KR20030032646A - computer and controling method thereof - Google Patents

computer and controling method thereof Download PDF

Info

Publication number
KR20030032646A
KR20030032646A KR1020010064582A KR20010064582A KR20030032646A KR 20030032646 A KR20030032646 A KR 20030032646A KR 1020010064582 A KR1020010064582 A KR 1020010064582A KR 20010064582 A KR20010064582 A KR 20010064582A KR 20030032646 A KR20030032646 A KR 20030032646A
Authority
KR
South Korea
Prior art keywords
command
read
memory device
output
input
Prior art date
Application number
KR1020010064582A
Other languages
Korean (ko)
Other versions
KR100392453B1 (en
Inventor
이용훈
Original Assignee
삼성전자주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 삼성전자주식회사 filed Critical 삼성전자주식회사
Priority to KR10-2001-0064582A priority Critical patent/KR100392453B1/en
Publication of KR20030032646A publication Critical patent/KR20030032646A/en
Application granted granted Critical
Publication of KR100392453B1 publication Critical patent/KR100392453B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • G06F3/0674Disk device
    • G06F3/0676Magnetic disk device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/32Address formation of the next instruction, e.g. by incrementing the instruction counter
    • G06F9/322Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address
    • G06F9/327Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address for interrupts

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

PURPOSE: A computer and a control method for the computer are provided to write or read data at an encoded position when the data of an auxiliary storage device is accessed so that it can encode the auxiliary storage device itself. CONSTITUTION: The method comprises several steps. A power is supplied for a computer(S1), and then a BIOS(Basic Input/Output System) program performs a POST(Power On Self Test) bootstrapping for checking a connection state of a peripheral(S3), and initializes an SMM(System Main Memory), accessible in only an SMI(System Management Interrupt) mode and arranged at a RAM for processing the SMI signal(S5). An HDD connected to the computer is recognized in a hardware check step, and its IO address is registered at a register of a south bridge(S7). If the POST and Windows bootstrapping are completed and the HDD is read in an environment of the Windows, a read command of the HDD is generated and the south bridge outputs the SMI signal to a CPU(S9). If the SMI signal is output, an IO process routine including an encoding program loads the SMI signal at the RAM, and stores the SMI signal at the SMM until an IO command is recognizable(S11). In a case that the SMI signal is a read/write command(S13), the encoding program encodes a storage position or a read position, and offers the encoded read/write command to the HDD(S15). Based on the position data in the read/write command, the data is read from or written to the HDD(S17).

Description

컴퓨터 및 그 제어방법{computer and controling method thereof}Computer and control method

본 발명은 컴퓨터에 관한 것으로서, 보다 상세하게는 보조기억장치에 저장된 데이터의 억세스를 차단할 수 있는 컴퓨터 및 그 제어방법에 관한 것이다The present invention relates to a computer, and more particularly, to a computer and a control method thereof capable of blocking access to data stored in an auxiliary memory device.

컴퓨터는 HDD 등의 보조기억장치에 저장된 정보의 유출을 방지하고 다른 사용자들이 쉽게 접근할 수 없도록 암호설정기능을 갖는다.The computer has a password setting function to prevent leakage of information stored in an auxiliary storage device such as an HDD and to make it inaccessible to other users.

컴퓨터의 암호는 도 3에 도시된 바와 같이, 전원이 인가된 후(P1), 컴퓨터가 부팅시 키보드의 DEL키를 선택하면 표시되는 바이오스프로그램의 CMOS셋업 메뉴에서 암호설정기능을 선택하여 설정한다(P2), 설정된 유저암호는 CMOS램에 저장된다(P3).The password of the computer is set by selecting the password setting function in the CMOS setup menu of the BIOS program displayed after the power is applied (P1), when the computer selects the DEL key of the keyboard when the computer boots. P2), the set user password is stored in the CMOS RAM (P3).

바이오스셋업에서 암호를 설정한 후, 컴퓨터를 재부팅하면(P4), POST과정 중에 디스플레이화면에 암호입력메시지가 표시된다(P5). 암호입력화면에서 사용자가 키보드를 통해 암호를 입력하면 입력된 암호가 메인보드의 CMOS램에 저장된 사용자설정암호와 일치할 경우에만 시스템부팅이 실행되도록 한다(P7).After setting the password in the BIOS setup and rebooting the computer (P4), the password input message is displayed on the display screen during the POST process (P5). If the user inputs the password through the keyboard at the password input screen, the system boot is executed only when the input password matches the user-defined password stored in the CMOS RAM of the motherboard (P7).

그런데, 종래의 컴퓨터의 암호는 메인보드를 통한 부팅을 제어하는 것일 뿐 보조기억장치 각각에 암호화하는 것이 아니다. 따라서, 사용자데이터가 저장된 HDD등의 보조기억장치를 휴대하다가 분실하거나 타사용자에 의해 도난을 당했을 경우 타사용자가 부팅암호가 설정되지 않은 컴퓨터에 연결하면 용이하게 보조기억장치에 억세스할 수 있으므로 타사용자의 접근을 차단할 수 없다.By the way, the password of the conventional computer is only to control the booting through the motherboard, not to encrypt each of the auxiliary storage device. Therefore, if a user loses his or her auxiliary storage device such as a HDD in which user data is stored or is stolen by another user, the other user can easily access the secondary memory device by connecting it to a computer without a boot password. Can't block access.

따라서, 본 발명의 목적은, 보조기억장치의 데이터를 억세스시 암호화된 위치에서 데이터를 읽기/쓰기함으로써 보조기억장치 자체를 암호화할 수 있는 컴퓨터 및 그 제어방법을 제공하는 것이다.Accordingly, an object of the present invention is to provide a computer capable of encrypting the auxiliary memory device itself by reading / writing data from an encrypted location when the data of the auxiliary memory device is accessed and a control method thereof.

도 1은 본 발명에 따른 컴퓨터의 제어블록도,1 is a control block diagram of a computer according to the present invention;

도 2는 본 발명에 따른 컴퓨터의 보조기억장치의 암호화를 위한 제어순서도,2 is a control flowchart for encrypting an auxiliary memory device of a computer according to the present invention;

도 3은 종래의 컴퓨터의 암호설정 순서도이다.3 is a flowchart of a password setting of a conventional computer.

* 도면의 주요 부분에 대한 부호의 설명* Explanation of symbols for the main parts of the drawings

1 : 중앙처리장치(CPU) 2 : CMOS램1: CPU 2: CMOS RAM

3 : 램 5 : 바이오스롬3: RAM 5: Biosrom

7 : 마우스 8 : HDD(하드디스크)7: mouse 8: HDD (hard disk)

9 : CD-ROM 10 : 사우스브리지9: CD-ROM 10: South Bridge

12 : FDD(플로피디스크)12: FDD (Floppy Disk)

상기 목적은, 본 발명에 따라, 데이터가 저장되는 하드디스크를 포함하는 보조기억장치와, 주기억장치인 메모리와, 상기 보조기억장치의 입출력주소가 저장되는 사우스브리지와, 상기 보조기억장치의 억세스시 상기 사우스브리지에서 발생하는 시스템관리인터럽트신호를 처리하는 중앙처리장치를 갖는 컴퓨터에 있어서, 상기 시스템관리인터럽트신호가 출력될 때 상기 보조기억장치에 제공되는 입출력명령어를 검출하여 상기 입출력명령어가 쓰기명령어인 경우 상기 데이터의 위치정보를 암호화하여 저장하게 하고, 상기 입출력명령어가 읽기명령어인 경우 상기 데이터를 암호화된 위치에서 읽어들이도록 상기 보조기억장치를 제어하는 제어부를 포함하는 것에 의해 달성된다.According to the present invention, there is provided an auxiliary memory device including a hard disk on which data is stored, a memory serving as a main memory device, a south bridge in which an input / output address of the auxiliary memory device is stored, and an access of the auxiliary memory device. A computer having a central processing unit that processes a system management interrupt signal generated in the south bridge, wherein the input / output command is a write command by detecting an input / output command provided to the auxiliary memory device when the system management interrupt signal is output. And a control unit for controlling the auxiliary storage device to encrypt and store the location information of the data and to read the data at an encrypted location when the input / output command is a read command.

여기서, 상기 제어부는 상기 시스템관리인터럽트신호의 처리루틴이 저장된 바이오스롬내에 마련되며, 상기 시스템관리인터럽트신호가 출력될 때 상기 메모리에 로딩되어 동작되는 암호화프로그램이 바람직하다.Preferably, the control unit is provided in a biosrom in which the processing routine for the system management interrupt signal is stored and is loaded into the memory and operated when the system management interrupt signal is output.

상기 위치정보는 상기 하드디스크의 헤드/섹터/실린더의 위치정보인 것이 효과적이다.The positional information is effectively the positional information of the head / sector / cylinder of the hard disk.

한편, 본 발명의 다른 분야에 따르면, 상기 목적은, 데이터가 저장되는 하드디스크를 포함하는 보조기억장치와, 주기억장치인 메모리와, 상기 보조기억장치의 입출력주소가 저장되는 사우스브리지와, 상기 보조기억장치의 억세스시 상기 사우스브리지에서 발생하는 시스템관리인터럽트신호를 처리하는 중앙처리장치를 갖는 컴퓨터의 제어방법에 있어서, 전원 인가시 POST과정을 수행하는 단계와, 상기 보조기억장치의 입출력주소를 상기 사우스브리지에 저장하는 단계와, 상기 보조기억장치를 억세스시 발생하는 시스템관리인터럽트신호를 감지하는 단계와, 상기 보조기억장치의 입출력명령어를 검출하여 상기 메모리에 저장하는 단계와, 상기 보조기억장치의 입출력명령어가 쓰기명령어일 때 상기 보조기억장치에 저장될 데이터의 위치정보를 암호화하는 단계와, 상기 보조기억장치의 입출력신호가 읽기명령어일 때 상기 보조기억장치의 데이터를 암호화된 위치로부터 읽어들이는 단계를 포함하는 컴퓨터와 그 제어방법에 의해서도 달성된다.On the other hand, according to another field of the present invention, the above object is, the auxiliary storage device including a hard disk for storing data, a memory that is the main memory, the south bridge that stores the input and output addresses of the auxiliary storage device, and the auxiliary A control method of a computer having a central processing unit that processes a system management interrupt signal generated at the south bridge when a memory device is accessed, the method comprising: performing a POST process when power is applied, and outputting an input / output address of the auxiliary memory device. Storing in the south bridge, detecting a system management interrupt signal generated when the auxiliary storage device is accessed, detecting input / output commands of the auxiliary storage device, and storing the input / output command of the auxiliary storage device in the memory; Encrypt the location information of the data to be stored in the auxiliary memory when the input / output command is a write command And a step of reading the data of the auxiliary memory device from an encrypted position when the input / output signal of the auxiliary memory device is a read command.

여기서, 상기 위치정보는 상기 하드디스크의 헤드/섹터/실린더로 구성된 위치정보인 것이 데이터의 암호화가 효과적으로 될 수 있다.Here, the location information is location information composed of the head / sector / cylinder of the hard disk can be effectively encrypted data.

상기 입출력명령어를 메모리에 저장하는 단계에서, 상기 메모리는 상기 시스템관리인터럽트신호 출력시에만 억세스가능한 시스템메인메모리(SMM)인 것이 효과적이다.In the storing of the input / output command in the memory, the memory is effectively a system main memory (SMM) accessible only at the time of outputting the system management interrupt signal.

이하에서는 첨부도면을 참조하여 본 발명에 대해 상세히 설명한다.Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

도 1은 본 발명에 따른 컴퓨터의 제어블록도이다. 도면에 도시된 바와 같이, 컴퓨터는 통상적으로 중앙처리장치(1), 메모리, 입력장치, 출력장치, 제어장치로 구성된다.1 is a control block diagram of a computer according to the present invention. As shown in the figure, a computer is typically composed of a central processing unit 1, a memory, an input device, an output device, and a control device.

메모리는 HDD(8)와 FDD(12) 및 CD-ROM(9)과 같은 보조기억장치와, 주기억장치인 램(2)과, 컴퓨터 부팅시 본체내의 부착물이 제위치에 있으며 작동가능한 상태인지를 확인한 뒤 운영체계(Operating System)를 하드디스크로부터 읽어들여 램에 로딩(loading)시키는 POST과정을 수행하는 바이오스프로그램이 저장되는 바이오스롬(BIOS ROM)(5)과, 시스템에 연결된 하드웨어장치들의 설정정보가 저장되는 비휘발성 메모리인 CMOS램(2)을 포함한다. 입력장치는 마우스와 키보드를 포함하고 출력장치는 모니터와 도시 않은 스피커를 갖는다.The memory is provided with auxiliary storage such as HDD (8), FDD (12) and CD-ROM (9), RAM (main memory), and attachments in the body when the computer is booted in place and operable. BIOS ROM (5) that stores the BIOS program that performs the POST process of reading the operating system from the hard disk and loading it into RAM, and setting information of the hardware devices connected to the system. It includes a CMOS RAM (2) that is a nonvolatile memory is stored. The input device includes a mouse and a keyboard, and the output device has a monitor and a speaker not shown.

제어장치는 HDD(8)와 CD-ROM(9)을 제어하기 위한 IDE컨트롤러, FDD(12)를 제어하기 위한 FDD컨트롤러, 모니터를 제어하기 위한 비디오컨트롤러와, HDD 및 주변장치의 입출력기능을 관리하는 레지스터의 집합체인 사우스브리지(10)와, 사우스브리지와 PCI버스를 통해 연결되어 중앙처리장치와 비디오카드 및 메모리를 제어하는 도시 않은 노스브리지를 포함한다.The controller manages the input / output functions of the IDE controller for controlling the HDD 8 and the CD-ROM 9, the FDD controller for controlling the FDD 12, the video controller for controlling the monitor, and the HDD and peripheral devices. The southbridge 10, which is a collection of registers, and the northbridge, which is connected to the southbridge via a PCI bus and controls a central processing unit, a video card, and a memory, are illustrated.

위의 제어블록 구성으로 중앙처리장치와 메모리 및 각 입출력장치는 시스템버스를 통해 사용자의 데이터처리명령을 수행하기 위해 제어신호와 데이터를 주고받는다.With the above control block configuration, the central processing unit, the memory, and each input / output device exchanges control signals and data to perform a user data processing command through the system bus.

컴퓨터는 효율적인 제어를 위한 인터럽트 기반의 시스템이다. 인터럽트란 컴퓨터에 장착된 장치나 컴퓨터 내의 프로그램으로부터 오는 신호로서, 인터럽트 신호가 감지되면 컴퓨터는 실행되고 있던 프로그램을 재개하거나, 다른 프로그램의 실행을 시작한다. 본 발명에서는 SMI(System Management Interrupt)신호를 이용하여 컨트롤레벨에서 데이터를 암호화하고자 한다.The computer is an interrupt based system for efficient control. An interrupt is a signal from a device mounted on a computer or a program in a computer. When an interrupt signal is detected, the computer resumes a program being executed or starts executing another program. In the present invention, to encrypt data at the control level using a System Management Interrupt (SMI) signal.

컴퓨터에 CD-ROM(9)과 HDD(8) 등의 저장장치가 연결되면 사우스브리지(10)의 I/O 트랩 레지스터에 각 장치들의 입출력신호를 위한 I/O주소가 등록된다. 따라서, 사용자가 마우스(7)를 통해 HDD(8)를 억세스하는 데이터 읽기/쓰기를 실행하면 운영체계가 이를 인식한다. 운영체계가 HDD(8)를 억세스하기 위해 입출력명령어를 사용하면 HDD의 입출력신호에 의해 사우스브리지(10)의 I/O트랩 레지스터에서 중앙처리장치(1)로 SMI(System Management Interrupt)신호가 출력된다.When a storage device such as a CD-ROM 9 and an HDD 8 is connected to a computer, an I / O address for input / output signals of each device is registered in the I / O trap register of the south bridge 10. Therefore, when the user executes data read / write to access the HDD 8 through the mouse 7, the operating system recognizes this. When the operating system uses an input / output command to access the HDD 8, an SMI (System Management Interrupt) signal is output from the I / O trap register of the South Bridge 10 to the CPU 1 by the input / output signal of the HDD. do.

여기서, SMI신호가 발생될 경우 램(3)에는 SMI(System ManagementInterrupt)모드에만 억세스가능하도록 소정 크기의 SMM(System Main Memory)이 형성된다. SMM에는 특정 I/O인터럽트신호가 발생될 때까지 대기하였다가 그에 해당하는 루틴(특정 입출력장치와 상호작용하게 하는 기능을 수행)을 처리하는 트랩이 설정된다. 따라서, SMI가 발생되면 중앙처리장치(1)에 의해 바이오스롬(5)내의 하드웨어인터럽트처리루틴이 SMM에 로딩되고, 핸들러(handler)가 SMM으로 넘어가 HDD(8)의 입출력동작을 제어하게 된다.Here, when the SMI signal is generated, the RAM 3 is formed with a system main memory (SMM) having a predetermined size to be accessible only to the system management interrupt (SMI) mode. The SMM is set up with a trap that waits for a specific I / O interrupt signal to be generated and processes the corresponding routine (performing a function to interact with a specific input / output device). Therefore, when the SMI is generated, the hardware interrupt processing routine in the biosrom 5 is loaded into the SMM by the central processing unit 1, and the handler is transferred to the SMM to control the input / output operation of the HDD 8.

제어부(5)는 바이오스내에 마련되는 암호화프로그램이다. 제어부(5)는 SMI신호가 발생되면 SMM에 트랩을 설정하여 HDD(8)를 억세스하는 입출력명령어를 인식가능하게 될 때까지 SMM에 저장해 두었다가 입출력명령어를 체크한다. 입출력명령어가 HDD의 읽기/쓰기 명령어이면 데이터의 위치정보를 암호화하는 과정을 실행한다.The control unit 5 is an encryption program provided in the BIOS. When the SMI signal is generated, the control unit 5 sets a trap in the SMM and stores it in the SMM until it can recognize the input / output command that accesses the HDD 8, and then checks the input / output command. If the input / output command is a read / write command of the HDD, the process of encrypting the location information of the data is executed.

입출력명령어가 쓰기명령어일 경우 HDD(8)의 입출력명령어에서 데이터의 헤드/섹터/실린더의 위치정보를 암호화하여 HDD(8)에 제공하여 저장하게 한다. 즉, 제어부(5)에 의해 위치정보가 변화된 입출력명령어가 형성되어 암호화된 입출력명령어가 HDD(8)에 제공되므로 암호화된 위치에 데이터가 저장되는 것이다.When the input / output command is a write command, the input / output command of the HDD 8 encrypts the position information of the head / sector / cylinder of the data and provides the HDD 8 to store it. That is, since the input / output command whose position information is changed by the control unit 5 is formed and the encrypted input / output command is provided to the HDD 8, the data is stored in the encrypted position.

한편, 사용자가 HDD(8)로부터 데이터를 읽어들일 때 사우스브리지(10)에서 SMI신호가 발생되므로 바이오스롬(5)내에 저장된 제어부는 HDD(8)에 저장된 데이터를 읽어들일 때 암호화된 위치로부터 데이터를 읽어들이도록 읽기명령어를 변환한다. 따라서, HDD(8)의 변환된 위치로부터 데이터를 읽어들이게 된다.On the other hand, since the SMI signal is generated in the south bridge 10 when the user reads data from the HDD 8, the control unit stored in the biosrom 5 reads the data from the encrypted position when the data stored in the HDD 8 is read. Convert the read command to read. Therefore, the data is read from the converted position of the HDD 8.

여기서, 암호화프로그램을 구현하는데 있어서 헤드/섹터/실린더의 위치를 변화시키기 위한 암호알고리즘을 컴퓨터마다 상이하게 구성하는 것이 바람직할 것이다.Here, in implementing the encryption program, it may be desirable to configure a different encryption algorithm for each computer to change the position of the head / sector / cylinder.

도 2는 본 발명에 따른 컴퓨터 제어방법의 순서도이다. 도면에 도시된 바와 같이, 컴퓨터에 전원이 공급되면(S1) 먼저 바이오스프로그램에 의한 주변장치의 연결상태를 체크하는 POST부팅이 진행된다(S3). POST진행중에 SMI신호를 처리하기 위해 SMI모드에만 억세스가능하도록 램(3)에 마련된 SMM(System Main Memory)이 초기화된다(S5). 그리고, POST부팅과정 중 바이오스의 하드웨어검사단계에서 컴퓨터에 연결된 HDD(8)가 인식되어 HDD(8)의 입출력주소가 사우스브리지(10)의 레지스터에 등록된다(S7). POST 및 윈도우부팅이 완료된 후 윈도우 운영체계상태에서 HDD(8)를 읽어들이면, HDD(8)의 읽기명령어가 발생되어 사우스브리지(10)에서 중앙처리장치(1)에 SMI신호가 출력된다(S9).2 is a flowchart of a computer control method according to the present invention. As shown in the figure, when power is supplied to the computer (S1), a POST boot is first performed to check the connection state of the peripheral device by the BIOS program (S3). In order to process the SMI signal during the POST, the SMM (System Main Memory) provided in the RAM 3 is initialized to be accessible only to the SMI mode (S5). During the POST boot process, the HDD 8 connected to the computer is recognized in the hardware inspection step of the BIOS, and the input / output address of the HDD 8 is registered in the register of the south bridge 10 (S7). After the POST and window booting are completed, when the HDD 8 is read in the Windows operating system state, a read command of the HDD 8 is generated and the SMI signal is output from the south bridge 10 to the CPU 1 (S9). ).

SMI신호가 출력되면 본 발명의 제어부인 암호화프로그램이 포함된 입출력처리루틴이 램(8)에 로딩되고, 입출력명령어를 인식가능할 때까지 명령어를 램(8)의 SMM에 저장해둔다(S11). 제어부(5)의 암호화프로그램은 SMM에 저장된 명령어를 판단하여 읽기/쓰기 명령어인 경우(S13) 데이터가 저장될 위치 또는 읽어들일 위치정보를 암호화하여 위치정보가 변환된 읽기/쓰기 명령어를 HDD(8)에 제공한다(S15). 그리고, HDD(8)는 변환된 읽기/쓰기 명령어의 위치정보에 기초하여 하드디스크로부터 데이터를 읽어들이거나 하드디스크에 쓰기를 실행한다(S17).When the SMI signal is output, the input / output processing routine including the encryption program, which is the control unit of the present invention, is loaded into the RAM 8 and stored in the SMM of the RAM 8 until the input / output instruction can be recognized (S11). When the encryption program of the control unit 5 determines the command stored in the SMM and read / write command (S13), the encryption program stores the data to be stored or the read / write command in which the location information is converted by encrypting the location information to be read. (S15). The HDD 8 reads data from or writes to the hard disk based on the converted positional information of the read / write command (S17).

여기서, 전술한 실시예에서는 보조기억장치가 HDD인 것으로 한정하여 서술하였으나 FDD 또는 CD-ROM 등에 적용할 수도 있다.Here, in the above-described embodiment, the auxiliary memory device is limited to the HDD, but may be applied to an FDD or a CD-ROM.

실시예에서는 서술하지 아니하였으나 바이오스셋업에서 보조기억장치의 암호화할 것인지 여부를 선택하여 설정하도록 바이오스를 프로그램화할 수도 있다.Although not described in the embodiment, the BIOS may be programmed to select and set whether or not to encrypt the auxiliary storage device in the BIOS setup.

이러한 구성에 의하여, HDD와 같은 보조기억장치의 입출력명령어가 발생될 때 발생되는 SMI신호를 이용하여 HDD의 입출력신호를 콘트롤레벨에서 암호화하여 타사용자가 보조기억장치의 데이터를 억세스하는 것을 차단할 수 있다.By such a configuration, by using the SMI signal generated when an input / output command of the auxiliary storage device such as the HDD is generated, the input / output signal of the HDD can be encrypted at the control level to prevent other users from accessing the data of the auxiliary storage device. .

이상 설명한 바와 같이, 본 발명에 따르면, 보조기억장치의 데이터를 억세스시 암호화된 위치에서 데이터를 읽기/쓰기함으로써 보조기억장치 자체를 암호화할 수 있는 컴퓨터 및 그 제어방법이 제공된다.As described above, according to the present invention, a computer capable of encrypting the auxiliary memory device itself by reading / writing data from an encrypted location when the data of the auxiliary memory device is accessed and a control method thereof are provided.

Claims (6)

데이터가 저장되는 하드디스크를 포함하는 보조기억장치와, 주기억장치인 메모리와, 상기 보조기억장치의 입출력주소가 저장되는 사우스브리지와, 상기 보조기억장치의 억세스시 상기 사우스브리지에서 발생하는 시스템관리인터럽트신호를 처리하는 중앙처리장치를 갖는 컴퓨터에 있어서,An auxiliary memory device including a hard disk for storing data, a memory serving as a main memory, a south bridge in which an input / output address of the auxiliary memory device is stored, and a system management interrupt generated in the south bridge when the auxiliary memory device is accessed. In a computer having a central processing unit for processing a signal, 상기 시스템관리인터럽트신호가 출력될 때 상기 보조기억장치에 제공되는 입출력명령어를 검출하여 상기 입출력명령어가 쓰기명령어인 경우 상기 데이터의 위치정보를 암호화하여 저장하게 하고, 상기 입출력명령어가 읽기명령어인 경우 상기 데이터를 암호화된 위치에서 읽어들이도록 상기 보조기억장치를 제어하는 제어부를 포함하는 것을 특징으로 하는 컴퓨터.When the system management interrupt signal is output, the I / O command provided to the auxiliary memory device is detected, and if the I / O command is a write command, the location information of the data is encrypted and stored, and when the I / O command is a read command, And a control unit for controlling the auxiliary storage device to read data at an encrypted position. 제1항에 있어서,The method of claim 1, 상기 제어부는 상기 시스템관리인터럽트신호의 처리루틴이 저장된 바이오스롬내에 마련되며, 상기 시스템관리인터럽트신호가 출력될 때 상기 메모리에 로딩되어 동작되는 암호화프로그램인 것을 특징으로 하는 컴퓨터.And the control unit is an encryption program provided in the biosrom in which the processing routine for the system management interrupt signal is stored and loaded into the memory when the system management interrupt signal is output. 제2항에 있어서,The method of claim 2, 상기 위치정보는 상기 하드디스크의 헤드/섹터/실린더의 위치정보인 것을 특징으로 하는 컴퓨터.And the position information is position information of a head / sector / cylinder of the hard disk. 데이터가 저장되는 하드디스크를 포함하는 보조기억장치와, 주기억장치인 메모리와, 상기 보조기억장치의 입출력주소가 저장되는 사우스브리지와, 상기 보조기억장치의 억세스시 상기 사우스브리지에서 발생하는 시스템관리인터럽트신호를 처리하는 중앙처리장치를 갖는 컴퓨터의 제어방법에 있어서,An auxiliary memory device including a hard disk for storing data, a memory serving as a main memory, a south bridge in which an input / output address of the auxiliary memory device is stored, and a system management interrupt generated in the south bridge when the auxiliary memory device is accessed. In the control method of a computer having a central processing unit for processing a signal, 전원 인가시 POST과정을 수행하는 단계와,Performing a POST process upon power-up; 상기 보조기억장치의 입출력주소를 상기 사우스브리지에 저장하는 단계와,Storing the input / output address of the auxiliary storage device in the south bridge; 상기 보조기억장치를 억세스시 발생하는 시스템관리인터럽트신호를 감지하는 단계와,Detecting a system management interrupt signal generated when the auxiliary memory device is accessed; 상기 보조기억장치의 입출력명령어를 검출하여 상기 메모리에 저장하는 단계와,Detecting an input / output command of the auxiliary memory device and storing the input / output command in the memory; 상기 보조기억장치의 입출력명령어가 쓰기명령어일 때 상기 보조기억장치에 저장될 데이터의 위치정보를 암호화하는 단계와,Encrypting location information of data to be stored in the auxiliary memory device when the input / output command of the auxiliary memory device is a write command; 상기 보조기억장치의 입출력신호가 읽기명령어일 때 상기 보조기억장치의 데이터를 암호화된 위치로부터 읽어들이는 단계를 포함하는 것을 특징으로 하는 컴퓨터의 제어방법.And reading data of the auxiliary memory device from an encrypted position when the input / output signal of the auxiliary memory device is a read command. 제4항에 있어서,The method of claim 4, wherein 상기 위치정보는 상기 하드디스크의 헤드/섹터/실린더로 구성된 위치정보인 것을 특징으로 하는 컴퓨터의 제어방법.Wherein the position information is a control method of a computer, characterized in that the position information consisting of the head / sector / cylinder of the hard disk. 제4항에 있어서,The method of claim 4, wherein 상기 입출력명령어를 메모리에 저장하는 단계에서, 상기 메모리는 상기 시스템관리인터럽트신호 출력시에만 억세스가능한 시스템메인메모리(SMM)인 것을 특징으로 하는 컴퓨터의 제어방법.And storing the input / output command in a memory, wherein the memory is a system main memory (SMM) accessible only at the time of outputting the system management interrupt signal.
KR10-2001-0064582A 2001-10-19 2001-10-19 computer and controling method thereof KR100392453B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR10-2001-0064582A KR100392453B1 (en) 2001-10-19 2001-10-19 computer and controling method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR10-2001-0064582A KR100392453B1 (en) 2001-10-19 2001-10-19 computer and controling method thereof

Publications (2)

Publication Number Publication Date
KR20030032646A true KR20030032646A (en) 2003-04-26
KR100392453B1 KR100392453B1 (en) 2003-07-23

Family

ID=29565424

Family Applications (1)

Application Number Title Priority Date Filing Date
KR10-2001-0064582A KR100392453B1 (en) 2001-10-19 2001-10-19 computer and controling method thereof

Country Status (1)

Country Link
KR (1) KR100392453B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140052403A1 (en) * 2012-08-15 2014-02-20 Wistron Corp. Test system and test method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140052403A1 (en) * 2012-08-15 2014-02-20 Wistron Corp. Test system and test method thereof

Also Published As

Publication number Publication date
KR100392453B1 (en) 2003-07-23

Similar Documents

Publication Publication Date Title
US9189653B2 (en) Software-based trusted platform module
JP3539907B2 (en) Computer with bootable program
KR101799261B1 (en) Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag
TWI493460B (en) Electronic device and booting method
US6651150B2 (en) Data-processing apparatus and method of controlling the rewriting of a nonvolatile storage device
JP2002358137A (en) Method for setting security computer environment and computer system
JP2015525916A (en) Memory protection device and protection method
US11586779B2 (en) Embedded system and method
US8621195B2 (en) Disabling communication ports
JP2015222474A (en) Method, computer program and computer for repairing variable set
US20100268863A1 (en) Information processing apparatus
WO2009099648A2 (en) Method and apparatus for hardware reset protection
US6920566B2 (en) Secure system firmware by disabling read access to firmware ROM
US20120117308A1 (en) Data protection device and method thereof
JP2000010666A (en) Computer system and flash rom rewriting method
JP4247216B2 (en) Information processing apparatus and authentication control method
US20060080518A1 (en) Method for securing computers from malicious code attacks
KR100392453B1 (en) computer and controling method thereof
US7089427B1 (en) Security system method and apparatus for preventing application program unauthorized use
JPH07319569A (en) Computer system
KR19990079740A (en) How to secure your PC using boot sequence
US20230066447A1 (en) Execution of code in system memory
CN112541166B (en) Method, system and computer readable storage medium
JPH11237983A (en) One-chip microcomputer and entry method for accessing boot area in the one-chip microcomputer
KR20000008845A (en) Method for booting computer system

Legal Events

Date Code Title Description
A201 Request for examination
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20070628

Year of fee payment: 5

LAPS Lapse due to unpaid annual fee