CN112733122A - Storage device with hot plug safety protection mechanism SATA interface - Google Patents

Storage device with hot plug safety protection mechanism SATA interface Download PDF

Info

Publication number
CN112733122A
CN112733122A CN201910973997.1A CN201910973997A CN112733122A CN 112733122 A CN112733122 A CN 112733122A CN 201910973997 A CN201910973997 A CN 201910973997A CN 112733122 A CN112733122 A CN 112733122A
Authority
CN
China
Prior art keywords
storage device
control unit
host
computer
physical layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910973997.1A
Other languages
Chinese (zh)
Other versions
CN112733122B (en
Inventor
刘博荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Apacer Technology Inc
Original Assignee
Apacer Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Apacer Technology Inc filed Critical Apacer Technology Inc
Priority to CN201910973997.1A priority Critical patent/CN112733122B/en
Publication of CN112733122A publication Critical patent/CN112733122A/en
Application granted granted Critical
Publication of CN112733122B publication Critical patent/CN112733122B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4812Task transfer initiation or dispatching by interrupt, e.g. masked

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention aims at a storage device with a hot-plug safety protection mechanism SATA interface. According to the scheme of the invention, an interrupt control program in the storage device is assigned to the physical layer pin in the signal channel, when the signal flat cable is pulled out under the condition that the SATA interface power flat cable is not pulled out, the physical layer pin is in a closed state to trigger the interrupt control program, and the control unit starts the protection action on the storage device according to the triggered interrupt control program.

Description

Storage device with hot plug safety protection mechanism SATA interface
Technical Field
The present invention relates to a storage device, and more particularly, to a storage device with a SATA interface having a hot-swap security protection mechanism.
Background
With the powerful functions and wide application fields of computer equipment, peripheral devices (peripherals) also have more flexibility and advanced functions. For example, in the past, peripheral devices or components, especially storage devices such as HDD mechanical hard disks, SSD solid state disks, etc., must be replaced by plugging or unplugging the devices when the host computer is powered off. However, when the peripheral devices or components are connected to the host computer through an interface with hot plug (hot plug) function, such as USB, PCIe, SATA …, the devices can be replaced without powering off the host computer.
Taking the SATA interface as an example, when connecting storage devices such as SSD and HDD through the SATA interface, the SATA interface can directly remove a signal bus between the host computer and the storage device when the SATA power bus is not removed and is still powered on, and connect the storage device to another host computer through another signal bus. In the absence of a specific security protection mechanism, the storage device using the SATA interface can easily allow another computer host to directly access data in the storage device, that is, the current SATA interface storage device does not have any security protection measures in the hardware layer, which makes some other persons who are not useful able to steal data in the storage device through another computer host.
Therefore, an effective solution to the security risk of the storage device that is connected to the signal cable and the power cable separately and supports hot plugging must be provided.
Disclosure of Invention
Embodiments of the present invention provide a storage device with a SATA interface for hot-swap security protection mechanism to solve the above problems. The storage device is connected to a computer host in a pluggable manner and comprises a storage unit and a control unit. The storage unit is used for storing data of the storage device. The control unit is connected to the storage unit and comprises a power channel and a signal channel. The power channel is connected with a power supply end of the computer host in a pluggable manner. The signal channel is connected with a control interface of the computer host in a pluggable way, the signal channel is provided with a physical layer pin, the control unit assigns an interrupt service program to the physical layer pin, and when the storage device is connected with the computer host, the physical layer pin is in a starting state. When the control interface is disconnected with the signal channel, the physical layer pin is in a closed state and triggers the interrupt service program, and the control unit is used for protecting the storage unit according to the triggered interrupt service program.
According to an embodiment of the present invention, the physical layer pin is a PHYRDY pin of the SATA interface of the storage device.
According to an embodiment of the present invention, the control unit is configured to generate a flag to indicate that the storage device is in an unsafe state when the interrupt service routine is triggered. The control unit is used for performing the protection action on the storage unit according to the flag.
According to an embodiment of the present invention, the control interface is disconnected from the signal channel, and the power channel is connected to the power supply terminal of the computer host to keep in a power supply state of the computer host during the protection operation performed on the storage unit by the control unit.
According to an embodiment of the present invention, wherein the protection action comprises at least one of: and changing the read-write authority of at least one range of the storage unit by using the TCG-OPAL standard, and performing read protection and write protection on the storage device.
According to an embodiment of the present invention, the control unit is further configured to continuously obtain a unique identification code of the computer host through the signal channel, and perform the protection operation on the storage unit when the unique identification code cannot be obtained or the unique identification code is changed.
According to an embodiment of the present invention, after the control unit performs the protection operation on the storage unit, and when the signal channel is further connected to a control interface of a host computer, the control unit is configured to perform a recovery mechanism.
According to an embodiment of the present invention, the recovery mechanism comprises at least one of the following: the control unit informs an application program of the computer host to carry out security authentication, and the control unit checks the consistency of a unique identification code of the computer host.
According to the embodiment of the invention, the storage device is an SSD solid state disk or an HDD mechanical hard disk.
The storage device of the SATA interface has a hot plug safety protection mechanism, and when the power supply flat cable of the SATA interface is not pulled out, the protection action on the storage device is started when the signal flat cable is pulled out, so that a person with no purpose can be effectively prevented from being connected to another computer host to steal data by only pulling out the signal flat cable.
Drawings
FIG. 1 is a block diagram illustrating an embodiment of a storage device with a SATA interface for hot-swap security protection mechanism connected to a computer host according to the present invention.
FIG. 2 is a block diagram illustrating an embodiment of a storage device being removed from and inserted into a computer host according to the present invention.
[ List of reference numerals ]
1 storage device
10 control unit
12 power supply channel
14 signal path
141 physical layer pin
16 interrupt control program
20 storage unit
5. 6 computer host
51 application program
52 power supply terminal
54. 64 control interface
Detailed Description
Certain terms are used throughout the description and following claims to refer to particular elements. As one of ordinary skill in the art will appreciate, manufacturers may refer to a component by different names. This description and the appended claims do not intend to distinguish between components that differ in name but not function. In the following description and in the claims, the terms "include" and "comprise" are used in an open-ended fashion, and thus should be interpreted to mean "include, but not limited to. Furthermore, the terms "coupled" or "connected" are used herein to encompass any direct and indirect electrical or structural connection. Thus, if a first device couples to a second device, that connection may be through a direct electrical/structural connection, or through an indirect electrical/structural connection via other devices and connections.
Referring to fig. 1, fig. 1 is a block diagram illustrating an embodiment of a storage device with a SATA interface for hot-swap security protection mechanism connected to a computer host according to the present invention. In the embodiment of the present invention, the storage device 1 is described as a SATA interface with hot plug (hot plug), and the signal (data) cable and the power cable are separately plugged, but not limited thereto, all interfaces and devices that can be hot plugged and can still maintain the power supply from the host computer to the device when the signal cable is unplugged are suitable for the security protection mechanism of the present invention. In the embodiment of fig. 1, the storage device 1 includes at least one storage unit 20 and a control unit 10. The control unit 10 includes a Micro Controller Unit (MCU) and a firmware structure in the storage device 1, and is connected to the storage unit 20 for controlling the storage unit 20 and communicating with the external host computer 5. The storage unit 20 is a container of the storage device 1 for mainly storing data, and is not limited to a usable physical form in the present invention, and may be a Hard Disk Drive (HDD) including a magnetic disk and a mechanical reading arm, or may be a Solid State Drive (SSD) capable of random access.
The control unit 10 has a power channel 12 and a signal (data) channel 14, which are connected independently, the power channel 12 is connected to a power supply terminal 52 of a host computer 5 in a pluggable manner to obtain power supply of the host computer 5, the signal channel 14 is connected to a control interface 54 of the host computer 5 in a pluggable manner, such as a standard storage device control interface, so that the host computer 5 can access data in the storage device 1 through the signal channel 14. In the SATA interface specification, the signal channel 14 performs operations of clocking, physical connection, device verification, error correction, transmission … … and the like of data by using a SATA control block, wherein the signal channel 14 has a physical layer pin 141, in the preferred embodiment of the present invention, the physical layer pin 141 is a PHYRDY pin in the SATA interface, but not limited thereto, and may be any existing pin that is used as a physical layer connection verification signal in other specifications, that is, when the storage device 1 is connected to the control interface 54 of the host computer 5 through a signal/data cable, the physical layer pin 141 is in an enabled (enabled) state, and when the signal channel 14 of the storage device 1 is disconnected from the control interface 54 of the host computer 5, that is, when the physical layer pin 141 is not connected, the physical layer pin 141 is in a disabled (disabled) state. The physical layer pin 141 can reflect the physical connection status, and the control unit 10 of the storage device 1 assigns an Interrupt Service Routine 16 (ISR) to the physical layer pin 141, and sets the Interrupt Service Routine 16 to be triggered when the physical layer pin 141 is in an off state, i.e., when the storage device 1 is not physically connected to the control interface 54 of any computer host 5.
Referring to fig. 2, fig. 2 is a block diagram illustrating an embodiment of a storage device unplugged from a computer host and plugged into another computer host according to the present invention. When the storage device 1 for the hot-swap SATA interface is not powered off, i.e., the power channel 12 is continuously connected to the power supply terminal 52 of the host computer 5 to keep on the power supply state of the host computer 5, in order to prevent the signal channel 14 of the storage device 1 from being disconnected from the control interface 54 of the original host computer 5 and then being connected to another host computer 6, which may cause data theft, when the storage device 1 is connected to the host computer 5, and when the signal/data cable of the SATA interface is pulled out, i.e., the control interface 54 is disconnected from the signal channel 14, the physical layer pin 141 is in the off state and triggers the interrupt service routine 16, and the control unit 10 can perform a protection operation on the storage unit 20 according to the triggered interrupt control routine 16. Specifically, in one embodiment, when the interrupt control program 16 is triggered, the control unit 10 may generate a flag (flag) to indicate that the storage device 1 is in an unsafe state, and further, according to the unsafe state indicated by the flag, modify the data read/write permission or perform other possible protection measures for part or all of the storage unit 20, such as: although the present invention is not limited to this, any algorithm mechanism that can exert a purposeful restriction on access to a part or all of the contents in the storage unit 20 can be used as the protection operation initiated by the present invention, such as changing the read/write authority of at least one range of the storage unit 20 using the TCG-OPAL standard, performing read protection of the entire device by the storage device 1 itself, and performing write protection … … of the entire device by the storage device 1 itself.
After the protection operation, the storage device 1 can effectively protect the data content in the storage device 1 by the protection operation regardless of whether the original host 5 or the control interface 64 of the other host 6 is connected (and the power channel 12 is still connected to the power supply terminal 52 of the original host 5). In another embodiment of the present invention, the unique identification codes of the computer hosts 5 and 6 can be further utilized to perform further layer of verification and protection. The computer hosts 5, 6 may have an application 51 installed therein, and the application 51 may collect data related to the computer host 5, and use the data to make the unique identifier of the computer host 5 through a formula (or may not use the application 51, and only directly use any computer host 5, 6 to uniquely mark the native content of the computer host), that is, the unique identifier of each computer host 5, 6 is uniquely bound to the computer host (for example, the network adapter card address usually configured in the computer hosts 5, 6 may be used as the unique identifier or a part thereof). The unique identifier can be transmitted to the storage device 1 in data packets after the connection between the established signal channel 14 and the control interface 54.
According to the unique identification code of the host computer 5, the control unit 10 can continuously obtain the unique identification code through the signal channel 14 to know that the storage device 1 is still continuously connected to the original secure host computer 5. When the control unit 10 cannot obtain the unique identification code of the host computer 5 or the unique identification code received due to any possible reason is changed, the control unit 10 determines that the storage device 1 is no longer in data connection with the host computer 5, so that the storage unit 20 can be protected as described above, and the storage device 1 can more accurately determine the connection state of the current SATA data interface.
Specifically, after the control unit 10 performs the above-mentioned protection operation on the storage unit 20, the storage device 1 is connected to a host computer (which may be the original host computer 5 or the strange host computer 6) again, that is, when the signal channel 14 is connected to the control interfaces 54 and 64 of the host computers 5 and 6 again, the control unit 10 may perform a recovery mechanism, for example, the control unit 10 may notify an application program of the host computers 5 and 6 to perform security authentication again, that is, when the signal channel 14 of the storage device 1 is disconnected from the control interfaces 54 and 64 and reconnected to the original host computer, security authentication for access to the storage device 1 needs to be performed again. The control unit 10 can also check the consistency of the unique identification codes of the hosts 5 and 6, and when the unique identification code obtained after reconnection is the same as the unique identification code obtained before the interruption of the signal channel 14 and the control interface 54, the protection action can be released without performing additional security authentication.
The invention aims at a storage device with a hot-plug SATA interface, an interrupt control program in the storage device is assigned to a physical layer pin in a signal channel, when a signal flat cable is pulled out under the condition that a power flat cable of the SATA interface is not pulled out, the physical layer pin is in a closed state to trigger the interrupt control program, and a control unit starts the protection action on the storage device according to the triggered interrupt control program so as to prevent a person with no worry from being connected to another computer host to steal data by only pulling out the signal flat cable.
The above-mentioned embodiments are merely preferred embodiments of the present invention, and all equivalent changes and modifications made by the claims of the present invention should be covered by the scope of the present invention.

Claims (10)

1. A storage device with SATA interface of hot plug security protection mechanism is provided, which is connected to a host computer in a pluggable manner, the storage device comprising:
a storage unit for storing data of the storage device; and
a control unit connected to the storage unit, the control unit comprising:
a power channel, which is connected with a power supply end of the computer host in a pluggable way; and
a signal channel connected with a control interface of the computer host in a pluggable way, the signal channel is provided with a physical layer pin, the control unit assigns an interrupt service program to the physical layer pin, when the storage device is connected with the computer host, the physical layer pin is in a starting state,
when the control interface is disconnected with the signal channel, the physical layer pin is in a closed state and triggers the interrupt service program, and the control unit is used for protecting the storage unit according to the triggered interrupt service program.
2. The storage device of claim 1, wherein the physical layer pin is a PHYRDY pin of a SATA interface of the storage device.
3. The storage device as claimed in claim 1, wherein the control unit is configured to generate a flag to indicate that the storage device is in an unsafe state when the interrupt service routine is triggered.
4. The storage device as claimed in claim 3, wherein the control unit is configured to perform the protection operation on the storage unit according to the flag.
5. The storage device as claimed in claim 1, wherein the control interface is disconnected from the signal channel, and the power channel is connected to the power supply terminal of the host computer to keep in a power supply state of the host computer during the protection operation of the control unit on the storage unit.
6. The storage device of claim 1, wherein the protection action comprises at least one of: and changing the read-write authority of at least one range of the storage unit by using the TCG-OPAL standard, and performing read protection and write protection on the storage device.
7. The storage device as claimed in claim 1, wherein the control unit is further configured to continuously obtain a unique identification code of the host computer through the signal channel, and perform the protection operation on the storage unit when the unique identification code cannot be obtained or the unique identification code is changed.
8. The storage device as claimed in claim 1, wherein the control unit is configured to perform a recovery mechanism after the control unit performs the protection operation on the storage unit and when the signal channel is further connected to a control interface of a host computer.
9. The storage device of claim 8, wherein the recovery mechanism comprises at least one of: the control unit informs an application program of the computer host to carry out security authentication, and the control unit checks the consistency of a unique identification code of the computer host.
10. The storage device of claim 1, wherein the storage device is an SSD solid state disk or an HDD mechanical hard disk.
CN201910973997.1A 2019-10-14 2019-10-14 Storage device with hot plug safety protection mechanism SATA interface Active CN112733122B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910973997.1A CN112733122B (en) 2019-10-14 2019-10-14 Storage device with hot plug safety protection mechanism SATA interface

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910973997.1A CN112733122B (en) 2019-10-14 2019-10-14 Storage device with hot plug safety protection mechanism SATA interface

Publications (2)

Publication Number Publication Date
CN112733122A true CN112733122A (en) 2021-04-30
CN112733122B CN112733122B (en) 2024-01-12

Family

ID=75588495

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910973997.1A Active CN112733122B (en) 2019-10-14 2019-10-14 Storage device with hot plug safety protection mechanism SATA interface

Country Status (1)

Country Link
CN (1) CN112733122B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102339236A (en) * 2010-07-21 2012-02-01 英业达股份有限公司 Method for detecting pluggable storage device and electronic device
CN104679621A (en) * 2013-11-28 2015-06-03 英业达科技有限公司 Hot plug system and method thereof
CN105320580A (en) * 2014-07-11 2016-02-10 宇瞻科技股份有限公司 Data storage system with information safety protecting function
CN108228109A (en) * 2018-01-17 2018-06-29 合肥联宝信息技术有限公司 Protection data method, device and the computer storage media of a kind of electronic equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102339236A (en) * 2010-07-21 2012-02-01 英业达股份有限公司 Method for detecting pluggable storage device and electronic device
CN104679621A (en) * 2013-11-28 2015-06-03 英业达科技有限公司 Hot plug system and method thereof
CN105320580A (en) * 2014-07-11 2016-02-10 宇瞻科技股份有限公司 Data storage system with information safety protecting function
CN108228109A (en) * 2018-01-17 2018-06-29 合肥联宝信息技术有限公司 Protection data method, device and the computer storage media of a kind of electronic equipment

Also Published As

Publication number Publication date
CN112733122B (en) 2024-01-12

Similar Documents

Publication Publication Date Title
US8166220B2 (en) Device for connection with a storage device and a host
US10515040B2 (en) Data bus host and controller switch
US8904054B2 (en) Method and apparatus for mode switching of interface ports
US7725608B2 (en) Enabling and disabling device images on a platform without disrupting BIOS or OS
US10365840B2 (en) System and method for providing a secure airborne network-attached storage node
MXPA02008913A (en) System and method for connecting a universal serial bus device to a host computer system.
EP2798428B1 (en) Apparatus and method for managing operation of a mobile device
TWM365529U (en) Data access apparatus and processing system using the same
US10013172B2 (en) Electronic data storage device with multiple configurable data storage mediums
JP2002529853A (en) Write protected disk cache apparatus and method for subsystem hard disk with large capacity memory
CN112733122A (en) Storage device with hot plug safety protection mechanism SATA interface
CN112835426A (en) Desktop computer based on Feitengrui D2000 processor
CN110673863B (en) Intelligent lock system supporting pluggable external storage and intelligent upgrading method
TWI723575B (en) Hot plug sata storage device with security protection mechanism
US7262706B2 (en) Detection of connection and disconnection of computer peripheral
CN201063240Y (en) Mobile hard disk with read-write protection switch
CN106709379B (en) PCIe network bridge conversion device and method
US20060195653A1 (en) Switchable mass storage system
TWI410799B (en) Detecting apparatus
TWI735869B (en) Storage control device and control method thereof
US20170228333A1 (en) Reader/writer device, information processing device, and data transfer control method, and program
TWI405086B (en) Usb interface apparatus with security control and management function
EP4365765A1 (en) Memory system
KR101631655B1 (en) Information security apparatus and controlling method thereof
CN111221766B (en) CD driver bit data backup box

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant