TWI393007B - Information access controllable storage device, information access control method and information protection method - Google Patents

Information access controllable storage device, information access control method and information protection method Download PDF

Info

Publication number
TWI393007B
TWI393007B TW97100479A TW97100479A TWI393007B TW I393007 B TWI393007 B TW I393007B TW 97100479 A TW97100479 A TW 97100479A TW 97100479 A TW97100479 A TW 97100479A TW I393007 B TWI393007 B TW I393007B
Authority
TW
Taiwan
Prior art keywords
program
information
storage device
area
information storage
Prior art date
Application number
TW97100479A
Other languages
Chinese (zh)
Other versions
TW200931257A (en
Inventor
Sung Chieh Lai
Original Assignee
Fineart Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fineart Technology Co Ltd filed Critical Fineart Technology Co Ltd
Priority to TW97100479A priority Critical patent/TWI393007B/en
Publication of TW200931257A publication Critical patent/TW200931257A/en
Application granted granted Critical
Publication of TWI393007B publication Critical patent/TWI393007B/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Description

可控制存取之資訊儲存裝置、資訊存取控制方法與資訊保護方法Information storage device, information access control method and information protection method capable of controlling access

本發明是有關於一種資訊儲存裝置與存取方法,且特別是有關於一種以虛擬磁碟技術控制存取的資訊儲存裝置、資訊存取控制方法與資訊保護方法。The present invention relates to an information storage device and an access method, and more particularly to an information storage device, an information access control method, and an information protection method for controlling access by a virtual disk technology.

因應電腦化趨勢衍生的各類軟韌體程式儲存與資料量成長問題,例如硬碟與隨身碟等各式資訊儲存裝置不斷推陳出新,儼然成為資訊處理裝置不可或缺的配備。可攜式的資訊儲存裝置雖然便於攜帶且可隨時安裝使用,但使用者與資訊系統管理者仍持續尋求內部資訊與資料的保護機制,顯見目前可見之相關技術仍顯不足。進一步舉例來說,從事業務或對外解說性質的使用者可能只希望在特定資訊處理設備上展示其隨身攜帶的資訊儲存裝置內容,一旦展示過程結束,就希望資料不會輕易被再散佈或未經授權而保存,並且當其遺失資訊儲存裝置或資訊處理設備,或是因故置身前述特定資訊處理設備視線外時,多半希望資訊儲存裝置內容不被轉存、轉寄、竄改或竊取。然而,習知的檔案保密系統存有許多弊病例如僅運用一般密碼機制或軟體等單一技術加以保護,使得使用者往往在可攜性與資料保密性陷入取捨的兩難處境,而有效或是運用雙重保全的模式來保護使用者重要資料的兼顧方案仍付之闕如,所以如果個人資訊外洩且遺失資訊儲存裝置,他人仍然可以在其他的資訊處理裝置中使用而無法確實保密與杜絕任意散佈。因此,發展可控制存取之資訊儲存裝置、資訊存取控制與資訊保護方法有其必要性。In response to the growing trend of various software and firmware programs and the growth of data volume, such as hard disk and flash drive, various information storage devices have become an indispensable device for information processing devices. Although portable information storage devices are easy to carry and can be installed and used at any time, users and information system administrators continue to seek internal information and data protection mechanisms. It is obvious that the related technologies currently available are still insufficient. For example, a user who is engaged in business or external interpretation may only want to display the contents of the information storage device that he or she carries with him on a specific information processing device. Once the display process is over, he hopes that the data will not be easily distributed or not. Authorized to save, and when it loses information storage devices or information processing equipment, or if it is outside the line of sight of the specific information processing equipment, it is hoped that the information storage device content will not be transferred, forwarded, altered or stolen. However, the conventional file security system has many drawbacks, such as using only a single password mechanism or a single technology such as software to protect users, so that users often fall into the dilemma of portability and data confidentiality, and effectively or use dual The preservation mode to protect the user's important information is still in the doldrums. Therefore, if the personal information is leaked and the information storage device is lost, others can still use it in other information processing devices without being able to keep confidential and prevent arbitrary distribution. Therefore, it is necessary to develop information storage devices, information access control and information protection methods that can control access.

本發明提供一種可控制存取之資訊儲存裝置、資訊存取控制與資訊保護方法,係以虛擬磁碟、身分驗證與資訊加解密技術確保待保護資訊的存取合乎資料機密性保全與管理要求。The invention provides a controllable access information storage device, an information access control and an information protection method, which adopts a virtual disk, identity verification and information encryption and decryption technology to ensure that access to the information to be protected complies with data confidentiality preservation and management requirements. .

本發明的其他目的和優點可以從本發明所揭露的技術特徵中得到進一步的了解。Other objects and advantages of the present invention will become apparent from the technical features disclosed herein.

為達上述之一或部份或全部目的或是其他目的,本發明一實施例提出一種可控制資訊存取之資訊儲存裝置。本發明的資訊儲存裝置具有程式區與隱藏區,其中隱藏區一明/密文區一檔案以虛擬磁碟技術對應到虛擬磁碟路徑。當資訊儲存裝置連接安裝到資訊處理系統並執行身份辨識程式與掛載程式,資訊處理系統根據一正確驗證與執行結果掛載明/密文區路徑與虛擬磁碟路徑,而明文待保護資訊寫入虛擬磁碟路徑時自動加密為密文待保護資訊後轉存到前述檔案,所以可保護密文待保護資訊不會任意被刪除。In order to achieve one or a part or all of the above or other purposes, an embodiment of the present invention provides an information storage device that can control information access. The information storage device of the present invention has a program area and a hidden area, wherein a file of the hidden area and the ciphertext area corresponds to the virtual disk path by the virtual disk technology. When the information storage device is connected to the information processing system and the identification program and the mounting program are executed, the information processing system mounts the clear/ciphertext area path and the virtual disk path according to a correct verification and execution result, and the plaintext to be protected information is written. When the virtual disk path is entered, it is automatically encrypted into the ciphertext to be protected and then transferred to the aforementioned file, so the information to be protected from the ciphertext protection will not be deleted arbitrarily.

為達上述之一或部份或全部目的或是其他目的,本發明一實施例再提出一種資訊存取控制方法,包含以下步驟:首先,當資訊儲存裝置連接安裝至資訊處理系統並執行身份辨識程式與掛載程式,資訊處理系統根據正確驗證與執行結果掛載明/密文區路徑與虛擬磁碟路徑,其中資訊儲存裝置一明/密文區之一檔案以虛擬磁碟技術對應至虛擬磁碟路徑。接著,當使用者將明文待保護資訊寫入虛擬磁碟路徑時,明文待保護資訊自動加密為密文待保護資訊後轉存至檔案。In order to achieve one or a part or all of the above or other purposes, an embodiment of the present invention further provides an information access control method, which includes the following steps: First, when the information storage device is connected to the information processing system and performs identity recognition. The program and the mount program, the information processing system mounts the clear/ciphertext area path and the virtual disk path according to the correct verification and execution result, wherein one of the information storage device and the ciphertext area corresponds to the virtual disk technology. Disk path. Then, when the user writes the plaintext to be protected information to the virtual disk path, the plaintext to be protected information is automatically encrypted into the ciphertext to be protected and then transferred to the file.

為達上述之一或部份或全部目的或是其他目的,本發明一實施例再提出一種資訊保護方法,包含以下步驟:先以虛擬磁碟技術對應資訊儲存裝置隱藏區一明/密文區一檔案至虛擬磁碟路徑,當資訊儲存裝置連接安裝至資訊處理系統並執行身份辨識程式與掛載程式,資訊處理系統根據正確驗證與執行結果掛載明/密文區路徑與虛擬磁碟路徑,然後當使用者將明文待保護資訊寫入虛擬磁碟路徑時,明文待保護資訊自動加密為密文待保護資訊後轉存至檔案。In order to achieve one or a part or all of the above or other purposes, an embodiment of the present invention further provides an information protection method, which includes the following steps: first, a virtual disk technology corresponding to an information storage device, a hidden area, a ciphertext area A file to virtual disk path, when the information storage device is connected to the information processing system and executes the identity recognition program and the mount program, the information processing system mounts the clear/ciphertext area path and the virtual disk path according to the correct verification and execution result. Then, when the user writes the plaintext to be protected information to the virtual disk path, the plaintext to be protected information is automatically encrypted into the ciphertext to be protected and then transferred to the file.

本發明因採用身份辨識與虛擬磁碟路徑與隱藏區明/密文區之檔案虛擬對應之結構,因此可以實現對於待保護資訊的保護機制與有效存取控管。The invention adopts the structure of the identity recognition and the virtual disk path and the virtual area of the hidden area/cryptographic area, so that the protection mechanism and effective access control of the information to be protected can be realized.

為讓本發明之上述和其他目的、特徵和優點能更明顯易懂,下文特舉較佳實施例,並配合所附圖式,作詳細說明如下。The above and other objects, features and advantages of the present invention will become more <RTIgt;

有關本發明之前述及其他技術內容、特點與功效,在以下配合參考圖式之一較佳實施例的詳細說明中,將可清楚的呈現。The above and other technical contents, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments.

請參閱圖1A與1B,本發明可控制資訊存取之資訊儲存裝置可配合顯示終端變化加以說明。本發明的資訊儲存裝置可以是固接式磁碟(例如硬碟)或外接式磁碟(例如具有USB連接介面的隨身碟),而資訊處理系統可以是各種規格的電腦設備,所以在此實施例中,資訊處理系統1是一部以液晶顯示螢幕為顯示終端11並且配置一個硬碟(其磁碟路徑為C,示於圖1B)的筆記型電腦,而資訊儲存裝置2是具有一程式區21與一隱藏區22的隨身碟。在此實施例中,程式區21規劃有一模擬光碟機的區域,經由作業系統允許光碟機執行,可自動執行儲存的代理執行程式、身份辨識程式與掛載程式(在其他手動執行的實施例中,代理執行程式、身份辨識程式與掛載程式的儲存區域可以是其他配置方式),所以當資訊儲存裝置2連接到筆記型電腦1的USB埠12時,作業系統自動執行代理執行程式以間接執行與呼叫身份辨識程式要求使用者僅輸入使用者密碼、使用者密碼與使用者指紋或僅輸入使用者指紋等身分識別項目。完成正確性驗證與掛載後,顯示終端11顯示磁碟路徑C與資訊儲存裝置2磁碟路徑D,以及可存取隱藏區22明/密文區221的明/密文區路徑E(在顯示終端11對應顯示為E磁碟)與檔案222對應的虛擬磁碟路徑F(在顯示終端11對應顯示為F磁碟)。在此一提,顯示終端11在此實施例中顯示C、D、E與F等磁碟圖示以說明磁碟路徑,然而僅為舉例且使圖式精簡易讀,資訊處理系統1中其他光碟機或網路磁碟機圖示等在此未贅列。Referring to FIGS. 1A and 1B, the information storage device capable of controlling information access according to the present invention can be described in conjunction with display terminal changes. The information storage device of the present invention may be a fixed disk (such as a hard disk) or an external disk (such as a flash disk with a USB connection interface), and the information processing system may be a computer device of various specifications, so it is implemented here. For example, the information processing system 1 is a notebook computer having a liquid crystal display screen as the display terminal 11 and a hard disk (the disk path is C, shown in FIG. 1B), and the information storage device 2 has a program. Zone 21 and a hidden area 22 of the flash drive. In this embodiment, the program area 21 is planned to have an area for simulating the optical disk drive, allowing the optical disk drive to execute via the operating system, and automatically executing the stored agent execution program, identity recognition program and mount program (in other manually executed embodiments) The storage area of the agent execution program, the identity recognition program and the mount program may be other configuration manners, so when the information storage device 2 is connected to the USB port 12 of the notebook computer 1, the operating system automatically executes the agent execution program for indirect execution. The call identification program requires the user to input only the user identification code, the user password and the user fingerprint, or only the user fingerprint. After the correctness verification and mounting are completed, the display terminal 11 displays the disk path C and the information storage device 2 disk path D, and the clear/ciphertext area path E of the hidden/closed area 22 ambiguous area 221 is accessible. The display terminal 11 corresponds to the E disk and the virtual disk path F corresponding to the file 222 (shown as the F disk in the display terminal 11). In this embodiment, the display terminal 11 displays disk icons such as C, D, E, and F in this embodiment to illustrate the disk path, but is merely an example and makes the drawing easy to read, and the other information processing system 1 The disc player or the network drive icon, etc. are not listed here.

在此一提,虛擬磁碟技術是模擬一般資訊儲存裝置(例如硬碟,具有硬碟檔案配置表)的結構,本質上是利用在明/密文區的檔案來儲存自動加密後虛擬磁碟路徑的資料,所以作業系統及驅動程式可經由硬碟檔案配置表取得位址,而使用者在虛擬磁碟路徑對明文待保護資訊的存取,事實上是對此檔案的存取;明文待保護資訊寫入到虛擬磁碟路徑,本質上就是加密明文待保護資訊為密文待保護資訊後寫入此檔案。在實務上,可以藉由一個監控程式來禁止對於密文待保護資訊的刪除。As mentioned here, the virtual disk technology is a structure for simulating a general information storage device (for example, a hard disk having a hard disk file configuration table), and essentially uses an archive in an explicit/ciphertext area to store an automatically encrypted virtual disk. Path data, so the operating system and driver can obtain the address through the hard disk file configuration table, and the user accesses the plaintext to be protected information in the virtual disk path, in fact, accesses the file; The protection information is written to the virtual disk path. In essence, the encrypted plaintext to be protected information is written to the file after the ciphertext is to be protected. In practice, the deletion of the ciphertext to be protected information can be prohibited by a monitoring program.

請接著參閱圖2,本發明資訊存取控制方法之細部流程如圖所示。於步驟S211,當資訊儲存裝置(例如隨身碟或硬碟)連接安裝在資訊處理系統(例如電腦主機)時,資訊處理系統執行身份辨識程式與掛載程式以掛載明/密文區路徑與虛擬磁碟路徑,其中資訊儲存裝置明/密文區一檔案是運用虛擬磁碟技術對應到虛擬磁碟路徑。其中,身份辨識程式與掛載程式對於使用者密碼與使用者指紋進行單一驗證或多重驗證。於步驟S212,當使用者將明文待保護資訊寫入虛擬磁碟路徑時,因為虛擬磁碟路徑與明/密文區的檔案的對應關係,明文待保護資訊自動加密為密文待保護資訊後轉存至檔案。因此,使用者及其持有的資訊儲存裝置必須先通過身份辨識等程序,才能夠得到存取明文待保護資訊的虛擬磁碟路徑,進而對於密文待保護資訊進行不包含刪除命令的特定存取命令,達成資訊散佈等控管。在此一提,進出虛擬磁碟路徑與明/密文區檔案的資料經過加解密程序以增加防護與可讀性,所以在此實施例中,明文待保護資訊可以是利用加密技術寫入檔案而成為密文待保護資訊,並且讀出檔案的密文待保護資訊可利用解密技術解密為明文待保護資訊。Referring to FIG. 2, the detailed flow of the information access control method of the present invention is shown in the figure. In step S211, when an information storage device (such as a flash drive or a hard disk) is connected to an information processing system (such as a computer host), the information processing system executes an identification program and a mount program to mount the clear/ciphertext area path and The virtual disk path, wherein the information storage device Ming/Mintext area file is mapped to the virtual disk path by using the virtual disk technology. The identity recognition program and the mount program perform single verification or multiple verification on the user password and the user fingerprint. In step S212, when the user writes the plaintext to be protected information to the virtual disk path, the plaintext to be protected information is automatically encrypted into the ciphertext to be protected after the virtual disk path and the file in the plain/ciphertext area are correspondingly encrypted. Transfer to the file. Therefore, the user and the information storage device they hold must first obtain a virtual disk path for accessing the plaintext to be protected information through a process such as identity recognition, and then perform a specific storage that does not include a delete command for the ciphertext to be protected information. Take orders and achieve control over information dissemination. Herein, the data entering and leaving the virtual disk path and the plain/ciphertext area file are subjected to encryption and decryption procedures to increase protection and readability. Therefore, in this embodiment, the plaintext to be protected information may be written into the file by using encryption technology. The information to be protected by the ciphertext and the ciphertext to be protected from the archive can be decrypted into the plaintext to be protected by the decryption technology.

請參閱圖3,本發明資訊保護方法之細部流程如圖所示。於步驟S311,以虛擬磁碟技術對應資訊儲存裝置隱藏區一明/密文區一檔案至虛擬磁碟路徑,然後於步驟S312,當資訊儲存裝置連接安裝至資訊處理系統並執行身份辨識程式與掛載程式,資訊處理系統根據正確驗證與執行結果掛載明/密文區路徑與虛擬磁碟路徑。接著,於步驟S313,當使用者將明文待保護資訊寫入虛擬磁碟路徑時,明文待保護資訊自動加密為密文待保護資訊後轉存至檔案。其中,當資訊儲存裝置(例如隨身碟或硬碟)連接或安裝在資訊處理系統(例如電腦主機)時,資訊儲存裝置的明/密文區路徑與虛擬磁碟路徑將根據身份辨識程式與掛載程式對於使用者密碼與使用者指紋的單一驗證或多重驗證而掛載,並且資訊處理系統據以顯示前述路徑供使用者存取。此外,如前所述,當資訊儲存裝置的程式區規劃有一模擬光碟機的區域並且經由作業系統允許光碟機執行時,可自動執行儲存的代理執行程式、身份辨識程式與掛載程式,但是在其他手動執行的實施例中,代理執行程式、身份辨識程式與掛載程式的儲存區域可以是其他配置方式。Referring to FIG. 3, the detailed process of the information protection method of the present invention is shown in the figure. In step S311, the virtual disk technology corresponding information storage device hides the area of the Ming/Mintext area from a file to the virtual disk path, and then, in step S312, when the information storage device is connected to the information processing system and performs the identity recognition program and The mount program, the information processing system mounts the clear/ciphertext area path and the virtual disk path based on the correct verification and execution results. Next, in step S313, when the user writes the plaintext to be protected information to the virtual disk path, the plaintext to be protected information is automatically encrypted into the ciphertext to be protected information and then transferred to the file. Wherein, when an information storage device (such as a flash drive or a hard disk) is connected or installed in an information processing system (such as a computer host), the clear/ciphertext path and the virtual disk path of the information storage device will be linked according to the identity recognition program. The program is mounted for single or multiple verification of the user's password and the user's fingerprint, and the information processing system displays the aforementioned path for the user to access. In addition, as described above, when the program area of the information storage device is planned to have an area of the analog optical disk drive and the optical disk drive is allowed to be executed via the operating system, the stored agent execution program, the identity recognition program, and the mount program can be automatically executed, but In other manually executed embodiments, the storage area of the agent execution program, the identification program, and the mount program may be other configurations.

雖然本發明已以較佳實施例揭露如上,然其並非用以限定本發明,任何熟習此技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。另外本發明的任一實施例或申請專利範圍不須達成本發明所揭露之全部目的或優點或特點。此外,摘要部分和標題僅是用來輔助專利文件搜尋之用,並非用來限制本發明之權利範圍。While the present invention has been described in its preferred embodiments, the present invention is not intended to limit the invention, and the present invention may be modified and modified without departing from the spirit and scope of the invention. The scope of protection is subject to the definition of the scope of the patent application. In addition, any of the objects or advantages or features of the present invention are not required to be achieved by any embodiment or application of the invention. In addition, the abstract sections and headings are only used to assist in the search of patent documents and are not intended to limit the scope of the invention.

1...資訊處理系統1. . . Information processing system

11...顯示終端11. . . Display terminal

12...USB埠12. . . USB埠

2...資訊儲存裝置2. . . Information storage device

21...程式區twenty one. . . Program area

22...隱藏區twenty two. . . Hidden area

221...明/密文區221. . . Ming / ciphertext area

222...檔案222. . . file

C、D、E、F...磁碟路徑C, D, E, F. . . Disk path

S211、S212...本發明一實施例資訊存取控制方法各步驟S211, S212. . . Each step of the information access control method according to an embodiment of the present invention

S311、S312、S313...本發明一實施例資訊保護方法各步驟S311, S312, S313. . . Each step of the information protection method according to an embodiment of the present invention

圖1A為本發明之可控制資訊存取之資訊儲存裝置與資訊處理系統外觀示意圖。FIG. 1A is a schematic diagram showing the appearance of an information storage device and an information processing system capable of controlling information access according to the present invention.

圖1B為本發明之可控制資訊存取之資訊儲存裝置與資訊處理系統顯示終端對應操作變化示意圖。FIG. 1B is a schematic diagram showing changes in operation of an information storage device capable of controlling information access and a display terminal of an information processing system according to the present invention.

圖2為本發明一實施例之資訊存取控制方法流程圖。2 is a flow chart of an information access control method according to an embodiment of the present invention.

圖3為本發明一實施例之資訊保護方法流程圖。FIG. 3 is a flowchart of an information protection method according to an embodiment of the present invention.

S211、S212...本發明一實施例資訊存取控制方法各步驟S211, S212. . . Each step of the information access control method according to an embodiment of the present invention

S211...當資訊儲存裝置連接安裝在資訊處理系統時,執行身份辨識程式與掛載程式以掛載明/密文區路徑與虛擬磁碟路徑,其中資訊儲存裝置明/密文區一檔案運用虛擬磁碟技術對應到虛擬磁碟路徑S211. . . When the information storage device is connected to the information processing system, the identity recognition program and the mount program are executed to mount the clear/ciphertext area path and the virtual disk path, wherein the information storage device Ming/Mintext area uses a virtual disk. Technology corresponds to the virtual disk path

S212...當使用者將明文待保護資訊寫入虛擬磁碟路徑時,明文待保護資訊自動加密為密文待保護資訊後轉存至檔案S212. . . When the user writes the plaintext to be protected information to the virtual disk path, the plaintext to be protected information is automatically encrypted into the ciphertext to be protected and then transferred to the file.

Claims (20)

一種可控制資訊存取之資訊儲存裝置,包含:一程式區;以及一隱藏區,其中該隱藏區之一明/密文區之一檔案以一虛擬磁碟技術對應至一虛擬磁碟路徑,當該資訊儲存裝置連接安裝至一資訊處理系統並在該程式區內執行一身份辨識程式與一掛載程式,該資訊處理系統根據一正確驗證與執行結果掛載一明/密文區路徑與該虛擬磁碟路徑,一明文待保護資訊寫入該虛擬磁碟路徑時自動加密為一密文待保護資訊後轉存至該檔案。 An information storage device capable of controlling information access, comprising: a program area; and a hidden area, wherein one of the hidden/ambient areas of the hidden area corresponds to a virtual disk path by a virtual disk technology, When the information storage device is connected to an information processing system and an identification program and a mounting program are executed in the program area, the information processing system mounts a clear/ciphertext area path according to a correct verification and execution result. The virtual disk path is automatically encrypted into a ciphertext to be protected and then transferred to the file when the plaintext to be protected information is written into the virtual disk path. 如申請專利範圍第1項所述之可控制資訊存取之資訊儲存裝置,其中該身份辨識程式與該掛載程式係儲存於該程式區該資訊處理系統之一作業系統呼叫與執行。 The information storage device of the controllable information access as described in claim 1, wherein the identification program and the mounting program are stored in the program area of the program processing system to call and execute. 如申請專利範圍第2項所述之可控制資訊存取之資訊儲存裝置,其中該程式區規劃一模擬光碟機之區域以儲存一代理執行程式,係因應該作業系統而自動執行該身份辨識程式與該掛載程式。 The information storage device for controllable information access as described in claim 2, wherein the program area is planned to be an area of the analog optical disk drive for storing an agent execution program, which is automatically executed by the operating system. With the mounter. 如申請專利範圍第1項所述之可控制資訊存取之資訊儲存裝置,其中該資訊儲存裝置係選自一固接式磁碟與一外接式碟所成群組。 The information storage device for controllable information access as described in claim 1 wherein the information storage device is selected from the group consisting of a fixed disk and an external disk. 如申請專利範圍第1項所述之可控制資訊存取之資訊儲存裝置,其中該密文待保護資訊係藉由一監控程式禁止刪除與複製。 The information storage device for controllable information access as described in claim 1 wherein the ciphertext to be protected information is prohibited from being deleted and copied by a monitoring program. 如申請專利範圍第1項所述之可控制資訊存取之資訊儲存裝置,其中該身份辨識程式與該掛載程式係至少驗證一使用者密碼以產生該正確驗證與執行結果。 The information storage device of the controllable information access as described in claim 1, wherein the identification program and the mounting program at least verify a user password to generate the correct verification and execution result. 如申請專利範圍第6項所述之可控制資訊存取之資訊儲存 裝置,其中該身份辨識程式與該掛載程式係驗證該使用者密碼與一使用者指紋以產生該正確驗證與執行結果。 Information storage for controllable information access as described in item 6 of the patent application The device, wherein the identity recognition program and the mounting program validate the user password and a user fingerprint to generate the correct verification and execution result. 如申請專利範圍第1項所述之可控制資訊存取之資訊儲存裝置,其中該身份辨識程式與該掛載程式係至少驗證一使用者指紋以產生該正確驗證與執行結果。 The information storage device of the controllable information access as described in claim 1, wherein the identification program and the mounting program at least verify a user fingerprint to generate the correct verification and execution result. 一種資訊存取控制方法,包含:當一資訊儲存裝置連接安裝至一資訊處理系統並在該資訊儲存裝置之一程式區內執行一身份辨識程式與一掛載程式,該資訊處理系統根據一正確驗證與執行結果掛載一明/密文區路徑與一虛擬磁碟路徑,其中該資訊儲存裝置之一明/密文區之一檔案係以一虛擬磁碟技術對應至該虛擬磁碟路徑;以及當使用者將一明文待保護資訊寫入該虛擬磁碟路徑時,該明文待保護資訊自動加密為一密文待保護資訊後轉存至該檔案。 An information access control method includes: when an information storage device is connected to an information processing system and executes an identification program and a mounting program in a program area of the information storage device, the information processing system is correct according to a The verification and execution result mounts a clear/ciphertext area path and a virtual disk path, wherein one of the information storage devices, one of the Ming/Mintext areas, corresponds to the virtual disk path by a virtual disk technology; And when the user writes a plaintext to be protected information to the virtual disk path, the plaintext to be protected information is automatically encrypted into a ciphertext to be protected and then transferred to the file. 如申請專利範圍第9項所述之資訊存取控制方法,其中該身份辨識程式與該掛載程式係儲存於該資訊儲存裝置之該程式區供該資訊處理系統之一作業系統呼叫與執行。 The information access control method of claim 9, wherein the identification program and the mounting program are stored in the program area of the information storage device for an operation system call and execution of the information processing system. 如申請專利範圍第10項所述之資訊存取控制方法,其中該程式區規劃一模擬光碟機之區域以儲存一代理執行程式,係因應該作業系統而自動執行該身份辨識程式與該掛載程式。 The information access control method of claim 10, wherein the program area plans an area of the analog optical disc drive to store an agent execution program, and the identification program is automatically executed by the operating system and the mount Program. 如申請專利範圍第9項所述之資訊存取控制方法,其中該身份辨識程式與該掛載程式係至少驗證一使用者密碼以產生該正確驗證與執行結果。 The information access control method of claim 9, wherein the identification program and the mounting program validate at least one user password to generate the correct verification and execution result. 如申請專利範圍第12項所述之資訊存取控制方法,其中該身份辨識程式與該掛載程式係驗證該使用者密碼與一使 用者指紋以產生該正確驗證與執行結果。 The information access control method of claim 12, wherein the identification program and the mounting program verify the user password and The user fingerprint is used to generate the correct verification and execution results. 如申請專利範圍第9項所述之資訊存取控制方法,其中該身份辨識程式與該掛載程式係至少驗證一使用者指紋以產生該正確驗證與執行結果。 The information access control method of claim 9, wherein the identification program and the mounting program verify at least one user fingerprint to generate the correct verification and execution result. 一種資訊保護方法,包含:以一虛擬磁碟技術對應一資訊儲存裝置之隱藏區之一明/密文區之一檔案至一虛擬磁碟路徑;當該資訊儲存裝置連接安裝至一資訊處理系統並在該資訊儲存裝置之一程式區內執行一身份辨識程式與一掛載程式,該資訊處理系統根據一正確驗證與執行結果掛載一明/密文區路徑與該虛擬磁碟路徑;以及當使用者將一明文待保護資訊寫入該虛擬磁碟路徑時,該明文待保護資訊自動加密為一密文待保護資訊後轉存至該檔案。 An information protection method includes: a virtual disk technology corresponding to one of the hidden/ambient areas of a hidden area of the information storage device to a virtual disk path; when the information storage device is connected to an information processing system And executing an identity recognition program and a mount program in a program area of the information storage device, wherein the information processing system mounts a clear/ciphertext area path and the virtual disk path according to a correct verification and execution result; When the user writes a plaintext to be protected information to the virtual disk path, the plaintext to be protected information is automatically encrypted into a ciphertext to be protected and then transferred to the file. 如申請專利範圍第15項所述之資訊保護方法,其中該身份辨識程式與該掛載程式係儲存於該資訊儲存裝置之該程式區供該資訊處理系統之一作業系統呼叫與執行。 The information protection method of claim 15, wherein the identification program and the mounting program are stored in the program area of the information storage device for call and execution by an operating system of the information processing system. 如申請專利範圍第16項所述之資訊保護方法,其中該程式區規劃一模擬光碟機之區域以儲存一代理執行程式,係因應該作業系統而自動執行該身份辨識程式與該掛載程式。 The information protection method described in claim 16 wherein the program area is an area for simulating an optical disk drive to store an agent execution program, and the identity recognition program and the mount program are automatically executed according to the operating system. 如申請專利範圍第15項所述之資訊保護方法,其中該身份辨識程式與該掛載程式係至少驗證一使用者密碼以產生該正確驗證與執行結果。 The information protection method of claim 15, wherein the identification program and the mounting program validate at least one user password to generate the correct verification and execution result. 如申請專利範圍第18項所述之資訊保護方法,其中該身份辨識程式與該掛載程式係驗證該使用者密碼與一使用者指紋以產生該正確驗證與執行結果。 The information protection method of claim 18, wherein the identification program and the mounting program validate the user password and a user fingerprint to generate the correct verification and execution result. 如申請專利範圍第15項所述之資訊保護方法,其中該身份辨識程式與該掛載程式係至少驗證一使用者指紋以產生該正確驗證與執行結果。 The information protection method of claim 15, wherein the identification program and the mounting program verify at least one user fingerprint to generate the correct verification and execution result.
TW97100479A 2008-01-04 2008-01-04 Information access controllable storage device, information access control method and information protection method TWI393007B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW97100479A TWI393007B (en) 2008-01-04 2008-01-04 Information access controllable storage device, information access control method and information protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW97100479A TWI393007B (en) 2008-01-04 2008-01-04 Information access controllable storage device, information access control method and information protection method

Publications (2)

Publication Number Publication Date
TW200931257A TW200931257A (en) 2009-07-16
TWI393007B true TWI393007B (en) 2013-04-11

Family

ID=44865236

Family Applications (1)

Application Number Title Priority Date Filing Date
TW97100479A TWI393007B (en) 2008-01-04 2008-01-04 Information access controllable storage device, information access control method and information protection method

Country Status (1)

Country Link
TW (1) TWI393007B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI673989B (en) * 2013-08-28 2019-10-01 美商司固科技公司 Apparatus and method for implementing virtual bands concentration, and self encryptingstorage device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW576996B (en) * 2002-05-10 2004-02-21 Fine Art Technology Co Ltd Method for encrypting secured data with virtual space
TW200617798A (en) * 2005-11-25 2006-06-01 Li-Guo Chiou Memory storage device having finger print sensing and data protection method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW576996B (en) * 2002-05-10 2004-02-21 Fine Art Technology Co Ltd Method for encrypting secured data with virtual space
TW200617798A (en) * 2005-11-25 2006-06-01 Li-Guo Chiou Memory storage device having finger print sensing and data protection method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI673989B (en) * 2013-08-28 2019-10-01 美商司固科技公司 Apparatus and method for implementing virtual bands concentration, and self encryptingstorage device

Also Published As

Publication number Publication date
TW200931257A (en) 2009-07-16

Similar Documents

Publication Publication Date Title
JP6061171B1 (en) Computer program, secret management method and system
TWI312952B (en) Method of protecting information in a data storage device and data storage device for use with a host computer
US8302178B2 (en) System and method for a dynamic policies enforced file system for a data storage device
US20070180257A1 (en) Application-based access control system and method using virtual disk
US7984296B2 (en) Content protection device and content protection method
JP2007207239A (en) Storage device for providing flexible protected access for security applications
US8051053B2 (en) System and method for data storage firewall on data storage unit
US20030221115A1 (en) Data protection system
US7818567B2 (en) Method for protecting security accounts manager (SAM) files within windows operating systems
CN102053925A (en) Realization method of data encryption in hard disk
US20140096270A1 (en) Secure data containers and data access control
US10114962B2 (en) Generating a stub file corresponding to a classified data file
US20220012360A1 (en) Simplified Deletion of Personal Private Data in Cloud Backup Storage for GDPR Compliance
Tetmeyer et al. Security threats and mitigating risk for USB devices
WO2015176531A1 (en) Terminal data writing and reading methods and devices
Vithanwattana et al. mHealth-Investigating an information security framework for mHealth data: Challenges and possible solutions
CN103425938A (en) Folder encryption method and device for Unix-like operating system
WO2023179378A1 (en) Encryption method and apparatus and electronic device
TWI393007B (en) Information access controllable storage device, information access control method and information protection method
KR20090049888A (en) Method of processing data using raw area of removable storage device and apparatus for performing the same
US9560032B2 (en) Method and apparatus for preventing illegitimate outflow of electronic document
KR101371031B1 (en) A File Securing System Based on Drive
Harmening Security management systems
US9152636B2 (en) Content protection system in storage media and method of the same
KR20230033401A (en) Apparatus to back up data in secure storage and to restore based on the backup data comprising time information