KR20030032646A - computer and controling method thereof - Google Patents
computer and controling method thereof Download PDFInfo
- Publication number
- KR20030032646A KR20030032646A KR1020010064582A KR20010064582A KR20030032646A KR 20030032646 A KR20030032646 A KR 20030032646A KR 1020010064582 A KR1020010064582 A KR 1020010064582A KR 20010064582 A KR20010064582 A KR 20010064582A KR 20030032646 A KR20030032646 A KR 20030032646A
- Authority
- KR
- South Korea
- Prior art keywords
- command
- read
- memory device
- output
- input
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0655—Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0674—Disk device
- G06F3/0676—Magnetic disk device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/32—Address formation of the next instruction, e.g. by incrementing the instruction counter
- G06F9/322—Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address
- G06F9/327—Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address for interrupts
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Human Computer Interaction (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
Description
본 발명은 컴퓨터에 관한 것으로서, 보다 상세하게는 보조기억장치에 저장된 데이터의 억세스를 차단할 수 있는 컴퓨터 및 그 제어방법에 관한 것이다The present invention relates to a computer, and more particularly, to a computer and a control method thereof capable of blocking access to data stored in an auxiliary memory device.
컴퓨터는 HDD 등의 보조기억장치에 저장된 정보의 유출을 방지하고 다른 사용자들이 쉽게 접근할 수 없도록 암호설정기능을 갖는다.The computer has a password setting function to prevent leakage of information stored in an auxiliary storage device such as an HDD and to make it inaccessible to other users.
컴퓨터의 암호는 도 3에 도시된 바와 같이, 전원이 인가된 후(P1), 컴퓨터가 부팅시 키보드의 DEL키를 선택하면 표시되는 바이오스프로그램의 CMOS셋업 메뉴에서 암호설정기능을 선택하여 설정한다(P2), 설정된 유저암호는 CMOS램에 저장된다(P3).The password of the computer is set by selecting the password setting function in the CMOS setup menu of the BIOS program displayed after the power is applied (P1), when the computer selects the DEL key of the keyboard when the computer boots. P2), the set user password is stored in the CMOS RAM (P3).
바이오스셋업에서 암호를 설정한 후, 컴퓨터를 재부팅하면(P4), POST과정 중에 디스플레이화면에 암호입력메시지가 표시된다(P5). 암호입력화면에서 사용자가 키보드를 통해 암호를 입력하면 입력된 암호가 메인보드의 CMOS램에 저장된 사용자설정암호와 일치할 경우에만 시스템부팅이 실행되도록 한다(P7).After setting the password in the BIOS setup and rebooting the computer (P4), the password input message is displayed on the display screen during the POST process (P5). If the user inputs the password through the keyboard at the password input screen, the system boot is executed only when the input password matches the user-defined password stored in the CMOS RAM of the motherboard (P7).
그런데, 종래의 컴퓨터의 암호는 메인보드를 통한 부팅을 제어하는 것일 뿐 보조기억장치 각각에 암호화하는 것이 아니다. 따라서, 사용자데이터가 저장된 HDD등의 보조기억장치를 휴대하다가 분실하거나 타사용자에 의해 도난을 당했을 경우 타사용자가 부팅암호가 설정되지 않은 컴퓨터에 연결하면 용이하게 보조기억장치에 억세스할 수 있으므로 타사용자의 접근을 차단할 수 없다.By the way, the password of the conventional computer is only to control the booting through the motherboard, not to encrypt each of the auxiliary storage device. Therefore, if a user loses his or her auxiliary storage device such as a HDD in which user data is stored or is stolen by another user, the other user can easily access the secondary memory device by connecting it to a computer without a boot password. Can't block access.
따라서, 본 발명의 목적은, 보조기억장치의 데이터를 억세스시 암호화된 위치에서 데이터를 읽기/쓰기함으로써 보조기억장치 자체를 암호화할 수 있는 컴퓨터 및 그 제어방법을 제공하는 것이다.Accordingly, an object of the present invention is to provide a computer capable of encrypting the auxiliary memory device itself by reading / writing data from an encrypted location when the data of the auxiliary memory device is accessed and a control method thereof.
도 1은 본 발명에 따른 컴퓨터의 제어블록도,1 is a control block diagram of a computer according to the present invention;
도 2는 본 발명에 따른 컴퓨터의 보조기억장치의 암호화를 위한 제어순서도,2 is a control flowchart for encrypting an auxiliary memory device of a computer according to the present invention;
도 3은 종래의 컴퓨터의 암호설정 순서도이다.3 is a flowchart of a password setting of a conventional computer.
* 도면의 주요 부분에 대한 부호의 설명* Explanation of symbols for the main parts of the drawings
1 : 중앙처리장치(CPU) 2 : CMOS램1: CPU 2: CMOS RAM
3 : 램 5 : 바이오스롬3: RAM 5: Biosrom
7 : 마우스 8 : HDD(하드디스크)7: mouse 8: HDD (hard disk)
9 : CD-ROM 10 : 사우스브리지9: CD-ROM 10: South Bridge
12 : FDD(플로피디스크)12: FDD (Floppy Disk)
상기 목적은, 본 발명에 따라, 데이터가 저장되는 하드디스크를 포함하는 보조기억장치와, 주기억장치인 메모리와, 상기 보조기억장치의 입출력주소가 저장되는 사우스브리지와, 상기 보조기억장치의 억세스시 상기 사우스브리지에서 발생하는 시스템관리인터럽트신호를 처리하는 중앙처리장치를 갖는 컴퓨터에 있어서, 상기 시스템관리인터럽트신호가 출력될 때 상기 보조기억장치에 제공되는 입출력명령어를 검출하여 상기 입출력명령어가 쓰기명령어인 경우 상기 데이터의 위치정보를 암호화하여 저장하게 하고, 상기 입출력명령어가 읽기명령어인 경우 상기 데이터를 암호화된 위치에서 읽어들이도록 상기 보조기억장치를 제어하는 제어부를 포함하는 것에 의해 달성된다.According to the present invention, there is provided an auxiliary memory device including a hard disk on which data is stored, a memory serving as a main memory device, a south bridge in which an input / output address of the auxiliary memory device is stored, and an access of the auxiliary memory device. A computer having a central processing unit that processes a system management interrupt signal generated in the south bridge, wherein the input / output command is a write command by detecting an input / output command provided to the auxiliary memory device when the system management interrupt signal is output. And a control unit for controlling the auxiliary storage device to encrypt and store the location information of the data and to read the data at an encrypted location when the input / output command is a read command.
여기서, 상기 제어부는 상기 시스템관리인터럽트신호의 처리루틴이 저장된 바이오스롬내에 마련되며, 상기 시스템관리인터럽트신호가 출력될 때 상기 메모리에 로딩되어 동작되는 암호화프로그램이 바람직하다.Preferably, the control unit is provided in a biosrom in which the processing routine for the system management interrupt signal is stored and is loaded into the memory and operated when the system management interrupt signal is output.
상기 위치정보는 상기 하드디스크의 헤드/섹터/실린더의 위치정보인 것이 효과적이다.The positional information is effectively the positional information of the head / sector / cylinder of the hard disk.
한편, 본 발명의 다른 분야에 따르면, 상기 목적은, 데이터가 저장되는 하드디스크를 포함하는 보조기억장치와, 주기억장치인 메모리와, 상기 보조기억장치의 입출력주소가 저장되는 사우스브리지와, 상기 보조기억장치의 억세스시 상기 사우스브리지에서 발생하는 시스템관리인터럽트신호를 처리하는 중앙처리장치를 갖는 컴퓨터의 제어방법에 있어서, 전원 인가시 POST과정을 수행하는 단계와, 상기 보조기억장치의 입출력주소를 상기 사우스브리지에 저장하는 단계와, 상기 보조기억장치를 억세스시 발생하는 시스템관리인터럽트신호를 감지하는 단계와, 상기 보조기억장치의 입출력명령어를 검출하여 상기 메모리에 저장하는 단계와, 상기 보조기억장치의 입출력명령어가 쓰기명령어일 때 상기 보조기억장치에 저장될 데이터의 위치정보를 암호화하는 단계와, 상기 보조기억장치의 입출력신호가 읽기명령어일 때 상기 보조기억장치의 데이터를 암호화된 위치로부터 읽어들이는 단계를 포함하는 컴퓨터와 그 제어방법에 의해서도 달성된다.On the other hand, according to another field of the present invention, the above object is, the auxiliary storage device including a hard disk for storing data, a memory that is the main memory, the south bridge that stores the input and output addresses of the auxiliary storage device, and the auxiliary A control method of a computer having a central processing unit that processes a system management interrupt signal generated at the south bridge when a memory device is accessed, the method comprising: performing a POST process when power is applied, and outputting an input / output address of the auxiliary memory device. Storing in the south bridge, detecting a system management interrupt signal generated when the auxiliary storage device is accessed, detecting input / output commands of the auxiliary storage device, and storing the input / output command of the auxiliary storage device in the memory; Encrypt the location information of the data to be stored in the auxiliary memory when the input / output command is a write command And a step of reading the data of the auxiliary memory device from an encrypted position when the input / output signal of the auxiliary memory device is a read command.
여기서, 상기 위치정보는 상기 하드디스크의 헤드/섹터/실린더로 구성된 위치정보인 것이 데이터의 암호화가 효과적으로 될 수 있다.Here, the location information is location information composed of the head / sector / cylinder of the hard disk can be effectively encrypted data.
상기 입출력명령어를 메모리에 저장하는 단계에서, 상기 메모리는 상기 시스템관리인터럽트신호 출력시에만 억세스가능한 시스템메인메모리(SMM)인 것이 효과적이다.In the storing of the input / output command in the memory, the memory is effectively a system main memory (SMM) accessible only at the time of outputting the system management interrupt signal.
이하에서는 첨부도면을 참조하여 본 발명에 대해 상세히 설명한다.Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.
도 1은 본 발명에 따른 컴퓨터의 제어블록도이다. 도면에 도시된 바와 같이, 컴퓨터는 통상적으로 중앙처리장치(1), 메모리, 입력장치, 출력장치, 제어장치로 구성된다.1 is a control block diagram of a computer according to the present invention. As shown in the figure, a computer is typically composed of a central processing unit 1, a memory, an input device, an output device, and a control device.
메모리는 HDD(8)와 FDD(12) 및 CD-ROM(9)과 같은 보조기억장치와, 주기억장치인 램(2)과, 컴퓨터 부팅시 본체내의 부착물이 제위치에 있으며 작동가능한 상태인지를 확인한 뒤 운영체계(Operating System)를 하드디스크로부터 읽어들여 램에 로딩(loading)시키는 POST과정을 수행하는 바이오스프로그램이 저장되는 바이오스롬(BIOS ROM)(5)과, 시스템에 연결된 하드웨어장치들의 설정정보가 저장되는 비휘발성 메모리인 CMOS램(2)을 포함한다. 입력장치는 마우스와 키보드를 포함하고 출력장치는 모니터와 도시 않은 스피커를 갖는다.The memory is provided with auxiliary storage such as HDD (8), FDD (12) and CD-ROM (9), RAM (main memory), and attachments in the body when the computer is booted in place and operable. BIOS ROM (5) that stores the BIOS program that performs the POST process of reading the operating system from the hard disk and loading it into RAM, and setting information of the hardware devices connected to the system. It includes a CMOS RAM (2) that is a nonvolatile memory is stored. The input device includes a mouse and a keyboard, and the output device has a monitor and a speaker not shown.
제어장치는 HDD(8)와 CD-ROM(9)을 제어하기 위한 IDE컨트롤러, FDD(12)를 제어하기 위한 FDD컨트롤러, 모니터를 제어하기 위한 비디오컨트롤러와, HDD 및 주변장치의 입출력기능을 관리하는 레지스터의 집합체인 사우스브리지(10)와, 사우스브리지와 PCI버스를 통해 연결되어 중앙처리장치와 비디오카드 및 메모리를 제어하는 도시 않은 노스브리지를 포함한다.The controller manages the input / output functions of the IDE controller for controlling the HDD 8 and the CD-ROM 9, the FDD controller for controlling the FDD 12, the video controller for controlling the monitor, and the HDD and peripheral devices. The southbridge 10, which is a collection of registers, and the northbridge, which is connected to the southbridge via a PCI bus and controls a central processing unit, a video card, and a memory, are illustrated.
위의 제어블록 구성으로 중앙처리장치와 메모리 및 각 입출력장치는 시스템버스를 통해 사용자의 데이터처리명령을 수행하기 위해 제어신호와 데이터를 주고받는다.With the above control block configuration, the central processing unit, the memory, and each input / output device exchanges control signals and data to perform a user data processing command through the system bus.
컴퓨터는 효율적인 제어를 위한 인터럽트 기반의 시스템이다. 인터럽트란 컴퓨터에 장착된 장치나 컴퓨터 내의 프로그램으로부터 오는 신호로서, 인터럽트 신호가 감지되면 컴퓨터는 실행되고 있던 프로그램을 재개하거나, 다른 프로그램의 실행을 시작한다. 본 발명에서는 SMI(System Management Interrupt)신호를 이용하여 컨트롤레벨에서 데이터를 암호화하고자 한다.The computer is an interrupt based system for efficient control. An interrupt is a signal from a device mounted on a computer or a program in a computer. When an interrupt signal is detected, the computer resumes a program being executed or starts executing another program. In the present invention, to encrypt data at the control level using a System Management Interrupt (SMI) signal.
컴퓨터에 CD-ROM(9)과 HDD(8) 등의 저장장치가 연결되면 사우스브리지(10)의 I/O 트랩 레지스터에 각 장치들의 입출력신호를 위한 I/O주소가 등록된다. 따라서, 사용자가 마우스(7)를 통해 HDD(8)를 억세스하는 데이터 읽기/쓰기를 실행하면 운영체계가 이를 인식한다. 운영체계가 HDD(8)를 억세스하기 위해 입출력명령어를 사용하면 HDD의 입출력신호에 의해 사우스브리지(10)의 I/O트랩 레지스터에서 중앙처리장치(1)로 SMI(System Management Interrupt)신호가 출력된다.When a storage device such as a CD-ROM 9 and an HDD 8 is connected to a computer, an I / O address for input / output signals of each device is registered in the I / O trap register of the south bridge 10. Therefore, when the user executes data read / write to access the HDD 8 through the mouse 7, the operating system recognizes this. When the operating system uses an input / output command to access the HDD 8, an SMI (System Management Interrupt) signal is output from the I / O trap register of the South Bridge 10 to the CPU 1 by the input / output signal of the HDD. do.
여기서, SMI신호가 발생될 경우 램(3)에는 SMI(System ManagementInterrupt)모드에만 억세스가능하도록 소정 크기의 SMM(System Main Memory)이 형성된다. SMM에는 특정 I/O인터럽트신호가 발생될 때까지 대기하였다가 그에 해당하는 루틴(특정 입출력장치와 상호작용하게 하는 기능을 수행)을 처리하는 트랩이 설정된다. 따라서, SMI가 발생되면 중앙처리장치(1)에 의해 바이오스롬(5)내의 하드웨어인터럽트처리루틴이 SMM에 로딩되고, 핸들러(handler)가 SMM으로 넘어가 HDD(8)의 입출력동작을 제어하게 된다.Here, when the SMI signal is generated, the RAM 3 is formed with a system main memory (SMM) having a predetermined size to be accessible only to the system management interrupt (SMI) mode. The SMM is set up with a trap that waits for a specific I / O interrupt signal to be generated and processes the corresponding routine (performing a function to interact with a specific input / output device). Therefore, when the SMI is generated, the hardware interrupt processing routine in the biosrom 5 is loaded into the SMM by the central processing unit 1, and the handler is transferred to the SMM to control the input / output operation of the HDD 8.
제어부(5)는 바이오스내에 마련되는 암호화프로그램이다. 제어부(5)는 SMI신호가 발생되면 SMM에 트랩을 설정하여 HDD(8)를 억세스하는 입출력명령어를 인식가능하게 될 때까지 SMM에 저장해 두었다가 입출력명령어를 체크한다. 입출력명령어가 HDD의 읽기/쓰기 명령어이면 데이터의 위치정보를 암호화하는 과정을 실행한다.The control unit 5 is an encryption program provided in the BIOS. When the SMI signal is generated, the control unit 5 sets a trap in the SMM and stores it in the SMM until it can recognize the input / output command that accesses the HDD 8, and then checks the input / output command. If the input / output command is a read / write command of the HDD, the process of encrypting the location information of the data is executed.
입출력명령어가 쓰기명령어일 경우 HDD(8)의 입출력명령어에서 데이터의 헤드/섹터/실린더의 위치정보를 암호화하여 HDD(8)에 제공하여 저장하게 한다. 즉, 제어부(5)에 의해 위치정보가 변화된 입출력명령어가 형성되어 암호화된 입출력명령어가 HDD(8)에 제공되므로 암호화된 위치에 데이터가 저장되는 것이다.When the input / output command is a write command, the input / output command of the HDD 8 encrypts the position information of the head / sector / cylinder of the data and provides the HDD 8 to store it. That is, since the input / output command whose position information is changed by the control unit 5 is formed and the encrypted input / output command is provided to the HDD 8, the data is stored in the encrypted position.
한편, 사용자가 HDD(8)로부터 데이터를 읽어들일 때 사우스브리지(10)에서 SMI신호가 발생되므로 바이오스롬(5)내에 저장된 제어부는 HDD(8)에 저장된 데이터를 읽어들일 때 암호화된 위치로부터 데이터를 읽어들이도록 읽기명령어를 변환한다. 따라서, HDD(8)의 변환된 위치로부터 데이터를 읽어들이게 된다.On the other hand, since the SMI signal is generated in the south bridge 10 when the user reads data from the HDD 8, the control unit stored in the biosrom 5 reads the data from the encrypted position when the data stored in the HDD 8 is read. Convert the read command to read. Therefore, the data is read from the converted position of the HDD 8.
여기서, 암호화프로그램을 구현하는데 있어서 헤드/섹터/실린더의 위치를 변화시키기 위한 암호알고리즘을 컴퓨터마다 상이하게 구성하는 것이 바람직할 것이다.Here, in implementing the encryption program, it may be desirable to configure a different encryption algorithm for each computer to change the position of the head / sector / cylinder.
도 2는 본 발명에 따른 컴퓨터 제어방법의 순서도이다. 도면에 도시된 바와 같이, 컴퓨터에 전원이 공급되면(S1) 먼저 바이오스프로그램에 의한 주변장치의 연결상태를 체크하는 POST부팅이 진행된다(S3). POST진행중에 SMI신호를 처리하기 위해 SMI모드에만 억세스가능하도록 램(3)에 마련된 SMM(System Main Memory)이 초기화된다(S5). 그리고, POST부팅과정 중 바이오스의 하드웨어검사단계에서 컴퓨터에 연결된 HDD(8)가 인식되어 HDD(8)의 입출력주소가 사우스브리지(10)의 레지스터에 등록된다(S7). POST 및 윈도우부팅이 완료된 후 윈도우 운영체계상태에서 HDD(8)를 읽어들이면, HDD(8)의 읽기명령어가 발생되어 사우스브리지(10)에서 중앙처리장치(1)에 SMI신호가 출력된다(S9).2 is a flowchart of a computer control method according to the present invention. As shown in the figure, when power is supplied to the computer (S1), a POST boot is first performed to check the connection state of the peripheral device by the BIOS program (S3). In order to process the SMI signal during the POST, the SMM (System Main Memory) provided in the RAM 3 is initialized to be accessible only to the SMI mode (S5). During the POST boot process, the HDD 8 connected to the computer is recognized in the hardware inspection step of the BIOS, and the input / output address of the HDD 8 is registered in the register of the south bridge 10 (S7). After the POST and window booting are completed, when the HDD 8 is read in the Windows operating system state, a read command of the HDD 8 is generated and the SMI signal is output from the south bridge 10 to the CPU 1 (S9). ).
SMI신호가 출력되면 본 발명의 제어부인 암호화프로그램이 포함된 입출력처리루틴이 램(8)에 로딩되고, 입출력명령어를 인식가능할 때까지 명령어를 램(8)의 SMM에 저장해둔다(S11). 제어부(5)의 암호화프로그램은 SMM에 저장된 명령어를 판단하여 읽기/쓰기 명령어인 경우(S13) 데이터가 저장될 위치 또는 읽어들일 위치정보를 암호화하여 위치정보가 변환된 읽기/쓰기 명령어를 HDD(8)에 제공한다(S15). 그리고, HDD(8)는 변환된 읽기/쓰기 명령어의 위치정보에 기초하여 하드디스크로부터 데이터를 읽어들이거나 하드디스크에 쓰기를 실행한다(S17).When the SMI signal is output, the input / output processing routine including the encryption program, which is the control unit of the present invention, is loaded into the RAM 8 and stored in the SMM of the RAM 8 until the input / output instruction can be recognized (S11). When the encryption program of the control unit 5 determines the command stored in the SMM and read / write command (S13), the encryption program stores the data to be stored or the read / write command in which the location information is converted by encrypting the location information to be read. (S15). The HDD 8 reads data from or writes to the hard disk based on the converted positional information of the read / write command (S17).
여기서, 전술한 실시예에서는 보조기억장치가 HDD인 것으로 한정하여 서술하였으나 FDD 또는 CD-ROM 등에 적용할 수도 있다.Here, in the above-described embodiment, the auxiliary memory device is limited to the HDD, but may be applied to an FDD or a CD-ROM.
실시예에서는 서술하지 아니하였으나 바이오스셋업에서 보조기억장치의 암호화할 것인지 여부를 선택하여 설정하도록 바이오스를 프로그램화할 수도 있다.Although not described in the embodiment, the BIOS may be programmed to select and set whether or not to encrypt the auxiliary storage device in the BIOS setup.
이러한 구성에 의하여, HDD와 같은 보조기억장치의 입출력명령어가 발생될 때 발생되는 SMI신호를 이용하여 HDD의 입출력신호를 콘트롤레벨에서 암호화하여 타사용자가 보조기억장치의 데이터를 억세스하는 것을 차단할 수 있다.By such a configuration, by using the SMI signal generated when an input / output command of the auxiliary storage device such as the HDD is generated, the input / output signal of the HDD can be encrypted at the control level to prevent other users from accessing the data of the auxiliary storage device. .
이상 설명한 바와 같이, 본 발명에 따르면, 보조기억장치의 데이터를 억세스시 암호화된 위치에서 데이터를 읽기/쓰기함으로써 보조기억장치 자체를 암호화할 수 있는 컴퓨터 및 그 제어방법이 제공된다.As described above, according to the present invention, a computer capable of encrypting the auxiliary memory device itself by reading / writing data from an encrypted location when the data of the auxiliary memory device is accessed and a control method thereof are provided.
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2001-0064582A KR100392453B1 (en) | 2001-10-19 | 2001-10-19 | computer and controling method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2001-0064582A KR100392453B1 (en) | 2001-10-19 | 2001-10-19 | computer and controling method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20030032646A true KR20030032646A (en) | 2003-04-26 |
KR100392453B1 KR100392453B1 (en) | 2003-07-23 |
Family
ID=29565424
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR10-2001-0064582A KR100392453B1 (en) | 2001-10-19 | 2001-10-19 | computer and controling method thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR100392453B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140052403A1 (en) * | 2012-08-15 | 2014-02-20 | Wistron Corp. | Test system and test method thereof |
-
2001
- 2001-10-19 KR KR10-2001-0064582A patent/KR100392453B1/en not_active IP Right Cessation
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140052403A1 (en) * | 2012-08-15 | 2014-02-20 | Wistron Corp. | Test system and test method thereof |
Also Published As
Publication number | Publication date |
---|---|
KR100392453B1 (en) | 2003-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9189653B2 (en) | Software-based trusted platform module | |
JP3539907B2 (en) | Computer with bootable program | |
KR101799261B1 (en) | Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag | |
TWI493460B (en) | Electronic device and booting method | |
US6651150B2 (en) | Data-processing apparatus and method of controlling the rewriting of a nonvolatile storage device | |
JP2002358137A (en) | Method for setting security computer environment and computer system | |
JP2015525916A (en) | Memory protection device and protection method | |
US11586779B2 (en) | Embedded system and method | |
US8621195B2 (en) | Disabling communication ports | |
JP2015222474A (en) | Method, computer program and computer for repairing variable set | |
US20100268863A1 (en) | Information processing apparatus | |
WO2009099648A2 (en) | Method and apparatus for hardware reset protection | |
US6920566B2 (en) | Secure system firmware by disabling read access to firmware ROM | |
US20120117308A1 (en) | Data protection device and method thereof | |
JP2000010666A (en) | Computer system and flash rom rewriting method | |
JP4247216B2 (en) | Information processing apparatus and authentication control method | |
US20060080518A1 (en) | Method for securing computers from malicious code attacks | |
KR100392453B1 (en) | computer and controling method thereof | |
US7089427B1 (en) | Security system method and apparatus for preventing application program unauthorized use | |
JPH07319569A (en) | Computer system | |
KR19990079740A (en) | How to secure your PC using boot sequence | |
US20230066447A1 (en) | Execution of code in system memory | |
CN112541166B (en) | Method, system and computer readable storage medium | |
JPH11237983A (en) | One-chip microcomputer and entry method for accessing boot area in the one-chip microcomputer | |
KR20000008845A (en) | Method for booting computer system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20070628 Year of fee payment: 5 |
|
LAPS | Lapse due to unpaid annual fee |