KR102166430B1 - Ssd based storage media with data protection - Google Patents

Abstract

In the present invention, the SSD-based storage medium is a storage medium equipped with at least one SSD, and sends and receives main data to and from a connected computer through a first connector, and a password set by a user through a separate connector connected to the outside. Setting information and encryption data are exchanged, and an output signal of a control unit that analyzes and controls the received encryption data is connected to or disconnected from the main data bus provided inside the SSD-based storage medium. Provides an SSD-based storage media having an encryption data control unit that controls the formation or connection of a main data bus, non-formation or blocking according to various internal configurations of the SSD-based storage media. In addition, it proposes a method of operating software related to password processing that operates in conjunction with SSD-based storage media with data protection function. On the other hand, it is possible to solve the inconvenience of the password input method, and to improve security. A method of discriminating an authorized user through biometric recognition from an information device provided in the device and allowing access to the storage medium of the present invention is provided only to the authorized user according to the result.

Description

SSD-based storage media with data protection function {SSD BASED STORAGE MEDIA WITH DATA PROTECTION}

The present invention allows data access to the SSD doubler only to a user who is previously authorized by a preset password when an SSD (SOLID STATE DRIVE) doubler is installed and used in a computer, and does not know the password. It relates to a technology that prevents external intruders from allowing data access to storage media on the SSD doubler.

The data access control technology for SSD-based storage media of the present invention is not only an SSD doubler in which two 2.5-inch SSDs are vertically stacked in two layers, but also a 3.5-inch type in which three 2.5-inch SSDs are vertically stacked in three layers. An SSD slide with the same form factor as a hard disk drive, in the form of an SSD tripler, a PCIe add-in card, and an SSD storage support used for an SSD doubler or an SSD tripler arranged horizontally side by side. -Stacker, 3.5 The same can be applied to the M.2 multiplexer product of a structure in which M.2 SSDs are stacked vertically and horizontally on the external appearance of a hard disk drive.

In the present invention, the various SSD-based storage media listed above are other than a transmission port connecting a computer (hereinafter referred to as a host computer) and a main bus through which main data is transmitted. It is provided with a separate side-band interface port for transmitting the user state setting information and password data information for which access control is performed.

For stronger data access control, at least one or more ROTARY DIP switches to which a user can assign a hardware password in advance is provided on the SSD-based storage media having the data protection function of the present invention. It serves to increase the number of digits in the password to make it difficult to find out.

In addition, it is equipped with a DIP switch so that the password given by the user through the ROTARTY DIP switch is placed in the front, rearward, circular arrangement, or in accordance with a predetermined protocol for the software password given on the software graphic user interface. It is used as a cryptographic operation mode switch that designates whether to perform cryptographic communication with a scattering and gathering (SCATTER-GATHER) arrangement.

On the other hand, as a specific method of performing access control on SSD-based storage media with data protection function, control with a bus switch for the main data bus and activation of a separate data bus provided on the control unit with RAID control function (ENABLE) ) Control through a signal, control by a clock signal generation circuit input to the control unit with a RAID control function, or control through an output power activation signal of power supplied to the storage media, etc. It is related to the technical field of the software.

In general, as an example of a conventional SSD-based storage media, as listed above, an SSD doubler, an SSD tripler, and an M.2 multiplexer may be mentioned as having the same form factor as a 3.5-inch hard disk drive. As a storage medium in the form of a PCIe add-in card, the SSD slide-stacker of the PCIe add-in card method, which extends the SSD mounting bay by horizontally arranging the SSD mounting support used for the SSD doubler or SSD tripler. You can list the products of

However, in order to use these products as SSD-based storage media, in addition to the mechanical means for mounting SSDs, these products are for increasing or duplicating capacity in a single volume form by incorporating RAID control means for mounted SSDs. Equipped with input/output ports, and the storage media mapped to each port are connected to external RAID control means (RAID by chipset on the motherboard or RAID by commercial RAID card) to increase the overall data input/output bandwidth (Bandwidth). It was limited to being utilized.

Publication Patent Publication No. 10-2017-0006240 (published on 2017.01.17)

Publication Patent Publication No. 10-2017-0040897 (published on April 14, 2017)

Publication Patent Publication No. 10-2017-0052419 (published on May 12, 2017)

The present invention takes the representative case of the above-listed SSD-based storage media, and by incorporating the technical field to have a data protection function, it prevents data from being stolen or damaged by an authorized user, such as ramsomware, which has become a problem recently. It is to provide SSD-based storage media that can access data only to authorized users.

To this end, the SSD-based storage media having a data protection function of the present invention is to provide an enhanced hardware encryption and control technology and an encryption data processing technology by software operating in conjunction therewith.

An object of the present invention is to analyze the final encryption data transmitted from the software side to extract valid encryption data, and to provide access control technology for various May data buses based on this.

In addition, through the software provided in the present invention, the user can access only the write operation, the read operation, or the read operation and the write operation only. It is to provide the user's choice of control over in a software way.

Finally, by replacing the access control to the storage media by the computer-based encryption-based software provided in the present invention with a biometric means such as the user's face recognition by the user's smartphone, a more convenient user environment and more It provides certain security features.

The SSD-based storage medium of the present invention for achieving the above object includes: a printed circuit board having at least one or more internal connectors for connecting a series of connector ports exposed to the outside and a data storage means mounted therein; A first connector unit connected to a computer and connected to a main data bus and an external power source; A second connector unit connected to a computer and transmitting password data set by a user; A data bus forming/connecting unit configured to allow the data bus to be formed or connected between the first connector unit and the data storage means, or to prevent the data bus from being formed or connected; The main data bus is formed or not formed by having a switching control unit converting the user-set password received through the second connector unit into a control bit and outputting the control bit for the data bus forming/connecting unit as a control signal. This is to allow the operation to be connected or disconnected.

In addition, in the switching control unit, the signal conversion unit connected to the second connector receives a user-set password and outputs the control bit as a control signal by a designated output pin.

In addition, the switching control unit is transmitted to a separate MCU used as the switching control unit without passing through the signal conversion unit connected to the second connector, and the MCU receives a user-set password and sets the control bit by a designated output pin. It is output as a control signal.

In addition, the switching control unit is transmitted to a separate MCU used as the switching control unit through the signal conversion unit connected to the second connector unit, and the MCU receives a user set password and controls the control bit by a designated output pin. It is output as a signal.

In addition, the switching control unit additionally includes at least one or more DIP switches or ROTARY DIP switches and/or PROMs having a hardware encryption value or an operation mode setting state value previously set by the user.

In addition, the switching control unit determines whether to place the password value set on the ROTARY DIP switch as a PRE-POSITION password or a POST-POSITION password according to the setting state of the DIP switch previously set by the user. It is to designate whether to use as a circulating (ROTATE) or scattering and collecting (SCATTER-GATHER) password according to a preset communication protocol.

In addition, the switching control unit stores the hardware password transmitted through the user's graphic user interface in the designated hardware password address of the PROM, and the hardware password value stored in the hardware password address of the PROM according to the preset state of the DIP switch. Specifies whether to use the password as a PRE-POSITION password, a POST-POSITION password, or as a rotation (ROTATE) or scattering and gathering (SCATTER-GATHER) password according to a pre-set communication protocol. will be.

In addition, when a second control unit for controlling RAID or PCI EXPRESS SWITCH is additionally provided between the first connector unit and the connector for connecting the data storage means, a bus switch between the first connector unit and the second control unit In addition, the bus switch is connected or cut off by the switching control unit.

In addition, a second control unit for RAID control or PCI EXPRESS switch control is additionally provided between the first connector unit and the connector for connecting the data storage means, and the second control unit activates a main data bus controlled externally ( When the ENABLE) pin is provided, the second control unit is configured such that the main data bus activation pin is connected to the switching control unit to form or not form a main data bus.

In addition, when at least one or more connector units added to the first connector unit and exposed to the outside are provided, a main data bus different from a connector for connecting a data storage means connected to each of the added externally exposed connector units is provided. The main data bus is connected or disconnected according to the user's password by adding a bus switch to each of the main data buses and controlling them by output pins of the switching control unit.

In addition, the second connector unit is connected to the computer by a PCI EXPRESS TO USB conversion card additionally provided inside the computer.

In addition, the computer transmits a hardware password written through a graphic user interface of software residing on the main memory to the switching control unit through the second connector unit, and transmits the hardware password transmitted to the switching control unit to the second connector unit. It is read back into the software through the software and compares whether it matches the hardware password entered by the user to confirm whether the hardware password entered by the user is surely transmitted to the switching control unit.

In addition, the switching control unit transmits a value set as the DIP switch and/or hardware encryption connected to the switching control unit to the software side by a read operation of the software.

In addition, if the data access control setting pin among the setting pins of the DIP switch is activated, the value set as the DIP switch and/or the hardware password is not transmitted to the software side despite a read operation of the software.

In addition, the software loads various types of SD-based storage media installed in the computer from the device list in a DRAG & DROP method, so that the installed state is displayed as it is, and reads the status value of the switching control unit from each device. It reads the hardware password and operation setting mode values for each device set by the user.

In addition, the software includes software in the steps of assigning a hardware password after installation and a step of assigning a software password when using it for the purpose of performing data access control on the SD-based storage media installed in the computer.

In addition, the software allows the user to select whether to perform access control only for a read operation, access control only for a write operation, or access control for both a read operation and a write operation.

In addition, the switching control unit extracts a valid password from the data value transmitted from the software side according to the setting state of the DIP switch and determines whether it matches the password data storage value previously set by the user.

In addition, when the setting state of the DIP switch for the data transmitted from the software is PRE-POSITION, the switching control unit replaces the data corresponding to the PRE-POSITION with a password previously set by the user. It is recognized as received cryptographic data as a whole.

In addition, when the setting state of the DIP switch for the data transmitted from the software is POST-POSITION, the switching control unit replaces the data corresponding to the POST-POSITION with a password previously set by the user, It is recognized as received encrypted data.

In addition, when the setting state of the DIP switch is disturbed for the data transmitted from the software, the switching control unit includes a password set in advance by the user according to a predetermined rule. It computes the received password and extracts the password required for control.

According to another aspect, a first connector unit connected to a computer and connected to a main data bus and an external power source; A control unit connected between the first connector unit and the at least one storage medium through a main data bus and connected to the at least one storage medium through a respective data bus; It is located between the first connector unit and the control unit or between the control unit and the storage media to connect or cut off the main data bus between the first connector unit and the control unit, or to connect a data bus between the control unit and the storage media. Or a bus switch to be shut off; A second connector part to which a control signal for the bus switch is connected from an external cable; The signal received through the second connector unit is used as a control signal for the bus switch, so that a main data bus connected to the first connector unit or a data bus connected to the storage MIDI unit is connected or disconnected.

In addition, a signal conversion unit is provided between the second connector unit and the bus switch, and the signal conversion unit outputs a control signal for the bus switch based on data received through the second connector unit.

In addition, a switching control unit is provided between the signal conversion unit and the bus switch, and the switching control unit outputs a control signal for the bus switch based on data received through the signal conversion unit.

In addition, the signal conversion unit is built into the switching control unit, and the switching control unit outputs a control signal for the bus switch based on data received through the second connector unit.

In addition, the second connector unit is connected to an arbitrary USB port provided on the motherboard of the computer on which the SD-based storage media is installed to receive the data for the bus switch control signal from the computer side.

In addition, the computer has a USB board, the first USB connector is connected to an arbitrary USB port provided on the motherboard of the computer, the second USB connector is connected to an external information device, and a signal from the second USB connector. The branched third USB connector is connected to any other USB port provided on the motherboard, and the fourth USB connector is connected to the second connector.

In addition, the first USB connector and the second USB connector are each connected to a USB signal converter for converting a USB signal into a digital signal, the output of the first USB connector and the USB signal converter connected thereto, and the second USB connector and The output of the USB signal converter connected thereto is connected to a logic device that receives as an input, and the output of the logic device is connected to a fourth USB connector.

In addition, the output pin of the logic device is connected to a USB signal converter, and the USB signal of the USB signal converter is connected to the fourth USB connector.

In addition, the computer is connected to an external information device equipped with a biometric means for determining that the user is an authorized user, and periodically receives biometric data or biometric identification result data from the information device.

In addition, the computer determines the data input from the external information device and, if it is determined that the user is an authorized user, refers to the user's prior access designation item to the storage media, and determines the data allowing the corresponding access operation to the designated arbitrary When it is determined that the user is an unauthorized user, data that blocks access to the storage medium is transmitted to the arbitrary input/output port.

In addition, when the access operation to the storage media occurs, if the user's pre-access designation item is only read operation, only when the read operation is in progress, if only the write operation is specified, only when the write operation is in progress, and both read and write operations In the case of designation, access permission data for the storage medium is transmitted to the designated arbitrary port only when a read or write operation is in progress.

In addition, the external information device provided with the biometric means is a camera for facial recognition with a USB port or a smartphone with a facial recognition function.

In addition, the second connector unit receives the data for the data bus formation/connection unit control signal from an external information device other than a computer on which the SD-based storage media is installed.

In addition, the storage medium is connected to an external information device equipped with a biometric means for determining that the user is an authorized user, and periodically receives biometric data or biometric identification data from the information device.

In addition, the external information device outputs data allowing access to the storage media when it is determined that the user is an authorized user through periodic biometric recognition, and accesses the storage media when it is determined that the user is unauthorized. It outputs data that blocks

In addition, the bus switch is maintained in a connected state while the computer system in which the SSD-based storage media is installed is booting, and the bus switch is maintained in a closed state immediately after booting is completed.

In addition, the computer system refers to various attribute information of the SD-based storage media immediately after booting is completed, and stores a virtual storage medium representing the storage media having the same attribute information in an arbitrary area of the system memory constituting the computer system. After creation, the bus switch is kept in a closed state.

In addition, the computer system allows a user to selectively designate access information for a read and/or write operation on the SD-based storage medium immediately after the virtual storage medium is created.

In addition, when an attempt to access the SD-based storage media occurs, the computer system determines whether to allow or block access by referring to the access information, and in the case of a previously allowed access, the bus switch Is maintained in a connected state so that the attempted access operation is performed, and if the access attempt is determined as not permitted, it is determined whether the access attempt is an authorized user, and if the access is by an authorized user, the bus switch is connected. When the access operation is not performed by an authorized user, access to the storage medium is not allowed by maintaining the bus switch in a blocked state.

In addition, when the access operation to the SD-based storage media is completed, the computer system updates the attribute information of the storage media to the virtual storage media side so that the virtual storage media is always connected to the storage media. After having the same attribute information, the bus switch is switched to the cut-off state.

In addition, if the computer system determines that the access operation to the SD-based storage media is not a previously permitted access and is not an access by an authorized user, an attempt to access the storage media is The bus switch is considered to be in a cut-off state, and a variable timer is started to increase the allowable time for re-access in proportion to the re-access attempt to the storage medium.

According to another aspect, a first connector unit connected to a computer and connected to a main data bus and an external power source; A bus switch positioned between the first connector unit and at least one or more storage media to connect or disconnect a main data bus between the first connector unit and the storage media; A second connector part to which a control signal for the bus switch is connected from an external cable; The signal received through the second connector unit is used as a control signal for the bus switch, so that the data bus connecting the first connector unit and the storage MIDI is connected or disconnected.

As described above, according to the SSD-based storage media having a data protection function of the present invention, the user assigns a hardware password by setting a series of ROTARY DIP switches provided on the SSD-based storage media having a data protection function. By increasing the number of digits of the password by combining the hardware password and the password given by the user in the software by setting the DIP switch, not only the static password in the form of placing the hardware password before and after the software password, but also by increasing the number of digits of the password. By performing a dynamic encryption transmission operation in which the encryption data is changed according to a predetermined protocol while performing data transmission each time, an external intruder cannot easily steal the password.

In addition, it provides various access control means for the main data bus of SSD-based storage media with data protection function, and powerful access control for SSD-based storage media is possible by combining this with the above-described password transmission and analysis method. Let it run.

In addition, in order to provide a more convenient user environment and more reliable security function to the user, biometric recognition such as face recognition by the user's smartphone completely separated from the computer body installed with the SSD-based storage media having the data protection function of the present invention The main data bus is controlled by replacing the user password with a control signal according to the method.

The effects of the present invention are not limited to the effects mentioned above, and other effects that are not mentioned will be clearly understood by those skilled in the art from the description of the claims.

1 is a block diagram of an SSD doubler incorporating a single connector for an external interface and a control unit according to the prior art.
2 is a block diagram of an SSD tripler without a built-in control unit and a plurality of connector units for external interfaces according to the prior art.
3 is a block diagram of an SSD doubler having a connector for a main interface and a connector for a password and status information interface according to the present invention.
4 is a block diagram of an SSD doubler having a plurality of connector parts for a main interface and a connector part for an encryption and status information interface according to the present invention.
5 is a perspective view and a front view of an SSD doubler according to the present invention.
6 is a perspective view and a front view of an SSD tripler according to the present invention.
Figure 7 is a configuration diagram of a PCI Express to USB M.2 Card and PCIe Add-in Card for the SSD-based storage media and the password and status information interface according to the present invention.
8 is a block diagram of a computer system in which an SSD-based storage medium of the present invention is installed.
9 is a block diagram of a register map of a system memory according to an embodiment of the present invention.
FIG. 10 is a diagram schematically illustrating a method of selecting an installed storage medium from a graphic user interface according to an embodiment of the present invention and mapping it as it is installed in a corresponding location of a computer system.
11 is a diagram schematically illustrating the provision of a password for each of the SSD-based storage media of the present invention installed among the graphic user interfaces according to an embodiment of the present invention.
FIG. 12 is an operation flowchart sequentially representing operations from a computer equipped with an SSD-based storage medium of the present invention and an external information device from booting of the computer to an access operation to the storage medium of the present invention.
13 is a diagram schematically illustrating a USB board for connecting an external information device separated from a computer main body, a USB port of a computer, and a storage medium of the present invention according to an embodiment of the present invention.
14 is a diagram schematically illustrating the use of a mouse equipped with a fingerprint recognition sensor as a biometric means as an external information device according to an embodiment of the present invention.
Fig. 15 is a schematic diagram showing the use of a PC camera as a biometric means as an external information device separated from a computer body according to an embodiment of the present invention.
FIG. 16 is a schematic diagram of using a smartphone as a biometric means as an external information device separated from a computer body according to an embodiment of the present invention.

Advantages and features of the present invention, and a method of achieving them will become apparent with reference to the embodiments described below in detail together with the accompanying drawings. However, in the embodiments of the technical idea of the present invention, it is not limited to the embodiments disclosed below, but may be implemented in various different forms, and only this embodiment makes the disclosure of the present invention complete, and the technology to which the present invention pertains. It is provided to completely inform the scope of the invention to those of ordinary skill in the field, and is only defined by the scope of the claims in the embodiments of the inventive concept.

The terms used in the present specification are for describing exemplary embodiments and are not intended to limit the present invention. In this specification, the singular form also includes the plural form unless specifically stated in the phrase.

In the present specification, terms such as "comprise" or "have" are intended to designate the presence of features, numbers, steps, actions, components, parts, or combinations thereof described in the specification, but one or more other features. It is to be understood that the presence or addition of elements or numbers, steps, actions, components, parts, or combinations thereof, does not preclude in advance the possibility of being added.

Further, the embodiments described in the present specification will be described with reference to sectional views and/or plan views, which are ideal exemplary diagrams of the present invention. Accordingly, embodiments of the present invention are not limited to the specific form shown, but also include changes in necessary form. For example, the area shown at right angles may be rounded or may have a shape having a predetermined curvature. Accordingly, the regions illustrated in the drawings have schematic properties, and the shapes of the regions illustrated in the drawings are for illustrating a specific shape of the region of the device and are not intended to limit the scope of the invention.

The same reference numerals refer to the same elements throughout the specification. Accordingly, the same reference numerals or similar reference numerals may be described with reference to other drawings, even if they are not mentioned or described in the corresponding drawings. Further, even if a reference numeral is not indicated, it may be described with reference to other drawings.

Hereinafter, an SSD-based storage medium according to a preferred embodiment of the present invention will be described in detail with reference to the drawings.

3 is a first connector unit 140 for a main interface and a second connector unit 142 for a password and status information interface according to the present invention, and a second control unit 13 having a RAID control function. It is a block diagram of the SSD doubler 100.

The basic configuration for forming the SSD-based storage media is the same as the configuration (1) shown in FIG. 1 of the prior art, but in the present invention, various types of ma data buses are formed to add a data protection function or It also provides a means of connection to form a data bus to be connected.

First, a bus switch 110 is provided on the main data bus between the first connector unit 140 and the second control unit 13 of FIG. 3, or for connecting the second control unit 13 and the data storage means. A first method of providing a bus switch 112 on the main data bus between the third connector part 32 and the fourth connector part 26 and controlling the control of the connection activation pin of the bus switch 112 Data bus formation or connection control means are provided.

In the case of the first data bus formation or connection control means, as a method of adding separate parts, the space between the first connector unit 140 and the second control unit 13 is narrow, or the second control unit and the third control unit are When the space between the connector part 32 and the fourth connector part 26 is narrow, it may not be easy to arrange the components on the printed circuit board 5-1.

If an activation signal for the second control unit 13 itself performing the RAID function is provided, or the second control unit 13 is connected to the main data bus instead of the bus switches 110 and 112 When a separate input pin for a bus connection activation (ENABLE) signal for the connector unit 140 or the third connector unit 32 and the fourth connector unit 26 is provided, the activation signal input pin is used as the second data bus. It can be used as a form or connection control means.

In addition, when a clock generation activation signal is supported by the clock signal generation unit 111 that outputs a clock signal to the second control unit 13, this may be used as a third data bus formation or connection control means.

Finally, the configuration of the power supply unit 18 is subdivided to convert the power input from the power pin group (not shown) of the first connector unit 140 into the signal conversion unit 115 and the first control unit (or switching control unit) 116 ), a constant power supply unit (not shown) and a second control unit 13, a first storage medium 34, and a second storage medium 35 supplying constant power to operation blocks that are not used for data bus formation or connection control. ), the first connector unit 140 in a manner that cuts off or supplies power by controlling the output power activation pin provided from the power IC of the main power supply unit and having a main power supply unit (not shown) that supplies power to , It can be used as a fourth data bus forming or connection control means for forming a main data bus between the second control unit 13, the first storage medium 34, and the second storage medium 35.

Each of the activation pins used for forming or connecting the first to fourth data buses is input to the signal conversion unit 115 with a control signal transmitted through the second connector unit 142, and the signal conversion unit 115 A first control method that is directly controlled by the software 370 of the computer 300 in which the SSD-based storage media 100 is installed by being connected to the designated output pin of may be provided.

Here, the signal conversion unit 115 refers to an electronic component that converts a bus format on one side to another bus format on the other side, such as converting a PCI Express signal into a USB signal, as an example, and includes components thereof.

If the data conversion function between the heterogeneous buses of the signal conversion unit 115 is embedded in the second control unit 116, the designated output pin of the second control unit 116 forms or connects the first and fourth data buses. Direct bus formation or connection to the main data bus by a control signal by the software 370 of the computer system 300 that is directly connected to each activation pin used in the means and transmitted through the second connector unit 142 Control operation is performed.

According to the circuit configuration of the SSD-based storage media 100 and 200 having a data protection function of the present invention, the first control unit (or switching control unit) 116 does not have the signal conversion unit 115 built-in. In this case, the second connector unit 142, the signal conversion unit 115, and the first control unit 116 are configured, and the first to fourth data buses are formed or connected to the designated output pins of the first control unit 116. It is also possible to connect each activation pin used in the means to be controlled.

In the case of the first control method that operates as described above, direct control of the bus switches 110 and 112 or other connection control means by the output pin of the signal conversion unit 115 is performed by the software 370 of the computer system 300. ), since it is a structure that receives the bit signal directly from the computer system 300, if a hacker invades the computer system 300 and converts the control bits of the bus switches 110 and 112 into a forcibly connected state, the third connector unit ( 32) and the storage media connected to the fourth connector unit 26, the lowest data protection function of the present invention is performed.

In the present invention to compensate for such a problem, separate DIP switches 147 and ROTARY DIP switches 148 are additionally provided to avoid the simple control method by the control signal of the software 370 such as the first control method. The hardware password inputted by the user through the ROTARY DIP switch 148 in advance on the SSD-based storage medium having the data protection function of the present invention and the software password input on the graphic user interface 390 on the software 370 It provides SSD-based storage media 100 and 200 in which data access control is performed by a highly strong encryption system used in combination.

The ROTARY DIP switch 148 may use a series of switches to expand the number of digits of the hardware encryption.

Like the ROTARY DIP switch 148, the DIP switch 147 is directly connected to the first control unit 116 and is used for setting an encryption mode.

A detailed use of the DIP switch 147 for each unit switch is as follows.

-DS8DS6: The number of ROTARY DIP switches 148 actually used as hardware encryption

-DS5DS4: Encryption operation mode

PRE-POSITION (the forward position of the hardware password to the software password)

·POST-POSITION (rear position of hardware password to software password)

·ROTATION (recycles the location for the initially set password for each access control operation)

SCATTER-GATHER (distributed transmission and restoration of encrypted data according to the internal encryption operation protocol)

-DS3: Hardware password + software password (1), software password (0)

-DS2: Software password (1), software control bit (0)

-DS1: Data access control (1), always connected (0)

When the DS1 output of the DIP switch 147 is at the power level, the SSD-based storage media 100 and 200 having the data protection function of the present invention perform a data access control operation, and when the output of the ground level is It is constantly connected to the computer system 300 and operates in the same manner as a general storage medium.

When the DS1 of the DIP switch 147 is at the ground level, the DIP switch 147 does not operate in a constant connection mode without operating with settings by other detailed switches. If the operation mode recognition switch 15 is pressed in this state, the DIP switch 147 Settings for other detailed switches are also recognized by the first control unit 116 as an initialized state, and when the DS1 is switched to the power level again, it is switched to the setting state by each of the detailed switches.

This switch allows the user to easily access the SSD-based storage media having the data protection function of the present invention while maintaining the setting states related to various encryption operations, and the user-imposed failure related to hardware encryption processing. It is used for instant data backup even when it occurs.

When the DS2 output of the DIP switch 147 is at the power level, the data access control operation is performed by only the software password assigned through the graphic user interface 390 provided on the software of the computer system 300, and the ground ) In case of level output, the software 370 operates in a simple control bit method.

When the DS3 output of the DIP switch 147 is at the power level, the hardware password set at the time of installation on the SSD-based storage media having the data protection function of the present invention and the graphic provided on the software 370 of the computer system 300 It operates in a form combined with a software password given through the user interface 390, and in the case of a ground level output, only a software password given through the graphic user interface 390 on the software 370 is operated.

DS5 to DS4 of the DIP switch 147 are used as a cryptographic operation mode, and provide various cryptographic operation modes according to a set state.

When DS5 to DS4 of the DIP switch 147 are set to PRE-POSITION, the hardware password is placed in front of the software password given to the graphic user interface 390 provided by the software 370 of the computer system 300, When the password is replaced by a hardware password by the controller 116 and recognized as a full password, and the password is transmitted from the software 370 side to the SSD-based storage media 100 and 200 having the data protection function of the present invention, the hardware password The place occupied by is replaced with a random fake password and transmitted to the hardware side.

When DS5 to DS4 of the DIP switch 147 are set to POST-POSITION, the same operation as when set to PRE-POSITION is performed, but the location of the hardware password is located behind the software password, replaced with a random fake password, and transmitted to the hardware side. .

When DS5 to DS4 of the DIP switch 147 is set to ROTATION, the hardware password and the software password are combined in a predetermined order, but each access to the SSD-based storage media 100 and 200 having the data protection function of the present invention Whenever this occurs, the given password is transmitted in a rotated state by one bit, and the original password is restored and reflected in consideration of the rotated state in the first control unit 116 of the hardware side (100, 200).

When DS5 to DS4 of the DIP switch 147 are set to the SCATTER-GATHER mode, the cryptographic data is transferred from the software 370 to the hardware 100, according to the cryptographic operation protocol between the hardware 100, 200 and the software 370. In the case of transmission to 200), the encrypted data is distributedly transmitted, and the first control unit 116 of the hardware side 100 and 200 reflects the distributed received encrypted data to be restored to the original encrypted data.

The hardware encryption method of the present invention has been described by taking the ROTARY DIP switch 148 as an example, but since the general ROTARY DIP switch 148 can only express up to 09 or 0F, a separate DIP switch ( 147) of DS8~DS6 and separate Dot-Matrix type number and text display means (not shown) are additionally provided, and in accordance with the DS8~DS6 position setting of DIP switch 147, it is replaced by Dot-Matrix type display means Thus, the same effect as input using a keyboard (not shown) of the computer system 300 can be achieved.

The hardware password designation method intended in the present invention is most preferable. When the first password is assigned, the password input by using a keyboard (not shown) in the computer system 300 is input in the graphic user interface of FIG. 11 according to the present invention. Selecting the password 342 and transmitting it to the SSD-based storage media having the data protection function of the present invention, and displaying the transmitted data by the dot-matrix display means (not shown), allowing the user to transmit After checking whether one hardware password has been properly transmitted, the transmitted hardware password is transmitted from the first control unit 116 by pressing the operation mode recognition switch 15 connected to the first control unit 116 and the second control unit 13 at the same time. It can be replaced by a method of storing in a designated area of the PROM 16.

The above method does not use the physical ROTARY DIP switch 148 to assign a hardware password to the SSD-based storage media 100 and 200 having the data protection function of the present invention, regardless of the number of digits of the password to be assigned. It is possible to assign a much stronger hardware code to it.

At this time, the second control unit 13 performing the RAID function does not have a changed value even if the operation mode recognition switch 15 is pressed if there is no changed setting of the operation mode setting pin 14 for setting the RAID operation mode, the PROM (16) If the operation mode setting pin 14 is changed together without performing an operation to store the image, the changed RAID operation mode along with the password data on the first control unit 116 are sequentially stored in the designated areas of the PROM 16. .

4 is a block diagram of an SSD tripler having a plurality of main interface connectors 240, 241, 242 and a connector unit 243 for an encryption and status information interface according to the present invention. The biggest difference compared to the configuration diagram is that in the configuration of FIG. 4, the second control unit 13 supporting the RAID function is removed, and the first connector part of FIG. 4 corresponding to the first connector part 140 of FIG. 3 ( In addition to 240), the second connector unit 241 and the third connector unit 242 are newly added to correspond to each of the storage media 46, 47, and 48.

As mentioned above, in the configuration of FIG. 4, the first connector unit 240 is connected to the first main data bus to the first storage medium 46 through the first bus switch 120, and the second connector unit ( The second main data bus 241 is connected to the second storage medium 47 through the second bus switch 122, and the third connector 242 is connected to the third main data through the third bus switch 124. Buses are connected to the third storage media 48, respectively.

The seventh connector unit 243, which is a port for transmitting control and encryption data from the computer system 300, corresponds to the second connector unit 142 of FIG. 3, and the signal conversion unit 215 and the first control unit (or switching The control unit) 216, the encryption DIP switch 248, and the DIP switch unit 247 also perform the same configuration and functions as those of FIG. 3.

Therefore, in the circuit configuration as shown in FIG. 4, since the second control unit 13 providing the RAID function does not exist, the second and third data bus formation or connection control means mentioned above are not provided, and the first to the first It is only possible to control each of the main data buses by the three bus switches 120, 122, 124.

On the other hand, in a structure in which the first to third bus switches 120, 122, 124 are not provided on each of the main data buses, the configuration of the power supply unit 50 is detailed as described in FIG. 3, the constant power supply unit (not shown). And the main power supply (not shown), and the power supplied from the main power supply (not shown) to each storage media (46, 47, 48) is activated (enable) the output power provided in the main power supply (not shown). By connecting the) pin to the designated output pin of the first control unit 216 so that the output power is ON/OFF controlled, it can be used as the fourth data bus formation or connection control means mentioned in FIG. 3.

5 is a perspective view and a front view of an SSD doubler 100, which is one embodiment of an SSD-based storage media having a data protection function according to the present invention, in which a heat dissipation cover 150 is provided in the front part, and a storage device is stored in the rear part. Bay supports 160-1 and 160-2 for configuring a media mounting bay are provided on the left and right sides, respectively.

A first connector part 140 and a second connector part 142 are provided at the lower end of the heat dissipation cover 150 with a connection port protruding to the outside.

At the bottom of the heat dissipation cover 150, most of the circuit components are located except for display and operation means such as an LED display unit 19, a DIP switch unit 147, an operation mode setting pin 14, and an operation mode recognition switch 15, An LED display unit 19 is provided in the uneven groove (not shown) at the bottom of the bay supports 160-1 and 160-2, which are transparent materials, and a separate LED module outside the bay supports 160-1 and 160-2 ( The LED display unit 19 may also be implemented through 149.

Outside the bay supports 160-1 and 160-2, various functional blocks necessary for the operation of the SSD-based storage media 100 having the data protection function of the present invention are arranged, the DIP switch unit 147, the encryption DIP There are such things as a switch 148, an operation mode setting pin 14, an operation mode recognition switch 15, and the like.

6 is a perspective view and a front view of an SSD tripler 200, which is one embodiment of an SSD-based storage media having a data protection function according to the present invention, and externally for mounting the storage media 46, 47, 48 In the bay supports 260-1 and 260-2, a first-stage bay is further added compared to the bay supports 160-1 and 160-2 of FIG. 5.

The first connector part 240, the second connector part 241, and the third connector part 242, and the seventh connector part 243 corresponding to the second connector part of FIG. ) Of ports are provided.

The first connector part 240 is on the first storage medium 46 provided at the bottom, the second connector part 241 is on the second storage media 47 provided in the middle, and the third connector part 243 is Each of the main data buses is connected to the third storage media 48 provided at the top.

In the embodiment of FIG. 5, the first connector part 140 is configured as a SATA connector, whereas in FIG. 6, the first connector part 240 is configured as an SFF-8639 connector (or referred to as a U.2 connector).

The lower surface of the SFF-8639 connector 240 is provided with a series of pins for the SATA interface, such as the first connector part 140 of FIG. 5, and in addition to supporting the SAS interface through additional pins, the upper surface Is equipped with a set of pins for the PCI Express x4 interface.

As the second connector part 241 and the third connector part 242, the SFF-8643 connector is configured in the embodiment of the present invention, but may be configured using a general RIGHT ANGLE type SATA 7-pin connector.

In the SSD tripler 200 of FIG. 6, which is an embodiment of the present invention, when the storage media provided in the bay supports 260-1 and 260-2 are for SAS, the first to third connector parts 240, 241, 242 Is connected with a SAS cable (not shown) and operates as a SAS interface, and when storage media supporting the PCI Express interface are provided, the first to third connector units 240, 241, 242 are PCI Express cables (not shown). ) And operates as a PCI Express interface.

An LED display unit 19 is provided in an uneven groove (not shown) provided at the bottom of the bay supports 260-1 and 260-2, and an LED module 249 is disposed on the side.

FIG. 5 is a series of encryption DIP switches 248-1, 248-2, 248-3 and DIP switches 247 for setting encryption operation modes required for operation of SSD-based storage media having a data protection function of the present invention. As shown in FIG. 5, the bay supports 260-1 and 260-2 are provided outside of the bay supports 260-1 and 260-2 and have a structure similar to that of FIG.

7 is a PCI Express-USB signal conversion M.2 Card and PCIe Add-in Card for the SSD-based storage media (100, 200) and the password and status information interface according to the present invention, M.2 Card (270) ) Is provided in the M.2 slot 324 of the computer system 300 to be installed, and the PCIe Add-in Card 280 includes any of the first PCI EXPRESS expansion slots 318 or the second PCI EXPRESS expansion slot. It is installed by being inserted into one of the slots 320.

Although the external appearance of the two PCIe to USB conversion cards (270, 280) is different, it has a PCIe to USB conversion control unit (273, 283) as an internal core component, and the PCIe to USB conversion control unit (273, 283) and the PCI Express Edge The finger units 271 and 281 are connected through a PCIe x1 interface, and between the PCIe to USB conversion control units 273 and 283 and the two USB connectors 275, 277, 285 and 287 are connected through a USB interface.

However, in the M.2 Card type PCIe to USB conversion card 270, vertical USB connectors (275, 277) are provided for spatial efficiency when connecting the USB cable, and PCIe Add-in Card type PCIe to USB In the conversion card 280, it is preferable that the RIGHT ANGLE USB connectors 285 and 287 are used.

The USB connectors 275 and 277 of the PCIe to USB conversion card 270 of the M.2 Card type use a separate USB cable (not shown) to provide an SSD-based storage media 100, which has a data protection function of the present invention. 200) are connected to the second connector part 142 and the seventh connector part 243, respectively.

FIG. 8 is a block diagram of a computer system 300 in which the SSD-based storage media 100 and 200 of the present invention are installed, and detailed functional blocks are as follows.

The central processing unit (CPU, 302) that processes various operations is connected to the memory channel hub (MCH, 306), and the memory channel hub has its own graphic signal processing block and, in some cases, the first RAID function block. It is connected to the system memory 308.

The graphic signal output from the memory channel hub is connected to the monitor 328 which is an external display means through the graphic signal output port 304.

On the other hand, the system memory 308 is the IO address of various plug-and-play devices identified by the central processing unit 302 during booting of the computer. Data and memory map address data information is stored, various user application programs including various registers and operating systems reside, and a graphic user interface (GUI) and registers related to the SSD doubler of the present invention are also on the system memory 308. Resides.

The memory channel hub 106 has first PCI EXPRESS expansion slots 318 connected to an external graphic card or for processing large amounts of data, and an IO channel hub (ICH, 316) is connected.

The first PCI EXPRESS expansion slots 318 and IO channel hub 316 specified above are connected to the memory channel hub 306 by a PCI EXPRESS bus as the center.

The IO channel hub 316 includes a PCI-E to SATA conversion block and a 2nd RAID function block, and a plurality of SATA connectors 310 or CDs are provided on the SATA pins provided on the IC package of the IO channel hub 316. -The ROM drive 314 and the like are connected by a SATA bus, and a port for an M.2, 324 memory module based on a PCI EXPRESS interface is connected by a PCI EXPRESS bus.

The Io channel hub 316 is connected to the ROMbios 322 for controlling the booting of a computer or setting of various states and the second PCI-E expansion slots 320, and a PCI-E to USB conversion block These days, the USB port 326 is connected to the Io channel hub 316 in a built-in type.

9 is a register map 370 of the system memory 308 according to an embodiment of the present invention, showing a memory structure in which the software 370 used in the SSD-based storage media 100 and 200 of the present invention resides. will be.

The GUI 374 resides in the system memory 308 of the software 370 of the present invention and represents a portion in which the main software including the graphic user interfaces 380 and 390 resides.

The P.W REGISTER 373 is a memory space in which software password information designated by a user is stored, or hardware password information is temporarily stored.

Kernel & API (Application Program Interface) 372 represents the memory space of the main software part including the GUI 374 and the part that interfaces with the PCI Express to USB conversion cards 270 and 280 illustrated in FIG. 7. will be.

The STATUS REGISTER 376 is a memory space that stores various status information of the SSD-based storage media 100 and 200 and software 370 having a data protection function of the present invention.

FIG. 10 is a schematic diagram of selecting an installed storage medium from among the graphic user interface 374 according to an embodiment of the present invention and mapping it as it is installed at a corresponding location of the computer system 300. A detailed description of each component is as follows. Same as

The Menu Bar 381 is a place in which various menus in which detailed function blocks are similarly grouped by category for full-fledged use after executing the software of the present invention are arranged.

The ICON Bar (382) is a place listing execution images that reflect the detailed functions of the Memy Bar (381).

Tool Box (330, 340, 350, 360) is accompanied by a result of installing, mapping, managing passwords, and monitoring various operation states by installing SSD-based storage media (100, 200) having the data protection function of the present invention. This is a place where categories for each element function block are subdivided and arranged, such as how to express the results to the user in advance.

The Stage Window (388) is spread out as a single window without borders in connection with the Tool Box (330, 340, 350, 360). In order to allow the user to smoothly perform the function of the Tool Box, various devices are This is a place that provides list-up information and various image and window information for inducing user behavior defined in advance to allocate it.

The status bar 389 is a place to display various status information of the SSD-based storage media 100 and 200 and the software 370 having a data protection function of the present invention according to the execution of the software 370.

The illustrated example of the Tool Box1 330 of FIG. 10 will be described in more detail as follows.

When the user executes the software 370 and presses the Tool Box 1 (330), it is displayed as an integral part with the Stage Window (388), and the Stage Window (388) displays various guide elements to be performed in the Tool Box 1 (330). Is displayed on the top.

As an embodiment of the present invention, a rectangular parallelepiped, which is a virtual computer 331 representing the computer system 300, is displayed on the left side of the stage window 388, and the user grabs the corner of the rectangular parallelepiped with a mouse and Define it to have a similar shape.

When a user selects a storage media in the device list-up window 333 provided on the right with a mouse, various types of storage media listed-up are expanded and listed at the bottom.

In FIG. 10 of the embodiment of the present invention, as storage media, an SSD doubler 335, an SSD tripler 337, and an SSD slide stacker 339 are displayed, and the operating system is operated by moving the vertical scroll bar (not shown) on the right side. Storage media registered as devices such as installed C: drive, backup hard disk drive, and USB storage media are displayed.

The user clicks the storage media listed on the right inside the rectangular parallelepiped of the virtual computer 331 representing his computer system 300 on the left and drags and drops the storage media listed on the right in a Drag & Drop method. The virtual 3D image is rotated in the horizontal/vertical direction and positioned as it is in the actual installed shape.

The user is a tool provided by the software 370 of the present invention only for the SSD-based storage media 100 and 200 having the data protection function of the present invention capable of access control by password in the software 370 of the present invention. Device registration using the Box1 330 may be performed, and in addition, device registration for all other storage media including the C: drive in which the operating system is installed may be performed.

In the device list-up window 333 provided on the right side, the user selects devices other than Storage Media with a mouse and registers the device on the virtual My Computer System 331 provided on the left side in the same manner, For this, it is possible to provide a 3D image for the corresponding device or provide and register a virtual representative 3D image that can change its shape.

Devices that can be registered through the device list-up window 333 are detailed devices constituting the computer system 300, and include a motherboard 301, a CPU 302, a graphics card (not shown), and a system memory card 308. ), a hard disk drive 312, a CD-ROM drive 314, a power supply (not shown), and the like, and as devices outside the main body, a keyboard (not shown), a mouse (not shown), a monitor 328, etc. The device of can be expressed in a similar way.

When a device displayed as a virtual 3D image registered through Tool Box 1 330 is clicked with a mouse, various status information about the device is displayed in a specific area on the stage window 388 to display more detailed information according to the user's preset settings. Or a separate pop-up window can be displayed, and only the representative properties of the device can be displayed on the Status Bar.

The user may select a device displayed at the bottom of the device list-up window 333 or a device on the virtual computer system 331 to change the properties of the corresponding device.

The user presses the OK button 332 to finally determine the registration of various devices on the virtual computer 331 through the Tool Box 1 330 or presses the Cancel button to cancel.

FIG. 11 is a diagram showing a password for each of the SSD-based storage media 100 and 200 of the present invention installed through the Tool Box 1 330 of FIG. 10 among the graphic user interface 390 according to an embodiment of the present invention, The designation of the operation mode is schematically illustrated, and detailed descriptions of each component are as follows.

The user selects Tool Box2 (340) with a mouse and proceeds to the following steps to perform Password Operation (341) related to password assignment on a screen that is integrated with the Stage Window (380).

1. Preparation step in the graphic user interface 390 of FIG. 10:

After the SSD-based storage media 100 and 200 having the data protection function of the present invention are installed in the T computer system 300 and device registration by Tool Box 1 is performed, the Stage Window 380 in Tool Box 2 340 Select Init-Password 342 on the top.

At this time, the selection of the Normal Operation Password (343) is released, and the check boxes of Read (345) and Write (346) are changed to selection buttons.

2. Preparatory steps on hardware (100, 200):

The DS1 of the DIP switches 147 and 247 is switched to the LOW state to maintain the always connected (0) state.

This is necessary to read or write the hardware password, and when DS1 is HIGH, the password set on the hardware 100 and 200 cannot be read or written.

3. Write the hardware (100, 200) password in the graphic user interface (390):

(1) If the hardware password storage means is PROM(16):

With the Init-Password 342 selected, the Write 346 is selected, and the target storage media is selected from the DISK 344 registered in Tool Box 1.

Enter the user ID of the account registered in the computer system 300 in the User name (ID) field (347), enter the hardware password to be registered in the PW Input Field (348), and then enter the same in the PW Confirm Field (349). Enter the hardware password.

If the passwords written in the two fields are the same, pressing the OK (351) button sends the written password to the hardware (100, 200) side, and the software (370) to the designated address of the PROM (16) through the first controller (116, 216). The hardware password received from the) side is stored, and the software 370 reads the hardware password data stored on the PROM 16 again, and if it is determined that it matches the password originally designated by the user, it is determined that the hardware password is registered validly. Hardware password registration is terminated and an error message is displayed if it is determined that there is no match.

If an error message is output, the PCI Express to USB conversion card (270, 280), the second connector unit 142 to the first control unit 116 to the PROM 16 or the seventh connector unit 243 in the data transmission process There is a problem in the hardware between the first control unit 216 and the PROM 16, and the problem must be solved and then attempted again.

(2) When the hardware password storage means is the encryption DIP switch (148, 248):

ROTARY DIP switches are generally used as the encryption DIP switches 148 and 248, and if the passwords set in the ROTARY DIP switches 148 and 248 are all zeros when the PROM 16 is provided, the above It follows that the hardware password storage means in paragraph (1) is PROM(16), and if the passwords set in the ROTARY DIP switches (148, 248) are not all zero, the ROTARY DIP switches (148, 248) are set. Apply the value as a hardware encryption.

Therefore, when a hardware password is set to an arbitrary value in the ROTARY DIP switches (148, 248), the user enters the password set on the ROTARY DIP switches (148, 248) in the PW Input Field (348) and PW Confirm Field (349). It must be intervened.

If a different password is written without ignoring this, the software 370 reads the transmitted value and the value of the ROTARY DIP switches 148 and 248, detects a difference, and outputs an error message.

4. Reading the hardware (100, 200) password from the graphic user interface (390):

If DS1 of DIP switch (147, 247) is LOW and it is always connected (0), press OK (351) button while Init-Password (342) and Read (345) are selected respectively. The hardware password registered in the input field 348 can be displayed.

This is to prevent the possibility of exposure of the password by writing it on other storage media to memorize the hardware password. It is also possible to consider a method that can be transmitted as text to a smartphone, etc., but DS1 of the DIP switches (147, 247) It is a simple and secure means of managing hardware passwords by simply manipulating its location.

If the DS1 of the DIP switches (147, 247) is switched to the HIGH state and the data access control state is maintained, the hardware password will be saved even if the OK (351) button is pressed while Init-Password (342) and Read (345) are selected. It is not read, and even if the OK (351) button is pressed while the Init-Password (342) and Write (346) are selected, the hardware password is not transmitted to the hardware (100, 200) side.

After the hardware password is transmitted to the hardware side, it is deleted without being left on the software side such as the P.W REGISTER 373.

5. Registering a software password in the graphical user interface 390:

In order for the SSD-based storage media 100 and 200 having a data protection function of the present invention to perform a normal data protection function, it is necessary to register a software password as well as a hardware password.

Hardware passwords are combined with software passwords to increase the number of digits in the overall password to prevent external intruders from easily stealing the password.

When the user selects the Normal Operation Password (343), Read (345) and Write (346) are switched from the selection button to a check box.

At this time, the user selects the DISK 344 to be applied, and if you want to apply data access control only for the write operation to this storage medium, check the Write 346 check box, and also perform data access control for the read operation. If you want to apply it, check the Read(345) check box as well.

Thereafter, the user writes a user account in the User name (ID) field 347 to assign a software password, and writes the software password to be used in the P.W input field 348 and the P.W Confrim Field 349.

When the OK (351) button is pressed, the software password is transmitted to the hardware (100, 200) side and stored in the designated address of the PROM (16) or the internal register of the first control unit (116, 216).

6. Data access control during use:

The software 370 interworking with the SSD-based storage media 100 and 200 having the data protection function of the present invention is a detailed selector of the DIP switches 147 and 247 in a state in which password registration divided into a hardware password and a software password is completed. It operates as follows according to the switch setting.

First, in order to perform data access control for the target storage medium, DS1 of the DIP switches 147 and 247 must be in a HIGH state and data access control must be maintained in an activated state.

When the DS3 of the DIP switches (147, 247) is set to LOW and data access control is performed only with the software password, the software 370 does not transmit the preset software password while the DS2 is LOW. Since only the control bit is transmitted, the transmission time on the USB interface, which is a serial transmission method, is the shortest through the PCI Express to USB conversion cards (270, 280), indicating the fastest data access speed.

On the other hand, if the data access control is performed only with the software password while the DS2 is set to HIGH, the size of the password data is slightly larger than that of transmitting the control bit according to the software password, so the data access control response time takes a little longer. Although it is not easy for an external intruder to identify and execute it, data can be stolen by controlling the software control bit at the same time and setting it to data access mode. It can be quite protected.

When the DS3 setting is maintained in a HIGH state, access control is performed in the form of a combination of a hardware password and a software password, which were given at the time of installation of the SSD-based storage medium of the present invention.

In this case, the encryption operation is performed in various ways depending on the setting status of the encryption operation mode of DS5∼DS4. For example, when the PRE-POSITION mode is set, the hardware password is replaced with a random fake password with the same number of digits, and the software If it is located in the password leaflet and transmitted, the first control unit 116, 216 replaces the fake password with a hardware password registered in advance to determine whether the combined software password is a previously registered password, and if it is determined as a registered password, data Access is allowed.

Therefore, when the DS3 setting state of the DIP switches 147 and 247 is operated in a combination of hardware encryption and software encryption, the number of digits of the encryption data transmitted from the software 370 is the longest, and the most powerful data access control function. However, the encryption data transmission time is the longest, indicating the longest delay in performing data access control.

Therefore, if a user using the SSD-based storage media 100 and 200 having the data protection function of the present invention wants to allow read and write operations only to the authorized user for the file being used, the longest data access control delay time This entails should be taken into consideration, and if the purpose is to protect various files on the storage media by external intruders such as ransomware, data access control can be set only for write operations so that faster data access control can be performed. have.

In addition, by setting data access control only for read operations according to a specific purpose, data can be registered but used for the purpose of preventing the leakage of registered data.

However, it is possible to determine that the user is an authorized user by writing a software password every time data access (read operation, write operation) occurs for the SSD-based storage media 100 and 200 having the data protection function of the present invention. The method is cumbersome in practicality, such as having to remember the password for the user and remembering the password every time it is executed, and hacking for professional hackers because the system for assigning and confirming passwords is done inside one computer system. The possibility of being exposed is even somewhat exposed.

Accordingly, the SSD-based storage media 100 and 200 having a data protection function of the present invention are provided with an information device composed of FIGS. 14 to 16 outside the computer main body to solve the inconvenience of storing and writing passwords. Security can be improved, and the general operation according to this will be described by the flow chart of Fig. 12, and the information devices 430, 500, and 501 listed in Figs. Explained as follows.

For reference, STEP numbers written as odd numbers in the FLOW CHART shown in FIG. 12 are the operation flows that operate on a computer system, and STEP numbers written as even numbers indicate the flow of operations that operate on an external information device.

In addition, the second connector unit 142 and the seventh connector unit 243 provided in the SSD-based storage media 100 and 200 having a data protection function of the present invention are provided on the motherboard ( It is possible to operate by being connected only with the USB port 326 on the 301), but in order to provide a stronger security function, an authorized user determination signal (HS) output from the external information devices 430, 500, 501 additionally It is provided together and used for connection control to the bus switches 110, 112, 120, 122, 124 provided in the storage media 100 and 200 of the present invention.

To this end, a USB board 410 in the form of a PCI ADD-IN card and a USB cable 420 constituted by the USB connection means 400 of FIG. 13 are used, and the computer system 300 is separated from the motherboard 301. Fig. 13 consisting of 4 USB connectors (412, 414, 416, 418), 2 USB signal conversion elements (not shown) for converting USB signals into general digital signals, and 1 2-input AND gate (not shown). A USB board 410 is provided, and the connection configuration between each device is connected to the USB port 326 on the motherboard 301 through the USB connector 326 from the motherboard 301 side of the computer 300. Signals from the first USB connector 412 receiving the output control signal and power, the second USB connector 414 connected to the external information devices 430, 500, 501, and the second USB connector 414 A third USB connector 416 connected to another USB connector 326 of the gear motherboard 301, and connected to the first USB connector 412 and the second USB connector 414, respectively, to convert a USB signal to a general digital signal. USB signal conversion element (not shown) that converts to, 2 that is connected to the digital signal output from the two USB signal conversion elements and transfers the output to the switching pin of the bus switch (110, 112, 120, 122, 124) -INPUT AND GATE (not shown) and a third USB connector 418 connected to the output pin of the 2-INPUT AND GATE, the fourth USB connector 418 on the USB board 410 is the present invention It is connected to the second connector unit 142 or the seventh connector unit 243 provided on the storage media (100, 200) of.

As shown in the above configuration, when a separate USB board 410 is provided and connected to connect an external information device, the signal conversion unit 215 provided on the storage media 100 and 200 of the present invention is It can be switched to the BYPASS state or replaced with a signal BUFFER element (not shown) such as a SCHMITT TRIGGER, but if the external information devices 430, 500, 501 are not connected and used, the state change or other BUFFER elements are used. It is directly connected to the USB port on the motherboard 301 as it is without replacement of.

In the flowchart of FIG. 12, it is assumed that information devices 430, 500, and 501 are externally provided in order to provide a stronger security function, and the above-described USB board 410 inside the computer 300 to connect them. Based on the use of ), the full explanation is as follows.

First, an operation performed on the computer side is as follows.

When the user turns on the computer 300 equipped with the SSD-based storage media 100 and 200 having the data protection function of the present invention (S1, S3), the computer system 300 is PLUG & While executing the PLAY operation, it reads the property information of each device such as DEVIE ID and VENDER ID of peripheral devices and allocates RESOURCE information for the corresponding devices (Memory Map Address, IO Map Address, Interrupt, etc.) To perform the operation (S5).

When the search for various devices of the computer 301 and resource allocation are completed, the ROMbios 322 refers to the BOOT-LOADER of the storage media 312, HDD, etc., in which the operating system is installed, and provides the resources for the operating system and various devices. The allocation information is UPLOADed to the system memory 308 composed of RAM (S7).

The software 370 related to the storage media 100 and 200 of the present invention executes a program 372 operating in the KERNEL mode to read various attribute information from the storage media 100 and 200 of the present invention, and the system memory ( Copy and save to an arbitrary area on 308) (S9).

Subsequently, the KERNEL program 372 outputs data for blocking the connection of the bus switches 110, 112, 120, 122, 124 to any USB port 326 connected to the storage media 100 and 200 of the present invention. Do (S11).

The KERNEL program 372 is a virtual storage media corresponding to the storage media 100 and 200 of the present invention with reference to various attribute information read from the storage media 100 and 200 of the present invention and stored in the system memory 308. To generate (S13).

Thereafter, the user designates access (read, write) information on the storage media of the present invention through the POP-up graphic user interface (GUI, 374) in response to the activation of the KERNEL program 372 (S15).

Steps up to this point (S1 to S15) are preparation steps for using the SSD-based storage media 100 and 200 having the data protection function of the present invention. Looking at how the security operation is performed through data transmission As follows.

For example, assuming that a user copies a file located on a storage medium to the storage media 100 and 200 of the present invention, a folder location in the search window of the storage media 100 and 200 of the present invention that operates as a virtual device When copying is executed, the KERNEL program 372 checks whether access to the storage media 100 and 200 of the present invention has occurred (S17), and access to the storage media 100 and 200 of the present invention occurs. If it is confirmed that it is not, the connection to the bus switch (110, 112, 120, 122, 124) of the storage media (100, 200) of the present invention is cut off (S39), and if it is confirmed that access has occurred, write Whether or not access is permitted for the operation is checked with reference to the previously designated access information designation content (S19).

If it is confirmed that access to the write operation for the storage media 100 and 200 of the present invention is permitted as a result of referring to the access information designated in advance (S21), external information devices 430 and 500 used together for the purpose of reinforcing security , In the process of checking the connection status of the bus switch (110, 112, 120, 122, 124) by referring to the access information output from (501) (S31), the external information device (430, 500, 501) If it is determined as a user (S29), the KERNEL program 372 is connected to the USB port to which the storage media 100 and 200 of the present invention are connected, and the bus switches 110, 112 and 120 inside the storage media 100 and 200 of the present invention are , 122, 124) transmits a control signal for setting the connection, and the storage media (100, 200) of the present invention is a computer system as the internal bus switch (110, 112, 120, 122, 124) is switched to the connected state. 300 is recognized as a storage medium connected to the computer 301 by performing the HOT SWAP operation (S33).

Accordingly, a write operation for the storage media 100 and 200 of the present invention is executed (S35).

When the write operation for the storage media 100 and 200 of the present invention is completed, the KERNEL program 372 updates the attribute information of the file in which the write operation has occurred in the virtual storage medium corresponding to the storage medium of the present invention (S37). ), a state in which the storage media (100, 200) of the present invention are circuitly separated from the computer 301 by transmitting data that blocks the connection of the bus switch (110, 112, 120, 122, 124) to the corresponding USB port After the write operation is terminated, the access to the storage medium of the present invention is circuitly blocked to be maintained (S39).

If, despite not having previously designated access information, it is determined that the access is attempted (S21), the KERNEL program 372 determines whether or not the user is authorized (S23).

For reference, determining whether the user is an authorized user from the information device illustrated in FIGS. 14 to 16 will be described later in the description of steps S2 to S16.

If, the biometric data read result signal (or user identification signal) (SS) transmitted from the information device to the USB port 326 of the computer 301 is determined as an authorized user, and at the same time, the storage medium of the present invention ( When all the authorized user identification signals (HS) from the information device transmitted to the 100, 200) side are authorized users (S29), connect if the bus switches 110, 112, 120, 122, 124 are connected. The state is maintained as it is, and if the state is blocked, it is switched to the connected state (S33).

If, the authorized user determination result output from the information device is confirmed as an unauthorized person on the KERNEL program 372 of the computer 301 (S23, SS), and the bus switches 110, 112, 120, 122, 124 When it is confirmed that is connected, the bus switches 110, 112, 120, 122, and 124 are switched to the disconnection state (S25).

In this state, the computer 301 is regarded as being executed by an intruder through the network, and a timer is started to allow a certain amount of time to be attempted to re-access the storage media 100 and 200 of the present invention. It causes annoyance at hacking attempts and induces them to give up on their own, records the storage media information, the start time, the number of times, and the end time attempted to access in the form of a log file. Send by message.

At this time, the setting time of the timer is also proportionally increased in proportion to the intruder attempting re-access, thereby inducing the intruder to abandon the attempt to hack the storage media 100 and 200 of the present invention (S27).

If, in step S29, the user identification signal (SS) input from the external information device (430, 500, 501) was input as an unauthorized person, the intruder neutralized it and manipulated the user identification signal (SS) as an authorized user. There is a possibility that /distortion/deformation is possible, and this possibility is the external information along with the user identification signal (SS) transmitted through the USB port 326 of the computer 300 in the storage media 100 and 200 of the present invention. When it is confirmed that any one of these signals is not an authorized user by simultaneously checking the authorized user determination signal HS output from the devices 430, 500, 501, the bus switches 110, 112, 120 , 122, 124) is maintained to block access to unauthorized persons (S29, S31, S25).

In the above, the description was made on the premise that the access control for the write operation was previously set by the user, but the access control operation for the read operation operates in the same manner, and the access control operation for both the read operation and the write operation is performed. If set, it follows each read operation and write operation. Since the copy operation can be regarded as a read and write operation, and an erase operation can be regarded as a write operation, the operation is replaced with a read operation and a write operation, respectively.

While such a read operation or write operation is in progress, the bus switches 110, 112, 120, 122, 124 on the storage media 100 and 200 of the present invention are kept connected, so that other files can be accessed through an interruption method. Although it may be thought that it may be possible, the KERNEL program 372 generates a file handle for an individual file to be operated when an operation is performed on a folder or file designated by the user, so that the ACCESS operation for other files is not concurrently performed.

Meanwhile, an operation performed by an external information device is as follows.

When the power of the information device is turned on (S2, S4), the user registers his or her biometric information (fingerprint recognition, iris recognition, or face recognition, etc.) as an authorized user for verification (S6).

Subsequently, the information devices 430, 500, 501 and the second USB connector 412 of the USB board 410 are connected using a USB cable 420 composed of a USB connection means 400 as illustrated in FIG. 13. Do (S8).

Information devices (430, 500, 501) used for the purpose of enhancing the security performance of the SSD-based storage media (100, 200) having the data protection function of the present invention scan (S10) the user's biometric information in advance. After performing a discrimination operation by comparing with the registered (S6) biometric information for verification, an operation of determining whether the user is an authorized user is performed (S12).

The authorized user according to the user determination (S14) result is transmitted to the USB board 410 as a digital control signal and transmitted to the computer system 300 and the storage media 100 and 200 of the present invention (S16), and The user's biometric information scan operation is repeatedly performed (S10 S16).

14 shows a mouse 432 in which a fingerprint recognition sensor 434 is embedded as an external information device 400.

The fingerprint recognition sensor 434 provided on the mouse 432 registers a fingerprint for each authorized user among a plurality of internal personnel, and scans the user's fingerprint when using the computer system 300 to match the registered fingerprints. Therefore, it is used for the purpose of allowing access to the storage media 100 and 200 of the present invention only when it is determined as an authorized user.

The mouse 430 with a built-in fingerprint recognition sensor shown in FIG. 14 is connected to the second USB connector 414 for connecting an external information device of the USB board 410 shown in FIG. 13, and the rest of the USB board 410 The connection relationship for the USB connectors 414, 416, and 418 is the same as described above.

If the computer system 300 is used by only one user or all internal personnel are considered to be authorized users, the mouse 432 with the fingerprint recognition sensor 434 is not used. It can be used as a general mouse. When a general mouse is used, the fingerprint is scanned with the fingerprint recognition sensor 434 by clicking the mouse wheel 436 provided on the mouse 430 while attempting to access the storage media 100 and 200 of the present invention. And the result of the comparison can be replaced with the output as a signal for controlling the bus switches 110, 112, 120, 122, 124.

In this case, the mouse is a third USB connector 416 provided on the USB board 410 through another USB connector 326 on the motherboard 301 while the file transfer to the storage media 100 and 200 of the present invention is completed. ) And the signal branch, and receive a signal indicating that transmission is to be started and a signal indicating that the transmission is ended through the second USB connector 414 to which the mouse 430 is connected.

In this state, the user may click the mouse wheel 436 in place of the fingerprint recognition sensor 434 once, and the bus switch 110 provided on the storage media 100 and 200 of the present invention is provided until the file transfer is terminated. , 112, 120, 122, 124).

In this manner, even if a hacker who invades the computer system 300 through a network attempts to hack the storage media 100 and 200 of the present invention, the hacker cannot physically press the mouse wheel 436 from the outside. Since it is in a state, the bus switches 110, 112, 120, 122, 124 provided in the storage media 100 and 200 of the present invention are not connected, and thus a state in which access is impossible is maintained.

FIG. 15 is a conceptual diagram 500 showing biometric recognition (face recognition) by the camera in an embodiment using a PC camera 520 as another external information device. According to the resolution and installation conditions of the camera, other means of biometric recognition are used. It is also possible to use iris recognition.

Looking at the configuration of the PC camera 520, a camera support for fixing to the top of the monitor 328 of the computer 300 or to the wall of the rear of the monitor 328 in order to easily recognize the user's face ( 524), a face irradiation unit 528 composed of a camera lens 522 and a light-emitting diode, a camera body 520 having these built-in and connected to the support 524, and a USB connection port 526 provided inside the support 524 And the like, and extracts the contours and singular points of the face from the facial image captured by the camera body 520 and the PROM that stores the contrasting facial recognition pattern as circuit components not shown inside the pedestal 524. Controls and digital output signals based on MCU (MICRO CONTROLLER UNIT) that perform the function of performing comparison with the facial recognition pattern for comparison and outputting the compared result as a digital signal that can be read as an authorized user, as a USB signal. It consists of a USB signal converter that converts.

Connect the USB connection port 526 provided on the support 524 of the camera 520 to the second USB connector 414 on the USB board 410 using the USB cable 420 shown in FIG. 13, The remaining USB connectors 412, 416, 418 on the USB board 410 follow the connection method suggested when describing the USB board 410 above.

In the method of detecting an authorized user by facial recognition by the PC camera 520 shown in FIG. 14, a mouse 430 with a built-in fingerprint recognition sensor 434 described above scans a fingerprint and compares it with a matching fingerprint pattern. Therefore, only the method of determining the user is different, but the comparison result with the control pattern is output as a digital control signal, and the conversion of this back to a USB signal itself is the same. Therefore, the authorized user and the unauthorized user presented in the flowchart of FIG. When a user accesses the storage media 100 and 200 of the present invention, the method of allowing or blocking access is the same, so the detailed description will not be repeated.

However, compared to the Mamus 430 incorporating the fingerprint recognition sensor 434 of FIG. 14, the PC camera 520 does not require the user to accurately place a thumb on the fingerprint recognition sensor 434 to recognize the computer system ( 300) It is more natural to use, and provides a natural environment for using the computer system 300 even when users with or without access rights to the storage media 100 and 200 of the present invention are mixed.

16 is a smart phone 530 owned by a user in accordance with the trend of the era in which facial recognition as a payment method for payment is becoming more common along with the popularization of the smart phone 530 with a built-in high-performance camera 532. ) And a face recognition app built into it to replace the PC camera 520 described in FIG. 15.

In the case of using the smart phone 530, security is improved because the user identification by facial recognition is added along with the primary unlocking of the smart phone 530 for each individual user. In this case, since the environment in which individuals possess are used, for enhanced security by facial recognition of the smartphone 530 in the environment of the computer system 300 used by multiple users, the authorized user among individual smartphone 530 users For this, a separate security program installed on the smartphone 530 should be installed, and the security program must be linked to the storage media of the present invention.

In the above, the preferred embodiment according to the present invention has been described in detail, but those skilled in the art may implement various modifications and modifications without departing from the scope of the claims.

1: SSD doubler, a type of SSD-based storage media with a single interface connector and a control unit of the prior art
5: printed circuit board
5-1: Printed circuit board on the control side
5-2: Printed circuit board on the side of the bay component
7: block area division line
10: first connector part
13: Second control unit (RAID control unit or PCI EXPRESS switch control unit)
14: operation mode setting pin
15: operation mode recognition switch
16: PROM(PROGRAMMABLE ROM)
17: program port
18: power supply
19: LED display
26: fourth connector part
28: vertical connection board
30: fifth connector
32: 6th connector part
34: first storage media
35: second storage media
38: SSD tripler having three interface ports according to the prior art
40: first connector part
41: second connector part
42: third connector part
43: 6th connector part
44: fourth connector part
45: fifth connector
46: first storage media
47: second storage media
48: third storage media
49: LED display
50: power supply
51: +12V detector
52: power switch
110, 112: bus switch
120: first bus switch
122: second bus switch
124: 3rd bus switch
111: clock generator
115: signal conversion unit
116: first control unit (switching control unit)
118: encryption DIP switch part
140: first connector part
142: second connector part
145(145-1, 145-2): Lower fixing hole
146(146-1, 146-2, 146-3): side fixing holes
147: DIP(Dual-INLINE-PACKAGE) switch
148: ROTARTY DIP switch
149: LED module
150: front cover
160(160-1, 160-2): Bay support
240: first connector part
241: second connector part
242: third connector part
243: 7th connector part
247: DIP switch
248(248-1, 248-2, 248-3): ROTARY DIP switch
249: LED module
250: front cover
260(260-1, 260-2): Bay support
270: PCIe to USB conversion M.2 Add-in Card
271, 281: PCI Express Edge Finger part
273, 283: PCIe to USB conversion control unit
275, 277: USB connector (vertical type)
280: PCIe to USB conversion PCIe Add-in Card
285, 287: USB connector (horizontal type)
300: block diagram of a computer system used in the present invention
301: Motherboard
302: Central processing unit (CPU)
304: graphic signal output port
306: MCH(MEMORY CHANNEL HUB)
308: system memory
310: SATA connector
312: Internal hard disk drive (HDD)
314: CD-ROM drive
316: ICH(IO CHANNEL HUB)
318: first PCI EXPRESS expansion slots
320: 2nd PCI EXPRESS expansion slots
322: Lombios
324: M.2 connection port
326: USB connection port
328: monitor
330: Tool Box1
331: My Computer Confiuration
332: OK/Cancel button
333: Device List-up window (or device selection window)
335: SSD DOUBLER
337: SSD TRIPLER
339: SSD SLIDE-STACKER
340: Tool Box2
341: Password operation selection
342: Init-Password selection button
343: Normal Operation Password
344: Disk selection window
345: Read checkbox
346: Write checkbox
347: User name (ID)
348: Password input field
349: Password confirmation field
351: OK/Cancel button
350: Tool Box3
360: Tool Box4
370: software on main memory
372: FAULT REGISTER
373: Password register
374: GRAPHIC USER INTERFACE (GUI)
376: STATUS REGISTER
380: Graphical User Interface (Tool Box1)
381: Menu Bar
382: ICON Bar
389: Status Bar
390: Graphical User Interface (Tool Box2)
400: USB connection means
410: USB board
412: first USB connector
414: 2nd USB connector
416: 3rd USB connector
418: 4th USB connector
420: USB cable
422, 424: USB connection port
430: fingerprint recognition mouse
432: Fingerprint recognition mouse body
434: fingerprint recognition sensor
436: mouse wheel
500: Conceptual diagram of biometric recognition (face recognition, iris recognition) by PC camera
501: Conceptual diagram of biometric recognition (facial recognition, iris recognition) by a smartphone
510: user face
520: PC camera body
522: camera lens
524: camera support
526, 5,34: USB connection port
530: User smartphone body
532: smartphone front camera
536: Smartphone LCD
S1-S39 (odd): computer-side execution steps
S2∼S16 (even): steps performed by the information device
HS: Authorized user identification signal (hardware signal)
SS: User identification signal (software signal)

Claims (43)

A printed circuit board having at least one or more internal connectors for connecting a series of connector ports exposed to the outside and at least one or more storage media mounted therein; A first connector unit connected to a computer and connected to a main data bus and an external power source; A second connector unit connected to a computer and transmitting password data set by a user; A bus switch configured to allow the data bus to be formed or connected between the first connector unit and the storage medium, or to prevent the data bus from being formed or connected; A first control unit configured to output the control bit for the bus switch as a control signal when a signal conversion unit connected to the second connector unit converts the user-set password received through the second connector unit into a control bit and outputs it; SDS-based operation in which the main data bus is formed or not formed, or is connected or disconnected by having, and a second control unit is provided between the first connector unit and a connector for connecting the storage media Organize your storage media,
The bus switch maintains a connection state by the first control unit while the computer on which the SD-based storage media is installed is booting under the control of the second control unit, and the SD-based storage media is installed. Immediately after the booting of the computer is completed, the first control unit refers to various attribute information of the SD-based storage media, and a virtual storage indicating the storage media of the same attribute information in an arbitrary area of the system memory constituting the computer SSD-based storage media having a data protection function, characterized in that maintaining a blocked state after the media is created. The method of claim 1,
The first control unit has a data protection function, characterized in that the signal conversion unit connected to the second connector receives a user-set password, converts it to the control bit by a designated output pin, and outputs it as a control signal. SSD-based storage media. The method of claim 2,
The first control unit is transmitted to a separate MCU used as the first control unit without going through the signal conversion unit connected to the second connector unit, and the MCU receives a user-set password and sets the control bit by a designated output pin. SSD-based storage media having a data protection function, characterized in that output as a control signal. The method of claim 2,
The first control unit is transmitted to a separate MCU used as the first control unit via the signal conversion unit connected to the second connector unit, and the MCU receives a user-set password and controls the control bit by a designated output pin. SSD-based storage media having a data protection function, characterized in that output as a signal. The method of claim 1,
The first control unit has a data protection function, characterized in that it additionally includes at least one or more DIP switches or ROTARY DIP switches and/or PROMs having a hardware encryption value or an operation mode setting state value previously set by a user. SSD-based storage media. The method of claim 5,
The first control unit determines whether to place the password value set on the ROTARY DIP switch as a PRE-POSITION password, a POST-POSITION password, or in advance according to the setting state of the DIP switch previously set by the user. SSD-based storage media having a data protection function, characterized in that it designates whether to use it as a circulating (ROTATE) or scattering and collecting (SCATTER-GATHER) password according to a set communication protocol. The method of claim 5,
The first control unit stores the hardware password transmitted through the user's graphic user interface in the designated hardware encryption address of the PROM, and stores the hardware encryption value stored in the hardware password address of the PROM according to a preset state of the DIP switch. To specify whether to place it as a PRE-POSITION password, a POST-POSITION password, or use it as a rotation (ROTATE) or scattering and gathering (SCATTER-GATHER) password according to a pre-set communication protocol. SSD-based storage media with a characteristic data protection function. delete The method of claim 1,
When the second control unit is provided with an externally controlled main data bus ENABLE pin, the second control unit is configured such that the main data bus activation pin is connected to the first control unit to form or not form a main data bus. SSD-based storage media having a data protection function, characterized in that. The method of claim 1,
When at least one or more connector units added to the first connector unit and exposed to the outside are provided, a main data bus that is different from the connector for connecting the storage media is formed corresponding to each of the additional connector units exposed to the outside. And, by adding the bus switch to each additionally formed main data bus so that each is controlled by the output pins of the first control unit, the main data bus is connected or disconnected according to a user's set password. SSD-based storage media with functions. The method of claim 1,
The second connector unit SSD-based storage media having a data protection function, characterized in that connected to the computer by a PCI EXPRESS TO USB conversion card additionally provided inside the computer. The method of claim 5,
The computer transmits the hardware password written through a graphic user interface of software residing on the main memory to the first control unit through the second connector unit, and transmits the hardware password transmitted to the first control unit to the second connector unit. SSD-based storage media having a data protection function, characterized in that it is read back into the software through the software and compared with the hardware password entered by the user to confirm whether the hardware password entered by the user is surely transmitted to the first control unit . The method of claim 12,
The first controller transmits a value set as the DIP switch connected to the first controller and/or a hardware password to the software side by a read operation of the software. The SSD-based storage medium having a data protection function. The method of claim 12,
If the data access control setting pin among the setting pins of the DIP switch is activated, the value set as the DIP switch and/or the hardware password is not transmitted to the software side despite a read operation of the software. SSD-based storage media. The method of claim 12,
The software loads various types of SD-based storage media installed in the computer from the device list in a DRAG & DROP method, so that the installed state is displayed as it is, and the state value of the first control unit is obtained from each device. SSD-based storage media having a data protection function, characterized in that the hardware password and operation setting mode values for each device set by the user are read. The method of claim 12,
The software is characterized in that it comprises software in the step of assigning a hardware password after installation and a step of assigning a software password upon use for the purpose of performing data access control on the SD-based storage media installed in the computer. SSD-based storage media with data protection function. The method of claim 16,
The software has a data protection function, characterized in that it allows the user to select whether to perform access control only for a read operation, access control only for a write operation, or access control for both a read operation and a write operation. SSD-based storage media. The method of claim 12,
The first control unit extracts a valid password from the data value transmitted from the software side according to the setting state of the DIP switch, and determines whether it matches the password data stored value set by the user in advance. SSD-based storage media having. The method of claim 18,
When the setting state of the DIP switch is PRE-POSITION for the data transmitted from the software, the first control unit replaces the data corresponding to the PRE-POSITION with a password previously set by the user and receives it as a whole. SSD-based storage media having a data protection function, characterized in that recognized as encrypted data. The method of claim 18,
When the setting state of the DIP switch for the data transmitted from the software is POST-POSITION, the first control unit replaces the data corresponding to the POST-POSITION with a password previously set by the user and receives it as a whole. SSD-based storage media having a data protection function, characterized in that recognized as encrypted data. The method of claim 18,
The first control unit receives the password set in advance by the user according to a pre-determined rule when the setting of the DIP switch is disturbed and the setting of the DIP switch is scattered and gathered (SCATTER-GATHER) for the data transmitted from the software. An SSD-based storage media with a data protection function, characterized in that the password is processed and the password required for control is extracted. A first connector unit connected to a computer and connected to a main data bus and an external power source; A first control unit connected between the first connector unit and the at least one storage media through a main data bus and connected to the at least one storage media through respective data buses; It is located between the first connector unit and the first control unit or between the first control unit and the storage media to connect or block the main data bus between the first connector unit and the first control unit, or A bus switch for connecting or disconnecting a data bus between storage media; A second connector part to which a control signal for the bus switch is connected from an external cable; A signal conversion unit provided between the second connector unit and the bus switch and outputting a control signal for the bus switch based on data received through the second connector unit; And the signal received through the signal conversion unit is used as a control signal for the bus switch to connect or disconnect the main data bus connected to the first connector unit or the data bus connected to the storage MIDI. Organize D-based storage media,
The bus switch maintains a connection state under the control of the first control unit while the computer on which the SD-based storage media is installed is booting up, and the booting of the computer on which the SD-based storage media is installed is completed. Immediately after, under the control of the first control unit, a virtual storage media representing the storage media having the same attribute information is created in an arbitrary area of the system memory constituting the computer by referring to various attribute information of the SD-based storage media. SSD-based storage media having a data protection function, characterized in that it maintains a blocked state after being disabled. delete delete The method of claim 22,
The signal conversion unit is embedded in the first control unit, and the first control unit outputs a control signal for the bus switch based on the data received through the second connector unit. Storage media. The method of claim 22,
The second connector unit has a data protection function, characterized in that it is connected to an arbitrary USB port provided on the motherboard of the computer on which the SD-based storage media is installed, and receives the data for the bus switch control signal from the computer side. SSD-based storage media. The method of claim 22,
The computer has a USB board, so that the first USB connector is connected to an arbitrary USB port provided on the motherboard of the computer, the second USB connector is connected to an external information device, and the signal is branched from the second USB connector. The third USB connector is connected to any other USB port provided on the motherboard, and the fourth USB connector is connected to the second connector. The SSD-based storage medium having a data protection function. The method of claim 27,
The first USB connector and the second USB connector are each connected to a USB signal converter for converting a USB signal into a digital signal, and an output of the first USB connector and a USB signal converter connected thereto and the second USB connector and connected thereto An SSD-based storage medium having a data protection function, characterized in that the output of the USB signal converter is connected to a logic device that receives as an input, and the output of the logic device is connected to a fourth USB connector. The method of claim 28,
The output pin of the logic device is connected to a USB signal converter, and the USB signal of the USB signal converter is connected to the fourth USB connector. The method of claim 27,
The computer has a data protection function, characterized in that the computer is connected to an external information device equipped with a biometric means for determining that the user is an authorized user, and periodically receives biometric data or biometric identification result data from the information device. SSD-based storage media. The method of claim 27,
The computer determines the data input from the external information device and, if it is determined that the user is an authorized user, refers to the user's prior access designation item to the storage media, and transmits the data allowing the corresponding access operation to the designated arbitrary input/output port. SSD-based storage media having a data protection function, characterized in that the data to block access to the storage media is transmitted to the arbitrary input/output port when it is determined that the user is an unauthorized user. The method of claim 31,
When an access operation to the storage medium occurs When only the read operation is specified as the user's pre-access specified item, only when the read operation is in progress, only when only the write operation is specified, only when the write operation is in progress, and when both read and write operations are specified In the SSD-based storage medium having a data protection function, characterized in that only when a read or write operation is in progress, transmits the access allowed data to the storage medium to the designated arbitrary port. The method of claim 30,
An SSD-based storage medium having a data protection function, characterized in that the external information device provided with the biometric recognition means is a face recognition camera having a USB port or a smartphone having a face recognition function. The method of claim 22,
The second connector unit SSD-based storage media having a data protection function, characterized in that receiving the data for the bus switch control signal from an external information device other than the computer on which the SD-based storage media is installed. The method of claim 34,
Data protection, characterized in that the storage medium is connected to an external information device equipped with a biometric means for determining that the user is an authorized user, and periodically receives biometric data or biometric identification data from the information device. SSD-based storage media with functions. The method of claim 35,
The external information device outputs data allowing access to the storage media when it is determined that the user is an authorized user through periodic biometric recognition, and blocks access to the storage media when it is determined that the user is unauthorized. SSD-based storage media having a data protection function, characterized in that the output of the data. delete delete The method of claim 22,
The computer is SSD-based with a data protection function, characterized in that the user selectively designates access information for a read and/or write operation on the SD-based storage media immediately after creating the virtual storage media. Storage media. The method of claim 39,
When an attempt to access the SD-based storage media occurs, the computer determines whether to allow or block access by referring to the access information, and in the case of a previously allowed access, the bus switch is connected. And the attempted access operation is performed, and if it is determined that the access is not allowed, it is determined whether the access attempt is an authorized user, and in the case of an access by an authorized user, the bus switch is kept connected. SSD-based storage with a data protection function characterized in that the access operation is performed, and the bus switch is not allowed to access the storage media by keeping the bus switch in a blocked state when access is not by an authorized user. media. The method of claim 40,
When the access operation to the SD-based storage media is completed, the computer updates attribute information on the storage media to the virtual storage media side so that the virtual storage media is always the same attribute information as the storage media. SSD-based storage media having a data protection function, characterized in that after switching the bus switch to a shut-off state. The method of claim 40,
If the computer determines that the access operation to the SD-based storage media is not a previously permitted access and is not an access by an authorized user, the attempt to access the storage media is considered to be due to an external intruder. SSD-based storage with a data protection function, characterized in that the allowable time for re-access is increased in proportion to the re-access attempt to the storage media by maintaining the bus switch in a cut-off state and at the same time running a variable timer. media. delete

Images