Method with memory storage and the memory partition of subregion
Technical field
Various embodiment of the present invention relates generally to memory storage, particularly has the method for memory storage and the memory partition of medium.
Background technology
Memory storage has storage medium conventionally, such as magnetic disk media and flash memory.USB flash drive has become a popular memory storage.These devices are generally of portable form, and in inserting computing machine, become an extra memory storage or medium and are used by user or application program.
Safety is to become a hot issue in recent years, and the security of memory storage is also paid close attention to.Generally, sensitive information is stored in a memory storage, if but by unallowed people, accessed, with regard to easy generation problem.Yet the versatility of these flash disks and ease for use make domestic consumer can access them.
At present, security is to specify a password by the storage content to whole flash disk (typically referring to " memory stick " or " flash disk ").Yet, except previously described method, the flexible configuration of having no idea flash disk.
Therefore, be necessary to configure neatly thering is the memory storage of storage medium.
Summary of the invention
For the problems referred to above, the object of this invention is to provide an a kind of method that can overcome memory storage and memory partition of the problems referred to above.
A memory storage that comprises disk controller and coupled nonvolatile memory, for storing one or more passwords.Described memory storage further comprises has the medium that surpasses a subregion, and disk controller makes each subregion to determine whether by one or more user, accessed according to one or more passwords of prior storage.
In above-mentioned memory storage, this memory storage also comprises authentication module, and this authentication module is connected with this disk controller and responds this user, and this authentication module is used for identifying this user.
In above-mentioned memory storage, this authentication module response is from this user's biological characteristic, sound or key-press input.
In above-mentioned memory storage, this disk controller is connected with main frame by interface.
In above-mentioned memory storage, this interface is SATA, IDE, SAS, PCI/PCIE, SCSI or USB.
In above-mentioned memory storage, this memory storage also comprises encrypting module, and this encrypting module is connected with this medium with data buffer and is encrypted operation according to this first password and this second codon usage.
In above-mentioned memory storage, this encrypting module adopts AES, GOST, ECC, Zu Chongzhi, RSA or DES/3DES cryptographic algorithm.
In above-mentioned memory storage, this memory storage also comprises deciphering module, and this deciphering module is connected with this medium with this data buffer and is decrypted operation according to this first password and this second codon usage.
In above-mentioned memory storage, this nonvolatile memory is positioned at microprocessor internal.
In above-mentioned memory storage, this nonvolatile memory position is positioned at microprocessor outside.
In above-mentioned memory storage, this nonvolatile memory is flash memory, CD or tape.
In above-mentioned memory storage, this memory storage is USB flash drive.
In above-mentioned memory storage, this memory storage is with as lower interface: SATA, IDE, SCSI, SAS, the hard disk of one of PCI/PCIE.
A method for memory partition, comprising:
First password receiving;
Receive second password;
According to this first password, determine that first user accesses first subregion of nonvolatile memory;
According to this second password, determine that second user accesses this first subregion;
According to this second password, allow this second user to access second subregion of this nonvolatile memory; With
Stop this first user to access this second subregion.
In the method for above-mentioned memory partition, the method also comprises this first password of encryption and decryption.
In the method for above-mentioned memory partition, the method adopts AES, GOST, ECC, Zu Chongzhi, the encryption of RSA or DES/3DES.
In the method for above-mentioned memory partition, the method also comprises this second password of encryption and decryption.
In the method for above-mentioned memory partition, the method adopts AES, GOST, ECC, Zu Chongzhi, the encryption of RSA or DES/3DES.
Compared with prior art, the method for memory storage of the present invention and memory partition, by one or more passwords are set, make corresponding user can be identified authority, thereby can configure neatly memory storage.
Accompanying drawing explanation
Fig. 1 shows a memory storage 10 according to an embodiment of the invention.
Fig. 2 shows the further details of a disk controller 12 according to another preferred embodiment.
Fig. 3 shows the another one embodiment of the memory storage 10 of Fig. 1, is the USB flash drive with two subregions.
Fig. 4 shows another embodiment of the memory storage 10 of Fig. 1, is the SATA interface hard disk with two subregions.
Embodiment
Specific embodiment of the present invention and method publicity memory storage with disk controller and nonvolatile memory and can the one or more passwords of operation store.This memory storage further comprises the medium that surpasses a subregion, and this disk controller makes each subregion can be by one or more passwords of having deposited by one or more user's access visits.
A memory storage with medium has below been described.This medium is as described below, is partly or entirely divided into the subregion of different level of securitys, thereby improve, uses dirigibility and security.
Referring now to Fig. 1,, a memory storage 10 in showing according to one embodiment of present invention.Memory storage 10 comprises 12, one authentication modules 14 of a disk controller, a kind of nonvolatile memory 16 and medium 18.Disk controller 12 is connected with a main frame by interface 26.The connection of disk controller 12 and module 14 and nonvolatile memory 16.The input that authentication module 14 receives from user by the interface 4 between user and device, for example, by keyboard, fingerprint, iris, voice, or the biological characteristic of other type.
Disk controller 12 is connected with medium 18 by Media Interface Connector 28.As further expressing below, disk controller 12 has encryption and decryption ability.The one or more passwords of nonvolatile memory 16 storage, medium 18 comprises subregion A20 and subregion B22.
In some embodiments of the invention, medium 18 is a disk controller or an or flash memory.Memory storage 10 can adopt various application, and one of them is USB dish.Main frame and memory storage 10 communicate by interface 26, can be hard disk or flash card.
In the exemplary embodiment, interface 26 is SATA, IDE, SAS, USB, burst disk (SD) or mmc card.In an exemplary embodiment, nonvolatile memory 16 is flash memories, CD or tape.
In operating process, authentication module 14 receives users' input, and carries out user and authenticate.Just as noted earlier, the example of such input is voice, bio-identification, or keyboard keystroke.In addition, customer-furnished one or more password is passed to module 14.Module 14 receives from user's information and communicates by letter to disk controller 12, and these information may or may not can be encrypted.Disk controller 12 is stored in the password of receiving in nonvolatile memory 16.With nonvolatile memory, store password extremely important, even because after power down, password is still held.
In some embodiments of the invention, nonvolatile memory 16 is in disk controller 12.Disk controller 12 utilizes the password being stored in nonvolatile memory 16 to come release to subregion A20 or subregion B22 or both access.That is, the access rights that are allowed to or arrange according to user, the different subregion of storer or two subregions can be accessed by the user.Yet, Subscriber Locked, outside a specific subregion, can be prevented to user accesses this specific subregion.As everyone knows, although only have two subregions shown in Fig. 1 in embodiment, can adopt the subregion of any amount.
Perhaps, concrete example will contribute to understand better the effect of the medium 18 of subregion.In commercial affairs, all information that wherein responsible official need to access, responsible official may be allowed to any subregion A or the B of access, but the office worker who reports to responsible official may be assigned to more low-level access rights, accesses subregion A as being merely able to.There are many reasons to make various users there is different safe classes.In operating process, responsible official grasps all passwords can allow subregion A that he/her accesses and B enter, inputs one of them password, and the certified module of password receives.If need to have access to other subregions, responsible official can input different passwords.These passwords, once be identified by disk controller 12, just become the mark that different users can access respective partition.For example, password A can only access subregion A20 and password B can access two subregion A and B(20 and 22) or password B can only access subregion B.
In a kind of bypass mode, user always will provide password.
Fig. 2 shows the further details of disk controller 12 in another embodiment of the present invention.Disk controller 12 comprises interface protocol module 200, data buffer 202, microprocessor 204, encrypting module 210, deciphering module 206, selector switch 208, selector switch 212 and medium access interface 214.
Interface protocol module 200 is connected to main frame by interface 26, and receives information from main frame, is also connected to data buffer 202 and microprocessor 204 simultaneously.Data buffer 202 shows and is connected to module 14(Fig. 1), and therefrom receive password, be connected to microprocessor 204, selector switch 208 and encrypting module 210.Microprocessor 204 further shows and is connected to encrypting module 206 and deciphering module 210.Encrypting module 210 shows and is connected to selector switch 212, and this is to connect by medium access interface 214.Equally, deciphering module 206 is to be connected to selector switch 208 and medium access interface 214.Selector switch 208 shows and is connected to data buffer 202.Medium access interface 214 shows and is connected to selector switch 208, and data buffer 202 shows and is connected to selector switch 212.Selector switch 212 and 208 an exemplary enforcement are to realize with multiplexer.
In operation, according to the direction of main frame, data buffer stores the information providing by interface 26 into interface protocol 200.Data buffer 202 is also preserved Fig. 1 from nonvolatile memory 16() password that obtains.Selector switch 212 is controlled according to the direction of microprocessor 204, and the data transmission obtaining from data buffer 202 or encrypting module 210 is gone out.210 pairs of data of encrypting module are encrypted, and comprise password.The example that encrypting module 210 is realized can be AES, GOST, ECC, Zu Chongzhi, RSA, DES/3DES, or its suitable cryptographic algorithm.Deciphering module 206 is decrypted the enciphered data of receiving (comprising password), and offers selector switch 208, then decryption information is given to data buffer 202.
Fig. 3 shows the memory storage 300 of another embodiment of the present invention, is similar to the memory storage 10 in Fig. 1, is a USB flash drive that has two subregions.In one exemplary embodiment and method, user 301 is by keying input information and by 40 inputs of keyboard input interface, as password.Password is stored in piece 302.Storer is dish medium 304, is flash memories in an embodiment of the present invention.The disk partition without any form protection that dish medium 304 comprises an acquiescence, for example subregion 306, and comprise password-protected 302, and subregion 308.With hour indicator medium 304, also comprise the flash memory space 310 of storing a series of passwords.The in store memory storage 300 in space 310 all passwords used.In the embodiment shown in fig. 3, disk controller 12 is connected with usb host 303 by usb bus interface 26.
Fig. 4 shows the memory storage 400 of another embodiment of the present invention, is similar to the memory storage 10 in Fig. 1, is a SATA interface hard disk that has two subregions.As shown in Figure 4, module 12 comprises EEPROM on the sheet of preserving password, and piece 402.Piece 402 is preserved memory storage 400 password used in EEPROM.Disk controller 12 is connected by SATA bus 404 with SATA main frame 403.Piece 408 from user 401 by the take the fingerprint password of form of fingerprint input interface 412(.Dish medium 406 can be the dish medium of tape or other types.Dish medium 406 shows and comprises subregion A and subregion B.In this example, subregion A can only open with password A, and subregion B can be opened by password A or password B.
Although only provided the description to specific embodiment, these specific embodiment are only illustrative, rather than restrictive.
The above, only embodiments of the invention, not the present invention is done to any pro forma restriction, although the present invention discloses as above with embodiment, yet not in order to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, when can utilizing the technology contents of above-mentioned announcement to make a little change or being modified to the equivalent embodiment of equivalent variations, in every case be not depart from technical solution of the present invention content, any simple modification of above embodiment being done according to technical spirit of the present invention, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.