CN1277219C - Method for protecting data of storage unit and system - Google Patents
Method for protecting data of storage unit and system Download PDFInfo
- Publication number
- CN1277219C CN1277219C CN 03100473 CN03100473A CN1277219C CN 1277219 C CN1277219 C CN 1277219C CN 03100473 CN03100473 CN 03100473 CN 03100473 A CN03100473 A CN 03100473A CN 1277219 C CN1277219 C CN 1277219C
- Authority
- CN
- China
- Prior art keywords
- user
- data
- storage element
- partition table
- processing equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a method for protecting the data of a storage unit and a system thereof. The method for protecting the data of a storage unit comprises the following steps: the method previously causes a user to arrange a user identifying module into a memory unit under a normal operating system of a data processing device; after an identifying code set by the user is coded and encrypted by the user identifying module, the identifying code is stored into the storage unit; the data of a partition table is coded and encrypted by the user identifying module, and then the data is stored to an appointed storage unit position; the data of the partition table is deleted by the user identifying module; whether the identifying code input by the user is correct is judged by the user identifying module when the user switches on a power supply of the data processing device again, the coded and encrypted data of the partition table is decoded and reduced if the identifying code is correct, and the data is also covered to a correct distribution table position for normal starting-up operation; if the identifying code is not correct, the program of the normal starting-up operation is stopped.
Description
Technical field
The invention relates to a kind of storage element data guard method and system, particularly about a kind of method and system that is applied in the data processing equipment of hard disk storage element.
Background technology
Because electronic information science and technology is at a tremendous pace, has become a part indispensable in our daily life such as data processing equipments such as personal computer or notebook computers.The user carries out the simple Data Processing except carrying out programming by this data processing equipment, can also pass through powerful calculation function, as sound, image or the audio and video communication media of multimedia document such as combine, in other words, the user can carry out work such as multimedia editing and broadcast by this data processing equipment.On the other hand, because wired and wireless network communication environment is increasingly mature, the volume of adding this data processing equipment is more and more compact, is convenient to the user and carries out obtaining of information in moving.Based on above-mentioned all objective environment factors, the user is subjective also more pleased to have network by this and connects data processing equipment with data-transformation facility and carry out the search of information and obtain.
Brought forward is described, though we can enjoy the information facility of circulation fast by this data processing equipment, but what the user worried on the other hand is the problem of data security, the user must further consider the confidentiality of information, because in the past on the paper data in operation period all be recorded in written on, now data processing equipment had, storage device as forms such as hard disks, can provide the user to write down a large amount of literal, image or archives such as audio-visual are therein, though significantly reduced the volume of file, relative also easier the stealing and duplicating of data of carrying out.For example, the third party can pass through such as simple mode such as floppy disk, CD baking even Network Transmission, can be with required document copying or transmission.
The data protection technology of existing data processing equipment is outer have following several: by safety (Securty) function that is provided in the ROM-BIOS (BIOS); setting identification code (password); the user is in start (power-on) process of carrying out this data processing equipment; this ROM-BIOS can require the user to import identification code; judge by the identification code content whether the user has the right to use this data processing equipment; if this ROM-BIOS just can continue to carry out follow-up boot program.The another kind of form person of being to use is after entering operating system, data according to individual operating environment that sets or storage defines an identification code, is opened the operating environment of corresponding identification code or stores data according to the identification code that the different users imported by operating system and use for the user.
Method by above-mentioned ROM-BIOS protection; the third party only needs (the BIOS Reset Jumper) short circuit of the replacement of the ROM-BIOS on motherboard end; or connect again behind the battery on the motherboard of dismantling, all can reach the purpose of invading this setting ROM-BIOS content.The latter after the user is by the alternate manner start, as with floppy disk or CD start, still can read the data in the hard disk by the mode of operating system protection.For the user, all can't reach desirable protection purpose.
Summary of the invention
For solving the shortcoming of above-mentioned prior art, fundamental purpose of the present invention is to provide a kind of storage element data guard method and system, by partition table is encrypted, hidden, prevents that illegal user from entering operating system to carry out data access.
Another object of the present invention is to provide a kind of storage element data guard method and system,, can reach the purpose of protection storage element data by the program control mechanism of software or firmware.
For reaching above-described purpose, storage element data protection system of the present invention comprises: extract the CPU (central processing unit) of signal, coding and decoding and execution command function in order to this storage element data protection system to be provided; In order to the ROM-BIOS that stores this data processing equipment and the mnemon of other software routines; In order to provide this data processing equipment to store the storage element that comprises operating system program and other program or data; Reside in this mnemon,, and be stored in ad-hoc location in this storage element in order to identification code that the user is set coding encrypting in addition; In addition, can also be with partition table data coding encrypting in addition, be stored in the ad-hoc location of this storage element, and when the user starts shooting the correct identification code of input again, after these partition table data of taking-up are deciphered reduction in this storage element, covering is proceeded user's identification module of normal in-cycle work program to this partition table tram for this data processing equipment.
By above-mentioned storage element data protection system, carrying out the storage element data guard method is in advance this user's identification module to be mounted in this mnemon, then carry out following step: at first, after the identification code that makes this user's identification module that the user is set is carried out coding encrypting, be stored in the ad-hoc location of this storage element; Secondly, make this user's identification module that the partition table data are carried out coding encrypting after, and be stored to the storage element position of an appointment; Moreover, make this user's identification module with this partition table data deletion; At last, make this user's identification module when the user opens this data processing equipment power supply again, judge whether the identification code of user's input is correct, if, then the partition table data decoding with this coding encrypting reduces, and covers to correct allocation table position, carries out normal in-cycle work; If not, then end normal in-cycle work program.
With existing storage element data guard method and systematic comparison; storage element data guard method of the present invention and system; in order to the user to be provided the only user's recognition mechanism by carrying out, just can prevent that the user with rights of using from opening this data processing equipment arbitrarily and carrying out the access of data in the storage element in boot program.
Description of drawings
Fig. 1 is an application architecture synoptic diagram, is applied to the system architecture on the personal computer in order to show execution storage element data protection system of the present invention;
Fig. 2 is a block schematic diagram, in order to show the mutual relationship of unit and intermodule in the storage element data protection system of the present invention; And
Fig. 3 (A) and Fig. 3 (B) are process flow diagrams, in order to show the process step of carrying out storage element data guard method of the present invention.
Embodiment
Embodiment
Please participate in Fig. 1; in following examples; storage element data guard method of the present invention and system 100; be to be applied in existing personal computer 200 frameworks; below only just relevant with storage element data guard method of the present invention and system 100 unit and module are narrated; as for other such as display units such as input blocks such as keyboard or mouse and screen etc., all no longer explanations.
See also Fig. 2, this storage element data protection system 100 comprises: CPU (central processing unit) 110, mnemon 120, storage element 130 and user's identification module 140.
This CPU (central processing unit) 110 is in order to the function that provides this storage element data protection system 100 to extract signal, coding and decoding and execution command, and can be by data transfer path such as bus etc., to transmit and the reception data from other Energy Resources Service.
This mnemon 120 is to comprise ROM-BIOS and other software program and/or routine in order to provide this storage element data protection system 100 to store.Its character belongs to and does not have volatile mnemon, just after the working power of this personal computer 200 is cut off, the data that is stored in this mnemon can not disappear, when the user activates the working power of this personal computer 200, can carry out such as this ROM-BIOS, finish the boot program of this personal computer 200.This mnemon 120 can be electric EEPROM (ElectricallyErasable Programmable Read Only Memory again; EEPROM) or flash memory (FlashMemory).Because above-mentioned storer all has with program rewritable characteristic, can provide the user to look actual conditions needs, renewal is wherein such as the program data content of ROM-BIOS etc.
This storage element 130 is to comprise operating system program and other program or data in order to provide this personal computer 200 to store.In the present embodiment, this storage element 130 is hard disk (HardDisk), and the function of this storage element 130 and framework are prior art, not repeat specification.
This user's identification module 140 is the software programs that reside in this mnemon, and in order to by this CPU (central processing unit) 110, the identification code that the user is set is coding encrypting and be stored in ad-hoc location in this storage element 130 in addition; In addition, can also pass through this CPU (central processing unit) 110, with partition table data coding encrypting and be stored in the ad-hoc location of this storage element 130 in addition; And open the working power of this personal computer 200 again the user, carry out boot program, and when importing correct identification code, in this storage element 130, take out this partition table data, deciphered the reduction back by this CPU (central processing unit) 110 and covered, proceeded normal in-cycle work program for this personal computer 200 to this partition table tram.
What need special instruction is, in the present embodiment, this partition table is meant this storage element 130 partition table of hard disk just, and existing hard disk is made up of a plurality of magnetic posts (cluster), magnetic head (head) and sector (sector), and the capacity of each sector is 512 bytes (byte).Wherein, the 1st sector of the 0th magnetic post, the 0th magnetic head is to be defined as dividing sector, and in this sector, front end is to store Main Boot Record (Master Boot Program; MBP); The rear end then is in order to store the partition table data.
Secondly, the boot program of this personal computer 200 is rough greatly down: the memory address 0FFFF0H by this mnemon 120 begins to carry out just (CS=FFFF, IP=0000).The contents of program of the ROM-BIOS of this personal computer on this 0FFFF0H address is:
「FFFF0:JMP START」
Jump to after the START, the ROM-BIOS of this mnemon 120 (ROMBIOS) at first can be done some initial inspection work, for example checks random access memory, keyboard, screen, disc driver etc.Can read in Main Boot Record then, ROM-BIOS can be given control Main Boot Record and be continued to carry out.In other words, can be divided into following step:
1. during computer booting, carry out ROM-BIOS earlier, with Main Boot Record (the Master Boot Record of these storage element 130 first sectors; MBR) write in the random access memory, shift the program code of control to the Main Boot Record again.
2. the whole primary partition table of Main Boot Record program code scans, and place a flag (flag) at first cut section, and this cut section is denoted as and can starts shooting.Then write random access memory, and control is passed to program code in this cut section.
3. via active program the system file in the disk (as IO.SYS and the MSDOS.SYS of MS-DOS) is loaded into random access memory, again control is given the system file of loading.
From the above, in the boot program of this personal computer 200, this partition table data has indispensable importance, if do not have this partition table data then system can't learn the situation of cutting apart of this storage element 130, also can't learn storage location, can't finish boot program smoothly certainly such as operating systems such as windows xp or LINUX.
Therefore; this user's identification module 140 i.e. the characteristic of the above-mentioned partition table of foundation; finish boot program by deletion partition table data with the user that blocking-up does not have rights of using, and then reach the purpose that stores data in the storage element 130 of this personal computer 200 of protection.
See also Fig. 3 (A), show that wherein storage element data guard method of the present invention is at the process step of carrying out storage element 130 data protections.Pre-shilling user installs this user's identification module 140 to this mnemon 120 under the normal running system of this personal computer 200, carry out step S301 immediately.
In step S301, after the identification code that makes this user's identification module 140 that the user is set is carried out coding encrypting, be stored in the ad-hoc location of this storage element 130.In the present embodiment, after this user's identification module 140 is mounted to this mnemon 120, this user's identification module 140 can require the user to set the usefulness of an identification code as the status identification, and this identification code can comprise the combination of any numeral, literal and symbol.After the user finished identification code and sets, this user's identification module 140 backed up to ad-hoc location in this storage element 130 with being about to this identification code coding encrypting, then carries out step S302.
In step S302, make this user's identification module 140 that the partition table data are carried out coding encrypting, and be stored to storage element 130 positions of an appointment.In the present embodiment, this user's identification module 140 is after the step that executes the identification code encrypted backup, with being about in this dividing sector in addition coding encrypting of these partition table data, and after coding encrypting is finished, this enciphered data is stored to another assigned address in this storage element 130, carries out step S303 immediately.
In step S303, make this user's identification module 140 with this partition table data deletion.In the present embodiment, after this user's identification module 140 is finished the step that allocation table data encrypt to store, in this mnemon 120, delete with being about to this allocation table data.Because this allocation table data deletion in this mnemon 120, again open the working power of this personal computer 200 the user, and carry out in the process of boot program, if can't import correct identification code, then this user's identification module 140 can not cover this allocation table data reducing correct allocation table sector, this personal computer 200 promptly can't be finished the normal boot-strap program, also can't enter operating system.
The practical operation step is then as described below.See also Fig. 3 (B), show when this and finish the personal computer 200 of data protection setting program, the person of being to use opens working power again, to carry out the process step in checking protection stage.
In step S311, make this user's identification module 140 in boot program, require the user to import identification code, then carry out step S312.
In step S312, make identification code that this user's identification module 140 judges user input whether be stored in this storage element 130 in identification code identical, if then carry out step S313; Then proceed to step S315 if not.
In step S313, the partition table data that make this user's identification module 140 will be stored in this storage element 130 are read, and cover to correct partition table data sector, then carry out step S314.
In step S314, make this personal computer 200 enter operating system, for there being the user of authority to carry out the access of data in this storage element 130 according to normal boot program.
In step S315, because of the user can't import correct identification code, then this user's identification module 140 can not carried out the step that the partition table data cover, relative, sector in this storage element 130 is cut apart and the operating system data can't be extracted by this program, so can't carry out normal in-cycle work program, reach the data that prevents in this storage element 130 of lack of competence user access.
In sum; storage element data guard method of the present invention and system; in order to the user to be provided the only user's recognition mechanism by carrying out, just can prevent that the user with rights of using from opening this personal computer 200 arbitrarily and carrying out the access of data in the storage element 130 in boot program.Even this storage element 130 is not known that the user of identification code removes, and still can't carry out the access of data by other computer installation, so as to reaching the purpose of data protection really.
Claims (12)
1. a storage element data guard method is applied on the data processing equipment with storage element, it is characterized in that, this storage element data guard method comprises:
After the identification code that makes user's identification module that the user is set is carried out coding encrypting, be stored to the ad-hoc location of this storage element;
Make this user's identification module that the partition table data are carried out coding encrypting and be stored to the storage element position of appointment;
Make this user's identification module will be stored in the partition table data deletion of mnemon; And
Make this user's identification module when the user opens this data processing equipment power supply again, whether the identification code of judging user's input is correct, if then the partition table data decoding with this coding encrypting reduces, also covers to correct partition table position, carries out normal in-cycle work; If not, then end normal in-cycle work program.
2. the method for claim 1 is characterized in that, this storage element can be any in internal hard disk, external connected hand disk and the removable hard drive.
3. the method for claim 1 is characterized in that, this data processing equipment can be any in personal computer, notebook computer, flat computer, Panel PC, server and the workstation.
4. the method for claim 1 is characterized in that, this user's identification module is one to reside in the software program of this mnemon, and carries out user's identification work when this data processing equipment is carried out boot program.
5. the method for claim 1 is characterized in that, this mnemon can be any in electric EEPROM and the flash memory.
6. the method for claim 1 is characterized in that, this identification code can be any content formed in literal, numeral, symbol, literal and numeral, literal and symbol, symbol and numeral and literal, symbol and the numeral.
7. storage element data protection system is used and is had on the data processing equipment of storage element, it is characterized in that this storage element data protection system comprises:
CPU (central processing unit) is extracted signal, coding and decoding and execution command function in order to this storage element data protection system to be provided;
Mnemon is in order to ROM-BIOS and other software program that stores this data processing equipment;
Storage element comprises operating system program and other program or data in order to provide this data processing equipment to store; And
One resides in the user's identification module in this mnemon, and it is stored in the ad-hoc location in this storage element in order to the user is set identification code in addition behind the coding encrypting; In addition, can also be with partition table data coding encrypting in addition, be stored in the ad-hoc location of this storage element, and the partition table data that will be stored in this mnemon is deleted, and when the user starts shooting the correct identification code of input again, after these partition table data of taking-up are deciphered reduction in this storage element, cover to this partition table tram.
8. system as claimed in claim 7 is characterized in that, this storage element can be any in internal hard disk, external connected hand disk and the removable hard drive.
9. system as claimed in claim 7 is characterized in that, this data processing equipment can be any in personal computer, notebook computer, flat computer, Panel PC, server and the workstation.
10. method as claimed in claim 7 is characterized in that, this user's identification module is the software program of a resident mnemon, and carries out user's identification work when this data processing equipment is carried out boot program.
11. method as claimed in claim 7 is characterized in that, this mnemon can be any in electric EEPROM and the flash memory.
12. system as claimed in claim 7 is characterized in that, this identification code can be any content formed in literal, numeral, symbol, literal and numeral, literal and symbol, symbol and numeral and literal, symbol and the numeral.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03100473 CN1277219C (en) | 2003-01-15 | 2003-01-15 | Method for protecting data of storage unit and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03100473 CN1277219C (en) | 2003-01-15 | 2003-01-15 | Method for protecting data of storage unit and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1517888A CN1517888A (en) | 2004-08-04 |
| CN1277219C true CN1277219C (en) | 2006-09-27 |
Family
ID=34281184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03100473 Expired - Fee Related CN1277219C (en) | 2003-01-15 | 2003-01-15 | Method for protecting data of storage unit and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1277219C (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101369304B (en) * | 2007-08-13 | 2011-08-24 | 华硕电脑股份有限公司 | Computer system starting and hard disk data protection method, and its data protection module |
| TWI362600B (en) | 2007-10-19 | 2012-04-21 | Asustek Comp Inc | Method for protecting data and managing access authority thereof |
| CN101930384A (en) * | 2010-09-10 | 2010-12-29 | 北京中科院软件中心有限公司 | Fault tolerance method and device for file system |
| CN103577246B (en) * | 2013-11-12 | 2017-05-31 | 浙江云巢科技有限公司 | The method and apparatus for preventing virtual machine from escaping |
| CN105528307B (en) * | 2015-11-27 | 2019-03-29 | 联想(北京)有限公司 | A kind of method and electronic equipment of information processing |
| US10757087B2 (en) | 2018-01-02 | 2020-08-25 | Winbond Electronics Corporation | Secure client authentication based on conditional provisioning of code signature |
-
2003
- 2003-01-15 CN CN 03100473 patent/CN1277219C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1517888A (en) | 2004-08-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103109294B (en) | There is the computing machine motherboard of peripheral defencive function | |
| US6654820B1 (en) | System capable of recording a content onto a recording medium which does not have a medium ID | |
| US8918579B2 (en) | Storage device and method for selective data compression | |
| CN100492277C (en) | Method and device for using Hashing method in a safe guide loading program | |
| CN1317651C (en) | Portable integrated circuit memory device for use with universal serial bus | |
| CN1613111A (en) | System and method for controlling the use and duplication of digital content distributed on removable media | |
| CN1609811A (en) | Providing secure input to a system with a high-security execution environment | |
| US7818567B2 (en) | Method for protecting security accounts manager (SAM) files within windows operating systems | |
| US8171209B2 (en) | Write protection method and device for at least one random access memory device | |
| CN1417689A (en) | Fixed disk data enciphering back-up and restoring method | |
| US20050193195A1 (en) | Method and system for protecting data of storage unit | |
| WO2000013089A1 (en) | Storage, processor, and processing method | |
| US20090217055A1 (en) | Apparatus and Method for Preventing Unauthorized Copying | |
| KR20100044189A (en) | Construction and method for encrypting digital information memory card | |
| US20130205068A1 (en) | Storage Device and Method for Utilizing Unused Storage Space | |
| CN1540522A (en) | Method of reading primary memory | |
| CN1277219C (en) | Method for protecting data of storage unit and system | |
| JP2008146642A (en) | Device, system and method for protecting hard disk in multiple operating system environment | |
| US10331365B2 (en) | Accessing a serial number of a removable non-volatile memory device | |
| CN101034378A (en) | Method for implementing processor and computer system information processing environment high safety and trust | |
| CN101788913B (en) | Computer system with double operating devices and monitoring method thereof | |
| US20090119782A1 (en) | Method and device for digital rights protection | |
| CN1243312C (en) | Embedded safety module and its safety protection method | |
| CN1223406A (en) | Computer hardware controlled partitioned storage protection technology | |
| CN1170160A (en) | Method and device for safety accessing files in DOS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| ASS | Succession or assignment of patent right |
Owner name: ZEPU SCI & TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: YIGUANG SCIENCE + TECHNOLOGY CO., LTD. Effective date: 20040611 |
|
| C06 | Publication | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| PB01 | Publication | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20040611 Address after: Taipei city of Taiwan Province Applicant after: Zepu Sci. & Tech. Co., Ltd. Address before: Taipei city of Taiwan Province Applicant before: Yiguang Science & Technology Co., Ltd. |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |