TWI497297B - Portable storage device and its data security control method - Google Patents
Portable storage device and its data security control method Download PDFInfo
- Publication number
- TWI497297B TWI497297B TW102101456A TW102101456A TWI497297B TW I497297 B TWI497297 B TW I497297B TW 102101456 A TW102101456 A TW 102101456A TW 102101456 A TW102101456 A TW 102101456A TW I497297 B TWI497297 B TW I497297B
- Authority
- TW
- Taiwan
- Prior art keywords
- data
- storage device
- portable storage
- controller
- area
- Prior art date
Links
Description
本發明係一種可攜式儲存裝置及其控制方法,尤指一種以快取功能提升寫入速度且可確保存取資料安全的可攜式儲存裝置及其資料安全控制方法。The present invention relates to a portable storage device and a control method thereof, and more particularly to a portable storage device and a data security control method thereof for improving the writing speed by the cache function and ensuring the security of accessing data.
俗稱為隨身碟的可攜式儲存裝置主要是採用快閃記憶體作為儲存媒體,且大多採用支援隨插即用的通用序列匯流排(以下簡稱USB)作為與主機連接的通信介面。由於快閃記憶體製造技術的提升,使可攜式儲存裝置的容量不斷擴大,目前已可達數十G,由於容量大且USB支援隨插即用,不僅可方便攜帶、交換檔案,且操作上亦十分便利,故廣受電腦用戶的青睞。Portable storage devices, commonly known as flash drives, mainly use flash memory as a storage medium, and most of them use a universal serial bus (hereinafter referred to as USB) that supports plug-and-play as a communication interface to the host. Due to the improvement of flash memory manufacturing technology, the capacity of portable storage devices has been continuously expanded, and now it has reached tens of G. Due to the large capacity and USB support plug and play, it is convenient to carry and exchange files and operate. It is also very convenient, so it is widely favored by computer users.
由於可攜式儲存媒體通常用來攜帶、交換檔案,因此其快閃記憶體係經常性地被重複刪除、寫入,造成快閃記憶體儲存空間的零落分散,進而影響了可攜式儲存裝置的寫入速度。可行的解決方案是吸收「快取」(cache)的概念,讓資料可以快速地寫入,再適時地移轉至各個分散的儲存空間,藉以提升寫入的效率,但必須考慮的是:可攜式儲存裝置執行快取的過程中,必須確保資料的完全移轉,才能避免資料被錯誤的寫入。因此如何兼顧提升寫入速度,又不致影響資料的安全性與正確性,即有待檢討並謀求一 可行的解決方案。Since the portable storage medium is usually used to carry and exchange files, the flash memory system is frequently deleted and written repeatedly, causing the storage space of the flash memory to be scattered, thereby affecting the portable storage device. Write speed. A viable solution is to absorb the concept of "cache", so that data can be quickly written, and then moved to each of the scattered storage space, so as to improve the efficiency of writing, but must consider: In the process of performing the cache by the portable storage device, it is necessary to ensure the complete transfer of the data in order to prevent the data from being written incorrectly. Therefore, how to balance the speed of writing without affecting the security and correctness of the information, that is, to review and seek A viable solution.
因此本發明主要目的在提供一種可攜式儲存裝置的資料安全控制方法,其令可攜式儲存裝置採用快取功能,以便提升寫入速度,並對可攜式儲存裝置提供存取限制保護,確保可攜式儲存裝置快取功能運作過程中的資料完整性、正確性。Therefore, the main purpose of the present invention is to provide a data security control method for a portable storage device, which enables the portable storage device to adopt a cache function to increase the writing speed and provide access restriction protection for the portable storage device. Ensure the integrity and correctness of the data during the operation of the portable storage device.
為達成前述目的採取的主要技術手段係令前述方法包括:提供一可攜式儲存裝置,其具有一控制器、一非揮發性記憶體及一通信介面埠,該非揮發性記憶體、通信介面埠分別和控制器連接,且非揮發性記憶體具有一資料儲存區及一快取資料區;令可攜式儲存裝置透過其通信介面埠和一主機連結;根據主機是否具有一資料安全控制驅動程式,以決定其對可攜式儲存裝置中所設非揮發性記憶體之存取權限;前述方法是在可攜式儲存裝置的非揮發性記憶體中規劃一快取資料區,供快速寫入資料,再適時移轉至資料儲存區,為確保非揮發性記憶體的資料正確性,在主機端安裝一資料安全控制驅動程式,以整合資料儲存區與快取資料區的資料;因此在可攜式儲存裝置與一主機連結後,即判斷主機是否具有該資料安全控制驅動程式,若主機未安裝該資料安全控制驅動程式,表示其不具整合資料的功能,因此限制其存取權限,藉以避免資料儲存區被錯誤寫 入資料,而確保資料的安全性與正確性。The main technical means for achieving the foregoing objective is to provide a portable storage device having a controller, a non-volatile memory and a communication interface, the non-volatile memory and the communication interface. Each is connected to the controller, and the non-volatile memory has a data storage area and a cache data area; the portable storage device is connected to a host through the communication interface thereof; and according to whether the host has a data security control driver To determine its access rights to the non-volatile memory provided in the portable storage device; the foregoing method is to plan a cache data area in the non-volatile memory of the portable storage device for fast writing Data is then transferred to the data storage area in time. To ensure the correctness of the non-volatile memory data, a data security control driver is installed on the host to integrate the data storage area and the data area of the cache data area. After the portable storage device is connected to a host, it is determined whether the host has the data security control driver, and if the host does not install the data security control Driver, said its non-integrated data functions, thus limiting their access rights, in order to avoid erroneous data store is written Enter data to ensure the security and correctness of the information.
本發明又一目的在提供一種可攜式儲存裝置,其具備快取功能以提升寫入速度,且具備存取權限管制功能,以確保可攜式儲存裝置快取功能運作過程中的資料完整性、正確性。Another object of the present invention is to provide a portable storage device with a cache function to increase the writing speed and an access authority control function to ensure data integrity during the operation of the portable storage device cache function. Correctness.
為達成前述目的採取的主要技術手段係令前述可攜式儲存裝置包括:一非揮發性記憶體,具有一資料儲存區及一快取資料區;一控制器,與前述非揮發性記憶體連接,並對其資料儲存區、快取資料區設定存取權限;一通信介面埠,與前述控制器連接;前述控制器根據是否透過通信介面埠接收一存取權限要求,以改變對資料儲存區、快取資料區的存取權限;前述可攜式儲存裝置是在非揮發性記憶體中規劃一快取資料區,供快速寫入資料,再適時移轉至資料儲存區;當一主機安裝一資料安全控制驅動程式,其可對連結的可攜式儲存裝置送出一存取權限要求,在可攜式儲存裝置回應其要求後可整合資料儲存區與快取資料區的資料;因此在可攜式儲存裝置與一主機連結後,將由其控制器判斷連結的主機是否送出該存取權限要求,若主機未送出存取權限要求,即表示其未安裝該資料安全控制驅動程式,也不具整合資料的功能,因此將限制其存取權限,藉此可避免資料儲存區被錯誤寫入資料,而確保資料的安全性與正確性。The main technical means for achieving the foregoing objective is that the portable storage device comprises: a non-volatile memory having a data storage area and a cache data area; and a controller connected to the non-volatile memory. And setting access rights to the data storage area and the cache data area; a communication interface is connected to the controller; and the controller is configured to change an access data storage area according to whether an access permission request is received through the communication interface And accessing the data area; the portable storage device is to plan a cache data area in the non-volatile memory for fast data writing, and then transfer to the data storage area; when a host is installed a data security control driver that can send an access permission request to the connected portable storage device, and can integrate the data storage area and the cache data area after the portable storage device responds to the request; After the portable storage device is connected to a host, the controller determines whether the connected host sends the access permission request, and if the host does not send the access permission request It means that the information security controls driver is not installed, nor with data integration functionality, thus limiting their access, thereby avoids data store is incorrectly written data, and ensure the security and accuracy of the information.
10‧‧‧控制器10‧‧‧ Controller
20‧‧‧非揮發性記憶體20‧‧‧ Non-volatile memory
21‧‧‧資料儲存區21‧‧‧data storage area
22‧‧‧快取資料區22‧‧‧Cache data area
30‧‧‧通信介面埠30‧‧‧Communication interface埠
40‧‧‧主機40‧‧‧Host
圖1 係本發明一較佳實施例的方塊圖。1 is a block diagram of a preferred embodiment of the present invention.
圖2 係本發明一較佳實施例與主機連接的方塊圖。2 is a block diagram of a preferred embodiment of the present invention connected to a host.
圖3 係本發明一較佳實施例的流程圖。3 is a flow chart of a preferred embodiment of the present invention.
關於本發明可攜式儲存裝置的一較佳實施例,請參閱圖1所示,其包括一控制器10、一非揮發性記憶體20及一通信介面埠30;其中:A preferred embodiment of the portable storage device of the present invention, as shown in FIG. 1, includes a controller 10, a non-volatile memory 20, and a communication interface 30;
該控制器10具有多數的資料接腳、位址接腳及輸入輸出接腳,其中,資料接腳及位址接腳是與非揮發性記憶體20連接,輸入輸出接腳則與通信介面埠30連接;該通信介面埠30可以是但不限於USB介面埠。The controller 10 has a plurality of data pins, address pins, and input and output pins. The data pins and address pins are connected to the non-volatile memory 20, and the input and output pins are connected to the communication interface. 30 connection; the communication interface 30 can be, but not limited to, a USB interface.
該非揮發性記憶體20具有一資料儲存區21及一快取資料區22,該資料儲存區21儲存空間大於快取資料區22,其中,資料儲存區21係供存取資料,快取資料區22係配合控制器10執行一資料快取(cache)功能,並不提供使用者存取資料之用。所稱資料快取是指可攜式儲存裝置與一主機40連結(請參閱圖2所示),且主機40安裝有一能辨識前述資料快取功能的資料安全控制驅動程式時,則當主機40欲寫入資料至資料儲存區21時,將由控制器10先把資料寫入至快取資料區22,由於快取資料區22提供連續的儲存空間,故可提高寫入速度,而在主機40不寫入資料時,控制器10再適時地將快取資料區22內的資料寫回資料儲存區21,由於控制器10並不會立即完整地將快 取資料區22內的資料移回資料儲存區21,因此同一個檔案在某一個時間點可能分散在資料儲存區21和快取資料區22內,此一狀況也可能出現在可攜式儲存裝置退出主機40以後。當可攜式儲存裝置又與其他的主機連結,但連接的主機未安裝前述的資料安全控制驅動程式,則該主機不能配合執行快取功能,也只能看到資料儲存區21的內容,然而看到資料儲存區21的內容又不完整,若逕將資料寫入資料儲存區21,將會造成資料錯誤。The non-volatile memory 20 has a data storage area 21 and a cache data area 22, and the data storage area 21 has a larger storage space than the cache data area 22, wherein the data storage area 21 is for accessing data and a cache data area. The 22 series cooperates with the controller 10 to perform a data cache function, and does not provide a user with access to data. The data cache refers to a portable storage device connected to a host 40 (see FIG. 2), and when the host 40 is installed with a data security control driver capable of identifying the data cache function, the host 40 is When the data is to be written to the data storage area 21, the controller 10 first writes the data to the cache data area 22. Since the cache data area 22 provides a continuous storage space, the write speed can be increased, and the host 40 is When the data is not written, the controller 10 writes the data in the cache data area 22 back to the data storage area 21 in a timely manner, since the controller 10 does not immediately and completely The data in the data area 22 is moved back to the data storage area 21, so the same file may be dispersed in the data storage area 21 and the cache data area 22 at a certain point in time, and this situation may also occur in the portable storage device. After exiting the host 40. When the portable storage device is connected to another host, but the connected host does not have the aforementioned data security control driver installed, the host cannot cooperate with the cache function, and only the content of the data storage area 21 can be seen. If the content of the data storage area 21 is incomplete, if the data is written into the data storage area 21, the data will be incorrect.
為確保資料的正確性與完整性,可攜式儲存裝置將對未安裝資料安全控制驅動程式的主機限制存取權限,以確保資料儲存區21內的資料不受破壞。具體的技術手段是由控制器10內建一存取權限控制程序,當可攜式儲存裝置利用通信介面埠30與一主機連結時,控制器10將會判斷主機已安裝資料安全控制驅動程式,若主機已安裝資料安全控制驅動程式,將會送出一存取權限要求,而控制器10可根據是否通過信介面埠30收到該存取權限要求判斷主機是否已安裝該資料安全控制驅動程式。In order to ensure the correctness and completeness of the data, the portable storage device will restrict access to the host without the data security control driver to ensure that the data in the data storage area 21 is not damaged. The specific technical means is that an access permission control program is built in the controller 10. When the portable storage device is connected to a host by using the communication interface 30, the controller 10 determines that the host has installed the data security control driver. If the host has installed the data security control driver, an access permission request will be sent, and the controller 10 can determine whether the host has installed the data security control driver according to whether the access permission request is received through the interface interface 30.
當可攜式儲存裝置和主機連結後,若未收到存取權限要求,表示主機並未安裝資料安全控制驅動程式時,將限制該主機對非揮發性記憶體20中資料儲存區21內容的存取權限,限制存取權限的可行方式包括:When the portable storage device is connected to the host, if the access permission request is not received, it indicates that the host does not install the data security control driver, and the host is restricted to the content of the data storage area 21 in the non-volatile memory 20. Access rights, possible ways to restrict access rights include:
1.對存取禁能:由控制器10完全禁止主機對其非揮發性記憶體20存取資料。1. Access Disable: The controller 10 completely disables the host from accessing data to its non-volatile memory 20.
2.唯讀:由控制器10將資料儲存區21設定為唯讀,主機只能讀出資料儲存區21的資料,但無法將資料寫入, 藉以避免資料儲存區21內的資料遭受破壞。2. Read only: The data storage area 21 is set to be read only by the controller 10, and the host can only read the data of the data storage area 21, but cannot write the data. In order to avoid damage to the data in the data storage area 21.
若控制器10判斷主機40已安裝有資料安全控制驅動程式,即致能該非揮發性記憶體20之存取,而可由主機40端的各種應用程式顯示其資料儲存區21及快取資料區22的完整資訊,並進行資料存取。If the controller 10 determines that the host 40 has installed the data security control driver, the access of the non-volatile memory 20 is enabled, and the data storage area 21 and the cache data area 22 are displayed by various applications on the host 40 side. Complete information and access to data.
故由上述可知,本發明提供的資料安全控制方法包括以下步驟(請參閱圖3所示):提供一可攜式儲存裝置(301),該可攜式儲存裝置具有快取功能;令該可攜式儲存裝置與一主機40連結(302);根據主機40是否具有資料安全控制驅動程式,決定其對可攜式儲存裝置中非揮發性記憶體之存取權限(303);若主機40具有資料安全控制驅動程式,則致能非揮發性記憶體之存取。Therefore, the data security control method provided by the present invention includes the following steps (refer to FIG. 3): providing a portable storage device (301), the portable storage device having a cache function; The portable storage device is coupled to a host 40 (302); and based on whether the host 40 has a data security control driver, determines its access rights to the non-volatile memory in the portable storage device (303); The data security control driver enables access to non-volatile memory.
若主機40未安裝安全控制驅動程式,也可安裝一具有完全存取權限的應用程式,當可攜式儲存裝置和主機連結時,使用者可在主機上執行該應用程式,以存取該具有快取功能的可攜式儲存裝置,該應用程式可以是提供類似的檔案管理員的功能,也可以是其他有存取檔案功能的應用程式。意即前述可攜式儲存裝置中所設的非揮發性記憶體只能由該主機上執行的應用程式所存取,至於主機上的其他應用程式依然被限制存取可攜式儲存裝置。If the host 40 does not have a security control driver installed, an application with full access rights can be installed. When the portable storage device is connected to the host, the user can execute the application on the host to access the A portable storage device with a cache function. The application can provide similar file administrator functions or other applications that have access to files. That is to say, the non-volatile memory provided in the portable storage device can only be accessed by the application executed on the host, and other applications on the host are still restricted from accessing the portable storage device.
由上述可知,本發明主要是在可攜式儲存裝置的非揮發性記憶體中分別規劃出一資料儲存區及一快取資料區,在主機端安裝資料安全控制驅動程式的配合下,可在寫入 資料時執行快取功能而提高寫入速度。為避免可攜式儲存裝置的快取資料區尚未完全移轉到資料儲存區之前,即與未裝資料安全控制驅動程式的主機連結並寫入資料而造成資料儲存區內的資料錯誤;即由控制器在與主機連結後即判斷連結的主機是否已安裝該資料安全控制驅動程式,若已安裝,即致能非揮發性記憶體之存取,若未安裝,則限制主機對非揮發性記憶體的存取權限,以確保資料儲存區內的資料不受破壞,從而確保資料的安全性與正確性。It can be seen from the above that the present invention mainly designs a data storage area and a cache data area in the non-volatile memory of the portable storage device, and cooperates with the data security control driver installed on the host side. Write When the data is being executed, the cache function is executed to increase the writing speed. In order to prevent the cached data area of the portable storage device from being completely transferred to the data storage area, the data is not connected to the host without the data security control driver and the data is written in the data storage area; After the controller is connected to the host, it determines whether the connected host has installed the data security control driver. If it is installed, it enables access to the non-volatile memory. If not installed, the host is restricted to non-volatile memory. The access rights of the body to ensure that the data in the data storage area is not damaged, thus ensuring the security and correctness of the data.
10‧‧‧控制器10‧‧‧ Controller
20‧‧‧非揮發性記憶體20‧‧‧ Non-volatile memory
21‧‧‧資料儲存區21‧‧‧data storage area
22‧‧‧快取資料區22‧‧‧Cache data area
30‧‧‧通信介面埠30‧‧‧Communication interface埠
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW102101456A TWI497297B (en) | 2013-01-15 | 2013-01-15 | Portable storage device and its data security control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW102101456A TWI497297B (en) | 2013-01-15 | 2013-01-15 | Portable storage device and its data security control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201428495A TW201428495A (en) | 2014-07-16 |
| TWI497297B true TWI497297B (en) | 2015-08-21 |
Family
ID=51726088
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW102101456A TWI497297B (en) | 2013-01-15 | 2013-01-15 | Portable storage device and its data security control method |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI497297B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040243779A1 (en) * | 2002-06-25 | 2004-12-02 | Takumi Okaue | Information storage device, memory access control method, and computer program |
| TW200632660A (en) * | 2005-03-02 | 2006-09-16 | Ulead Systems Inc | Plug and play system and the method of the same |
| TW201025005A (en) * | 2008-12-31 | 2010-07-01 | Ddtic Corp Ltd | Recognizing method of memory storage device |
| TW201211823A (en) * | 2010-09-15 | 2012-03-16 | Apacer Technology Inc | Location enabling storage device and method thereof |
-
2013
- 2013-01-15 TW TW102101456A patent/TWI497297B/en active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040243779A1 (en) * | 2002-06-25 | 2004-12-02 | Takumi Okaue | Information storage device, memory access control method, and computer program |
| TW200632660A (en) * | 2005-03-02 | 2006-09-16 | Ulead Systems Inc | Plug and play system and the method of the same |
| TW201025005A (en) * | 2008-12-31 | 2010-07-01 | Ddtic Corp Ltd | Recognizing method of memory storage device |
| TW201211823A (en) * | 2010-09-15 | 2012-03-16 | Apacer Technology Inc | Location enabling storage device and method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201428495A (en) | 2014-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8769232B2 (en) | Non-volatile semiconductor memory module enabling out of order host command chunk media access | |
| TWI492061B (en) | Selective enablement of operating modes or features via host transfer rate detection | |
| US20160232103A1 (en) | Block storage apertures to persistent memory | |
| JP2014026635A5 (en) | ||
| KR20150114363A (en) | Storage system, and method for performing and authenticating write-protection thereof | |
| CN107908571B (en) | Data writing method, flash memory device and storage equipment | |
| KR102595233B1 (en) | Data processing system and operating method thereof | |
| JP2013513163A (en) | Storage device virtualization | |
| KR101465460B1 (en) | Execution method for trim and data managing apparatus | |
| TWI530785B (en) | Computer system and control method for non-volatile memory | |
| KR102634776B1 (en) | Data storage device and operating method thereof | |
| KR102424293B1 (en) | Storage system and method for performing secure write protect thereof | |
| US9996456B2 (en) | Solid-state disk, and user system comprising same | |
| TWI497297B (en) | Portable storage device and its data security control method | |
| KR20160118602A (en) | Data storage device and devices having same | |
| TWI454908B (en) | Memory configuring method, memory controller and memory storage apparatus | |
| US20170115886A1 (en) | Storage device and method of performing a write operation by the same | |
| JP6318073B2 (en) | Electronics | |
| TWI451250B (en) | Memory configuring method, memory controller and memory storage apparatus | |
| TWI674531B (en) | Data storage device and method for operating the same | |
| KR20160017583A (en) | Memory card and storage system having authentication program and method for operating thereof | |
| US20180074713A1 (en) | Tagging in a storage device | |
| EP3961451B1 (en) | Storage device | |
| US20210240642A1 (en) | Data storage device with an exclusive channel for flag checking of read data, and non-volatile memory control method | |
| US20140259183A1 (en) | Portable storage device and data security-control method thereof |