KR20150031939A - Security setting method of memory - Google Patents

Security setting method of memory Download PDF

Info

Publication number
KR20150031939A
KR20150031939A KR20130111799A KR20130111799A KR20150031939A KR 20150031939 A KR20150031939 A KR 20150031939A KR 20130111799 A KR20130111799 A KR 20130111799A KR 20130111799 A KR20130111799 A KR 20130111799A KR 20150031939 A KR20150031939 A KR 20150031939A
Authority
KR
South Korea
Prior art keywords
memory
security
partition
area
present
Prior art date
Application number
KR20130111799A
Other languages
Korean (ko)
Inventor
신동열
윤재홍
Original Assignee
신동열
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 신동열 filed Critical 신동열
Priority to KR20130111799A priority Critical patent/KR20150031939A/en
Publication of KR20150031939A publication Critical patent/KR20150031939A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a security setting method of a memory. The present invention includes the steps of: setting a hidden area by encoding and storing a signature, a device serial number, a partition serial number, a starting sector location, a size, user identification and authentication information, and a monitoring log; and dividing the memory into a security area to encode and store data by a filter driver in real time to be recognized as a normal volume by operating system (OS) after user authentication.

Description

SECURITY SETTING METHOD OF MEMORY [0002]

The present invention relates to a security setting method of a memory that allocates a security partition to a memory using a filter driver.

USB (Universal Serial Bus) memory is an external memory connected to a USB port of a home appliance such as a computer or a TV, and is manufactured in a small size and large capacity which is easy to carry. Such an external memory has a drawback in that it is small and light, so that it is easy to carry but is easily lost. Users can save certificates, photos and important documents in USB memory. In this case, if you lose the memory, your personal information will be exposed and you need to secure the USB memory.

The security setting method of the USB memory can be divided into hardware type and software type. The hardware method is a method of inserting a security chip into a USB memory. Therefore, there is no need to install and configure other than a password setting. However, it is necessary to purchase an expensive USB memory with a security chip and a maximum capacity of 16 GB to store large amount of multimedia contents And it is slow because it does not support USB 3.0. The software method can be secured by installing secure USB program on general USB memory and setting security partition. In the conventional software method, there are an image method of storing files to be secured by an image file ***. Iso in a general area that others can access, and a method of setting a security area through a physical partition. The image method has the disadvantage that it can be easily seen and deleted because the image file which compresses security files in the general area exists.

The present invention provides a method for security setting of a memory which easily sets a security partition and does not allow access by others.

The security setting method of a memory according to an exemplary embodiment of the present invention sets a security in a memory using a filter driver and includes a signature, a device identification number, a partition identification number, a start sector position, a size, a user identification and authentication information, Setting a hidden area for encrypting and storing the hidden area; And partitioning the memory into a secure area, which is recognized as a normal volume by an operating system (O / S) after user authentication, and which real-time encrypts and stores data by the filter driver.

The present invention designates a logical partition by dividing a hidden area and a security area into a memory through a filter driver. Since the security area itself is not connected to a file explorer or a file manager of O / S (for example, Windows) before logging in to the memory via user authentication, the unauthorized person does not even show the memory capacity Do not. Thus, the present invention makes it impossible to delete unauthorized others because it does not show security files in the secured memory. The present invention provides a simple and intuitive user interface to a user to upgrade a general memory to a secured memory by guiding security settings through the user interface, Memory can be implemented. In addition, the present invention can easily implement security of almost all kinds of portable and fixed storage devices that are commercially available without being limited by the memory capacity.

1 is a diagram illustrating a security partition in a security setting method of a memory according to an embodiment of the present invention.
2 is a diagram illustrating a method of mounting a security area.
3 is a diagram illustrating a method of reading data from a secured memory.
4 is a diagram illustrating a method of writing data in a secured memory.
5 to 19 are user interface images showing how to set and use the security area.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to the preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings. Like reference numerals throughout the specification denote substantially identical components. In the following description, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

The present invention newly creates a security partition in a storage area to which a predetermined partition or a partition is not allocated in the memory.

The secure partition configuration method of the present invention includes a hidden area for encrypting and storing a signature, a device identification number, a partition identification number, a start sector location, a size, a user identification and authentication information, an audit log, And a security area which is recognized as a normal volume by the O / S (Operating System) after authentication and real-time encrypted by the filter driver by the user's data.

When creating a secure partition, it is created with "Original Equipment Manufacturer (OEM) partition" or "Extended Industry Standard Architecture (EISA) configuration". Therefore, it is not recognized as a volume in the O / S, it blocks the arbitrary modification / removal work of the user on the secure partition, and blocks the second part through the management of the authentication information of the filter driver.

A method for security setting of a memory according to an embodiment of the present invention uses a filter driver to perform partition management in firmware of a memory device and encrypt and decrypt data in real time.

The security partition setting method of the present invention realizes encryption and decryption of data after recognizing a security area in a security partition as a volume by using a filter driver in user authentication. Since the security zone information is not directly written to the MBR (Master Boot Record) of the memory device when the security zone is used, the original partition can be maintained even when the O / S is abnormally terminated or when the device is arbitrarily removed. In case of removable disk, O / S does not support multiple partitions. Therefore, only the security zone is mounted. If multi-partition is required, the filter drive changes the device attribute of the storage device to a fixed disk and recognizes it as a storage device supporting multi partition You can mount both the general area and the security area simultaneously.

The mounting method of the security area is as shown in FIG. 2, and a method of reading data in the security area of the memory device can be shown in FIG. A method of writing data to the security area of the memory device is shown in FIG.

The security setting method of the memory according to the embodiment of the present invention can be applied to a portable device such as a USB memory, a fixed memory device or the like.

In the security setting method of the memory according to the embodiment of the present invention, the filter driver performs processing on MBR data and data real-time encryption / decryption. The filter driver can be implemented using filter drivers of all devices such as a disk filter driver and a USB filter driver, and each filter driver can be implemented with an upper filter driver and a lower filter driver.

The security setting method of the memory according to the embodiment of the present invention can be secured by a method of mounting / encrypting the MBR even in the case of a GPT (GUID Partition Table) partition storage device.

Since the security area in the security partition is stored in a normal file system encrypted, normal user identification and authentication are performed using the security information of the hidden area, and then the disk is mounted to the disk using a disk mount technology such as a network disk drive or a virtual disk drive You can mount it.

The present invention can easily realize the security of almost all kinds of portable and fixed storage devices that are commercially available without being limited by the memory capacity.

The present invention can upgrade a non-secured general memory to secure memory by setting security through a simple and intuitive user interface. 6 to 22 show a user interface screen showing a security setting method of a memory according to an embodiment of the present invention on a display device.

When a non-secured USB memory is connected to a PC (Personal Computer), the USB memory on the Explorer screen of the O / S can be designated as E: as shown in FIG. When the user interface (UI) of the present invention is executed, an initial screen before security setting is displayed on the display device as shown in FIG. When "SECRET USB" is selected in the UI image of FIG. 6, the initialization is selected after displaying the memory initialization warning message as shown in FIG. When the user selects initialization on the UI screen of FIG. 7, the warning message and terms as shown in FIGS. 8 and 9 are displayed to the user through the display device, and only the general area, On the display device, a menu for designating the size of the security area to which the security area is permitted. If the size of the general area and the security area is designated, a screen showing the progress of the security process is displayed on the display device during the time of partitioning the security area through the filter driver as shown in FIG. When the security setting of the memory is completed, a message as shown in Fig. 12 is displayed on the display device. When the security setting of the memory is completed, the security area of the memory can be accessed only after the login process through the user authentication is completed.

13 to 15 are UI images that lead to login and genuine registration. 16 and 17 are images of a password input window for user authentication. If the password matches the password input at the time of security setting, the security area of the memory is shown in the searcher as shown in FIG. FIG. 18 shows an example in which a security area in which access is allowed through a user approval process is generated as F :. 19 is an automatic logout setting screen.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. Therefore, the technical scope of the present invention should not be limited to the contents described in the detailed description of the specification, but should be defined by the claims.

Claims (3)

Setting a hidden area for encrypting and storing a signature, a device identification number, a partition identification number, a starting sector position, size, user identification and authentication information, and an audit log; And
And partitioning the memory into a security area that is recognized as a normal volume by an operating system (O / S) after the user authentication, and which real-time encrypts and stores data by a filter driver. The method according to claim 1,
Wherein the secure area is configured as an Original Equipment Manufacturer (OEM) partition or an Extended Industry Standard Architecture (EISA) partition. 3. The method of claim 2,
Wherein the secure area is not recognized as a volume in the O / S, and the access to the secure area is allowed by executing the filter driver through a user authentication process.
KR20130111799A 2013-09-17 2013-09-17 Security setting method of memory KR20150031939A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR20130111799A KR20150031939A (en) 2013-09-17 2013-09-17 Security setting method of memory

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR20130111799A KR20150031939A (en) 2013-09-17 2013-09-17 Security setting method of memory

Publications (1)

Publication Number Publication Date
KR20150031939A true KR20150031939A (en) 2015-03-25

Family

ID=53025334

Family Applications (1)

Application Number Title Priority Date Filing Date
KR20130111799A KR20150031939A (en) 2013-09-17 2013-09-17 Security setting method of memory

Country Status (1)

Country Link
KR (1) KR20150031939A (en)

Similar Documents

Publication Publication Date Title
EP2759943B1 (en) File encryption method and device, file decryption method and device
KR101506578B1 (en) File system configuration method and apparatus for data security, method and apparatus for accessing data security area formed by the same, and data storage device thereby
CN100472481C (en) Portable access device with secret function and access method thereof
EP1672509A2 (en) Portable applications
US20180107493A1 (en) Synchronous control method and device via external apparatus
EP2879327A1 (en) Encryption and decryption processing method, apparatus and device
US20130031376A1 (en) Removable storage device data protection
US20150319147A1 (en) System and method for file encrypting and decrypting
WO2015176531A1 (en) Terminal data writing and reading methods and devices
CN103617127A (en) Memory device with subareas and memorizer area dividing method
CN103425938B (en) The folder encryption method of one kind Unix operating system and device
TWI503692B (en) Secure storage method, terminal and system based on virtualization
WO2017067513A1 (en) Data processing method and storage gateway
CN108287988B (en) Security management system and method for mobile terminal file
CN111159726B (en) UEFI (unified extensible firmware interface) environment variable-based full-disk encryption and decryption method and system
KR100990973B1 (en) Apparatus of processing data using raw area of removable storage device
WO2011137844A1 (en) Method and apparatus for accessing data storage device
CN110633584B (en) Control of data storage device
KR20150031939A (en) Security setting method of memory
KR101031072B1 (en) portable memory device
KR101161686B1 (en) Memory device with security function and security method thereof
KR101371031B1 (en) A File Securing System Based on Drive
TW201447634A (en) Storage medium securing method and media access device thereof background
TW201939289A (en) Storage apparatus managing method and storage apparatus managing system
KR101069355B1 (en) Content Security Device Using Removable Memory and Security Method Using The Same

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination