KR20150031939A - Security setting method of memory - Google Patents
Security setting method of memory Download PDFInfo
- Publication number
- KR20150031939A KR20150031939A KR20130111799A KR20130111799A KR20150031939A KR 20150031939 A KR20150031939 A KR 20150031939A KR 20130111799 A KR20130111799 A KR 20130111799A KR 20130111799 A KR20130111799 A KR 20130111799A KR 20150031939 A KR20150031939 A KR 20150031939A
- Authority
- KR
- South Korea
- Prior art keywords
- memory
- security
- partition
- area
- present
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
Description
The present invention relates to a security setting method of a memory that allocates a security partition to a memory using a filter driver.
USB (Universal Serial Bus) memory is an external memory connected to a USB port of a home appliance such as a computer or a TV, and is manufactured in a small size and large capacity which is easy to carry. Such an external memory has a drawback in that it is small and light, so that it is easy to carry but is easily lost. Users can save certificates, photos and important documents in USB memory. In this case, if you lose the memory, your personal information will be exposed and you need to secure the USB memory.
The security setting method of the USB memory can be divided into hardware type and software type. The hardware method is a method of inserting a security chip into a USB memory. Therefore, there is no need to install and configure other than a password setting. However, it is necessary to purchase an expensive USB memory with a security chip and a maximum capacity of 16 GB to store large amount of multimedia contents And it is slow because it does not support USB 3.0. The software method can be secured by installing secure USB program on general USB memory and setting security partition. In the conventional software method, there are an image method of storing files to be secured by an image file ***. Iso in a general area that others can access, and a method of setting a security area through a physical partition. The image method has the disadvantage that it can be easily seen and deleted because the image file which compresses security files in the general area exists.
The present invention provides a method for security setting of a memory which easily sets a security partition and does not allow access by others.
The security setting method of a memory according to an exemplary embodiment of the present invention sets a security in a memory using a filter driver and includes a signature, a device identification number, a partition identification number, a start sector position, a size, a user identification and authentication information, Setting a hidden area for encrypting and storing the hidden area; And partitioning the memory into a secure area, which is recognized as a normal volume by an operating system (O / S) after user authentication, and which real-time encrypts and stores data by the filter driver.
The present invention designates a logical partition by dividing a hidden area and a security area into a memory through a filter driver. Since the security area itself is not connected to a file explorer or a file manager of O / S (for example, Windows) before logging in to the memory via user authentication, the unauthorized person does not even show the memory capacity Do not. Thus, the present invention makes it impossible to delete unauthorized others because it does not show security files in the secured memory. The present invention provides a simple and intuitive user interface to a user to upgrade a general memory to a secured memory by guiding security settings through the user interface, Memory can be implemented. In addition, the present invention can easily implement security of almost all kinds of portable and fixed storage devices that are commercially available without being limited by the memory capacity.
1 is a diagram illustrating a security partition in a security setting method of a memory according to an embodiment of the present invention.
2 is a diagram illustrating a method of mounting a security area.
3 is a diagram illustrating a method of reading data from a secured memory.
4 is a diagram illustrating a method of writing data in a secured memory.
5 to 19 are user interface images showing how to set and use the security area.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to the preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings. Like reference numerals throughout the specification denote substantially identical components. In the following description, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.
The present invention newly creates a security partition in a storage area to which a predetermined partition or a partition is not allocated in the memory.
The secure partition configuration method of the present invention includes a hidden area for encrypting and storing a signature, a device identification number, a partition identification number, a start sector location, a size, a user identification and authentication information, an audit log, And a security area which is recognized as a normal volume by the O / S (Operating System) after authentication and real-time encrypted by the filter driver by the user's data.
When creating a secure partition, it is created with "Original Equipment Manufacturer (OEM) partition" or "Extended Industry Standard Architecture (EISA) configuration". Therefore, it is not recognized as a volume in the O / S, it blocks the arbitrary modification / removal work of the user on the secure partition, and blocks the second part through the management of the authentication information of the filter driver.
A method for security setting of a memory according to an embodiment of the present invention uses a filter driver to perform partition management in firmware of a memory device and encrypt and decrypt data in real time.
The security partition setting method of the present invention realizes encryption and decryption of data after recognizing a security area in a security partition as a volume by using a filter driver in user authentication. Since the security zone information is not directly written to the MBR (Master Boot Record) of the memory device when the security zone is used, the original partition can be maintained even when the O / S is abnormally terminated or when the device is arbitrarily removed. In case of removable disk, O / S does not support multiple partitions. Therefore, only the security zone is mounted. If multi-partition is required, the filter drive changes the device attribute of the storage device to a fixed disk and recognizes it as a storage device supporting multi partition You can mount both the general area and the security area simultaneously.
The mounting method of the security area is as shown in FIG. 2, and a method of reading data in the security area of the memory device can be shown in FIG. A method of writing data to the security area of the memory device is shown in FIG.
The security setting method of the memory according to the embodiment of the present invention can be applied to a portable device such as a USB memory, a fixed memory device or the like.
In the security setting method of the memory according to the embodiment of the present invention, the filter driver performs processing on MBR data and data real-time encryption / decryption. The filter driver can be implemented using filter drivers of all devices such as a disk filter driver and a USB filter driver, and each filter driver can be implemented with an upper filter driver and a lower filter driver.
The security setting method of the memory according to the embodiment of the present invention can be secured by a method of mounting / encrypting the MBR even in the case of a GPT (GUID Partition Table) partition storage device.
Since the security area in the security partition is stored in a normal file system encrypted, normal user identification and authentication are performed using the security information of the hidden area, and then the disk is mounted to the disk using a disk mount technology such as a network disk drive or a virtual disk drive You can mount it.
The present invention can easily realize the security of almost all kinds of portable and fixed storage devices that are commercially available without being limited by the memory capacity.
The present invention can upgrade a non-secured general memory to secure memory by setting security through a simple and intuitive user interface. 6 to 22 show a user interface screen showing a security setting method of a memory according to an embodiment of the present invention on a display device.
When a non-secured USB memory is connected to a PC (Personal Computer), the USB memory on the Explorer screen of the O / S can be designated as E: as shown in FIG. When the user interface (UI) of the present invention is executed, an initial screen before security setting is displayed on the display device as shown in FIG. When "SECRET USB" is selected in the UI image of FIG. 6, the initialization is selected after displaying the memory initialization warning message as shown in FIG. When the user selects initialization on the UI screen of FIG. 7, the warning message and terms as shown in FIGS. 8 and 9 are displayed to the user through the display device, and only the general area, On the display device, a menu for designating the size of the security area to which the security area is permitted. If the size of the general area and the security area is designated, a screen showing the progress of the security process is displayed on the display device during the time of partitioning the security area through the filter driver as shown in FIG. When the security setting of the memory is completed, a message as shown in Fig. 12 is displayed on the display device. When the security setting of the memory is completed, the security area of the memory can be accessed only after the login process through the user authentication is completed.
13 to 15 are UI images that lead to login and genuine registration. 16 and 17 are images of a password input window for user authentication. If the password matches the password input at the time of security setting, the security area of the memory is shown in the searcher as shown in FIG. FIG. 18 shows an example in which a security area in which access is allowed through a user approval process is generated as F :. 19 is an automatic logout setting screen.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. Therefore, the technical scope of the present invention should not be limited to the contents described in the detailed description of the specification, but should be defined by the claims.
Claims (3)
And partitioning the memory into a security area that is recognized as a normal volume by an operating system (O / S) after the user authentication, and which real-time encrypts and stores data by a filter driver.
Wherein the secure area is configured as an Original Equipment Manufacturer (OEM) partition or an Extended Industry Standard Architecture (EISA) partition.
Wherein the secure area is not recognized as a volume in the O / S, and the access to the secure area is allowed by executing the filter driver through a user authentication process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20130111799A KR20150031939A (en) | 2013-09-17 | 2013-09-17 | Security setting method of memory |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20130111799A KR20150031939A (en) | 2013-09-17 | 2013-09-17 | Security setting method of memory |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20150031939A true KR20150031939A (en) | 2015-03-25 |
Family
ID=53025334
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR20130111799A KR20150031939A (en) | 2013-09-17 | 2013-09-17 | Security setting method of memory |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20150031939A (en) |
-
2013
- 2013-09-17 KR KR20130111799A patent/KR20150031939A/en not_active Application Discontinuation
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2759943B1 (en) | File encryption method and device, file decryption method and device | |
KR101506578B1 (en) | File system configuration method and apparatus for data security, method and apparatus for accessing data security area formed by the same, and data storage device thereby | |
CN100472481C (en) | Portable access device with secret function and access method thereof | |
EP1672509A2 (en) | Portable applications | |
US20180107493A1 (en) | Synchronous control method and device via external apparatus | |
EP2879327A1 (en) | Encryption and decryption processing method, apparatus and device | |
US20130031376A1 (en) | Removable storage device data protection | |
US20150319147A1 (en) | System and method for file encrypting and decrypting | |
WO2015176531A1 (en) | Terminal data writing and reading methods and devices | |
CN103617127A (en) | Memory device with subareas and memorizer area dividing method | |
CN103425938B (en) | The folder encryption method of one kind Unix operating system and device | |
TWI503692B (en) | Secure storage method, terminal and system based on virtualization | |
WO2017067513A1 (en) | Data processing method and storage gateway | |
CN108287988B (en) | Security management system and method for mobile terminal file | |
CN111159726B (en) | UEFI (unified extensible firmware interface) environment variable-based full-disk encryption and decryption method and system | |
KR100990973B1 (en) | Apparatus of processing data using raw area of removable storage device | |
WO2011137844A1 (en) | Method and apparatus for accessing data storage device | |
CN110633584B (en) | Control of data storage device | |
KR20150031939A (en) | Security setting method of memory | |
KR101031072B1 (en) | portable memory device | |
KR101161686B1 (en) | Memory device with security function and security method thereof | |
KR101371031B1 (en) | A File Securing System Based on Drive | |
TW201447634A (en) | Storage medium securing method and media access device thereof background | |
TW201939289A (en) | Storage apparatus managing method and storage apparatus managing system | |
KR101069355B1 (en) | Content Security Device Using Removable Memory and Security Method Using The Same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |