TWI709044B - Storage apparatus managing method and storage apparatus managing system - Google Patents

Storage apparatus managing method and storage apparatus managing system Download PDF

Info

Publication number
TWI709044B
TWI709044B TW108124410A TW108124410A TWI709044B TW I709044 B TWI709044 B TW I709044B TW 108124410 A TW108124410 A TW 108124410A TW 108124410 A TW108124410 A TW 108124410A TW I709044 B TWI709044 B TW I709044B
Authority
TW
Taiwan
Prior art keywords
storage device
authentication information
device management
control module
portable electronic
Prior art date
Application number
TW108124410A
Other languages
Chinese (zh)
Other versions
TW201939289A (en
Inventor
周麗玲
林昭宇
Original Assignee
慧榮科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 慧榮科技股份有限公司 filed Critical 慧榮科技股份有限公司
Publication of TW201939289A publication Critical patent/TW201939289A/en
Application granted granted Critical
Publication of TWI709044B publication Critical patent/TWI709044B/en

Links

Images

Abstract

A storage device managing method, comprising: (a) receiving authentication information via a portable electronic device; (b) transmitting a confirming command to a control module, to confirm if the control module is in a ready state; and (c) controlling the portable electronic apparatus to be capable of accessing an encrypted data region of the storage apparatus, if the control module is in the ready state and the identifying information matches predetermined identifying information. The step (c) comprises : if the control module has received confirmation commands and is confirmed to be in the ready state at least twice, and the authentication information meets the predetermined authentication information, the portable electronic device is controlled to be capable of accessing the encrypted data region. The storage device managing program only generates the confirming command when the authentication information meets the predetermined authentication information.

Description

儲存裝置管理方法以及儲存裝置管理系統Storage device management method and storage device management system

本發明有關於儲存裝置管理方法以及儲存裝置管理系統,特別有關於可對儲存裝置進行加密保護的儲存裝置管理方法以及儲存裝置管理系統。The present invention relates to a storage device management method and a storage device management system, and particularly relates to a storage device management method and a storage device management system that can encrypt storage devices.

近年來,可攜式電子裝置例如手機、平板電腦、穿戴式電子裝置越來越普及。然而,可攜式電子裝置通常會有容量較小的問題,若要增加可攜式電子裝置的容量,通常是增加可攜式電子裝置本身的內部記憶體的容量,或者是在可攜式電子裝置裝設外部記憶卡。然而,內部記憶體容量較大的可攜式電子裝置其價格通常相當昂貴。而外部記憶卡因體積相當小,自可攜式電子裝置移除後容易遺失,且有些可攜式電子裝置並不支援外部記憶卡。In recent years, portable electronic devices such as mobile phones, tablet computers, and wearable electronic devices have become more popular. However, portable electronic devices usually have the problem of small capacity. To increase the capacity of the portable electronic device, it is usually to increase the internal memory capacity of the portable electronic device itself, or to increase the capacity of the portable electronic device itself. The device is equipped with an external memory card. However, portable electronic devices with large internal memory capacity are usually quite expensive. Since the external memory card is relatively small in size, it is easy to lose it after being removed from the portable electronic device, and some portable electronic devices do not support the external memory card.

因此,可攜式電子裝置專用的隨身碟 (flash disk)越來越普及。此類隨身碟不僅可提供較大的記憶體容量給可攜式電子裝置,也方便使用者攜帶。然而,可攜式裝置所使用的隨身碟通常未具有保密功能,因此會讓儲存在隨身碟內的資料有被竊取的風險。Therefore, flash disks dedicated to portable electronic devices are becoming more and more popular. This type of flash drive not only provides a larger memory capacity for portable electronic devices, but is also convenient for users to carry. However, the pen drive used by the portable device usually does not have a security function, so the data stored in the pen drive is at risk of being stolen.

因此,本發明一目的為提供一種儲存裝置管理方法,來對可攜式電子裝置的儲存裝置提供加密保護。Therefore, an object of the present invention is to provide a storage device management method to provide encryption protection for the storage device of a portable electronic device.

本發明另一目的為提供一種儲存裝置管理系統,來對可攜式電子裝置的儲存裝置提供加密保護。Another object of the present invention is to provide a storage device management system to provide encryption protection for the storage device of a portable electronic device.

本發明一實施例揭露一種儲存裝置管理方法,使用在連接至一可攜式電子裝置的一儲存裝置上,包含:(a) 以該可攜式電子裝置接收認證資訊;(b) 使該可攜式電子裝置中的一儲存裝置管理程式傳送至少一確認指令給一控制模組,該確認指令用以確認該控制模組是否為一就緒狀態,其中該確認指令為Test Unit Ready command;(c) 若該控制模組被確認在該就緒狀態,且該認證資訊符合預定認證資訊,則使該可攜式電子裝置可讀取或可寫入該儲存裝置的一加密資料區;以及(d) 若該認證資訊不符合該預定認證資訊,則使該可攜式電子裝置無法存取該儲存裝置的該加密資料區。其中該(c) 步驟包含:若該控制模組於一預定時間週期內已接收到至少二該確認指令且被確認在該就緒狀態至少二次,且判斷該認證資訊符合預定認證資訊,則該控制模組使該可攜式電子裝置可讀取或可寫入該加密資料區;其中該儲存裝置管理程式在該認證資訊符合該預定認證資訊時,才產生該確認指令給該控制模組。An embodiment of the present invention discloses a storage device management method used on a storage device connected to a portable electronic device, including: (a) receiving authentication information with the portable electronic device; (b) enabling the portable electronic device A storage device management program in the portable electronic device sends at least one confirmation command to a control module, the confirmation command is used to confirm whether the control module is in a ready state, wherein the confirmation command is Test Unit Ready command; (c ) If the control module is confirmed to be in the ready state and the authentication information matches the predetermined authentication information, then the portable electronic device can be read or written to an encrypted data area of the storage device; and (d) If the authentication information does not conform to the predetermined authentication information, the portable electronic device cannot access the encrypted data area of the storage device. Wherein the step (c) includes: if the control module has received at least two confirmation commands within a predetermined period of time and has been confirmed to be in the ready state at least twice, and it is determined that the authentication information matches the predetermined authentication information, then The control module enables the portable electronic device to read or write to the encrypted data area; wherein the storage device management program generates the confirmation command to the control module when the authentication information matches the predetermined authentication information.

本發明另一實施例揭露一種儲存裝置管理系統,包含:一控制模組; 其中一可攜式電子裝置或連接該可攜式電子裝置的一儲存裝置接收認證資訊,該可攜式電子裝置中的一儲存裝置管理程式傳送至少一確認指令給該控制模組,該確認指令用以確認該控制模組是否為一就緒狀態,其中該確認指令為Test Unit Ready command;若該控制模組被確認在該就緒狀態,且該控制模組被通知該認證資訊符合預定認證資訊,則該儲存裝置管理程式控制該控制模組使該可攜式電子裝置可讀取或可寫入該儲存裝置的一加密資料區;若該認證資訊不符合該預定認證資訊,則該儲存裝置管理程式控制該控制模組使該可攜式電子裝置無法存取該儲存裝置的該加密資料區;其中該儲存裝置管理程式傳送至少二確認指令給該控制模組,若該控制模組於一預定時間週期內已接收到至少二該確認指令且被確認在該就緒狀態至少二次,且該控制模組被通知該認證資訊符合預定認證資訊,則該儲存裝置管理程式使該可攜式電子裝置可讀取或可寫入該加密資料區;其中該可攜式電子裝置更包含一認證資料接收裝置來接收該認證資訊,該儲存裝置管理程式在該認證資訊符合該預定認證資訊時,才產生該確認指令給該控制模組。Another embodiment of the present invention discloses a storage device management system, including: a control module; wherein a portable electronic device or a storage device connected to the portable electronic device receives authentication information, in the portable electronic device A storage device management program of ”sends at least one confirmation command to the control module, the confirmation command is used to confirm whether the control module is in a ready state, wherein the confirmation command is Test Unit Ready command; if the control module is confirmed In the ready state, and the control module is notified that the authentication information conforms to the predetermined authentication information, the storage device management program controls the control module so that the portable electronic device can read or write to one of the storage devices Encrypted data area; if the authentication information does not match the predetermined authentication information, the storage device management program controls the control module so that the portable electronic device cannot access the encrypted data area of the storage device; wherein the storage device manages The program sends at least two confirmation commands to the control module, if the control module has received at least two confirmation commands within a predetermined period of time and has been confirmed to be in the ready state at least twice, and the control module is notified of the If the authentication information conforms to the predetermined authentication information, the storage device management program makes the portable electronic device readable or writeable to the encrypted data area; wherein the portable electronic device further includes an authentication data receiving device to receive the authentication Information, the storage device management program generates the confirmation command to the control module only when the authentication information matches the predetermined authentication information.

根據前述實施例,可以對可攜式電子裝置所使用的儲存裝置進行妥善的資料保護,以避免儲存裝置中的資料被竊取,使得此類儲存裝置可兼具便利性以及安全性。According to the foregoing embodiments, the storage device used by the portable electronic device can be properly protected to prevent the data in the storage device from being stolen, so that such storage device can have both convenience and security.

以下將以多個實施例來說明本發明的技術內容。還請留意,各實施例中的元件,可以硬體的方式來實施 (例如電路),亦可以硬體加軟體的方式來實施 (例如在處理器中安裝程式)。此外,在以下實施例中,是以隨身碟為例來說明,但本發明所提供的儲存裝置管理系統以及儲存裝置管理方法可運用在隨身碟之外的儲存裝置。Hereinafter, a plurality of embodiments will be used to illustrate the technical content of the present invention. Please also note that the components in each embodiment can be implemented in hardware (for example, circuits), or in hardware plus software (for example, installing programs in a processor). In addition, in the following embodiments, a flash drive is taken as an example for description, but the storage device management system and storage device management method provided by the present invention can be applied to storage devices other than the flash drive.

第1圖繪示了根據本發明一實施例的儲存裝置管理系統的方塊圖。還請留意,在第1圖的實施例中是以控制模組107在隨身碟111中做為例子來說明,但控制模組107亦可以被設置在可攜式電子裝置100中。如第1圖所示,可攜式電子裝置100包含一儲存裝置管理程式105,而隨身碟111包含一控制模組107。儲存裝置管理程式105以及控制模組107可視為一儲存裝置管理系統。可攜式電子裝置100可為手機、平板電腦、穿戴式裝置等智慧型電子裝置。於一實施例中,可攜式電子裝置100運作於一行動作業系統 103 (mobile operating system),例如Android、Tizen、webOS、iOS等,但並不限定。於一實施例中,若可攜式電子裝置100運作於iOS,則隨身碟111須支援特定檔案系統例如FAT32或exFAT。儲存裝置管理程式105可藉由一主處理器來執行,此主處理器可為可攜式電子裝置100本身的主處理器,亦即此主處理器除了執行儲存裝置管理程式105外,亦用以控制可攜式電子裝置100的其他功能。於一實施例中,儲存裝置管理程式105獨立於行動作業系統103,亦即可自行動作業系統103移除。如此一來,可攜式電子裝置100無法執行讀取加密資料區115的動作,但其他功能不會被影響。儲存裝置管理程式105 可為各種形式的程式,於一實施例中,儲存裝置管理程式105為應用程式 (app, application)。Fig. 1 shows a block diagram of a storage device management system according to an embodiment of the invention. Please also note that in the embodiment of FIG. 1, the control module 107 is used as an example in the flash drive 111 for illustration, but the control module 107 can also be provided in the portable electronic device 100. As shown in FIG. 1, the portable electronic device 100 includes a storage device management program 105, and the flash drive 111 includes a control module 107. The storage device management program 105 and the control module 107 can be regarded as a storage device management system. The portable electronic device 100 may be a smart electronic device such as a mobile phone, a tablet computer, and a wearable device. In one embodiment, the portable electronic device 100 operates on a mobile operating system 103 (mobile operating system), such as Android, Tizen, webOS, iOS, etc., but it is not limited. In one embodiment, if the portable electronic device 100 runs on iOS, the flash drive 111 must support a specific file system such as FAT32 or exFAT. The storage device management program 105 can be executed by a main processor, which can be the main processor of the portable electronic device 100 itself, that is, in addition to executing the storage device management program 105, the main processor also uses To control other functions of the portable electronic device 100. In one embodiment, the storage device management program 105 is independent of the mobile operating system 103 and can be removed from the mobile operating system 103. As a result, the portable electronic device 100 cannot perform the operation of reading the encrypted data area 115, but other functions will not be affected. The storage device management program 105 may be various forms of programs. In one embodiment, the storage device management program 105 is an application (app, application).

於一實施例中,隨身碟111的資料區中包含一公開資料區113以及一加密資料區115。公開資料區113不須經過認證,只要隨身碟111已連接至可攜式電子裝置100,任何人均可透過可攜式電子裝置100讀取公開資料區113的資料,或將資料存至公開資料區113。而欲讀取加密資料區115,須經過認證程序,此認證程序通過了才可透過可攜式電子裝置100讀取或寫入加密資料區115。於一實施例中,使用者須輸入認證資訊CI到可攜式電子裝置100中的認證資訊接收裝置109,然後儲存裝置管理程式105會判斷認證資訊CI是否符合一預定認證資訊,若認證資訊CI符合預定認證資訊則通過認證程序 (即認證成功)。相反的,若認證資訊CI不符合預定認證資訊則不通過認證程序 (即認證失敗)。In one embodiment, the data area of the flash drive 111 includes a public data area 113 and an encrypted data area 115. The public data area 113 does not need to be authenticated. As long as the flash drive 111 is connected to the portable electronic device 100, anyone can read the data in the public data area 113 through the portable electronic device 100, or save the data in the public data area 113. To read the encrypted data area 115, an authentication process is required, and the portable electronic device 100 can read or write to the encrypted data area 115 only after the authentication process is passed. In one embodiment, the user must input the authentication information CI to the authentication information receiving device 109 in the portable electronic device 100, and then the storage device management program 105 will determine whether the authentication information CI matches a predetermined authentication information, if the authentication information CI The information that meets the predetermined authentication will pass the authentication process (that is, the authentication is successful). On the contrary, if the authentication information CI does not conform to the predetermined authentication information, the authentication process is not passed (that is, authentication fails).

認證資訊CI與預定認證資訊可為各種不同種類的資訊。舉例來說,認證資訊CI為使用者帳戶和密碼,而預定認證資訊為預定的使用者帳戶和密碼,且認證資訊接收裝置109為一使用者輸入介面,例如觸控螢幕。於另一例中,認證資訊CI為指紋,相對應的,預定認證資訊為預定的指紋,而認證資訊接收裝置109為一指紋辯識裝置。此外,認證資訊CI亦可為其他可作為身份認證使用的資訊例如聲紋、虹膜資訊、臉部資訊等。由於此類資訊種類相當多,於此不再詳述。The certification information CI and the predetermined certification information may be various types of information. For example, the authentication information CI is a user account and password, and the predetermined authentication information is a predetermined user account and password, and the authentication information receiving device 109 is a user input interface, such as a touch screen. In another example, the authentication information CI is a fingerprint. Correspondingly, the predetermined authentication information is a predetermined fingerprint, and the authentication information receiving device 109 is a fingerprint recognition device. In addition, the authentication information CI can also be other information that can be used as identity authentication, such as voiceprint, iris information, facial information, etc. Since there are many types of such information, it will not be detailed here.

儲存裝置管理程式105在判斷認證資訊CI符合預定認證資訊後,會傳送一切換指令SC給控制模組107,來使控制模組107將隨身碟111從公開資料區113切換至加密資料區115。於一實施例中,儲存裝置管理程式105會傳送一確認指令CC給控制模組107。此確認指令CC用以確認控制模組107是否已可讀取或寫入隨身碟111,即確認控制模組107是否已在就緒的狀態。因此,於一實施例中,須在控制模組107已回報就緒且控制模組107已接收到切換指令SC的狀況下,才會對隨身碟111進行切換的動作。After the storage device management program 105 determines that the authentication information CI matches the predetermined authentication information, it sends a switching command SC to the control module 107 to make the control module 107 switch the flash drive 111 from the public data area 113 to the encrypted data area 115. In one embodiment, the storage device management program 105 sends a confirmation command CC to the control module 107. The confirmation command CC is used to confirm whether the control module 107 can read or write to the flash drive 111, that is, whether the control module 107 is in a ready state. Therefore, in one embodiment, the flash drive 111 must be switched only when the control module 107 has reported that it is ready and the control module 107 has received the switching command SC.

於一實施例中,儲存裝置管理程式105是在使用者輸入認證資訊CI後便產生確認指令CC給控制模組107。而在另一實施例中,儲存裝置管理程式105是在確認認證資訊CI符合特定認證資訊後,才產生確認指令CC給控制模組107。In one embodiment, the storage device management program 105 generates a confirmation command CC to the control module 107 after the user inputs the authentication information CI. In another embodiment, the storage device management program 105 generates the confirmation command CC to the control module 107 after confirming that the authentication information CI matches the specific authentication information.

此外,於一實施例中,儲存裝置管理程式105會在一預定時間週期內傳送兩次確認指令CC給控制模組107。亦即,儲存裝置管理程式105可連續的傳送兩次確認指令CC給控制模組107,或是在第一次傳送確認指令CC一段時間後再傳送第二次確認指令CC給控制模組107。而在此實施例中,須在控制模組107已相對應這兩次確認指令CC回報其已在就緒狀態兩次,且控制模組107已接收到切換指令SC的狀況下,才會對隨身碟111進行切換的動作。由於儲存裝置管理程式105做了兩次確認的動作,可避免控制模組107誤判而對隨身碟111進行切換。In addition, in one embodiment, the storage device management program 105 sends the confirmation command CC to the control module 107 twice within a predetermined time period. That is, the storage device management program 105 can continuously send the confirmation command CC to the control module 107 twice, or send the second confirmation command CC to the control module 107 after a period of time after the first confirmation command CC is sent. In this embodiment, the control module 107 has to report that it is in the ready state twice in response to the two confirmation commands CC, and the control module 107 has received the switching command SC, before the portable The disc 111 performs a switching operation. Since the storage device management program 105 performs two confirmation actions, it is possible to prevent the control module 107 from misjudging and switching the flash drive 111.

確認指令CC在不同標準下可具有不同的格式,舉例來說,確認指令CC可為SCSI (Small Computer System Interface,小型電腦系統介面)標準中的 TEST UNIT READY command,但本發明並不限定於僅能使用SCSI標準。The confirmation command CC can have different formats under different standards. For example, the confirmation command CC can be the TEST UNIT READY command in the SCSI (Small Computer System Interface) standard, but the present invention is not limited to only SCSI standard can be used.

前述的”切換”是指可攜式電子裝置100原本只能讀取或寫入公開資料區113,將其”切換”至可讀取或寫入加密資料區115。於一實施例中,隨身碟111中會存有位址資訊,其紀錄了那些位址是公開資料區113,那些位址是加密資料區115。舉例來說,公開資料區113的位址為LBA0-LBAN,而加密資料區115為LBAN+1-LBAM。原本隨身碟111中的檔案系統 (file system)會將可讀取或可寫入的位址設定為LBA0-LBAN,因此可攜式電子裝置100原本只能讀取或寫入公開資料區113。而當欲切換至加密資料區115時,控制模組107會通知隨身碟111中的檔案系統將可讀取或可寫入的位址設定為LBAN+1-LBAM,如此可攜式電子裝置100便可讀取加密資料區115。The aforementioned “switching” means that the portable electronic device 100 can only read or write the public data area 113 originally, and “switch” it to the encrypted data area 115 that can be read or written. In one embodiment, address information is stored in the flash drive 111, which records those addresses as the public data area 113 and those addresses as the encrypted data area 115. For example, the address of the public data area 113 is LBA0-LBAN, and the encrypted data area 115 is LBAN+1-LBAM. The original file system in the flash drive 111 sets the readable or writable address to LBA0-LBAN, so the portable electronic device 100 can only read or write to the public data area 113 originally. When it wants to switch to the encrypted data area 115, the control module 107 will notify the file system in the flash drive 111 to set the readable or writable address to LBAN+1-LBAM, so the portable electronic device 100 The encrypted data area 115 can be read.

第2-4圖繪示了第1圖所示的儲存裝置管理系統的實際運用例子。然請留意,這些例子僅是為了說明使用了本發明所提供的儲存裝置管理系統的可攜式電子裝置可能的呈現方式,各元件或介面的排列方式,位置,動作順序等並非用以現定本發明的範圍。Figures 2-4 show an example of actual use of the storage device management system shown in Figure 1. However, please note that these examples are only to illustrate the possible presentation methods of portable electronic devices using the storage device management system provided by the present invention. The arrangement of components or interfaces, positions, sequence of actions, etc. are not intended to be used in the current version. The scope of the invention.

如第2圖所示,可攜式電子裝置100包含一顯示螢幕201 (此例中為觸控螢幕),當隨身碟111連接至可攜式電子裝置100時,可攜式電子裝置100被預設為可讀取或可寫入前述公開資料區113。因此可攜式電子裝置100可顯示一資料畫面203,而資料畫面203會相對應的顯示公開資料區113中的公開檔案PF_1、PF_2。使用者可透過資料畫面203來讀取公開資料區113的資料或寫入資料到公開資料區113。使用者可點選一切換圖標(icon) 205 來使可攜式電子裝置100切換成讀取加密資料區205。As shown in Figure 2, the portable electronic device 100 includes a display screen 201 (a touch screen in this example). When the pen drive 111 is connected to the portable electronic device 100, the portable electronic device 100 is preset Set to be readable or writable in the aforementioned public data area 113. Therefore, the portable electronic device 100 can display a data screen 203, and the data screen 203 will correspondingly display the public files PF_1 and PF_2 in the public data area 113. The user can read data in the public data area 113 or write data to the public data area 113 through the data screen 203. The user can click a switch icon (icon) 205 to switch the portable electronic device 100 to read the encrypted data area 205.

如前所述,須通過認證程序才可切換至加密資料區205,而在第3圖的例子中,認證資訊是為使用者帳戶和密碼。因此,如第3圖所示,可攜式電子裝置100會顯示一認證畫面301,來讓使用者輸入使用者帳戶和密碼。此時顯示螢幕201即為第1圖中的認證資訊接收裝置109,而使用者輸入的使用者帳戶和密碼即為第1圖中的認證資訊CI。若可攜式電子裝置100的儲存裝置管理程式 (第1圖中的105)確認使用者帳戶和密碼符合預定的使用者帳戶和密碼,便會將隨身碟111切換成加密資料區115。如第4圖所示,顯示螢幕201會顯示一資料畫面401,讓使用者可讀取加密資料區中的加密檔案EF_1、EF_2…或可將資料增加到加密資料區115。若認證資訊為其他種類的資訊,則認證畫面301可以僅顯示一訊息,來通知使用者透過可攜式電子裝置100上的認證資訊接收裝置,例如相機、指紋辨識裝置等,來輸入認證資訊。As mentioned above, the encrypted data area 205 can only be switched to through the authentication process. In the example in Figure 3, the authentication information is the user account and password. Therefore, as shown in FIG. 3, the portable electronic device 100 will display an authentication screen 301 for the user to enter a user account and password. At this time, the display screen 201 is the authentication information receiving device 109 in Figure 1, and the user account and password entered by the user are the authentication information CI in Figure 1. If the storage device management program (105 in Figure 1) of the portable electronic device 100 confirms that the user account and password match the predetermined user account and password, it will switch the flash drive 111 to the encrypted data area 115. As shown in FIG. 4, the display screen 201 displays a data screen 401, so that the user can read the encrypted files EF_1, EF_2... in the encrypted data area or can add data to the encrypted data area 115. If the authentication information is other types of information, the authentication screen 301 may only display a message to notify the user to input the authentication information through the authentication information receiving device on the portable electronic device 100, such as a camera, a fingerprint recognition device, etc.

於一實施例中,隨身碟111僅具有加密資料區而沒有公開資料區。於此情況下,隨身碟111連接至可攜式電子裝置100後便會如第3圖般顯示認證畫面,而不會如第2圖般顯示公開資料區。此類變化或組合均應包含在本發明涵蓋的範圍內。In one embodiment, the flash drive 111 only has an encrypted data area and no public data area. In this case, after the flash drive 111 is connected to the portable electronic device 100, the authentication screen will be displayed as shown in FIG. 3, and the public data area will not be displayed as shown in FIG. Such changes or combinations should be included in the scope of the present invention.

於前述實施例中,均是透過可攜式電子裝置來接收認證資訊,而在其他實施例中,可透過隨身碟來接收認證資訊。第5圖繪示了根據本發明另一實施例的儲存裝置管理系統的方塊圖。同樣的,在第5圖的實施例中是以控制模組505在隨身碟509中做為例子來說明,但控制模組505亦可以被設置在可攜式電子裝置500中。如第5圖所示,可攜式電子裝置500包含一儲存裝置管理程式503,而隨身碟509包含了一控制模組505。儲存裝置管理程式以及控制模組505可視為一儲存裝置管理系統。於一實施例中,可攜式電子裝置500運作於一行動作業系統 507 (mobile operating system),例如Android、Tizen、webOS、iOS等,但並不限定。於一實施例中,若可攜式電子裝置500運作於iOS,則隨身碟509須支援特定檔案系統例如FAT32或exFAT。儲存裝置管理程式503、控制模組505以及行動作業系統 507的詳細內容與第1圖中的儲存裝置管理程式105、控制模組107以及行動作業系統 103大致相同,相同的內容於此不再贅述。In the foregoing embodiments, the authentication information is received through a portable electronic device, while in other embodiments, the authentication information may be received through a flash drive. Figure 5 shows a block diagram of a storage device management system according to another embodiment of the invention. Similarly, in the embodiment of FIG. 5, the control module 505 is used as an example in the flash drive 509, but the control module 505 can also be provided in the portable electronic device 500. As shown in FIG. 5, the portable electronic device 500 includes a storage device management program 503, and the flash drive 509 includes a control module 505. The storage device management program and the control module 505 can be regarded as a storage device management system. In one embodiment, the portable electronic device 500 operates on a mobile operating system 507 (mobile operating system), such as Android, Tizen, webOS, iOS, etc., but it is not limited. In one embodiment, if the portable electronic device 500 runs on iOS, the flash drive 509 must support a specific file system such as FAT32 or exFAT. The details of the storage device management program 503, control module 505, and mobile operating system 507 are roughly the same as the storage device management program 105, control module 107, and mobile operating system 103 in Figure 1. The same content will not be repeated here. .

隨身碟509更包含了一認證資訊判斷裝置511,而其資料區包含一公開資料區513以及一加密資料區515。認證資訊判斷裝置511除了接收認證資訊CI外,更用以判斷認證資訊CI是否符合預定認證資訊,並將判斷結果CR傳送給控制模組505。若判斷結果CR為認證資訊CI符合預定認證資訊,則控制模組505會控制隨身碟509從公開資料區513切換成加密資料區515。於一實施例中,認證資訊判斷裝置511僅具有接收認證資訊CI的功能,並會將接收認證資訊CI傳送給儲存裝置管理程式503,並由儲存裝置管理程式503判斷認證資訊CI是否符合預定認證資訊,若認證資訊CI符合預定認證資訊則由儲存裝置管理程式503傳送第1圖中的切換指令SC給控制模組505,使控制模組505對隨身碟509進行切換。The flash drive 509 further includes an authentication information determining device 511, and its data area includes a public data area 513 and an encrypted data area 515. In addition to receiving the authentication information CI, the authentication information judging device 511 is also used to judge whether the authentication information CI conforms to predetermined authentication information, and send the judgment result CR to the control module 505. If the judgment result CR is that the authentication information CI conforms to the predetermined authentication information, the control module 505 controls the flash drive 509 to switch from the public data area 513 to the encrypted data area 515. In one embodiment, the authentication information judging device 511 only has the function of receiving the authentication information CI, and transmits the received authentication information CI to the storage device management program 503, and the storage device management program 503 determines whether the authentication information CI meets the predetermined authentication If the authentication information CI matches the predetermined authentication information, the storage device management program 503 sends the switching command SC shown in Figure 1 to the control module 505, so that the control module 505 can switch the flash drive 509.

第5圖的實施例中,認證資訊CI與預定認證資訊可為各種不同種類的資訊。舉例來說,認證資訊CI為指紋,相對應的,預定認證資訊為預定的指紋,而認證資訊判斷裝置511為一指紋辨識器。於另一例中,認證資訊CI為聲紋,相對應的,預定認證資訊為預定的聲紋,而認證資訊判斷裝置511為一聲紋辨識器。此外,認證資訊CI亦可為其他可作為身份認證使用的資訊例如虹膜資訊等。由於此類資訊種類相當多,於此不再一一詳述。In the embodiment of FIG. 5, the authentication information CI and the predetermined authentication information can be various types of information. For example, the authentication information CI is a fingerprint, correspondingly, the predetermined authentication information is a predetermined fingerprint, and the authentication information determining device 511 is a fingerprint recognizer. In another example, the authentication information CI is a voiceprint, correspondingly, the predetermined authentication information is a predetermined voiceprint, and the authentication information determining device 511 is a voiceprint recognizer. In addition, the authentication information CI can also be other information that can be used as identity authentication, such as iris information. Since there are so many types of this kind of information, I will not elaborate on them one by one here.

於一實施例中,由於認證資訊判斷裝置511位於隨身碟509,儲存裝置管理程式503無法得知認證資訊判斷裝置511何時會開始認證動作,舉例來說,若認證資訊判斷裝置511為一指紋辨識裝置,當手指放到認證資訊判斷裝置511上時即會開始認證動作。因此儲存裝置管理程式503會持續的傳送確認指令CC給控制模組505。而確認控制模組505在就緒狀態且判斷結果CR為認證資訊CI符合預定認證資訊後,才會控制隨身碟509進行切換。於一實施例中,認證資訊判斷裝置511會將認證資訊CI傳送給儲存裝置管理程式503,並由儲存裝置管理程式503判斷認證資訊CI是否符合預定認證資訊,若認證資訊CI符合預定認證資訊則由儲存裝置管理程式503傳送第1圖中的切換指令SC以及確認指令CC給控制模組505,使控制模組505對隨身碟509進行切換。此實施例中認證資訊判斷裝置511可替換為一認證資訊接收裝置。於另一實施例中,認證資訊判斷裝置511會將接收認證結果CR傳送給儲存裝置管理程式503,若認證結果CR顯示認證資訊CI符合預定認證資訊,則由儲存裝置管理程式503傳送第1圖中的切換指令SC以及確認指令CC給控制模組505,使控制模組505對隨身碟509進行切換。In one embodiment, since the authentication information judging device 511 is located on the flash drive 509, the storage device management program 503 cannot know when the authentication information judging device 511 will start the authentication operation. For example, if the authentication information judging device 511 is a fingerprint recognition Device, when the finger is placed on the authentication information judging device 511, the authentication action will start. Therefore, the storage device management program 503 will continuously send the confirmation command CC to the control module 505. After confirming that the control module 505 is in the ready state and the judgment result CR is that the authentication information CI matches the predetermined authentication information, the flash drive 509 is controlled to switch. In one embodiment, the authentication information determining device 511 sends the authentication information CI to the storage device management program 503, and the storage device management program 503 determines whether the authentication information CI meets the predetermined authentication information. If the authentication information CI matches the predetermined authentication information, The storage device management program 503 transmits the switching command SC and the confirmation command CC in FIG. 1 to the control module 505 so that the control module 505 can switch the flash drive 509. In this embodiment, the authentication information determining device 511 can be replaced with an authentication information receiving device. In another embodiment, the authentication information judging device 511 sends the received authentication result CR to the storage device management program 503. If the authentication result CR shows that the authentication information CI conforms to the predetermined authentication information, the storage device management program 503 sends Figure 1 The switching command SC and the confirmation command CC in the control module 505 are sent to the control module 505, so that the control module 505 can switch the flash drive 509.

第6圖繪示了第5圖所示的儲存裝置管理系統的實際運用例子。當隨身碟509連接到可攜式電子裝置600,可攜式電子裝置600的顯示螢幕601會顯示如第2圖所示般的公開資料區 (未繪示在第6圖中)。當使用者透過認證資訊辨識裝置511認證成功後,顯示螢幕601會顯示如第4圖所示般的加密資料區(未繪示在第6圖中)。Figure 6 shows an example of actual application of the storage device management system shown in Figure 5. When the pen drive 509 is connected to the portable electronic device 600, the display screen 601 of the portable electronic device 600 will display a public data area as shown in Figure 2 (not shown in Figure 6). After the user is successfully authenticated through the authentication information identification device 511, the display screen 601 will display an encrypted data area as shown in Figure 4 (not shown in Figure 6).

於一實施例中,隨身碟509僅具有加密資料區而沒有公開資料區。於此情況下,隨身碟509連接至可攜式電子裝置600後不會如第2圖般顯示公開資料區,此時儲存裝置管理程式503會控制可攜式電子裝置500如第6圖所示般於螢幕601上顯示”請進行認證”等訊息。此類變化或組合均應包含在本發明涵蓋的範圍內。於一實施例中,隨身碟509可更包含一指示區603,用以通知使用者認證成功或認證失敗,或者是認證資訊判斷裝置511本身無法正常運作。舉例來說,指示區603可包裝至少一光源,並使光源根據不同的狀態產生不同狀態的光。In one embodiment, the flash drive 509 only has an encrypted data area and no public data area. In this case, after the flash drive 509 is connected to the portable electronic device 600, the public data area will not be displayed as shown in Figure 2. At this time, the storage device management program 503 will control the portable electronic device 500 as shown in Figure 6. Generally, a message such as "Please authenticate" is displayed on the screen 601. Such changes or combinations should be included in the scope of the present invention. In one embodiment, the flash drive 509 may further include an indication area 603 to notify the user of the success or failure of the authentication, or the authentication information judging device 511 itself cannot operate normally. For example, the indicator area 603 can pack at least one light source, and make the light source generate light in different states according to different states.

在以下實施例中,本發明提供了更進一步的資料保護方式。第7圖繪示了根據本發明另一實施例的儲存裝置管理系統的方塊圖。同樣的,在第7圖的實施例中是以控制模組705在隨身碟707中做為例子來說明,但控制模組705亦可以被設置在可攜式電子裝置700中。如第7圖所示,可攜式電子裝置700包含了儲存裝置管理程式703,而隨身碟707包含了一控制模組705。儲存裝置管理程式703會計算認證失敗的次數,例如在第3圖的實施例中,使用者帳戶或密碼輸入錯誤時,認證失敗次數便會加1。而在第5圖的實施例中,儲存裝置管理程式503亦可接收判斷結果CR並計算認證失敗次數。當認證失敗次數不小於 (即大於或等於)一失敗臨界值時,儲存裝置管理程式703會產生一刪除指令EC給控制模組705,然後控制模組705會對隨身碟707的資料進行刪除動作。In the following examples, the present invention provides a further way of data protection. FIG. 7 shows a block diagram of a storage device management system according to another embodiment of the invention. Similarly, in the embodiment of FIG. 7, the control module 705 is in the pen drive 707 as an example for illustration, but the control module 705 can also be provided in the portable electronic device 700. As shown in FIG. 7, the portable electronic device 700 includes a storage device management program 703, and the pen drive 707 includes a control module 705. The storage device management program 703 calculates the number of authentication failures. For example, in the embodiment shown in FIG. 3, when the user account or password is entered incorrectly, the number of authentication failures is increased by one. In the embodiment of FIG. 5, the storage device management program 503 can also receive the judgment result CR and calculate the number of authentication failures. When the number of authentication failures is not less than (that is, greater than or equal to) a failure threshold, the storage device management program 703 will generate a delete command EC to the control module 705, and then the control module 705 will delete the data in the USB 707 .

於一實施例中,刪除動作會僅刪除掉使用者寫入隨身碟707中的儲存資料711,但不會刪除用以控制隨身碟動作的系統資料709。而在另一實施例中,會先刪除掉儲存資料711,然後刪除掉系統資料709,接著將所有的資料都刪除。舉例來說,連空白資料 (spare data)亦會一起刪除。In one embodiment, the deletion operation will only delete the stored data 711 written in the flash drive 707 by the user, but will not delete the system data 709 used to control the operation of the flash drive. In another embodiment, the storage data 711 will be deleted first, then the system data 709 will be deleted, and then all the data will be deleted. For example, even spare data will also be deleted.

於一實施例中,此刪除動作為刪除資料可回復的刪除動作。舉例來說,控制模組705僅把資料的索引資料刪掉,如在查詢索引資料時,就不會判定原來儲存資料的空間有資料存在,但實際上資料還是存在原來的位置。在另一實施例中,刪除動作為不可回復的刪除動作,舉例來說,在欲刪除資料原本的儲存空間覆寫資料,如此原本的儲存資料便會徹底的被刪除。然請留意,這些可回復和不可回復的刪除動作僅用以舉例,並非用以限定本發明。In one embodiment, the delete action is a delete action in which deleted data can be restored. For example, the control module 705 only deletes the index data of the data. For example, when querying the index data, it will not determine that there is data in the original storage space, but the data still exists in the original location. In another embodiment, the deletion action is an irreversible deletion action. For example, the data is overwritten in the original storage space of the data to be deleted, so that the original storage data will be completely deleted. However, please note that these recoverable and non-recoverable delete actions are only for example, and are not intended to limit the present invention.

第8圖繪示了第7圖所示的實施例部份動作的流程圖,其包含下列步驟:Figure 8 shows a flowchart of part of the operation of the embodiment shown in Figure 7, which includes the following steps:

步驟801Step 801

判斷是否認證成功,若是則到步驟803,若否則到步驟805。It is judged whether the authentication is successful, if yes, go to step 803, if not, go to step 805.

步驟803Step 803

讀取加密資料區。Read the encrypted data area.

步驟805Step 805

判斷認證失敗次數是否大於臨界失敗次數?若是則到步驟807,若否則認證失敗次數累計1次,然後回到步驟801等待下一次的認證程序。Determine whether the number of authentication failures is greater than the critical number of failures? If yes, go to step 807, if otherwise, the number of authentication failures accumulates once, and then return to step 801 to wait for the next authentication procedure.

步驟807Step 807

對隨身碟的資料進行刪除動作。Delete the data on the flash drive.

如前所述,在一實施例中,刪除動作會僅刪除掉使用者寫入隨身碟中的儲存資料,但不會刪除用以控制隨身碟動作的系統資料。而在另一實施例中,會先刪除掉儲存資料,然後刪除掉系統資料,接著將所有的資料都刪除。此外,於一實施例中,此刪除動作為刪除資料可回復的刪除動作。As mentioned above, in one embodiment, the deletion operation will only delete the stored data written in the flash drive by the user, but will not delete the system data used to control the operation of the flash drive. In another embodiment, the storage data will be deleted first, then the system data will be deleted, and then all the data will be deleted. In addition, in one embodiment, the delete action is a delete action in which deleted data can be restored.

第9-10圖繪示了第7圖所示的儲存裝置管理系統的實際運用例子。如第9圖所示,當隨身碟707連接到可攜式電子裝置700且使用者認證失敗時,可攜式電子裝置700的顯示螢幕702會顯示出警告訊息。舉例來說,顯示螢幕702會顯示出認證失敗次數,並告知使用者達到一定次數將被刪除。要顯示那些警告訊息,可透過前述的儲存裝置管理程式進行設定。亦可不顯示任何訊息,在認證失敗次數達到臨界失敗次數後便直接進行刪除動作。Figures 9-10 show an example of actual use of the storage device management system shown in Figure 7. As shown in FIG. 9, when the portable electronic device 700 is connected to the portable electronic device 700 and the user authentication fails, the display screen 702 of the portable electronic device 700 will display a warning message. For example, the display screen 702 will display the number of authentication failures and inform the user that it will be deleted after a certain number of times. Those warning messages can be set through the aforementioned storage device management program. It is also possible not to display any message, and delete the operation directly after the number of authentication failures reaches the critical number of failures.

第10圖的實施例中,更提供了一刪除動作的停止程序,讓使用者可避免因誤操作或是認證失敗次數計算錯誤而將隨身碟的資料中刪除。儲存裝置管理程式在即將開始刪除動作前,會先顯示如第10圖所示的警告訊息,並顯示一停止碼輸入介面901,讓使用者可以預先設定的停止碼來停止刪除動作。是否要提供停止程序,要顯示何種錯誤訊息,以及停止碼的設定,均可透過前述的儲存裝置管理程式進行設定。In the embodiment in FIG. 10, a procedure for stopping the delete action is provided, so that the user can avoid deleting the data in the flash drive due to misoperation or incorrect calculation of the number of authentication failures. The storage device management program will display a warning message as shown in Figure 10 and a stop code input interface 901 before starting the delete operation, allowing the user to stop the delete operation with a preset stop code. Whether to provide a stop procedure, what error message to display, and the setting of the stop code can be set through the aforementioned storage device management program.

第11圖繪示了根據本發明一實施例的隨身碟控制介面的示意圖,其可用以執行前述的實施例。於一實施例中,第11圖所示的隨身碟控制介面是運作在Android系統下的控制介面。FIG. 11 is a schematic diagram of a control interface of a pen drive according to an embodiment of the present invention, which can be used to implement the aforementioned embodiments. In one embodiment, the pen drive control interface shown in Figure 11 is a control interface operating under the Android system.

如第11圖所示,圖標1101 用以開啟隨身碟,在未登入帳戶的情況下,其僅可讀取公開資料區的資料。圖標1103用以取得隨身碟的硬體資訊,例如ID(Vendor ID,供應商識別碼)和PID(Product ID,產品識別碼)。圖標1105用以關掉讀取隨身碟的介面。圖標1107用以顯示或修改使用者的資訊,例如姓名等。圖標1109用以登入可讀取隨身碟加密區的使用者帳戶,其啟動後可顯示如第3圖所示的介面。圖標1111用以登出可讀取隨身碟加密區的使用者帳戶。圖標1113用以修改使用者帳戶密碼,執行後可在密碼區1119和1121輸入現有密碼和新密碼來修改。圖標1115用以顯示給使用者的提示,讓使用者可在不知如何操作時可藉由提示區1123得到協助。圖標1117可用以刪除隨身碟中所有資料,As shown in Figure 11, the icon 1101 is used to open the flash drive, and it can only read the data in the public data area without logging in to the account. The icon 1103 is used to obtain the hardware information of the flash drive, such as ID (Vendor ID, vendor identification code) and PID (Product ID, product identification code). Icon 1105 is used to turn off the interface for reading the flash drive. The icon 1107 is used to display or modify user information, such as name and so on. The icon 1109 is used to log in to the user account that can read the encrypted area of the flash drive. After it is activated, the interface shown in Figure 3 will be displayed. Icon 1111 is used to log out the user account that can read the encrypted area of the flash drive. Icon 1113 is used to modify the user account password. After execution, you can enter the existing password and the new password in the password areas 1119 and 1121 to modify. The icon 1115 is used to display a prompt to the user, so that the user can get assistance through the prompt area 1123 when they do not know how to operate. Icon 1117 can be used to delete all data in the pen drive,

如前所述,本發明提供的儲存裝置管理系統可運用在隨身碟之外的儲存裝置,因此根據前述實施例可得到如第12圖所示的儲存裝置管理方法,其包含下列步驟:As mentioned above, the storage device management system provided by the present invention can be applied to storage devices other than pen drives. Therefore, according to the foregoing embodiment, the storage device management method shown in Figure 12 can be obtained, which includes the following steps:

步驟1201Step 1201

以可攜式電子裝置 (例如第1圖實施例) 或儲存裝置(例如第5圖實施例)接收認證資訊。A portable electronic device (such as the embodiment in Figure 1) or a storage device (such as the embodiment in Figure 5) is used to receive the authentication information.

步驟1203Step 1203

使可攜式電子裝置中的一儲存裝置管理程式傳送至少一確認指令 (例如第1圖、第5圖中的確認指令CC) 給一控制模組,確認指令用以確認控制模組是否為一就緒狀態。Make a storage device management program in the portable electronic device send at least one confirmation command (such as the confirmation command CC in Figure 1 and Figure 5) to a control module, and the confirmation command is used to confirm whether the control module is one Ready state.

步驟1205Step 1205

若控制模組被確認在就緒狀態,且認證資訊符合預定認證資訊,則使可攜式電子裝置可讀取或可寫入儲存裝置的一加密資料區。If the control module is confirmed to be in the ready state and the authentication information matches the predetermined authentication information, an encrypted data area of the storage device can be read or written to by the portable electronic device.

步驟1207Step 1207

若認證資訊不符合預定認證資訊,則使可攜式電子裝置無法存取儲存裝置的該加密資料區。If the authentication information does not match the predetermined authentication information, the portable electronic device cannot access the encrypted data area of the storage device.

其他詳細步驟可根據前述實施例推得,故在此不再贅述。Other detailed steps can be derived according to the foregoing embodiment, so they will not be repeated here.

根據前述實施例,可以對可攜式電子裝置所使用的儲存裝置進行妥善的資料保護,以避免儲存裝置中的資料被竊取,使得此類儲存裝置可兼具便利性以及安全性。 以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。According to the foregoing embodiments, the storage device used by the portable electronic device can be properly protected to prevent the data in the storage device from being stolen, so that such storage device can have both convenience and security. The foregoing descriptions are only preferred embodiments of the present invention, and all equivalent changes and modifications made in accordance with the scope of the patent application of the present invention shall fall within the scope of the present invention.

100、500、600、700‧‧‧可攜式電子裝置 105、503、703‧‧‧儲存裝置管理程式 107、505、705‧‧‧控制模組 103、507‧‧‧行動作業系統 109、511‧‧‧認證資訊接收裝置 111、509、707‧‧‧隨身碟 113、513‧‧‧公開資料區 115、515‧‧‧加密資料區 201、601、702顯示螢幕 203、401‧‧‧資料畫面 205‧‧‧切換圖符 301‧‧‧認證畫面 603‧‧‧指示區 709‧‧‧系統資料 711‧‧‧儲存資料 901‧‧‧停止碼輸入介面 1100‧‧‧隨身碟控制介面 1101-1117‧‧‧圖標 1119、1121‧‧‧密碼區 1123‧‧‧提示區 PF_1、PF_2‧‧‧公開檔案 EF_1、EF_2‧‧‧加密檔案100, 500, 600, 700‧‧‧Portable electronic devices 105, 503, 703‧‧‧Storage Device Management Program 107, 505, 705‧‧‧Control module 103, 507‧‧‧Mobile operating system 109、511‧‧‧Authentication information receiving device 111, 509, 707‧‧‧USB 113, 513‧‧‧ Public Information Area 115、515‧‧‧Encrypted data area 201, 601, 702 display screen 203, 401‧‧‧Data screen 205‧‧‧Switch icon 301‧‧‧Authentication screen 603‧‧‧Instruction area 709‧‧‧System Information 711‧‧‧Save data 901‧‧‧Stop code input interface 1100‧‧‧USB Drive Control Interface 1101-1117‧‧‧icon 1119, 1121‧‧‧Password area 1123‧‧‧Reminder area PF_1, PF_2‧‧‧public file EF_1, EF_2‧‧‧Encrypted files

第1圖繪示了根據本發明一實施例的儲存裝置管理系統的方塊圖。 第2-4圖繪示了第1圖所示的儲存裝置管理系統的實際運用例子。 第5圖繪示了根據本發明另一實施例的儲存裝置管理系統的方塊圖。 第6圖繪示了第5圖所示的儲存裝置管理系統的實際運用例子。 第7圖繪示了根據本發明另一實施例的儲存裝置管理系統的方塊圖。 第8圖繪示了第7圖所示的實施例部份動作的流程圖 第9-10圖繪示了第7圖所示的儲存裝置管理系統的實際運用例子。 第11圖繪示了根據本發明一實施例的隨身碟控制介面的示意圖。 第12圖繪示了根據本發明一實施例的儲存裝置管理方法的流程圖。Fig. 1 shows a block diagram of a storage device management system according to an embodiment of the invention. Figures 2-4 show an example of actual use of the storage device management system shown in Figure 1. Figure 5 shows a block diagram of a storage device management system according to another embodiment of the invention. Figure 6 shows an example of actual application of the storage device management system shown in Figure 5. FIG. 7 shows a block diagram of a storage device management system according to another embodiment of the invention. Figure 8 shows a flowchart of some actions of the embodiment shown in Figure 7 Figures 9-10 show an example of actual use of the storage device management system shown in Figure 7. FIG. 11 is a schematic diagram of a control interface of a pen drive according to an embodiment of the invention. FIG. 12 shows a flowchart of a storage device management method according to an embodiment of the invention.

100‧‧‧可攜式電子裝置 100‧‧‧Portable Electronic Device

103‧‧‧行動作業系統 103‧‧‧Mobile Operating System

105‧‧‧儲存裝置管理程式 105‧‧‧Storage Device Management Program

107‧‧‧控制模組 107‧‧‧Control Module

109‧‧‧認證資訊接收裝置 109‧‧‧Authentication information receiving device

111‧‧‧隨身碟 111‧‧‧Flash Drive

113‧‧‧公開資料區 113‧‧‧Public Information Area

115‧‧‧加密資料區 115‧‧‧Encrypted data area

Claims (22)

一種儲存裝置管理方法,使用在連接至一可攜式電子裝置的一儲存裝置上,包含: (a) 以該可攜式電子裝置接收認證資訊; (b) 使該可攜式電子裝置中的一儲存裝置管理程式傳送至少一確認指令給一控制模組,該確認指令用以確認該控制模組是否為一就緒狀態,其中該確認指令為Test Unit Ready command; (c) 若該控制模組被確認在該就緒狀態,且該認證資訊符合預定認證資訊,則使該可攜式電子裝置可讀取或可寫入該儲存裝置的一加密資料區;以及 (d) 若該認證資訊不符合該預定認證資訊,則使該可攜式電子裝置無法存取該儲存裝置的該加密資料區; 其中該(c) 步驟包含: 若該控制模組於一預定時間週期內已接收到至少二該確認指令且被確認在該就緒狀態至少二次,且判斷該認證資訊符合預定認證資訊,則該控制模組使該可攜式電子裝置可讀取或可寫入該加密資料區; 其中該儲存裝置管理程式在該認證資訊符合該預定認證資訊時,才產生該確認指令給該控制模組。A storage device management method, used on a storage device connected to a portable electronic device, includes: (a) Use the portable electronic device to receive authentication information; (b) Make a storage device management program in the portable electronic device send at least one confirmation command to a control module, the confirmation command is used to confirm whether the control module is in a ready state, wherein the confirmation command is Test Unit Ready command; (c) If the control module is confirmed to be in the ready state and the authentication information conforms to the predetermined authentication information, make the portable electronic device readable or writeable to an encrypted data area of the storage device; and (d) If the authentication information does not meet the predetermined authentication information, the portable electronic device cannot access the encrypted data area of the storage device; The step (c) includes: If the control module has received at least two of the confirmation commands within a predetermined period of time and has been confirmed to be in the ready state at least twice, and it is determined that the authentication information conforms to the predetermined authentication information, the control module enables the portable The electronic device can read or write the encrypted data area; The storage device management program generates the confirmation command to the control module only when the authentication information matches the predetermined authentication information. 如請求項1所述的儲存裝置管理方法,其中該可攜式電子裝置使用一行動作業系統。The storage device management method according to claim 1, wherein the portable electronic device uses a mobile operating system. 如請求項2所述的儲存裝置管理方法,其中該行動作業系統為iOS。The storage device management method according to claim 2, wherein the mobile operating system is iOS. 如請求項2所述的儲存裝置管理方法,其中該行動作業系統為Android,且該儲存裝置所使用的檔案系統為FAT32或是exFAT。The storage device management method according to claim 2, wherein the mobile operating system is Android, and the file system used by the storage device is FAT32 or exFAT. 如請求項2所述的儲存裝置管理方法,其中該儲存裝置管理程式獨立於該行動作業系統。The storage device management method according to claim 2, wherein the storage device management program is independent of the mobile operating system. 如請求項1所述的儲存裝置管理方法,其中該儲存裝置為一隨身碟。The storage device management method according to claim 1, wherein the storage device is a flash drive. 如請求項1所述的儲存裝置管理方法,其中該儲存裝置管理程式為應用程式。The storage device management method according to claim 1, wherein the storage device management program is an application program. 如請求項1所述的儲存裝置管理方法,該儲存裝置更包含一公開資料區,不論該認證資訊是否符合該預定認證資訊,該可攜式電子裝置均可讀取該公開資料區。According to the storage device management method of claim 1, the storage device further includes a public data area, and the portable electronic device can read the public data area regardless of whether the authentication information conforms to the predetermined authentication information. 如請求項1所述的儲存裝置管理方法,更包含: 統計該認證資訊不符合該預定認證資訊的認證失敗次數;以及 若該認證失敗次數不小於一失敗認證次數,則進行一刪除動作來刪除該儲存裝置中的儲存資料。The storage device management method according to claim 1, further comprising: Count the number of authentication failures in which the authentication information does not meet the predetermined authentication information; and If the number of authentication failures is not less than a number of failed authentications, a deletion action is performed to delete the stored data in the storage device. 如請求項9所述的儲存裝置管理方法,其中該儲存資料是以無法回復資料的方式被刪除。The storage device management method according to claim 9, wherein the storage data is deleted in a way that the data cannot be restored. 如請求項10所述的儲存裝置管理方法,更包含: 在進行該刪除動作前,根據該可攜式電子裝置所接收的一停止碼來決定是否停止該刪除動作。The storage device management method described in claim 10 further includes: Before performing the deletion, it is determined whether to stop the deletion according to a stop code received by the portable electronic device. 一種儲存裝置管理系統,包含: 一控制模組; 以一可攜式電子裝置中的一認證資料接收裝置接收認證資訊,該可攜式電子裝置中的一儲存裝置管理程式傳送至少一確認指令給該控制模組,該確認指令用以確認該控制模組是否為一就緒狀態,其中該確認指令為Test Unit Ready command; 若該控制模組被確認在該就緒狀態,且該控制模組被通知該認證資訊符合預定認證資訊,則該儲存裝置管理程式控制該控制模組使該可攜式電子裝置可讀取或可寫入該儲存裝置的一加密資料區; 若該認證資訊不符合該預定認證資訊,則該儲存裝置管理程式控制該控制模組使該可攜式電子裝置無法存取該儲存裝置的該加密資料區; 其中該儲存裝置管理程式傳送至少二確認指令給該控制模組,若該控制模組於一預定時間週期內已接收到至少二該確認指令且被確認在該就緒狀態至少二次,且該控制模組被通知該認證資訊符合預定認證資訊,則該儲存裝置管理程式使該可攜式電子裝置可讀取或可寫入該加密資料區; 其中該儲存裝置管理程式在該認證資訊符合該預定認證資訊時,才產生該確認指令給該控制模組。A storage device management system, including: A control module; A certification data receiving device in a portable electronic device is used to receive certification information, a storage device management program in the portable electronic device sends at least one confirmation command to the control module, and the confirmation command is used to confirm the control Whether the module is in a ready state, where the confirmation command is Test Unit Ready command; If the control module is confirmed to be in the ready state, and the control module is notified that the authentication information conforms to the predetermined authentication information, the storage device management program controls the control module to make the portable electronic device readable or accessible Write an encrypted data area of the storage device; If the authentication information does not conform to the predetermined authentication information, the storage device management program controls the control module so that the portable electronic device cannot access the encrypted data area of the storage device; The storage device management program sends at least two confirmation commands to the control module, if the control module has received at least two confirmation commands within a predetermined period of time and is confirmed to be in the ready state at least twice, and the control module When the module is notified that the authentication information conforms to the predetermined authentication information, the storage device management program makes the portable electronic device readable or writeable to the encrypted data area; The storage device management program generates the confirmation command to the control module only when the authentication information matches the predetermined authentication information. 如請求項12所述的儲存裝置管理系統,其中該可攜式電子裝置使用一行動作業系統。The storage device management system according to claim 12, wherein the portable electronic device uses a mobile operating system. 如請求項13所述的儲存裝置管理系統,其中該行動作業系統為iOS。The storage device management system according to claim 13, wherein the mobile operating system is iOS. 如請求項13所述的儲存裝置管理系統,其中該行動作業系統為Android,且該儲存裝置所使用的檔案系統為FAT32或是exFAT。The storage device management system according to claim 13, wherein the mobile operating system is Android, and the file system used by the storage device is FAT32 or exFAT. 如請求項13所述的儲存裝置管理系統,其中該儲存裝置管理程式獨立於該行動作業系統。The storage device management system according to claim 13, wherein the storage device management program is independent of the mobile operating system. 如請求項12所述的儲存裝置管理系統,其中該儲存裝置為一隨身碟。The storage device management system according to claim 12, wherein the storage device is a flash drive. 如請求項12所述的儲存裝置管理系統,其中該儲存裝置管理程式為應用程式。The storage device management system according to claim 12, wherein the storage device management program is an application program. 如請求項12所述的儲存裝置管理系統,該儲存裝置更包含一公開資料區,不論該認證資訊是否符合該預定認證資訊,該可攜式電子裝置均可讀取該公開資料區。For the storage device management system described in claim 12, the storage device further includes a public data area, and the portable electronic device can read the public data area regardless of whether the authentication information conforms to the predetermined authentication information. 如請求項12所述的儲存裝置管理系統,其中該儲存裝置管理程式統計該認證資訊不符合該預定認證資訊的認證失敗次數,且若該認證失敗次數不小於一失敗認證次數,該控制模組使該儲存裝置進行一刪除動作來刪除該儲存裝置中的儲存資料。The storage device management system according to claim 12, wherein the storage device management program counts the number of authentication failures in which the authentication information does not conform to the predetermined authentication information, and if the number of authentication failures is not less than a number of failed authentications, the control module Make the storage device perform a delete action to delete the stored data in the storage device. 如請求項20所述的儲存裝置管理系統,其中該儲存資料是以無法回復資料的方式被刪除。The storage device management system according to claim 20, wherein the storage data is deleted in a way that the data cannot be restored. 如請求項20所述的儲存裝置管理系統,更包含: 在進行該刪除動作前,該儲存裝置管理程式根據一停止碼來決定是否停止該刪除動作。The storage device management system according to claim 20, further comprising: Before performing the deletion, the storage device management program determines whether to stop the deletion according to a stop code.
TW108124410A 2017-06-27 2018-01-02 Storage apparatus managing method and storage apparatus managing system TWI709044B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762525223P 2017-06-27 2017-06-27
US62/525,223 2017-06-27

Publications (2)

Publication Number Publication Date
TW201939289A TW201939289A (en) 2019-10-01
TWI709044B true TWI709044B (en) 2020-11-01

Family

ID=66213347

Family Applications (2)

Application Number Title Priority Date Filing Date
TW107100034A TWI669608B (en) 2017-06-27 2018-01-02 Storage apparatus managing method and storage apparatus managing system
TW108124410A TWI709044B (en) 2017-06-27 2018-01-02 Storage apparatus managing method and storage apparatus managing system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
TW107100034A TWI669608B (en) 2017-06-27 2018-01-02 Storage apparatus managing method and storage apparatus managing system

Country Status (1)

Country Link
TW (2) TWI669608B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI775098B (en) * 2020-06-17 2022-08-21 和碩聯合科技股份有限公司 Removable storage device and data protection method thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201245956A (en) * 2011-05-04 2012-11-16 Chien-Kang Yang Memory card and its access, data encryption, golden key generation and changing method
CN202694325U (en) * 2011-07-05 2013-01-23 施胜元 Intelligent mobile phone data backup device
US8898807B2 (en) * 2012-10-11 2014-11-25 Phison Electronics Corp. Data protecting method, mobile communication device, and memory storage device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201245956A (en) * 2011-05-04 2012-11-16 Chien-Kang Yang Memory card and its access, data encryption, golden key generation and changing method
CN202694325U (en) * 2011-07-05 2013-01-23 施胜元 Intelligent mobile phone data backup device
US8898807B2 (en) * 2012-10-11 2014-11-25 Phison Electronics Corp. Data protecting method, mobile communication device, and memory storage device
TWI479358B (en) * 2012-10-11 2015-04-01 Phison Electronics Corp Data protecting method, mobile communication device and memory storage device

Also Published As

Publication number Publication date
TWI669608B (en) 2019-08-21
TW201905704A (en) 2019-02-01
TW201939289A (en) 2019-10-01

Similar Documents

Publication Publication Date Title
TWI559167B (en) A unified extensible firmware interface(uefi)-compliant computing device and a method for administering a secure boot in the uefi-compliant computing device
JP5402498B2 (en) INFORMATION STORAGE DEVICE, INFORMATION STORAGE PROGRAM, RECORDING MEDIUM CONTAINING THE PROGRAM, AND INFORMATION STORAGE METHOD
CN110516428B (en) Data reading and writing method and device of mobile storage equipment and storage medium
CN105934751B (en) Data erasure for target devices
US7523281B2 (en) Authenticating hardware for manually enabling and disabling read and write protection to parts of a storage disk or disks for users
JP2011210129A (en) Storage device, data processing device, registration method, and computer program
CN110598384B (en) Information protection method, information protection device and mobile terminal
KR102195344B1 (en) Security system and method for computer using usb storage medium
JP5319830B2 (en) Data protection method and computer apparatus
US20050193195A1 (en) Method and system for protecting data of storage unit
TWI709044B (en) Storage apparatus managing method and storage apparatus managing system
CN113918953A (en) Trusted server security control device and method and trusted server
US10839055B2 (en) Storage apparatus managing method and storage apparatus managing system
CN109583197B (en) Trusted overlay file encryption and decryption method
US20080059740A1 (en) Hardware for manually enabling and disabling read and write protection to parts of a storage disk or disks for users
JP2018139025A (en) Data erasing method, data erasing program, computer with data erasing program and data erasing management server
JP6650755B2 (en) Remote destruction system and remote destruction method for storage device
CN103020509A (en) Terminal equipment encryption and decryption method, device and terminal equipment
US20070033648A1 (en) Method for Executing Commands to Control a Portable Storage Device
TW200411392A (en) Data protection method and system for storage unit
JPH11272562A (en) Storage contents deletion method for computer system and storage medium
JP4968634B1 (en) Computer system
CN108536641B (en) Communication mechanism and method for realizing Windows embedded system safety guide by using same
JP6860800B1 (en) Information processing equipment, information processing systems, and programs
TWI416931B (en) System and method for deleting data stored in the mobile phone automatically