[summary of the invention]
The present invention is intended to overcome the defective of prior art, and provide a kind of versatility stronger, have high security simultaneously, can prevent without permission and the user data in the data memory storage is carried out the storage in data storage device of access and obtains the method for user data.
The present invention further provides the data safety storage device of realizing said method.
For achieving the above object, the invention provides a kind of method of storing and/or obtaining the user data in the data safety storage device, this method comprises:
A, by following steps registration management person fingerprint:
Registration mode at data safety storage device, scan at least one keeper's M different fingerprint of administrator, wherein M 〉=2 produce the fingerprint of administrator biological data by the fingerprint of administrator that is scanned, and storage management person's fingerprint biological data are with registration management person's fingerprint;
B, in data safety storage device, carry out access by following steps:
Normal mode of operation at data safety storage device, P different fingerprint of scanning, 2≤P≤M wherein, each fingerprint in P the fingerprint and the fingerprint of administrator of registration are verified, if each fingerprint authentication success in P fingerprint, receiving subscriber data then, and user data is stored in the data safety storage device, and/or the user data in the reading of data safe storage device, and from data safety storage device output user data.
In above-mentioned steps A, B, the keeper coordinates the personnel that one or more users use described data safety storage device, and perhaps keeper oneself is exactly a user.That use data safety storage device can be more than one keeper, and is not a keeper.
In the steps A, when registration management person's fingerprint, to obtain two different fingerprint of administrator at least.Described at least two fingerprints can be taken from same people or different people.The requirement of at least two fingerprints has improved the safe coefficient of data safety storage device in use after this, simultaneously, the fingerprint of administrator pattern that can make data safety storage device in use more not be vulnerable to register is not intended to the influence (thereby this fingerprint can't be verified) of destruction.
Among the step B, when under normal mode of operation, using data safety storage device, can select visiting the required fingerprint of administrator number P of this device, make it be less than the fingerprint of administrator number M of registration, owing to can use other fingerprint of administrator, thus make registration the fingerprint of administrator pattern destroy unintentionally unlikely cause to the data safe storage device can not access.After the good authentication P fingerprint of administrator, can write user data to data safety storage device, or obtain user data from data safety storage device.
This method also comprises:
C, by following steps registered user fingerprint:
In the registration mode of data safety storage device, scan at least one user's N different user fingerprints, wherein N 〉=2 produce the user fingerprints biological data by the user fingerprints that is scanned, and store the user fingerprints biological data with registered user's fingerprint,
D, when access in data safety storage device, the fingerprint of administrator of each fingerprint in P the fingerprint and registration and the user fingerprints of registration are verified, wherein 2≤P≤M+N).
According to above-mentioned steps C, D, if be proved to be successful, the combination in any that can use the fingerprint of administrator that is total up to P fingerprint and user fingerprints is to visit described data safety storage device, a wherein said P fingerprint can comprise that 0 fingerprint of administrator is to P fingerprint of administrator, and the fingerprint of administrator of arbitrary number between 0 to P, all the other fingerprints in P fingerprint can comprise 0 user fingerprints (when the number of fingerprint of administrator is P) to P user fingerprints (when the number of fingerprint of administrator is 0), and the user fingerprints (wherein all the other fingerprints of P fingerprint and fingerprint of administrator addition equal P) of arbitrary number between 0 to P.
When the keeper of data safety storage device and/or user change, can reset or delete the fingerprint of registration according to the availability of fingerprint of administrator or the availability of fingerprint of administrator and user fingerprints.
Therefore, this method also comprises:
If E has only fingerprint of administrator to use, then registered fingerprint of administrator can be reseted by following steps:
In the registration mode of data safety storage device, scanning M different fingerprint is verified each fingerprint in M the fingerprint and the fingerprint of administrator of registration, if the fingerprint of administrator of all registrations is then reseted in being proved to be successful of each fingerprint in M fingerprint.
Factor according to safe storage device at the normal mode of operation inaccessible that becomes, this step the has had efficient recovery Default Value of data safety storage device.All customer data in the data safety storage device is all deleted.
If F keeper and user fingerprints are all available, then can registered fingerprint of administrator and user fingerprints be reseted by following steps:
Registration mode at data safety storage device, M different fingerprint of scanning, each fingerprint in M the fingerprint and the fingerprint of administrator of registration are verified, if the fingerprint of administrator of all registrations and the user fingerprints of all registrations are then reseted in being proved to be successful of each fingerprint in M fingerprint.
Because data safety storage device is at the normal mode of operation inaccessible that becomes, this efficient in operation has been recovered the Default Value of data safety storage device.All customer data in the data safety storage device is all deleted.
If G keeper and user fingerprints are all available, then registered user fingerprints is reseted by following steps:
Registration mode at data safety storage device, Q different fingerprint of scanning, Q≤M+N wherein, the fingerprint of administrator of each fingerprint in Q the fingerprint and registration and the user fingerprints of registration are verified, if being proved to be successful of each fingerprint in Q fingerprint, and being proved to be successful of the user fingerprints of at least one in Q fingerprint and registration then reseted the user fingerprints of all registrations.
This step makes that previous Any user all can not the visit data safe storage device in normal mode of operation.On the other hand, still can pass through fingerprint of administrator visit data safe storage device.Can delete also the Any user data in the deleted data safe storage device not.
With storage of subscriber data before data safety storage device, can be with ciphering user data, the user data of encrypting can be stored then.Similarly, before obtaining user data from data safety storage device, can be with the user data deciphering of encrypting, the user data of deciphering from data safety storage device output then.For this reason, this method also further comprises:
H, by the following steps accesses user data:
Receiving subscriber data, to the user data of ciphering user data with the generation encryption, and the user data of encrypting is stored in the data safety storage device, and/or the user data of the encryption in the reading of data safe storage device, the user data of enabling decryption of encrypted is to obtain user data; And from data safety storage device output user data.
In each step of A~H,, then refuse described data safety storage device is carried out access if continuous at least three fingerprint authentications are unsuccessful.
More specifically, in above-mentioned steps, get M=2, N=2 or 4, P=2 and Q=2.
The present invention also provides the device of realizing said method, and this device comprises:
Be used for scanning fingerprint to produce the fingerprint sensor of fingerprint biological data;
Be used to store the bio-data storage unit of fingerprint biological data;
The storage of subscriber data unit that is used for store user data;
The data handling system that is connected with fingerprint sensor, bio-data storage unit, storage of subscriber data unit and outer computer host computer system, this data handling system comprises fingerprint biological characteristic processing unit, microcontroller and the data processing unit and the flash memory of embedding
Wherein, data processing unit is used for storing and/or obtaining by following steps the user data of data safety storage device:
A, by following steps registration management person fingerprint:
Registration mode at data safety storage device, scan at least one keeper's M different fingerprint of administrator by fingerprint sensor, M 〉=2 wherein, data handling system produces the fingerprint of administrator biological data by the fingerprint of administrator that is scanned, and the fingerprint of administrator biological data is stored in the bio-data storage unit with registration management person's fingerprint;
B, in data safety storage device, carry out access by following steps:
Normal mode of operation at data safety storage device, by P different fingerprint of fingerprint sensor scanning, 2≤P≤M wherein, data handling system is verified each fingerprint in P the fingerprint and the fingerprint of administrator of registration, if being proved to be successful of each fingerprint in P fingerprint, then data handling system receives the user data from the outer computer host computer system, and user data is stored in the storage of subscriber data unit, and/or data handling system reads the user data in the storage of subscriber data unit, and user data is outputed to the outer computer host computer system.
Wherein said data processing unit passes through following steps registered user fingerprint:
A, in the registration mode of data safety storage device, scan at least one user's N different user fingerprints by fingerprint sensor, N 〉=2 wherein, data handling system produces the user fingerprints biological data by the user fingerprints that is scanned, and stored user fingerprint biological data is with registered user's fingerprint;
B, when access in data safety storage device, the fingerprint of administrator of each fingerprint in P the fingerprint and registration and the user fingerprints of registration are verified, wherein 2≤P≤M+N.
Wherein said fingerprint sensor is condenser type or Electric field sensing device.
Device also comprises with data handling system the computer serial bus interface unit that combines, is used for data safety storage device is connected to computer host system.
Wherein said computer serial bus interface unit comprises USB or FireWire computer serial bus interface unit.
Contribution of the present invention is that it has effectively overcome existing biological characteristic access method can't verify fingerprint pattern because of the fingerprint pattern on the human finger is destroyed for a certain reason, causes visiting defectives such as its data storage device.In the method for the present invention, owing to require to register at least two fingerprints, and having improved the safe coefficient of data storage device in use after this, the fingerprint of administrator pattern that makes data storage device in use not be vulnerable to register is not intended to the influence that destroys and this fingerprint can't be verified.Therefore memory storage of the present invention is removable, and can be used as the hard disk that can link to each other with computer host system, and the data in the device have obtained protection by fingerprint technique, has only the talent of one or more previous typing fingerprints can activate the function of described memory storage.
[embodiment]
The following example is to further explanation of the present invention and explanation, and the present invention is not constituted any limitation.
Now method and the data safety storage device of storing and obtain user data in data safety storage device of the present invention carried out specific description more in conjunction with Fig. 1 and Fig. 2.
Fig. 1 and Fig. 2 show portable data safety storage device 100 of the present invention, this device comprises the shell 10 of computer serial bus interface unit 14, fingerprint sensor 12 sensing device of Electric field (for example capacitive or) and data handling system, be provided with data handling system in the shell, this data handling system comprises fingerprint biological characteristic processing unit 20, microcontroller and data processing unit 30 and the flash memory 40 of embedding.In the present embodiment, fingerprint sensor 12 is connected with fingerprint biological characteristic processing unit 20, and this fingerprint biological characteristic processing unit 20 comprises biological characteristic processing unit 22 and a bio-data storage unit 24.Biological characteristic processing unit 22 links to each other with access control decision package 32, is connected with data processing unit 34 then.Switch 16 or any other control device can be set on data safety storage device 100, make data safety storage device 100 be in registration mode, be i.e. position of the switch A or be in normal mode of operation, i.e. position of the switch B.The computer serial bus interface unit can comprise USB computer serial bus interface unit or FireWire (IEEE1394) computer serial bus interface unit.
Referring to Fig. 2, storage and when obtaining user data in data safety storage device of the present invention, the keeper of data safety storage device 100 or user are placed on finger on the fingerprint sensor 12 (it is as finger-printer reader), fingerprint sensor 12 scanning fingerprints, and the fingerprint biological data sent to fingerprint biological characteristic processing unit 20.In embedded fingerprint biological characteristic processing unit 20, the fingerprint biological data of biological characteristic processing unit 22 previous registration in bio-data storage unit 24 with fingerprint biological data and storage (may be subjected to cryptographic key protection) is verified.Must at least two different fingerprints of scanning, and with the just addressable data safety storage device 100 of the fingerprint authentication of previous registration success to store and/or to obtain user data.If checking is unsuccessful, then refuse access to the user data in the data safe storage device, maybe must rescan corresponding fingerprint.After being proved to be successful, biological characteristic processing unit 22 generates an encryption pointers, and this encryption pointers can be obtained encryption key from bio-data storage unit 24.The encryption key that obtains is protected in multinomial appendage alternatively.Works code or decruption key start data encryption/decryption program in microcontroller and the data processing unit 30 with encryption key.After access control decision package 32 is activated, its designation data processing unit 34 extracts the information that is stored in the flash memory 40, and sending it to computer host system, this host computer system links to each other with data storage device 100 by computer serial bus interface unit 14.
Data safety storage device 100 is before can being used, in the registration of fingerprint of administrator biological data and typing fingerprint biological characteristic processing unit 20 that must obtain by the one or more keepers' of scanning fingerprint.When registering for the first time, make data safety storage device 100 in registration mode work by switch 16 being converted to corresponding position A, one or more keepers, also can be one or more users of data safety storage device 100, scan at least two fingerprint of administrator by fingerprint sensor 12, and handle and store the data in the bio-data storage unit 24 by 22 pairs of fingerprint biological datas of biological characteristic processing unit.When registering once more, make data safety storage device 100 in registration mode work by switch 16 being converted to corresponding position A, at least two user fingerprints by 12 couples of one or more users of fingerprint sensor scan, and handle, and store the data in the bio-data storage unit 24 by 22 pairs of fingerprint biological datas of biological characteristic processing unit.
The fingerprint of administrator biological data of registration can be used for producing key, 128 keys for example, the user data that writes data safety storage device 100 and read from data safety storage device 100 with encryption and decryption respectively.
Fingerprint of administrator is after registration, make data safety storage device 100 be operated in normal mode of operation by switch 16 being converted to corresponding position B, can carry out access to the data safety storage device that is used to store and/or obtain user data by at least two different fingerprint of administrator of good authentication.After fingerprint of administrator and user fingerprints registration, make data safety storage device 100 be operated in normal mode of operation by switch 16 being converted to corresponding position B, can carry out access to the data safety storage device that is used to store and/or obtain user data by at least two different fingerprints of good authentication, wherein all or be not all fingerprints can be fingerprint of administrator, also can be user fingerprints.
The fingerprint of registration can be cancelled as follows.Fingerprint of administrator makes data safety storage device 100 be operated in registration mode by switch 16 being converted to corresponding position A after registration, again by all previous resettable fingerprint of administrator of fingerprint of administrator of registering of good authentication.After fingerprint of administrator and the user fingerprints registration, make data safety storage device 100 be operated in registration mode, again by all the previous resettable fingerprint of administrator of fingerprint of administrator and user fingerprints of registering of good authentication by switch 16 being converted to corresponding position A.After fingerprint of administrator and the user fingerprints registration, make data safety storage device 100 be operated in registration mode by switch 16 being converted to corresponding position A, again by at least two previous resettable user fingerprints of registering of fingerprint (wherein at least one is a user fingerprints) of good authentication.When reseting fingerprint of administrator, available user data is deleted in the data safety storage device 100.When reseting user fingerprints, and when not reseting fingerprint of administrator, can delete also not available user data in the deleted data memory storage, this depends on the setting of data handling system.
Though invention has been described by specific embodiment, should be understood that to make improvements within the scope of the present invention that the instructions description of this invention should not be counted as the qualification to invention scope, and scope of invention limited by claim.