CN101770431A - Storage device capable of certifying and data protection method - Google Patents

Storage device capable of certifying and data protection method Download PDF

Info

Publication number
CN101770431A
CN101770431A CN200810190116A CN200810190116A CN101770431A CN 101770431 A CN101770431 A CN 101770431A CN 200810190116 A CN200810190116 A CN 200810190116A CN 200810190116 A CN200810190116 A CN 200810190116A CN 101770431 A CN101770431 A CN 101770431A
Authority
CN
China
Prior art keywords
main frame
licencing key
memory storage
data
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200810190116A
Other languages
Chinese (zh)
Inventor
江启宏
刘鸿霖
章君吾
许裕仁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Genesys Logic Inc
Original Assignee
Genesys Logic Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Genesys Logic Inc filed Critical Genesys Logic Inc
Priority to CN200810190116A priority Critical patent/CN101770431A/en
Publication of CN101770431A publication Critical patent/CN101770431A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses an externally-connected storage device for controlling data access. The externally-connected storage device can be accessed by a host and comprises a memory device and a processing unit, wherein the memory device comprises a protection storage zone and a retaining storage zone. The protection storage zone is used for storing an authorized driver. The retaining storage zone is used for storing certification data. The processing unit is used for executing the certification demands of the authorized driver to allow the host to access the protection storage zone according to the certification data.

Description

Memory storage that can authenticate and data guard method
Technical field
The invention relates to a kind of memory storage and data guard method, more particularly is whether a kind of can the decision according to authenticated data can be by these memory storage data of a main frame access and its data guard method.
Background technology
Along with the fast development of storage medium, though traditional hard disk memory space is bigger, the shortcoming of the inconvenience of carrying is arranged, though and floppy disk, tape or discs are easy to carry, but its finite storage space also allows the size of storage data that certain restriction is arranged.
In order to improve the disappearance of these conventional store media, quick flashing memory device (Flash Memory) becomes the focus of attracting attention in market gradually over the years.Be the internal memory of flash memory one non-volatile (non-volatile), when power-off, still can preserve the data that had before write.With other medium (as hard disk, floppy disk or tape etc.) relatively, quick flashing memory device has that volume is little, in light weight, do not have the machinery action when against shock, access postpones and characteristics such as low power consumption.Because these characteristics of quick flashing memory device, therefore data storage medium such as consumption electronic products, embedded system or portable computer adopt all in a large number in recent years.
In order to cooperate the use of flash memory, the memory storage of many use flash memories is to utilize known universal serial bus (Universal Serial Bus; Being called for short USB) On-The-Go (OTG) device is as the interface of linking up with main frame.Though the memory storage of use USB can be widely by the access of main frame institute, the memory storage of these circumscribeds all lacks the safeguard measure of a safety and avoids other people to record the data of being stored in the side.If set a licencing key merely, in case forget Password data in will the access flash memory of user then.And modern's behavior all must see through computing machine and carry out, and for example shopping at network, bank transfer or the like also all need the usefulness of password as identification in these processes.Often memory for convenience of modern, just with the unified use of these passwords, also therefore, in case password is cracked, then nearly all password all must be revised to avoid bigger loss.If but set different passwords respectively at different needs, the burden of people on remembering then could be caused.Therefore, developing and a kind ofly can judge the memory storage that existing cryptoguard has concurrently does not again need special memory cipher automatically, will be the direction that the memory storage developer makes great efforts.
Summary of the invention
Fundamental purpose of the present invention is to provide a kind of external storage device of control data access.This external storage device can be by a main frame access, and it comprises a memory storage and a processing unit.This memory storage comprises an at least one protection memory block and a reserved storage area.This protection memory block is used for storing one and authorizes driver.This protection memory block is used for storing one and authorizes driver (authenticationapplication).This reserved storage area is used for storing a verify data.This processing unit is used for carrying out the authentication requesting that this mandate driver is proposed, and allows this protection memory block of this main frame access according to this verify data.
According to the present invention, this verify data comprises an admin table, and this admin table is noted down the initial logical block addresses (logical block address) and the size of data (size) in this protection memory block and this open storage district.
According to the present invention, wherein this verify data comprises a trusted devices list, and this trusted devices list is noted down the MAC Address and the corresponding licencing key of this main frame.This processing unit is used for detecting when not storing this authentication driver in this main frame, should authenticate driver and be sent in this main frame, and be used for allowing this protection memory block of this main frame access according to the licencing key of this verify data.This trusted devices list is noted down licencing key and licencing key access times value in addition, and this licencing key access times value is to be used for representing the number of times that this licencing key can be used.This trusted devices list is noted down the licencing key effective value in addition, and this licencing key effective value is used for representing the valid period that this licencing key can be used.
According to the present invention, memory storage of the present invention comprises a USB control interface in addition, is used for the data of this processing unit are converted to the data that meet the USB form.
According to the present invention, memory storage of the present invention is a hard disk, and this memory storage comprises a translation interface in addition, is used for the data-switching of this hard disk is become the ATA/SATA form.
For foregoing of the present invention can be become apparent, a preferred embodiment cited below particularly, and cooperate appended graphicly, be described in detail below:
Description of drawings
Fig. 1 is the functional block diagram of external storage device of the present invention and main frame.
Fig. 2 is the synoptic diagram of memory storage, control chip and the main frame of memory storage.
Embodiment
Please refer to Fig. 1, Fig. 1 is the functional block diagram of external storage device 10 of the present invention and main frame 40.External storage device 10 comprises a memory storage 12, a translation interface 14, a processing unit 16 and a general-purpose USB (universal serial bus), and (Universal Serial Bus, USB) control interface 18.But main frame 40 can be desktop PC, mobile computer, industrial computer or recording playback DVD playing device or the like.Memory storage 12 can be hard disk or flash memory.Translation interface 14 can be the ATA/SATA translation interface, or the flash memory translation interface, is that the format conversion that is used as memory storage 12 storage data is ATA/SATA form or flash memory access form.Processing unit 16 is to be used for the data behind translation interface 14 format transformations are added the work of decoding, and the data that will add after the decoding pass to USB control interface 18.USB control interface 18 can be sent to data in the main frame 40 again.Translation interface 14, processing unit 16 and USB control interface 18 can be respectively several control chips or be integrated in single control chip 15.
See also Fig. 2, Fig. 2 is the synoptic diagram of memory storage 12, control chip 15 and the main frame 40 of memory storage 10.Memory storage 12 can be divided into data storage area (Data area) and reserved storage area (Reserved area) 122.The data storage area is to be used for storing general data, and reserved storage area 122 then is to be used for storing certification data 220.The data storage area can be divided into protection memory block (protected area) 124 and open storage district (public area) 126 again.Protection memory block 124 and open storage district 126 are used for respectively according to the importance of data and confidentiality to store the data of different degree of secrecy.For instance, the open data in the open storage district 126 can be the data of non-confidentiality, and any user who holds external storage device 10 all can see through the non-confidentiality data in any main frame 40 access open storage districts 126.Protection memory block 124 then can be must be through the confidentiality data through ability access behind the special delegated authority cipher authentication.The degree of secrecy of data can be decided in its sole discretion by the user, depends in finally being stored in protection memory block 124 or open storage district 126.In preferred embodiment; when user's desire sees through data in the memory storage 12 of main frame 40 accessing storage devices 10; must judge according to the verify data 220 of reserved storage area 122 storages whether use main frame 40 and user's input password is correct, and whether could determine can the access protection memory block 124 or the data in open storage district 126 earlier.In addition, protection memory block 124 can be stored one and be authorized driver 142, and authorizing driver 142 is software program codes, and processing unit 16 can be carried out and authorize driver 142 to be used for discerning the licencing key or the correctness of verify data 220.
Please continue to consult Fig. 2.The verify data 220 of reserved storage area 122 comprises stamped signature field 222, admin table 224 and trusted devices list 226, and stamped signature field 222 includes hardware manufacturer identification code (OEM ID) field and software version (Software Revision) field.The hardware manufacturer identification code is used for behind the os starting of main frame 40, can read this hardware manufacturer identification code to confirm the manufacturer and the type of memory storage 10.The software version field has then been put down in writing the software version that memory storage 10 uses.That is to say that the operating system of main frame 40 can see through the state of interpretation hardware manufacturer identification code field and software version field decision memory storage 10 hardware and softwares.224 of admin tables record protection memory blocks 124 and open storage district 126 each other initial logical block addresses (starting logicalblock address) and storable size of data (size) make the operating system of main frame 40 can know the data space size of memory storage 12.In addition, a customizing messages and the corresponding licencing key of the trusted devices list 226 record main frames 40 of verify data 220.This customizing messages is the information that is used for discerning the uniqueness of main frame, so can be the sequence number of software version (Software Revision) of the operating system used of the MAC Address, main frame 40 of main frame 40 or manufacturer's identification code (OEM ID) of the motherboard that main frame 40 uses, or its combination.Trusted devices list 226 is noted down licencing key, licencing key access times value and licencing key effective value in addition, licencing key access times value is to be used for representing the number of times that licencing key can be used, and this licencing key effective value is used for representing the valid period that this licencing key can be used.
When memory storage 10 inserts unverified main frame 40 for the first time, the verify data 220 of the first interpretation reserved storage area 122 of operating system meeting of main frame 40a.See through hardware manufacturer identification code (OEM ID) field and software version (Software Revision) field of stamped signature field 222, can learn the hardware manufacturer and the type of memory storage 10 respectively, and the software version of memory storage 10 uses.But because main frame 40a is an accessing storage devices 10 first, so the not customizing messages of main frame 40a and corresponding licencing keys in the trusted devices list 226 of reserved storage area 122.Therefore after the user sees through user's interface 42 inputs of main frame 40a and confirms a licencing key, data in the access protection memory block 124 temporarily.Note that before this licencing key is not transfused to affirmation as yet the user is the data that can't see through in the main frame 40a access protection memory block 124.At the same time, the user can see through user's interface 42 or authorize driver 142 to set up the licencing key access times value and the licencing key effective value of this licencing key on their own, for example the user can set this licencing key access times value and equals 10, and the time limit of licencing key effective value is seven days.When if this expression user was connected in main frame 40a with memory storage 10 again in seven days; because licencing key access times value still is no more than 10 times and the licencing key effective value has seven days; so the operating system of main frame 40a can judge that this licencing key still belongs to effectively according to the licencing key access times value and the licencing key effective value of the trusted devices list 226 of verify data 220; so the user need not oneself import licencing key again, just can see through the data of the protection memory block (protected area) 124 of main frame 40 accessing storage devices 10 again.If but the user is intended to accessing storage devices 10 with another main frame 40b, the licencing key that then is specific to main frame 40a is all invalid with its corresponding licencing key access times value and licencing key effective value, so the user must reset another part licencing key, licencing key access times value and licencing key effective value at main frame 40b.Certainly, surpass 10 times if memory storage 10 sees through the licencing key access times value of main frame 40a, or the licencing key effective value surpasses 7 days, the licencing key of then exclusive main frame 40a will lose efficacy, and the user must set it again.Note that unverified main frame 40a has the timeliness of accessing storage devices 10 or the restriction of number of times.
After the access protection memory block 124 of main frame 40a success, memory storage 10 can be stored in customizing messages and the licencing key of main frame 40a in the reserved storage area 122, and on the specific fields of reserved storage area 122 respective hosts 40a is denoted as and authorizes.The user has only and sees through the main frame 40a that has authorized, can have the usage right control limit of maximum control store device 10.Change speech, main frame 40a changes the main frame (Trusted host) that has authenticated into by original unverified main frame (Untrusted host).In the future; after the user is connected to main frame 40a with memory storage 10; need not re-enter licencing key more just can access protection memory block 124 and the data in open storage district 126, can also utilize main frame 40a to revise even the data in deletion protection memory block 124 and open storage district 126.And the user can see through user's interface 42 or authenticate licencing key access times value and the licencing key effective value that driver 142 sets up this licencing key on their own, for example the user can set this licencing key access times value and equals 20, and the time limit of licencing key effective value is a fortnight.When if this expression user is connected in main frame 40a with memory storage 10 again in fortnight; because licencing key access times value still is no more than 20 times and the licencing key effective value has fortnight; so the operating system of main frame 40a can judge that this licencing key still belongs to effectively according to the licencing key access times value and the licencing key effective value of the trusted devices list 226 of verify data 220; so the user need not oneself import licencing key again, just can see through main frame 40a access again even revise protection memory block (the protected area) 124 of memory storage 10 and the data of open storage district (public area) 126.
In sum; though the present invention discloses as above with preferred embodiment; but this preferred embodiment is not in order to restriction the present invention; the those of ordinary skill in this field; without departing from the spirit and scope of the present invention; all can do various changes and retouching, so protection scope of the present invention is as the criterion with the scope that claim defines.

Claims (23)

1. the external storage device of a control data access is used for being it is characterized in that by the main frame access described external storage device comprises:
One memory storage, it comprises:
At least one protection memory block is used for storing the mandate driver;
One reserved storage area is used for storing certification data; And
One processing unit is used for carrying out the authentication requesting that described mandate driver is proposed, and allows the described protection of described main frame access memory block according to described verify data.
2. memory storage according to claim 1 is characterized in that, described memory storage is a hard disk, and described memory storage comprises a translation interface in addition, is used for the data-switching of described hard disk is become the ATA/SATA form.
3. memory storage according to claim 1 is characterized in that described verify data comprises an admin table, and described admin table is noted down the initial logical block addresses and the size of data of described protection memory block.
4. memory storage according to claim 1 is characterized in that, described verify data comprises a trusted devices list, and described trusted devices list is noted down a customizing messages and a corresponding licencing key.
5. memory storage according to claim 4, it is characterized in that, described customizing messages comprises the sequence number of software version of the operating system that the MAC Address of described main frame, described main frame use or manufacturer's identification code of the motherboard that described main frame uses, or its combination.
6. memory storage according to claim 4 is characterized in that, described processing unit is used for allowing the described protection of described main frame access memory block according to the licencing key of described verify data.
7. memory storage according to claim 4, it is characterized in that, described trusted devices list is noted down licencing key access times value and licencing key effective value in addition, described licencing key access times value is to be used for representing the number of times that described licencing key can be used, and described licencing key effective value is used for representing the valid period that described licencing key can be used.
8. memory storage according to claim 1 is characterized in that described memory storage comprises the open storage district in addition, is used for the storing open data.
9. memory storage according to claim 1 is characterized in that described memory storage comprises the USB control interface in addition, is used for the data of described processing unit are converted to the data that meet the USB form.
10. memory storage according to claim 1 is characterized in that described memory storage is a flash memory.
11. a method of controlling the external storage device data access, described external storage device can be by the access of main frame institute, and described method comprises:
External storage device is provided, and it comprises memory storage, and described memory storage comprises protection memory block and reserved storage area, and described protection memory block is used for storage and authorizes driver, and described reserved storage area is used for storing certification data; And
Carry out described mandate driver to allow the described protection of described main frame access memory block according to described verify data.
12. method according to claim 11 is characterized in that, described verify data comprises admin table, and described admin table is noted down the initial logical block addresses and the size of data of described protection memory block.
13. method according to claim 11 is characterized in that, described verify data comprises the trusted devices list, and described trusted devices list is noted down the customizing messages and the corresponding licencing key of described main frame.
14. method according to claim 13, it is characterized in that, described customizing messages comprises the sequence number of software version of the operating system that the MAC Address of described main frame, described main frame use or manufacturer's identification code of the motherboard that described main frame uses, or its combination.
15. method according to claim 13, it is characterized in that, described trusted devices list is noted down licencing key access times value and licencing key effective value in addition, described licencing key access times value is to be used for representing the number of times that described licencing key can be used, and described licencing key effective value is used for representing the valid period that described licencing key can be used.
16. the external storage device of a control data access is used for being it is characterized in that by the main frame access described external storage device comprises:
One reserved storage area is used for storing certification data; And
One processing unit is used for carrying out one and authorizes driver to allow the described protection of described main frame access memory block according to described verify data.
17. memory storage according to claim 16 is characterized in that, described verify data comprises admin table, and described admin table is noted down the initial logical block addresses and the size of data of described protection memory block.
18. memory storage according to claim 16 is characterized in that, described verify data comprises the trusted devices list, described trusted devices list record customizing messages and corresponding licencing key.
19. memory storage according to claim 18, it is characterized in that, described customizing messages comprises the sequence number of software version of the operating system that the MAC Address of described main frame, described main frame use or manufacturer's identification code of the motherboard that described main frame uses, or its combination.
20. memory storage according to claim 18 is characterized in that, described processing unit is used for allowing the described protection of described main frame access memory block according to the licencing key of described verify data.
21. memory storage according to claim 18, it is characterized in that, described trusted devices list is noted down licencing key access times value and licencing key effective value in addition, described licencing key access times value is to be used for representing the number of times that described licencing key can be used, and described licencing key effective value is used for representing the valid period that described licencing key can be used.
22. memory storage according to claim 16 is characterized in that, described memory storage comprises the open storage district in addition, is used for the storing open data.
23. memory storage according to claim 16 is characterized in that, described memory storage comprises at least one protection memory block in addition, is used for storing described mandate driver.
CN200810190116A 2008-12-30 2008-12-30 Storage device capable of certifying and data protection method Pending CN101770431A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810190116A CN101770431A (en) 2008-12-30 2008-12-30 Storage device capable of certifying and data protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810190116A CN101770431A (en) 2008-12-30 2008-12-30 Storage device capable of certifying and data protection method

Publications (1)

Publication Number Publication Date
CN101770431A true CN101770431A (en) 2010-07-07

Family

ID=42503301

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810190116A Pending CN101770431A (en) 2008-12-30 2008-12-30 Storage device capable of certifying and data protection method

Country Status (1)

Country Link
CN (1) CN101770431A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105378681A (en) * 2013-07-08 2016-03-02 英派尔科技开发有限公司 Access control of external memory
CN113031880A (en) * 2021-05-27 2021-06-25 湖南博匠信息科技有限公司 Upper computer communication method and system suitable for multi-model storage equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105378681A (en) * 2013-07-08 2016-03-02 英派尔科技开发有限公司 Access control of external memory
CN105378681B (en) * 2013-07-08 2019-09-13 英派尔科技开发有限公司 External memory access control
CN113031880A (en) * 2021-05-27 2021-06-25 湖南博匠信息科技有限公司 Upper computer communication method and system suitable for multi-model storage equipment

Similar Documents

Publication Publication Date Title
US10963169B2 (en) Integrated circuit device storing protected data for wireless transmitting, over short range wireless communication, the protected data to a wireless computing device
US20160174068A1 (en) Integrated Circuit Device That Includes A Secure Element And A Wireless Component For Transmitting Protected Data Over A Local Point-To-Point Wireless Communication Connection
TWI447583B (en) Data protecting method, memory controller and memory storage device
US20100058066A1 (en) Method and system for protecting data
CN100437618C (en) Portable information safety device
US20100082898A1 (en) Methods to securely bind an encryption key to a storage device
TW200527293A (en) A computer system employing a trusted execution environment including a memory controller configured to clear memory
KR20060119989A (en) Device for secure access to digital media contents, virtual multi-interface driver and system for secure access to digital media contents
US20180341774A1 (en) Techniques for coordinating device boot security
US20100115201A1 (en) Authenticable usb storage device and method thereof
US20080140946A1 (en) Apparatus, system, and method for protecting hard disk data in multiple operating system environments
TWI446172B (en) Memory storage device, memory controller thereof, and access method thereof
CN103257938A (en) Data protection method, memory controller and memory storage device
CN1234130C (en) System guiding device base on core and method for realizing said guide
EP3812932B1 (en) Method and portable storage device with internal controller that can self-verify the device and self-convert the device from current mode to renewed mode without communicating with host
JP4767619B2 (en) External storage device and SBC control method
CN201549223U (en) Trusted secure portable storage device
US20140372653A1 (en) Storage Device with Multiple Interfaces and Multiple Levels of Data Protection and Related Method Thereof
CN101770431A (en) Storage device capable of certifying and data protection method
WO2010151722A1 (en) Accessing a serial number of a removable non-volatile memory device
CN110472443A (en) A kind of local device of data security methods and belt switch
CN114153280A (en) Computer mainboard
CN113051533A (en) Safety management method of terminal equipment
CN102375958B (en) The method of restricting accessing of files
JP2004021581A (en) Guide device and guide method for flash memory system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20100707