protects it from later access from unauthorized other access sessions to the data storage system; and output the access-protected data in order to write it to the storage subarea of the data storage system that is selectively assigned to the write session, or to cause this to be done.

    19. The data processing system according to claim 18, wherein the instructions further cause the processor to: protect the write session-related data; detect the activation signal; determine a free physical storage subarea of the data storage system to be used during the respective write session to store the write session-related data, and to selectively assign this storage subarea to the respective write session; and output the access-protected data in order to write it to the storage subarea of the data storage system that is selectively assigned to the respective current write session, or to cause this to be done.

    20. A storage system, comprising: a data processing system; and a data storage system having at least one data storage; wherein the data processing system and the data storage system are integrated in the storage medium as a common structural unit; and the data processing system comprises: a processor; and a memory coupled with and readable bv the processor and storing therein a set of instructions which, when executed bv the processor, causes the processor to: detect an activation signal to initiate access to the data storage system; and at least one write session to write write session-related data to the data storage system: wherein each of the at least one write sessions comprises: in response to detecting the activation signal, determine a free physical storage subarea of the data storage system to be used during the write session to write the data and selectively assigning this storage subarea to this write session; receive or generate the data to be written in the context of the write session; protect the data using an access protection which protects it from later access from unauthorized other access sessions to the data storage system; and output the access-protected data in order to write it to the storage subarea of the data storage system that is selectively assigned to the write session, or to cause this to be done.

    21. The storage system according to claim 20, wherein the storage medium is designed as a mobile device.

    22. A recording system for continuous or repeated sensory detecting of real events or states of objects over a period of time and for providing recording data representing these detected events or states; wherein the recording system is configured to cooperate with a data processing system to use a storage medium for storing the recording data by: detecting an activation signal to initiate access to the data storage system; and at least one write session to write write session-related data to the data storage system; wherein each of the at least one write sessions comprises: in response to detecting the activation signal, determining a free physical storage subarea of the data storage system to be used during the write session to write the data and selectively assigning this storage subarea to this write session; receiving or generating the data to be written in the context of the write session; protecting the data using an access protection which protects it from later access from unauthorized other access sessions to the data storage system; and outputting the access-protected data in order to write it to the storage subarea of the data storage system that is selectively assigned to the write session, or to cause this to be done.

    23. The recording system according to claim 22, wherein the recording system is configured to enable a replacement of the storage medium by a user of the recording system in order to alternatively use multiple interchangeable mobile storage media, each mobile storage media comprising a mobile device temporarily storing the recording data as a storage medium.

    24. The recording system according to claim 22, wherein the data processing system is integrated therein.

    25. A non-transitory, computer-readable medium comprising instructions stored therein which, when executed on one or more cause the one or more processors to provide session-based and secure access control to a data storage system by: detecting an activation signal to initiate access to the data storage system; and at least one write session to write write session-related data to the data storage system; wherein each of the at least one write sessions comprises; in response to detecting the activation signal, determining a free physical storage subarea of the data storage system to be used during the write session to write the data and selectively assigning this storage subarea to this write session; receiving or generating the data to be written in the context of the write session; protecting the data using an access protection which protects it from later access from unauthorized other access sessions to the data storage system; and outputting the access-protected data in order to write it to the storage subarea of the data storage system that is selectively assigned to the write session, or to cause this to be done.

    Description

    BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

    [0050] Further advantages, features, and possible applications of the present solution result from the following detailed description in conjunction with the figures.

    [0051] In the figures:

    [0052] FIG. 1A/1B shows a flowchart to illustrate an exemplary embodiment of the method according to the solution; and

    [0053] FIG. 2 shows schematically an exemplary embodiment of a storage medium according to the solution with an integrated data processing device, which is configured to carry out the method according to FIG. 1A/1B;

    [0054] FIG. 3 is a schematic diagram illustrating use of a file management structure for write and read sessions, according to an exemplary embodiment according to the solution; and

    [0055] FIG. 4 schematically shows an overall system for recording data management, including recording system, storage medium and archiving system.

    DETAILED DESCRIPTION

    [0056] In the figures, the same reference numbers denote the same, similar or corresponding elements. Elements depicted in the figures are not necessarily drawn to scale. Rather, the various elements shown in the figures are presented in such a way that their function and general purpose can be understood by those skilled in the art. Unless expressly stated otherwise, connections and couplings between functional units and elements illustrated in the figures can also be implemented as indirect connections or couplings. In particular, functional units can be implemented as hardware, software or a combination of hardware and software.

    [0057] In the two FIGS. 1A and 1B, which are connected to one another by means of the connectors “A” and “B”, an exemplary embodiment 100 of a method according to the solution is illustrated overall. In this context, FIG. 1A relates in particular to writing data in the context of one or more write sessions, while FIG. 1B relates to reading data in the context of one or more read sessions. The method 100 is explained below with additional reference to the further FIGS. 2 to 4.

    [0058] FIG. 2, which illustrates an exemplary storage medium 200 according to the solution, for example a memory card or a so-called memory stick, will first be discussed briefly in advance. Subfigure 2(a) is used to illustrate a write access, while subfigure 2(b) is used to illustrate a read access, in particular in the context of method 100. Storage medium 200 has in particular a data processing system 205 and a data storage system 210, for example a flash storage system. A storage controller (e.g., flash controller in the case of a flash storage) for the data storage system 210 can in particular be integrated either in the system itself or in the data processing system 205. The data processing system 205 and/or the data storage system 210 can in particular each be integrated circuits or cumulatively composed of a plurality of, in particular integrated, circuits. It is also conceivable for data processing system 205 and data storage system 210 to be included together in a single integrated circuit. Storage medium 200 has a number of interfaces or connections 250 to 275 for data input or data output or a supply voltage and possibly other signals. Storage medium 200, in particular data processing system 205, is configured to execute method 100 by means of appropriate computer programming. The computer program can be stored in particular in data processing system 205 itself or in data storage system 210.

    [0059] Referring now again to FIG. 1A, the method 100 begins at a start step 105 in which an index i or a counter 230 of the data processing system 205 implementing said index i is initialized, index i serving as an index with respect to various write sessions. In a further step 110, which can also coincide with step 105, a possibly present activation signal is detected, which in FIG. 2(a) corresponds to a voltage supply signal VCC, which can be applied to interface 260. Each time the storage medium is again supplied with the voltage supply signal VCC and is thus activated, which can occur in particular if storage medium 200 is connected to a host device that also supplies it electrically, such as a recording system 405 (cf., FIG. 4), or is separated from it, index i is also incremented. This is done by incrementing a counter 230 in FIG. 2(a).

    [0060] If, in a step 115, an access request is received from an access object, for example from a recording system 405 (see FIG. 4) or a reading system, such as a data archiving system 410, an authentication process 120 takes place in order to authenticate the access object or its access request. This can take place in particular by means of (i) receiving (from the access object) at an interface 275, and (ii) checking 125 authentication information AT.sub.i, for example a password (e.g. a PIN) by means of an authentication unit 240. If it is determined in checking step 125 that the authentication was not successful (125—no), the system returns to step 115. In a possible modification, the authentication according to steps 120 and 125 can also be omitted.

    [0061] Otherwise (125—yes), it is next checked whether writing or reading data to or from data storage system 210 is requested as the type of access according to the access request. In the case of a read request (130—“Read”), branching occurs to the procedural branch illustrated in FIG. 1B, which will be explained separately below. In the case of a write request (130—“Write”), a new write session W is opened in a further step 135, to which the current value of index i is assigned. In addition, the write session W is assigned a physical storage subarea M.sub.i that is still free, i.e. released for writing, in file storage system 210. In this case, the storage subarea M.sub.i can in particular either still be unwritten or else be released for overwriting by a storage manager, which can in particular be part of data processing system 205.

    [0062] In particular, it is possible for the physical storage subarea M.sub.i to have its own file management structure OL.sub.i (which can also be referred to as “overlay”) and, for the current write session W, is assigned to a logical address space with a logical start address (e.g., the logical address “0”) that is the same for all write sessions by means of address mapping, so that the storage subarea M.sub.i can be addressed by data processing device 205 via logical addresses. If, as proposed here, the same logical start address is used for all write sessions, this simplifies the address mapping, since it does not have to be individualized on a session-specific basis, at least with regard to the start address.

    [0063] The file management structure (overlay) OL.sub.i is primarily used to ensure that the storage medium always has a valid file system, in order to provide a logical structure, in particular logical addressing, for each access session. For example, in the case of a known FAT formatting, the master boot record, partition boot record, file allocation table, and root directory could be in the overlay. A typical size of this management data is a few megabytes, e.g. starting at the logical storage address 0. Alternatively, however, several overlays per session or even doing without an overlay are also conceivable.

    [0064] The write session is now prepared for actual writing and in a further step 140, write data WD.sub.i, which are to be written in the current write session W.sub.i, can be received from the access object. In addition, in a step 145, an individual cryptographic key K is generated (or received) for the current write session W.sub.i. It is also conceivable that the key K.sub.i is already stored in storage medium 200 in advance, and does not have to be generated as part of a write session or received from outside. It is also conceivable that the key is the same for several or even all sessions.

    [0065] In a further step 150, an additional secret Z.sub.i for the current write session W.sub.i can optionally be received at interface 255, which is coupled, for example, to a user interface of a device connected to the storage medium with a signal, such as recording system 405, via which the additional secret Z.sub.i can be entered by a user.

    [0066] In a step 155, received write data WD.sub.i can be cryptographically encrypted by an encryption unit 225 subject to key K.sub.i and possibly additional secret Z.sub.i, which can be done using symmetric encryption, in particular according to the AES GCM standard. Additional secret Z.sub.i can be used in particular to further increase the security of the data storage in the storage medium 200, since successful later reading requires knowledge of the additional secret Z.sub.i in addition to knowing the key K.sub.i. For example, a user can ensure that only he/she or someone else who is in possession of the additional secret Z.sub.i can reconstruct the stored data, even if the key K.sub.i were accessible to other people.

    [0067] The write data encrypted in this way can now be transmitted directly or indirectly to data storage system 210 in a step 160 in order to write it to the storage subarea M.sub.i assigned to the current write session W.sub.i or to cause data storage system 210 to carry out the writing process. To enable transmission to data storage system 210, a switch 245 in the transmission path is closed (position “1”). The session-related write data WD.sub.i are thus securely stored in storage medium 200, more precisely in its data storage system 210. The current write session W.sub.i has now ended and the method returns to step 110.

    [0068] If an activation signal VCC is detected again, for example if the storage medium is again coupled to recording system 405 or another data source, a new process run is started, in which, possibly after successful authentication in step 125 and recognition of the “write” access type, a new write session is opened with an incremented index i. As illustrated by way of example in FIG. 2(a), incrementing index i or counter 230 causes the storage addressing in the context of an address mapping between logical and physical storage addresses to be adapted in such a way that a different physical storage subarea M.sub.i is used for the present write session than in the previous writing session. In FIG. 2(a), five different such storage subareas 211 to 215 are shown here by way of example. The opening of new write sessions is possible as long as there is still sufficient writable residual storage space 220 in data storage system 410. In particular, the following different, alternative operating modes can be provided: (i) a first mode (“maximum size mode”) in which the entire residual storage that has not yet been written to or that has been released for overwriting is presented as the available file system size for the current write session, and (ii) a second mode (“fixed size mode”), in which a fixed, but optionally configurable storage size is presented as the available size of the file system. Only when the available residual storage size falls below the fixed size mentioned above with increasing writing to the data storage system, the current residual amount of storage is presented as the available file system size.

    [0069] Reference is now made to FIGS. 1B and 2(b), which illustrate a stage of the method of method 100 assigned to reading data from data storage system 210 and the storage medium in a read access r, respectively.

    [0070] This stage of the method is initiated when it is determined in step 130, already described above, that for an existing access request of an access object, for example a data archiving system 410 (cf. FIG. 4), the access type “read” is present and the previous authentication of the access object in steps 120/125 was successful (125—yes).

    [0071] First, in a step 165, a read index j is then set subject to the access object authenticated using its authentication information AT.sub.j fed in at interface 275 in order to display a new read session R.sub.j assigned to this access request, which is opened in step 170. In this case, a storage subarea M.sub.j in data storage system 210 identified by the current value of index j is uniquely assigned to new read session R.sub.j.

    [0072] In the context of the read session R.sub.j, only data stored in this storage subarea M.sub.j can be accessed, while the other storage subareas are not accessible and are preferably not even presented as being present. Authentication unit 240 also sets switch 245 to position “2”, which on the one hand prevents write data from being written to file storage system 210 and on the other hand opens a strictly unidirectional data path for reading (this is indicated by the diode symbol, which does not mean, however, that a physical diode must actually be present here).

    [0073] The following steps 175 to 185c, in conjunction with FIG. 3, illustrate an exemplary read access using a session-related file management system (overlay) OL.sub.j. FIG. 3 illustrates on the one hand the logical address area (start address A0, end address A3) for a corresponding session-related physical storage subarea M.sub.j, and on the other hand the logical address area of file management system OL.sub.j (start address A0, end address A1). Also, an exemplary logical end address A2 of the area occupied by data in the session-related logical address space [AO, . . . , A3] is drawn in FIG. 3.

    [0074] In step 175 of method 100, it is now checked whether a respective logical storageaddress 315, 320 or 325 required for read access r to storage subarea M.sub.j is accessible via file management system O.sub.Lj. If this is not the case (175—no; cf. logical storage address 320 in FIG. 3), branching to step 185c will follow, at which the data to be read in the current read session R.sub.j (read data) from data storage system 210 using address mapping from logical storage address 320 to an assigned physical address in storage subarea M.sub.j takes place. Otherwise (175—yes), a step 180 checks whether a physical storage address assigned to the logical storage address in M.sub.j has already been written to beforehand. If this is not the case (180—no, cf. logical storage address 325 in FIG. 3), branching to step 185b will follow, at which in the current read session R.sub.j, instead of data from one of storage subareas M.sub.j or 211-215, only the contents of file management system OL.sub.j assigned to this address are read (written data in M.sub.j do not (yet) exist).

    [0075] Otherwise (180—yes; cf. logical storage address 315 in FIG. 3), branching to step 185a will follow instead, at which the data to be read in the current read session from data storage system 210 using address mapping from logical storage address 315 to an assigned physical address in M.sub.j takes place.

    [0076] In a step 190, the access protection for the read data is now removed and this data is then output at output interface 265 as read data RD.sub.j. In this case, removing the access protection corresponds to a decryption of the read data in an encryption unit 235 of data processing system 205. For decryption, decryption unit 235 must be provided with key K.sub.i and, again, additional secret Z.sub.j, the latter via interface 270.

    [0077] Storage medium 200 thus already contains all the necessary capabilities to carry out method 100, so that no special adaptations with regard to method 100 have to be provided on a host device which uses storage medium 200. Storage medium 200 can thus be used by the host device like a conventional standard storage medium, such as an SD memory card or a memory stick, while still offering the advantages of the solution proposed here, in particular of method 100. The integration of the data processing device according to the solution in a (thus) intelligent storage medium enables in particular data protection-compliant data storage without the host device itself, for example recording system 405, having to be modified.

    [0078] Referring now to FIG. 4, an overall system 400 for recording data management, including a recording system 405 (or any other host device set up for use with the storage medium), storage medium 200, and a data archiving system 410, and an exemplary application of the overall system will be explained.

    [0079] Before storage medium 200 is used “in the field”, it can be set up, for example, for a data protection officer, for example using a corresponding application program. In particular, at least one overlay can be defined, whether it is the same globally for all sessions (OL) or session-specific (OL.sub.j). In particular, each overlay can define a required formatting and/or standard storage content, such as program installation files or application documentation. When setting up storage medium 200, it can also be determined whether the maximum size mode or the fixed size mode or instead a still differently defined third mode is to be used for the definition of the storage subarea to be presented in the context of a session. Then, the storage medium 200 is ready for use.

    [0080] It can now be connected to recording system 405, in particular in the case of a pluggable storage medium 200 inserted into a corresponding receiving slot of recording system 405, and recording device 405 can be brought into a state in which it outputs activation signal VCC to storage medium 200. This can be done in particular when recording system 405 is switched on. Recording system 405 now recognizes the valid file management system (overlay) and can write data into file storage system 210 of storage medium 200 in the context of the writing process, in particular according to method 100. After the recording with the writing of the data, it is switched off on its system, so that activation signal VCC is removed.

    [0081] The next time the device is switched on, activation signal VCC present again on storage medium 200 is detected again, as a result of which the recording device is again presented with an empty storage, so that the data previously written is no longer visible.

    [0082] After the recording is complete, the user can start an archiving application 415 assigned to data archiving system 410, in particular for the purpose of archiving the data stored in storage medium 200. In the context of application 415, the user is requested to authenticate himself/herself to storage medium 200 then connected to data archiving system 410 by means of appropriate authentication data AT, as described above with reference to FIG. 1B. After successful authentication, the user can select one, several or all of the sessions from a list of recorded sessions, depending on the authentication, and transfer the data from these sessions, for example, to an archive 420 for archiving purposes. If a respective session-dependent additional secret Z.sub.i was used during storing, this additional secret must also be made available to storage medium 200 for reading the corresponding data, as described above with reference to FIG. 1B. Authentication data AT and possibly the additional secret(s) Z.sub.i can be kept in particular in an access-secured data storage 425 assigned to data archiving system 410.

    [0083] After completion of the data export of all data to be exported, in particular all previous write sessions, to archive 420, the intelligent storage medium is reset, and all data is cryptographically deleted by discarding key K or session-related key K.sub.i and/or overwritten in a dedicated manner, and the session counter 230 is reset again. If a change of overlay(s) is required, this can now be done as well. The user can now reinsert storage medium 200 into recording device 405 and make new secure recordings.

    [0084] While at least one exemplary embodiment has been described above, it should be appreciated that a large number of variations exists. It should also be noted that the exemplary embodiments described only represent non-limiting examples, and are not intended to limit the scope, the applicability, or the configuration of the devices and methods described herein. Rather, the foregoing description will provide those skilled in the art with guidance for implementing at least one exemplary embodiment, while it should be understood that various changes in the operation and arrangement of elements described in an exemplary embodiment may be made without departing from the subject matter specified in the appended claims and its legal equivalents.

    LIST OF REFERENCE NUMERALS

    [0085] 100 Method for access control according to an exemplary embodiment

    [0086] 105-190 Steps or subprocesses of method 100

    [0087] 200 Storage medium with data processing system and data storage system

    [0088] 205 Data processing system

    [0089] 210 Data storage system

    [0090] 211-215 Storage subareas

    [0091] 220 Residual storage size that is still free

    [0092] 225 Encryption unit

    [0093] 230 Unidirectional session counter, at the same time detection means

    [0094] 235 Decryption unit

    [0095] 240 Authentication unit

    [0096] 245 Switch

    [0097] 250-275 Interfaces for data input or data output

    [0098] 300 Write and read access when using a file management system

    [0099] 305 Logical address area of a session-related storage subarea

    [0100] 310 Logical address range of a file management system

    [0101] 315 Logical address already described session-related manner, which is available both in address area 305 and in address area 310

    [0102] 320 Logical address already described session-related manner, outside of address area 310

    [0103] 325 Logical address in address range 310 that has not yet been described in a session-related manner

    [0104] 400 Overall system for recording data management, including recording system, storage medium and archiving system.

    [0105] 405 Recording system

    [0106] 410 Data archiving system

    [0107] 415 Archiving application

    [0108] 420 Data archive storage

    [0109] 425 Storage for authentication data

    [0110] i,j Session-related indices

    [0111] A0 Logical start address of the session-related storage subarea

    [0112] A1 Logical end address of the session-related file management system

    [0113] A2 Logical end address of the area occupied by data in the session-related storage subarea

    [0114] A3 Logical end address of the session-related storage subarea

    [0115] AT.sub.i, AT.sub.j Session-related authentication data

    [0116] K Session-related key

    [0117] M.sub.i; M.sub.j Storage subarea(s)

    [0118] OL.sub.i Session-related file management system (overlay)

    [0119] RD.sub.i Session related read data R Read access

    [0120] VCC Activation signal, specifically voltage supply signal

    [0121] W.sub.i Write session

    [0122] WD.sub.i Session-related write data

    [0123] w Write access

    [0124] Z.sub.i Session-related additional secret