TWI709044B - Storage apparatus managing method and storage apparatus managing system - Google Patents
Storage apparatus managing method and storage apparatus managing system Download PDFInfo
- Publication number
- TWI709044B TWI709044B TW108124410A TW108124410A TWI709044B TW I709044 B TWI709044 B TW I709044B TW 108124410 A TW108124410 A TW 108124410A TW 108124410 A TW108124410 A TW 108124410A TW I709044 B TWI709044 B TW I709044B
- Authority
- TW
- Taiwan
- Prior art keywords
- storage device
- authentication information
- device management
- control module
- portable electronic
- Prior art date
Links
Images
Abstract
Description
本發明有關於儲存裝置管理方法以及儲存裝置管理系統,特別有關於可對儲存裝置進行加密保護的儲存裝置管理方法以及儲存裝置管理系統。The present invention relates to a storage device management method and a storage device management system, and particularly relates to a storage device management method and a storage device management system that can encrypt storage devices.
近年來,可攜式電子裝置例如手機、平板電腦、穿戴式電子裝置越來越普及。然而,可攜式電子裝置通常會有容量較小的問題,若要增加可攜式電子裝置的容量,通常是增加可攜式電子裝置本身的內部記憶體的容量,或者是在可攜式電子裝置裝設外部記憶卡。然而,內部記憶體容量較大的可攜式電子裝置其價格通常相當昂貴。而外部記憶卡因體積相當小,自可攜式電子裝置移除後容易遺失,且有些可攜式電子裝置並不支援外部記憶卡。In recent years, portable electronic devices such as mobile phones, tablet computers, and wearable electronic devices have become more popular. However, portable electronic devices usually have the problem of small capacity. To increase the capacity of the portable electronic device, it is usually to increase the internal memory capacity of the portable electronic device itself, or to increase the capacity of the portable electronic device itself. The device is equipped with an external memory card. However, portable electronic devices with large internal memory capacity are usually quite expensive. Since the external memory card is relatively small in size, it is easy to lose it after being removed from the portable electronic device, and some portable electronic devices do not support the external memory card.
因此,可攜式電子裝置專用的隨身碟 (flash disk)越來越普及。此類隨身碟不僅可提供較大的記憶體容量給可攜式電子裝置,也方便使用者攜帶。然而,可攜式裝置所使用的隨身碟通常未具有保密功能,因此會讓儲存在隨身碟內的資料有被竊取的風險。Therefore, flash disks dedicated to portable electronic devices are becoming more and more popular. This type of flash drive not only provides a larger memory capacity for portable electronic devices, but is also convenient for users to carry. However, the pen drive used by the portable device usually does not have a security function, so the data stored in the pen drive is at risk of being stolen.
因此,本發明一目的為提供一種儲存裝置管理方法,來對可攜式電子裝置的儲存裝置提供加密保護。Therefore, an object of the present invention is to provide a storage device management method to provide encryption protection for the storage device of a portable electronic device.
本發明另一目的為提供一種儲存裝置管理系統,來對可攜式電子裝置的儲存裝置提供加密保護。Another object of the present invention is to provide a storage device management system to provide encryption protection for the storage device of a portable electronic device.
本發明一實施例揭露一種儲存裝置管理方法,使用在連接至一可攜式電子裝置的一儲存裝置上,包含:(a) 以該可攜式電子裝置接收認證資訊;(b) 使該可攜式電子裝置中的一儲存裝置管理程式傳送至少一確認指令給一控制模組,該確認指令用以確認該控制模組是否為一就緒狀態,其中該確認指令為Test Unit Ready command;(c) 若該控制模組被確認在該就緒狀態,且該認證資訊符合預定認證資訊,則使該可攜式電子裝置可讀取或可寫入該儲存裝置的一加密資料區;以及(d) 若該認證資訊不符合該預定認證資訊,則使該可攜式電子裝置無法存取該儲存裝置的該加密資料區。其中該(c) 步驟包含:若該控制模組於一預定時間週期內已接收到至少二該確認指令且被確認在該就緒狀態至少二次,且判斷該認證資訊符合預定認證資訊,則該控制模組使該可攜式電子裝置可讀取或可寫入該加密資料區;其中該儲存裝置管理程式在該認證資訊符合該預定認證資訊時,才產生該確認指令給該控制模組。An embodiment of the present invention discloses a storage device management method used on a storage device connected to a portable electronic device, including: (a) receiving authentication information with the portable electronic device; (b) enabling the portable electronic device A storage device management program in the portable electronic device sends at least one confirmation command to a control module, the confirmation command is used to confirm whether the control module is in a ready state, wherein the confirmation command is Test Unit Ready command; (c ) If the control module is confirmed to be in the ready state and the authentication information matches the predetermined authentication information, then the portable electronic device can be read or written to an encrypted data area of the storage device; and (d) If the authentication information does not conform to the predetermined authentication information, the portable electronic device cannot access the encrypted data area of the storage device. Wherein the step (c) includes: if the control module has received at least two confirmation commands within a predetermined period of time and has been confirmed to be in the ready state at least twice, and it is determined that the authentication information matches the predetermined authentication information, then The control module enables the portable electronic device to read or write to the encrypted data area; wherein the storage device management program generates the confirmation command to the control module when the authentication information matches the predetermined authentication information.
本發明另一實施例揭露一種儲存裝置管理系統,包含:一控制模組; 其中一可攜式電子裝置或連接該可攜式電子裝置的一儲存裝置接收認證資訊,該可攜式電子裝置中的一儲存裝置管理程式傳送至少一確認指令給該控制模組,該確認指令用以確認該控制模組是否為一就緒狀態,其中該確認指令為Test Unit Ready command;若該控制模組被確認在該就緒狀態,且該控制模組被通知該認證資訊符合預定認證資訊,則該儲存裝置管理程式控制該控制模組使該可攜式電子裝置可讀取或可寫入該儲存裝置的一加密資料區;若該認證資訊不符合該預定認證資訊,則該儲存裝置管理程式控制該控制模組使該可攜式電子裝置無法存取該儲存裝置的該加密資料區;其中該儲存裝置管理程式傳送至少二確認指令給該控制模組,若該控制模組於一預定時間週期內已接收到至少二該確認指令且被確認在該就緒狀態至少二次,且該控制模組被通知該認證資訊符合預定認證資訊,則該儲存裝置管理程式使該可攜式電子裝置可讀取或可寫入該加密資料區;其中該可攜式電子裝置更包含一認證資料接收裝置來接收該認證資訊,該儲存裝置管理程式在該認證資訊符合該預定認證資訊時,才產生該確認指令給該控制模組。Another embodiment of the present invention discloses a storage device management system, including: a control module; wherein a portable electronic device or a storage device connected to the portable electronic device receives authentication information, in the portable electronic device A storage device management program of ”sends at least one confirmation command to the control module, the confirmation command is used to confirm whether the control module is in a ready state, wherein the confirmation command is Test Unit Ready command; if the control module is confirmed In the ready state, and the control module is notified that the authentication information conforms to the predetermined authentication information, the storage device management program controls the control module so that the portable electronic device can read or write to one of the storage devices Encrypted data area; if the authentication information does not match the predetermined authentication information, the storage device management program controls the control module so that the portable electronic device cannot access the encrypted data area of the storage device; wherein the storage device manages The program sends at least two confirmation commands to the control module, if the control module has received at least two confirmation commands within a predetermined period of time and has been confirmed to be in the ready state at least twice, and the control module is notified of the If the authentication information conforms to the predetermined authentication information, the storage device management program makes the portable electronic device readable or writeable to the encrypted data area; wherein the portable electronic device further includes an authentication data receiving device to receive the authentication Information, the storage device management program generates the confirmation command to the control module only when the authentication information matches the predetermined authentication information.
根據前述實施例,可以對可攜式電子裝置所使用的儲存裝置進行妥善的資料保護,以避免儲存裝置中的資料被竊取,使得此類儲存裝置可兼具便利性以及安全性。According to the foregoing embodiments, the storage device used by the portable electronic device can be properly protected to prevent the data in the storage device from being stolen, so that such storage device can have both convenience and security.
以下將以多個實施例來說明本發明的技術內容。還請留意,各實施例中的元件,可以硬體的方式來實施 (例如電路),亦可以硬體加軟體的方式來實施 (例如在處理器中安裝程式)。此外,在以下實施例中,是以隨身碟為例來說明,但本發明所提供的儲存裝置管理系統以及儲存裝置管理方法可運用在隨身碟之外的儲存裝置。Hereinafter, a plurality of embodiments will be used to illustrate the technical content of the present invention. Please also note that the components in each embodiment can be implemented in hardware (for example, circuits), or in hardware plus software (for example, installing programs in a processor). In addition, in the following embodiments, a flash drive is taken as an example for description, but the storage device management system and storage device management method provided by the present invention can be applied to storage devices other than the flash drive.
第1圖繪示了根據本發明一實施例的儲存裝置管理系統的方塊圖。還請留意,在第1圖的實施例中是以控制模組107在隨身碟111中做為例子來說明,但控制模組107亦可以被設置在可攜式電子裝置100中。如第1圖所示,可攜式電子裝置100包含一儲存裝置管理程式105,而隨身碟111包含一控制模組107。儲存裝置管理程式105以及控制模組107可視為一儲存裝置管理系統。可攜式電子裝置100可為手機、平板電腦、穿戴式裝置等智慧型電子裝置。於一實施例中,可攜式電子裝置100運作於一行動作業系統 103 (mobile operating system),例如Android、Tizen、webOS、iOS等,但並不限定。於一實施例中,若可攜式電子裝置100運作於iOS,則隨身碟111須支援特定檔案系統例如FAT32或exFAT。儲存裝置管理程式105可藉由一主處理器來執行,此主處理器可為可攜式電子裝置100本身的主處理器,亦即此主處理器除了執行儲存裝置管理程式105外,亦用以控制可攜式電子裝置100的其他功能。於一實施例中,儲存裝置管理程式105獨立於行動作業系統103,亦即可自行動作業系統103移除。如此一來,可攜式電子裝置100無法執行讀取加密資料區115的動作,但其他功能不會被影響。儲存裝置管理程式105 可為各種形式的程式,於一實施例中,儲存裝置管理程式105為應用程式 (app, application)。Fig. 1 shows a block diagram of a storage device management system according to an embodiment of the invention. Please also note that in the embodiment of FIG. 1, the
於一實施例中,隨身碟111的資料區中包含一公開資料區113以及一加密資料區115。公開資料區113不須經過認證,只要隨身碟111已連接至可攜式電子裝置100,任何人均可透過可攜式電子裝置100讀取公開資料區113的資料,或將資料存至公開資料區113。而欲讀取加密資料區115,須經過認證程序,此認證程序通過了才可透過可攜式電子裝置100讀取或寫入加密資料區115。於一實施例中,使用者須輸入認證資訊CI到可攜式電子裝置100中的認證資訊接收裝置109,然後儲存裝置管理程式105會判斷認證資訊CI是否符合一預定認證資訊,若認證資訊CI符合預定認證資訊則通過認證程序 (即認證成功)。相反的,若認證資訊CI不符合預定認證資訊則不通過認證程序 (即認證失敗)。In one embodiment, the data area of the
認證資訊CI與預定認證資訊可為各種不同種類的資訊。舉例來說,認證資訊CI為使用者帳戶和密碼,而預定認證資訊為預定的使用者帳戶和密碼,且認證資訊接收裝置109為一使用者輸入介面,例如觸控螢幕。於另一例中,認證資訊CI為指紋,相對應的,預定認證資訊為預定的指紋,而認證資訊接收裝置109為一指紋辯識裝置。此外,認證資訊CI亦可為其他可作為身份認證使用的資訊例如聲紋、虹膜資訊、臉部資訊等。由於此類資訊種類相當多,於此不再詳述。The certification information CI and the predetermined certification information may be various types of information. For example, the authentication information CI is a user account and password, and the predetermined authentication information is a predetermined user account and password, and the authentication
儲存裝置管理程式105在判斷認證資訊CI符合預定認證資訊後,會傳送一切換指令SC給控制模組107,來使控制模組107將隨身碟111從公開資料區113切換至加密資料區115。於一實施例中,儲存裝置管理程式105會傳送一確認指令CC給控制模組107。此確認指令CC用以確認控制模組107是否已可讀取或寫入隨身碟111,即確認控制模組107是否已在就緒的狀態。因此,於一實施例中,須在控制模組107已回報就緒且控制模組107已接收到切換指令SC的狀況下,才會對隨身碟111進行切換的動作。After the storage
於一實施例中,儲存裝置管理程式105是在使用者輸入認證資訊CI後便產生確認指令CC給控制模組107。而在另一實施例中,儲存裝置管理程式105是在確認認證資訊CI符合特定認證資訊後,才產生確認指令CC給控制模組107。In one embodiment, the storage
此外,於一實施例中,儲存裝置管理程式105會在一預定時間週期內傳送兩次確認指令CC給控制模組107。亦即,儲存裝置管理程式105可連續的傳送兩次確認指令CC給控制模組107,或是在第一次傳送確認指令CC一段時間後再傳送第二次確認指令CC給控制模組107。而在此實施例中,須在控制模組107已相對應這兩次確認指令CC回報其已在就緒狀態兩次,且控制模組107已接收到切換指令SC的狀況下,才會對隨身碟111進行切換的動作。由於儲存裝置管理程式105做了兩次確認的動作,可避免控制模組107誤判而對隨身碟111進行切換。In addition, in one embodiment, the storage
確認指令CC在不同標準下可具有不同的格式,舉例來說,確認指令CC可為SCSI (Small Computer System Interface,小型電腦系統介面)標準中的 TEST UNIT READY command,但本發明並不限定於僅能使用SCSI標準。The confirmation command CC can have different formats under different standards. For example, the confirmation command CC can be the TEST UNIT READY command in the SCSI (Small Computer System Interface) standard, but the present invention is not limited to only SCSI standard can be used.
前述的”切換”是指可攜式電子裝置100原本只能讀取或寫入公開資料區113,將其”切換”至可讀取或寫入加密資料區115。於一實施例中,隨身碟111中會存有位址資訊,其紀錄了那些位址是公開資料區113,那些位址是加密資料區115。舉例來說,公開資料區113的位址為LBA0-LBAN,而加密資料區115為LBAN+1-LBAM。原本隨身碟111中的檔案系統 (file system)會將可讀取或可寫入的位址設定為LBA0-LBAN,因此可攜式電子裝置100原本只能讀取或寫入公開資料區113。而當欲切換至加密資料區115時,控制模組107會通知隨身碟111中的檔案系統將可讀取或可寫入的位址設定為LBAN+1-LBAM,如此可攜式電子裝置100便可讀取加密資料區115。The aforementioned “switching” means that the portable
第2-4圖繪示了第1圖所示的儲存裝置管理系統的實際運用例子。然請留意,這些例子僅是為了說明使用了本發明所提供的儲存裝置管理系統的可攜式電子裝置可能的呈現方式,各元件或介面的排列方式,位置,動作順序等並非用以現定本發明的範圍。Figures 2-4 show an example of actual use of the storage device management system shown in Figure 1. However, please note that these examples are only to illustrate the possible presentation methods of portable electronic devices using the storage device management system provided by the present invention. The arrangement of components or interfaces, positions, sequence of actions, etc. are not intended to be used in the current version. The scope of the invention.
如第2圖所示,可攜式電子裝置100包含一顯示螢幕201 (此例中為觸控螢幕),當隨身碟111連接至可攜式電子裝置100時,可攜式電子裝置100被預設為可讀取或可寫入前述公開資料區113。因此可攜式電子裝置100可顯示一資料畫面203,而資料畫面203會相對應的顯示公開資料區113中的公開檔案PF_1、PF_2。使用者可透過資料畫面203來讀取公開資料區113的資料或寫入資料到公開資料區113。使用者可點選一切換圖標(icon) 205 來使可攜式電子裝置100切換成讀取加密資料區205。As shown in Figure 2, the portable
如前所述,須通過認證程序才可切換至加密資料區205,而在第3圖的例子中,認證資訊是為使用者帳戶和密碼。因此,如第3圖所示,可攜式電子裝置100會顯示一認證畫面301,來讓使用者輸入使用者帳戶和密碼。此時顯示螢幕201即為第1圖中的認證資訊接收裝置109,而使用者輸入的使用者帳戶和密碼即為第1圖中的認證資訊CI。若可攜式電子裝置100的儲存裝置管理程式 (第1圖中的105)確認使用者帳戶和密碼符合預定的使用者帳戶和密碼,便會將隨身碟111切換成加密資料區115。如第4圖所示,顯示螢幕201會顯示一資料畫面401,讓使用者可讀取加密資料區中的加密檔案EF_1、EF_2…或可將資料增加到加密資料區115。若認證資訊為其他種類的資訊,則認證畫面301可以僅顯示一訊息,來通知使用者透過可攜式電子裝置100上的認證資訊接收裝置,例如相機、指紋辨識裝置等,來輸入認證資訊。As mentioned above, the
於一實施例中,隨身碟111僅具有加密資料區而沒有公開資料區。於此情況下,隨身碟111連接至可攜式電子裝置100後便會如第3圖般顯示認證畫面,而不會如第2圖般顯示公開資料區。此類變化或組合均應包含在本發明涵蓋的範圍內。In one embodiment, the
於前述實施例中,均是透過可攜式電子裝置來接收認證資訊,而在其他實施例中,可透過隨身碟來接收認證資訊。第5圖繪示了根據本發明另一實施例的儲存裝置管理系統的方塊圖。同樣的,在第5圖的實施例中是以控制模組505在隨身碟509中做為例子來說明,但控制模組505亦可以被設置在可攜式電子裝置500中。如第5圖所示,可攜式電子裝置500包含一儲存裝置管理程式503,而隨身碟509包含了一控制模組505。儲存裝置管理程式以及控制模組505可視為一儲存裝置管理系統。於一實施例中,可攜式電子裝置500運作於一行動作業系統 507 (mobile operating system),例如Android、Tizen、webOS、iOS等,但並不限定。於一實施例中,若可攜式電子裝置500運作於iOS,則隨身碟509須支援特定檔案系統例如FAT32或exFAT。儲存裝置管理程式503、控制模組505以及行動作業系統 507的詳細內容與第1圖中的儲存裝置管理程式105、控制模組107以及行動作業系統 103大致相同,相同的內容於此不再贅述。In the foregoing embodiments, the authentication information is received through a portable electronic device, while in other embodiments, the authentication information may be received through a flash drive. Figure 5 shows a block diagram of a storage device management system according to another embodiment of the invention. Similarly, in the embodiment of FIG. 5, the
隨身碟509更包含了一認證資訊判斷裝置511,而其資料區包含一公開資料區513以及一加密資料區515。認證資訊判斷裝置511除了接收認證資訊CI外,更用以判斷認證資訊CI是否符合預定認證資訊,並將判斷結果CR傳送給控制模組505。若判斷結果CR為認證資訊CI符合預定認證資訊,則控制模組505會控制隨身碟509從公開資料區513切換成加密資料區515。於一實施例中,認證資訊判斷裝置511僅具有接收認證資訊CI的功能,並會將接收認證資訊CI傳送給儲存裝置管理程式503,並由儲存裝置管理程式503判斷認證資訊CI是否符合預定認證資訊,若認證資訊CI符合預定認證資訊則由儲存裝置管理程式503傳送第1圖中的切換指令SC給控制模組505,使控制模組505對隨身碟509進行切換。The
第5圖的實施例中,認證資訊CI與預定認證資訊可為各種不同種類的資訊。舉例來說,認證資訊CI為指紋,相對應的,預定認證資訊為預定的指紋,而認證資訊判斷裝置511為一指紋辨識器。於另一例中,認證資訊CI為聲紋,相對應的,預定認證資訊為預定的聲紋,而認證資訊判斷裝置511為一聲紋辨識器。此外,認證資訊CI亦可為其他可作為身份認證使用的資訊例如虹膜資訊等。由於此類資訊種類相當多,於此不再一一詳述。In the embodiment of FIG. 5, the authentication information CI and the predetermined authentication information can be various types of information. For example, the authentication information CI is a fingerprint, correspondingly, the predetermined authentication information is a predetermined fingerprint, and the authentication
於一實施例中,由於認證資訊判斷裝置511位於隨身碟509,儲存裝置管理程式503無法得知認證資訊判斷裝置511何時會開始認證動作,舉例來說,若認證資訊判斷裝置511為一指紋辨識裝置,當手指放到認證資訊判斷裝置511上時即會開始認證動作。因此儲存裝置管理程式503會持續的傳送確認指令CC給控制模組505。而確認控制模組505在就緒狀態且判斷結果CR為認證資訊CI符合預定認證資訊後,才會控制隨身碟509進行切換。於一實施例中,認證資訊判斷裝置511會將認證資訊CI傳送給儲存裝置管理程式503,並由儲存裝置管理程式503判斷認證資訊CI是否符合預定認證資訊,若認證資訊CI符合預定認證資訊則由儲存裝置管理程式503傳送第1圖中的切換指令SC以及確認指令CC給控制模組505,使控制模組505對隨身碟509進行切換。此實施例中認證資訊判斷裝置511可替換為一認證資訊接收裝置。於另一實施例中,認證資訊判斷裝置511會將接收認證結果CR傳送給儲存裝置管理程式503,若認證結果CR顯示認證資訊CI符合預定認證資訊,則由儲存裝置管理程式503傳送第1圖中的切換指令SC以及確認指令CC給控制模組505,使控制模組505對隨身碟509進行切換。In one embodiment, since the authentication
第6圖繪示了第5圖所示的儲存裝置管理系統的實際運用例子。當隨身碟509連接到可攜式電子裝置600,可攜式電子裝置600的顯示螢幕601會顯示如第2圖所示般的公開資料區 (未繪示在第6圖中)。當使用者透過認證資訊辨識裝置511認證成功後,顯示螢幕601會顯示如第4圖所示般的加密資料區(未繪示在第6圖中)。Figure 6 shows an example of actual application of the storage device management system shown in Figure 5. When the
於一實施例中,隨身碟509僅具有加密資料區而沒有公開資料區。於此情況下,隨身碟509連接至可攜式電子裝置600後不會如第2圖般顯示公開資料區,此時儲存裝置管理程式503會控制可攜式電子裝置500如第6圖所示般於螢幕601上顯示”請進行認證”等訊息。此類變化或組合均應包含在本發明涵蓋的範圍內。於一實施例中,隨身碟509可更包含一指示區603,用以通知使用者認證成功或認證失敗,或者是認證資訊判斷裝置511本身無法正常運作。舉例來說,指示區603可包裝至少一光源,並使光源根據不同的狀態產生不同狀態的光。In one embodiment, the
在以下實施例中,本發明提供了更進一步的資料保護方式。第7圖繪示了根據本發明另一實施例的儲存裝置管理系統的方塊圖。同樣的,在第7圖的實施例中是以控制模組705在隨身碟707中做為例子來說明,但控制模組705亦可以被設置在可攜式電子裝置700中。如第7圖所示,可攜式電子裝置700包含了儲存裝置管理程式703,而隨身碟707包含了一控制模組705。儲存裝置管理程式703會計算認證失敗的次數,例如在第3圖的實施例中,使用者帳戶或密碼輸入錯誤時,認證失敗次數便會加1。而在第5圖的實施例中,儲存裝置管理程式503亦可接收判斷結果CR並計算認證失敗次數。當認證失敗次數不小於 (即大於或等於)一失敗臨界值時,儲存裝置管理程式703會產生一刪除指令EC給控制模組705,然後控制模組705會對隨身碟707的資料進行刪除動作。In the following examples, the present invention provides a further way of data protection. FIG. 7 shows a block diagram of a storage device management system according to another embodiment of the invention. Similarly, in the embodiment of FIG. 7, the
於一實施例中,刪除動作會僅刪除掉使用者寫入隨身碟707中的儲存資料711,但不會刪除用以控制隨身碟動作的系統資料709。而在另一實施例中,會先刪除掉儲存資料711,然後刪除掉系統資料709,接著將所有的資料都刪除。舉例來說,連空白資料 (spare data)亦會一起刪除。In one embodiment, the deletion operation will only delete the stored
於一實施例中,此刪除動作為刪除資料可回復的刪除動作。舉例來說,控制模組705僅把資料的索引資料刪掉,如在查詢索引資料時,就不會判定原來儲存資料的空間有資料存在,但實際上資料還是存在原來的位置。在另一實施例中,刪除動作為不可回復的刪除動作,舉例來說,在欲刪除資料原本的儲存空間覆寫資料,如此原本的儲存資料便會徹底的被刪除。然請留意,這些可回復和不可回復的刪除動作僅用以舉例,並非用以限定本發明。In one embodiment, the delete action is a delete action in which deleted data can be restored. For example, the
第8圖繪示了第7圖所示的實施例部份動作的流程圖,其包含下列步驟:Figure 8 shows a flowchart of part of the operation of the embodiment shown in Figure 7, which includes the following steps:
步驟801
判斷是否認證成功,若是則到步驟803,若否則到步驟805。It is judged whether the authentication is successful, if yes, go to step 803, if not, go to step 805.
步驟803
讀取加密資料區。Read the encrypted data area.
步驟805
判斷認證失敗次數是否大於臨界失敗次數?若是則到步驟807,若否則認證失敗次數累計1次,然後回到步驟801等待下一次的認證程序。Determine whether the number of authentication failures is greater than the critical number of failures? If yes, go to step 807, if otherwise, the number of authentication failures accumulates once, and then return to step 801 to wait for the next authentication procedure.
步驟807
對隨身碟的資料進行刪除動作。Delete the data on the flash drive.
如前所述,在一實施例中,刪除動作會僅刪除掉使用者寫入隨身碟中的儲存資料,但不會刪除用以控制隨身碟動作的系統資料。而在另一實施例中,會先刪除掉儲存資料,然後刪除掉系統資料,接著將所有的資料都刪除。此外,於一實施例中,此刪除動作為刪除資料可回復的刪除動作。As mentioned above, in one embodiment, the deletion operation will only delete the stored data written in the flash drive by the user, but will not delete the system data used to control the operation of the flash drive. In another embodiment, the storage data will be deleted first, then the system data will be deleted, and then all the data will be deleted. In addition, in one embodiment, the delete action is a delete action in which deleted data can be restored.
第9-10圖繪示了第7圖所示的儲存裝置管理系統的實際運用例子。如第9圖所示,當隨身碟707連接到可攜式電子裝置700且使用者認證失敗時,可攜式電子裝置700的顯示螢幕702會顯示出警告訊息。舉例來說,顯示螢幕702會顯示出認證失敗次數,並告知使用者達到一定次數將被刪除。要顯示那些警告訊息,可透過前述的儲存裝置管理程式進行設定。亦可不顯示任何訊息,在認證失敗次數達到臨界失敗次數後便直接進行刪除動作。Figures 9-10 show an example of actual use of the storage device management system shown in Figure 7. As shown in FIG. 9, when the portable
第10圖的實施例中,更提供了一刪除動作的停止程序,讓使用者可避免因誤操作或是認證失敗次數計算錯誤而將隨身碟的資料中刪除。儲存裝置管理程式在即將開始刪除動作前,會先顯示如第10圖所示的警告訊息,並顯示一停止碼輸入介面901,讓使用者可以預先設定的停止碼來停止刪除動作。是否要提供停止程序,要顯示何種錯誤訊息,以及停止碼的設定,均可透過前述的儲存裝置管理程式進行設定。In the embodiment in FIG. 10, a procedure for stopping the delete action is provided, so that the user can avoid deleting the data in the flash drive due to misoperation or incorrect calculation of the number of authentication failures. The storage device management program will display a warning message as shown in Figure 10 and a stop
第11圖繪示了根據本發明一實施例的隨身碟控制介面的示意圖,其可用以執行前述的實施例。於一實施例中,第11圖所示的隨身碟控制介面是運作在Android系統下的控制介面。FIG. 11 is a schematic diagram of a control interface of a pen drive according to an embodiment of the present invention, which can be used to implement the aforementioned embodiments. In one embodiment, the pen drive control interface shown in Figure 11 is a control interface operating under the Android system.
如第11圖所示,圖標1101 用以開啟隨身碟,在未登入帳戶的情況下,其僅可讀取公開資料區的資料。圖標1103用以取得隨身碟的硬體資訊,例如ID(Vendor ID,供應商識別碼)和PID(Product ID,產品識別碼)。圖標1105用以關掉讀取隨身碟的介面。圖標1107用以顯示或修改使用者的資訊,例如姓名等。圖標1109用以登入可讀取隨身碟加密區的使用者帳戶,其啟動後可顯示如第3圖所示的介面。圖標1111用以登出可讀取隨身碟加密區的使用者帳戶。圖標1113用以修改使用者帳戶密碼,執行後可在密碼區1119和1121輸入現有密碼和新密碼來修改。圖標1115用以顯示給使用者的提示,讓使用者可在不知如何操作時可藉由提示區1123得到協助。圖標1117可用以刪除隨身碟中所有資料,As shown in Figure 11, the
如前所述,本發明提供的儲存裝置管理系統可運用在隨身碟之外的儲存裝置,因此根據前述實施例可得到如第12圖所示的儲存裝置管理方法,其包含下列步驟:As mentioned above, the storage device management system provided by the present invention can be applied to storage devices other than pen drives. Therefore, according to the foregoing embodiment, the storage device management method shown in Figure 12 can be obtained, which includes the following steps:
步驟1201
以可攜式電子裝置 (例如第1圖實施例) 或儲存裝置(例如第5圖實施例)接收認證資訊。A portable electronic device (such as the embodiment in Figure 1) or a storage device (such as the embodiment in Figure 5) is used to receive the authentication information.
步驟1203
使可攜式電子裝置中的一儲存裝置管理程式傳送至少一確認指令 (例如第1圖、第5圖中的確認指令CC) 給一控制模組,確認指令用以確認控制模組是否為一就緒狀態。Make a storage device management program in the portable electronic device send at least one confirmation command (such as the confirmation command CC in Figure 1 and Figure 5) to a control module, and the confirmation command is used to confirm whether the control module is one Ready state.
步驟1205
若控制模組被確認在就緒狀態,且認證資訊符合預定認證資訊,則使可攜式電子裝置可讀取或可寫入儲存裝置的一加密資料區。If the control module is confirmed to be in the ready state and the authentication information matches the predetermined authentication information, an encrypted data area of the storage device can be read or written to by the portable electronic device.
步驟1207
若認證資訊不符合預定認證資訊,則使可攜式電子裝置無法存取儲存裝置的該加密資料區。If the authentication information does not match the predetermined authentication information, the portable electronic device cannot access the encrypted data area of the storage device.
其他詳細步驟可根據前述實施例推得,故在此不再贅述。Other detailed steps can be derived according to the foregoing embodiment, so they will not be repeated here.
根據前述實施例,可以對可攜式電子裝置所使用的儲存裝置進行妥善的資料保護,以避免儲存裝置中的資料被竊取,使得此類儲存裝置可兼具便利性以及安全性。 以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。According to the foregoing embodiments, the storage device used by the portable electronic device can be properly protected to prevent the data in the storage device from being stolen, so that such storage device can have both convenience and security. The foregoing descriptions are only preferred embodiments of the present invention, and all equivalent changes and modifications made in accordance with the scope of the patent application of the present invention shall fall within the scope of the present invention.
100、500、600、700‧‧‧可攜式電子裝置
105、503、703‧‧‧儲存裝置管理程式
107、505、705‧‧‧控制模組
103、507‧‧‧行動作業系統
109、511‧‧‧認證資訊接收裝置
111、509、707‧‧‧隨身碟
113、513‧‧‧公開資料區
115、515‧‧‧加密資料區
201、601、702顯示螢幕
203、401‧‧‧資料畫面
205‧‧‧切換圖符
301‧‧‧認證畫面
603‧‧‧指示區
709‧‧‧系統資料
711‧‧‧儲存資料
901‧‧‧停止碼輸入介面
1100‧‧‧隨身碟控制介面
1101-1117‧‧‧圖標
1119、1121‧‧‧密碼區
1123‧‧‧提示區
PF_1、PF_2‧‧‧公開檔案
EF_1、EF_2‧‧‧加密檔案100, 500, 600, 700‧‧‧Portable
第1圖繪示了根據本發明一實施例的儲存裝置管理系統的方塊圖。 第2-4圖繪示了第1圖所示的儲存裝置管理系統的實際運用例子。 第5圖繪示了根據本發明另一實施例的儲存裝置管理系統的方塊圖。 第6圖繪示了第5圖所示的儲存裝置管理系統的實際運用例子。 第7圖繪示了根據本發明另一實施例的儲存裝置管理系統的方塊圖。 第8圖繪示了第7圖所示的實施例部份動作的流程圖 第9-10圖繪示了第7圖所示的儲存裝置管理系統的實際運用例子。 第11圖繪示了根據本發明一實施例的隨身碟控制介面的示意圖。 第12圖繪示了根據本發明一實施例的儲存裝置管理方法的流程圖。Fig. 1 shows a block diagram of a storage device management system according to an embodiment of the invention. Figures 2-4 show an example of actual use of the storage device management system shown in Figure 1. Figure 5 shows a block diagram of a storage device management system according to another embodiment of the invention. Figure 6 shows an example of actual application of the storage device management system shown in Figure 5. FIG. 7 shows a block diagram of a storage device management system according to another embodiment of the invention. Figure 8 shows a flowchart of some actions of the embodiment shown in Figure 7 Figures 9-10 show an example of actual use of the storage device management system shown in Figure 7. FIG. 11 is a schematic diagram of a control interface of a pen drive according to an embodiment of the invention. FIG. 12 shows a flowchart of a storage device management method according to an embodiment of the invention.
100‧‧‧可攜式電子裝置 100‧‧‧Portable Electronic Device
103‧‧‧行動作業系統 103‧‧‧Mobile Operating System
105‧‧‧儲存裝置管理程式 105‧‧‧Storage Device Management Program
107‧‧‧控制模組 107‧‧‧Control Module
109‧‧‧認證資訊接收裝置 109‧‧‧Authentication information receiving device
111‧‧‧隨身碟 111‧‧‧Flash Drive
113‧‧‧公開資料區 113‧‧‧Public Information Area
115‧‧‧加密資料區 115‧‧‧Encrypted data area
Claims (22)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201762525223P | 2017-06-27 | 2017-06-27 | |
US62/525,223 | 2017-06-27 |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201939289A TW201939289A (en) | 2019-10-01 |
TWI709044B true TWI709044B (en) | 2020-11-01 |
Family
ID=66213347
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW107100034A TWI669608B (en) | 2017-06-27 | 2018-01-02 | Storage apparatus managing method and storage apparatus managing system |
TW108124410A TWI709044B (en) | 2017-06-27 | 2018-01-02 | Storage apparatus managing method and storage apparatus managing system |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW107100034A TWI669608B (en) | 2017-06-27 | 2018-01-02 | Storage apparatus managing method and storage apparatus managing system |
Country Status (1)
Country | Link |
---|---|
TW (2) | TWI669608B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI775098B (en) * | 2020-06-17 | 2022-08-21 | 和碩聯合科技股份有限公司 | Removable storage device and data protection method thereof |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201245956A (en) * | 2011-05-04 | 2012-11-16 | Chien-Kang Yang | Memory card and its access, data encryption, golden key generation and changing method |
CN202694325U (en) * | 2011-07-05 | 2013-01-23 | 施胜元 | Intelligent mobile phone data backup device |
US8898807B2 (en) * | 2012-10-11 | 2014-11-25 | Phison Electronics Corp. | Data protecting method, mobile communication device, and memory storage device |
-
2018
- 2018-01-02 TW TW107100034A patent/TWI669608B/en active
- 2018-01-02 TW TW108124410A patent/TWI709044B/en active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201245956A (en) * | 2011-05-04 | 2012-11-16 | Chien-Kang Yang | Memory card and its access, data encryption, golden key generation and changing method |
CN202694325U (en) * | 2011-07-05 | 2013-01-23 | 施胜元 | Intelligent mobile phone data backup device |
US8898807B2 (en) * | 2012-10-11 | 2014-11-25 | Phison Electronics Corp. | Data protecting method, mobile communication device, and memory storage device |
TWI479358B (en) * | 2012-10-11 | 2015-04-01 | Phison Electronics Corp | Data protecting method, mobile communication device and memory storage device |
Also Published As
Publication number | Publication date |
---|---|
TWI669608B (en) | 2019-08-21 |
TW201905704A (en) | 2019-02-01 |
TW201939289A (en) | 2019-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI559167B (en) | A unified extensible firmware interface(uefi)-compliant computing device and a method for administering a secure boot in the uefi-compliant computing device | |
JP5402498B2 (en) | INFORMATION STORAGE DEVICE, INFORMATION STORAGE PROGRAM, RECORDING MEDIUM CONTAINING THE PROGRAM, AND INFORMATION STORAGE METHOD | |
CN110516428B (en) | Data reading and writing method and device of mobile storage equipment and storage medium | |
CN105934751B (en) | Data erasure for target devices | |
US7523281B2 (en) | Authenticating hardware for manually enabling and disabling read and write protection to parts of a storage disk or disks for users | |
JP2011210129A (en) | Storage device, data processing device, registration method, and computer program | |
CN110598384B (en) | Information protection method, information protection device and mobile terminal | |
KR102195344B1 (en) | Security system and method for computer using usb storage medium | |
JP5319830B2 (en) | Data protection method and computer apparatus | |
US20050193195A1 (en) | Method and system for protecting data of storage unit | |
TWI709044B (en) | Storage apparatus managing method and storage apparatus managing system | |
CN113918953A (en) | Trusted server security control device and method and trusted server | |
US10839055B2 (en) | Storage apparatus managing method and storage apparatus managing system | |
CN109583197B (en) | Trusted overlay file encryption and decryption method | |
US20080059740A1 (en) | Hardware for manually enabling and disabling read and write protection to parts of a storage disk or disks for users | |
JP2018139025A (en) | Data erasing method, data erasing program, computer with data erasing program and data erasing management server | |
JP6650755B2 (en) | Remote destruction system and remote destruction method for storage device | |
CN103020509A (en) | Terminal equipment encryption and decryption method, device and terminal equipment | |
US20070033648A1 (en) | Method for Executing Commands to Control a Portable Storage Device | |
TW200411392A (en) | Data protection method and system for storage unit | |
JPH11272562A (en) | Storage contents deletion method for computer system and storage medium | |
JP4968634B1 (en) | Computer system | |
CN108536641B (en) | Communication mechanism and method for realizing Windows embedded system safety guide by using same | |
JP6860800B1 (en) | Information processing equipment, information processing systems, and programs | |
TWI416931B (en) | System and method for deleting data stored in the mobile phone automatically |