KR20190012093A - Ssd based storage media with data protection - Google Patents

Abstract

An SSD-based storage medium with a data protection function is a storage medium with at least one SSD loaded therein, transceives main data with a connected computer through a first connector unit, transceives password setting information set by a user and password data through a separate connector connected to the outside, and blocks or connects an output signal of a control unit which analyzes and controls received password data to a main data bus arranged in the SSD-based storage medium. The SSD-based storage medium includes a password data control unit to control to form, connect, prevent formation of, or block the main data bus in accordance with various internal configurations of the SSD-based storage medium. Moreover, the present invention suggests an operating method of software linked to the SSD-based storage medium with a data protection function to operate and related to password processing. On the other hand, the present invention suggests a method which distinguishes authorized users by biometric recognition from an information device arranged outside a computer and allows only authorized users to access the storage medium in accordance with a result of distinguishing authorized users.

Description

[0001] SSD-BASED STORAGE MEDIA WITH DATA PROTECTION [

The present invention permits data access to an SSD doubler only for an authorized user by a preset password when a SOLID STATE DRIVE (SSD) doubler is installed and used in a computer, And does not allow data access to the storage media on the SSD doubler for an external intruder.

The data access control technology for the SSD-based storage medium of the present invention is not only an SSD doubler in which two 2.5-inch SSDs are vertically stacked in two stages, but also three 3.5-inch SSDs stacked vertically in three stages. SSD Slide (TRIPLER) with the same form factor as the hard disk drive, SSD Slide in the form of PCIe Add-in Card, and SSD Slide -Stacker, 3.5 The same applies to the M.2 multi-plug product in which the M.2 SSD is stacked vertically / horizontally in multiple stages in the external shape of the hard disk drive.

In the present invention, the SSD-based storage media listed above include a host computer (hereinafter, referred to as a host computer) installed and used to receive a data protection function, and a transmission port for connecting a main bus through which main data is transmitted And a separate side-band interface port through which transmission of user state setting information and cryptographic data information to which access control is performed is provided.

The SSD-based storage medium having the data protection function of the present invention has at least one or more ROTARY DIP switches for giving a user a hardware password in advance, To increase the number of digits of the cipher.

It is also possible to provide a DIP switch to allow the user to place the password given through the ROTARTY DIP switch in front of, behind, or circulating the software password given on the graphical user interface on the software, It is used as a cryptographic operation mode switch which designates whether to perform encrypted communication by scattering and collecting (SCATTER-GATHER) arrangement.

Meanwhile, as a specific method of performing access control on an SSD-based storage medium having a data protection function, a control method including a bus switch for the main data bus and a separate data bus activation (ENABLE ) Signal, control by a clock signal generation circuit input to a control unit side having a RAID control function, or control through an output power activation signal of a power source supplied to a storage medium, and a data access control unit To the technical field of the software.

Generally, as an example of conventional SSD-based storage media, SSD doubler, SSD tripler, and M.2 multiplayer can be mentioned as having the same form factor as a 3.5 inch hard disk drive, The PCIe Add-in card-type storage media includes SSD Slide-Stacker (PCIe Add-in card type) with SSD mounting bay (Bay) increased by horizontally arranging SSD mounting support used in the SSD doubler or SSD tripler Can be listed.

However, these products may be used to increase or duplicate capacity in the form of a single volume by incorporating a RAID control means for the mounted SSDs in addition to the mechanical means for mounting the SSD for use as an SSD-based storage medium, Output ports, and storage media mapped to the respective ports are connected to an external RAID control means (RAID by a chipset on a motherboard or RAID by a commercial RAID card) to increase the data input / output bandwidth as a whole It was limited to being utilized.

Japanese Patent Application Laid-Open No. 10-2017-0006240 (Publication date 2017.01.17)

Published Japanese Patent Application No. 10-2017-0040897 (Publication date 2014.04.14)

Published Japanese Patent Application No. 10-2017-0052419 (Publication date 2017.05.12)

The present invention relates to a typical example of SSD-based storage media listed above, and by combining the technical field with a data protection function, it is possible to prevent the unauthorized use of data, such as Raman software, And to provide an SSD-based storage medium capable of accessing data only to an authorized user.

To this end, the SSD-based storage medium having the data protection function of the present invention is to provide enhanced hardware encryption and control technology and encryption data processing technology by software operating in conjunction with the hardware encryption and control technology.

According to the present invention, there is provided an access control technique for various May data buses based on analysis of final password data transmitted from a software side to extract valid password data.

In addition, through the software provided in the present invention, the user can access the storage medium of the access control object only for the write operation only, for the read operation only, or for both the read operation and the write operation Control of the user's choice of whether to provide software in a way.

Finally, the access control of the storage media by the computer-based encryption-based software provided in the present invention is replaced with a biometric means such as the face recognition of the user by the smart phone of the user, To provide secure security.

According to an aspect of the present invention, there is provided an SSD-based storage medium comprising: a printed circuit board having at least one or more internal connectors for connecting a series of connector ports exposed to the outside with data storage means mounted therein; A first connector unit connected to a computer and connected to a main data bus and an external power supply; A second connector connected to the computer and to which the password data set by the user is transmitted; A data bus formation / connection unit for allowing the data bus to be formed or connected between the first connector unit and the data storage unit, or to prevent the data bus from being formed or connected; And a switching controller for converting the user set password received through the second connector unit into a control bit and outputting the control bit for the data bus forming / connecting unit as a control signal, wherein the main data bus is formed or unformed Or to be connected or disconnected.

In addition, the switching control unit receives the user setting cipher connected to the second connector unit, and the control bit is outputted as a control signal by the designated output pin.

Also, the switching control unit is transmitted to a separate MCU used as the switching control unit without passing through the signal converting unit connected to the second connector unit, and the MCU receives the user setting password, And is output as a control signal.

Also, the switching control unit is transmitted to the separate MCU used as the switching control unit through the signal converter connected to the second connector unit, and the MCU receives the user setting password and the control bit is controlled by the designated output pin Signal.

The switching control unit may further include at least one or more DIP switches or a rotary DIP switch and / or a PROM having a hardware encryption value or an operation mode setting state value preset by a user.

In addition, the switching control unit may determine whether to set the password value set on the ROTARY DIP switch to the PRE-POSITION password, POST-POSITION password or the like in accordance with the setting state of the DIP switch previously set by the user It specifies whether to use ROTATE or SCATTER-GATHER password according to the preset communication protocol.

The switching control unit may store the hardware password transmitted through the graphical user interface of the user at the designated hardware password address of the PROM and may store the hardware password value stored in the hardware password address of the PROM according to the setting state of the pre- To be placed with the PRE-POSITION password, POST-POSITION password, or ROTATE or SCATTER-GATHER password according to the pre-defined communication protocol. will be.

If a second controller for controlling RAID or PCI EXPRESS SWITCH is additionally provided between the first connector and the connector for connecting the data storage unit, a bus switch may be interposed between the first connector and the second controller, And the bus switch is connected or disconnected by the switching control unit.

In addition, a second controller for controlling the RAID controller or the PCI EXPRESS switch is additionally provided between the connector for connecting the first connector and the data storage unit, and the main controller for controlling the main data bus ENABLE pin is provided, the second control unit connects the main data bus activation pin to the switching control unit so that the main data bus is formed or not formed.

In addition, when at least one or more connector parts exposed to the outside are additionally provided to the first connector part, a connector for connecting the data storage means connected to each of the added external exposed connector parts and a different main data bus And a bus switch is added to each of the additional main data buses so as to be controlled by the output pins of the switching control unit so that the main data bus is connected or disconnected according to the set password of the user.

In addition, the second connector unit is connected to the computer by a PCI Express to USB conversion card additionally provided in the computer.

Also, the computer may transmit the hardware password written through the graphical user interface of the software resident on the main memory to the switching control unit through the second connector unit, and transmit the hardware password transmitted to the switching control unit to the second connector unit And then checks whether the hardware password written by the user is surely transferred to the switching control unit.

In addition, the switching control unit transmits a value set by the DIP switch and / or the hardware password, which is connected to the switching control unit, to the software side by a read operation of the software.

In addition, if the data access control setting pin among the setting pins of the DIP switch is in the activated state, the DIP switch and / or the hardware password is not transmitted to the software side regardless of the reading operation of the software.

In addition, the software loads various kinds of OSD-based storage media installed in the computer by DRAG & DROP method from the device list, and displays the status of the storage media as it is, reads the status value of the switching control unit from each device And reads the device-specific hardware password and operation setting mode value set by the user.

In addition, the software is provided with a step of providing a hardware password after installation in order to perform data access control for an MSD-based storage medium installed in the computer, and a step of providing software password at the time of use.

In addition, the software allows the user to select whether to perform access control only for the read operation, access control only for the write operation, or access control for both the read operation and the write operation.

In addition, the switching controller extracts a valid password from the data value transmitted from the software according to the setting state of the DIP switch, and determines whether the valid password matches the stored password data value previously set by the user.

If the DIP switch is in the PRE-POSITION state, the switching control unit replaces the data transmitted from the software with a pre-set password regardless of the value of the PRE-POSITION data It is recognized as the received encrypted data as a whole.

If the DIP switch is in the POST-POSITION state, the switching control unit may replace the POST-POSITION data with a password preset by the user, And recognizes it as the received password data.

In addition, when the setting state of the DIP switch is disturbed with respect to data transmitted from the software, the switching control unit controls the switching control unit such that, if the DIP switch is in the SCATTER-GATHER state, And processes the received password to extract the password necessary for the control.

According to another aspect of the present invention, there is provided a computer system comprising: a first connector unit connected to a computer and connected to a main data bus and an external power source; A control unit connected between the first connector unit and the at least one storage medium via a main data bus with the first connector unit and connected to at least one storage medium through respective data buses; The first connector portion and the control portion or between the control portion and the storage medium to connect or disconnect the main data bus between the first connector portion and the control portion or to connect the data bus between the control portion and the storage medium Or shut off; A second connector portion to which a control signal for the bus switch is connected from an external cable; A signal received through the second connector unit is used as a control signal for the bus switch so that a main data bus connected to the first connector unit or a data bus connected to the storage medium is connected or disconnected.

In addition, a signal conversion unit is provided between the second connector unit and the bus switch, and the signal change unit outputs a control signal to the bus switch based on data received through the second connector unit.

In addition, a switching control unit is provided between the signal conversion unit and the bus switch, and the switching control unit outputs a control signal to the bus switch based on data received through the signal conversion unit.

In addition, the signal conversion unit is built in the switching control unit, and the switching control unit outputs a control signal to the bus switch based on data received through the second connector unit.

The second connector unit is connected to an arbitrary USB port provided on a motherboard of the computer in which the storage medium based on the SASD is installed, and receives data for the bus switch control signal from the computer.

Also, the computer includes a USB board, the first USB connector is connected to an arbitrary USB port provided on the motherboard of the computer, the second USB connector is connected to an external information device, The branched third USB connector is connected to any other USB port provided on the motherboard, and the fourth USB connector is connected to the second connector.

The first USB connector and the second USB connector are respectively connected to a USB signal converter for converting a USB signal to a digital signal, and the output of the USB signal converter connected to the first USB connector and the second USB connector, And the output of the logic element is connected to a fourth USB connector.

Also, the output pin of the logic element is connected to the USB signal converter, and the USB signal of the USB signal converter is connected to the fourth USB connector.

Also, the computer is connected to an external information device having biometrics means for discriminating an authorized user, and periodically receives biometrics data or biometrics identification result data from the information device.

If it is determined that the user is the authorized user, the computer refers to the user's dictionary access designation item for the storage medium, and transmits data allowing the access operation to the designated arbitrary user Output port, and transmits data for blocking access to the storage medium to the arbitrary input / output port if it is determined that the user is an unauthorized user.

If only a read operation is designated when the user accesses the storage medium, only when the read operation is in progress. If only the write operation is designated, only when the write operation is in progress, If it is designated, the access permission data for the storage medium is transmitted to the designated arbitrary port only when a read or write operation is in progress.

The external information device having the biometrics means may be a face recognition camera having a USB port or a smart phone having a face recognition function.

In addition, the second connector unit receives data for the data bus forming / connection unit control signal from an external information device other than a computer in which the storage medium based on the SASD is installed.

In addition, the storage medium is connected to an external information device having biometrics means for discriminating an authorized user, and periodically receives biometrics data or biometrics identification data periodically from the information device.

If it is determined that the user is an authorized user through periodic biometrics, the external information device outputs data allowing access to the storage medium. If it is determined that the user is an unauthorized user, And outputs the data.

In addition, while the computer system having the SASD-based storage medium is booted, the bus switch is maintained in a connected state, and the bus switch is kept shut off immediately after booting is completed.

Also, immediately after the booting is completed, the computer system refers to various attribute information of the storage medium based on the SASD, and stores a virtual storage medium representing a storage medium of the same attribute information in an arbitrary area of the system memory constituting the computer system And then the bus switch is kept in the disconnected state.

In addition, the computer system allows the user to selectively designate access information for a read and / or write operation to the storage medium based on the SAS disk immediately after creating the virtual storage medium.

In addition, when the access attempt to the storage medium based on the SASD is made, the computer system determines whether access is permitted or blocked by referring to the access information, If the access attempt is determined to be an unauthorized access, it is determined whether or not the access attempt is authorized. If the access attempt is an authorized user, the bus switch is connected So as to allow the access operation to be performed, and in the case of not access by the authorized user, the bus switch is kept in a blocked state so as not to allow access to the storage medium.

Also, the computer system may update the attribute information of the storage medium to the virtual storage medium when the access operation to the storage medium based on the SASD is completed, so that the virtual storage medium is always updated with the storage medium The bus switch is switched to the cutoff state after having the same attribute information.

In addition, if the access operation to the storage medium based on the SASD is not a previously permitted access and the access by the authorized user is not determined, the computer system may attempt to access the storage medium to an external intruder The bus switch is kept in the cutoff state while the variable timer is operated to increase the allowable time for re-access in proportion to the attempt to access the storage medium.

According to another aspect of the present invention, there is provided a computer system comprising: a first connector unit connected to a computer and connected to a main data bus and an external power supply; A bus switch located between the first connector and at least one or more storage media to connect or disconnect the main data bus between the first connector and the storage media; A second connector portion to which a control signal for the bus switch is connected from an external cable; A signal received through the second connector unit is used as a control signal for the bus switch so that a data bus connecting the first connector unit and the storage medium is connected or disconnected.

As described above, according to the SSD-based storage medium having the data protection function of the present invention, the user assigns a hardware password by setting a series of ROTARY DIP switches provided on an SSD-based storage medium having a data protection function By increasing the number of digits in the password by combining the hardware password and the user-supplied password in the software by setting the DIP switch, it is possible not only to strengthen the password basically, but also to provide a static password in the form of a hardware password before and after the software password A dynamic encryption transfer operation is performed in which the encryption data is changed according to a predetermined protocol while performing data transmission every time, thereby preventing an intruder from easily taking the password.

In addition, various access control means are provided for the main data bus of the SSD-based storage medium having the data protection function, and the SSD-based storage medium is combined with the above-described encryption transmission and analysis method, .

In addition, in order to provide a more convenient use environment and a more reliable security function to the user, the computer main body in which the SSD-based storage medium having the data protection function of the present invention is installed and the biometrics Method to control the main data bus by replacing the user password.

The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the description of the claims.

FIG. 1 is a block diagram of a single connector for an external interface and a SSD doubler incorporating a control unit according to the related art.
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an SSD
3 is a block diagram of an SSD doubler having a connector for a main interface and a connector for an encryption and status information interface according to the present invention.
4 is a block diagram of an SSD doubler having a plurality of connectors for a main interface and a connector for an encryption and status information interface according to the present invention.
5 is a perspective view and front view of an SSD double-roller according to the present invention.
6 is a perspective view and front view of an SSD tripler according to the present invention.
7 is a block diagram of a PCI Express to USB M.2 Card and a PCIe Add-in Card for an SSD-based storage medium and a password and status information interface according to the present invention;
8 is a block diagram of a computer system in which the SSD-based storage medium of the present invention is installed.
9 is a block diagram of a register map of a system memory according to an embodiment of the present invention.
FIG. 10 is a diagram illustrating mapping of installed storage media among graphical user interfaces according to an embodiment of the present invention as they are installed in a corresponding position of a computer system; FIG.
FIG. 11 is a graphical representation of assigning a password to each installed SSD-based storage medium among graphical user interfaces according to an embodiment of the present invention; FIG.
FIG. 12 is a flowchart illustrating an operation sequence of a computer equipped with an SSD-based storage medium of the present invention and an external information apparatus from an initial booting step to an access operation to a storage medium according to the present invention.
FIG. 13 is a diagram illustrating an external information device, a USB port of a computer, and a USB board for connecting the storage medium of the present invention, which are separated from a computer main body according to an embodiment of the present invention.
FIG. 14 is a diagram illustrating the use of a mouse having a fingerprint recognition sensor as a biometric unit as an external information device according to an embodiment of the present invention; FIG.
15 is a diagram illustrating the use of a PC camera as a biometric unit as an external information device separated from a computer main body according to an embodiment of the present invention;
16 is a diagram illustrating the use of a smart phone as a biometric unit as an external information device separated from a computer main body according to an embodiment of the present invention;

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention, and how to accomplish them, will become apparent by reference to the embodiments described in detail below with reference to the accompanying drawings. However, it should be understood that the present invention is not limited to the disclosed embodiments, but may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. It will be understood by those of ordinary skill in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

The terminology used herein is for the purpose of illustrating embodiments and is not intended to be limiting of the present invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification.

In this specification, the terms " comprises " or " having ", and the like, specify that the presence of stated features, integers, steps, operations, elements, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, parts, or combinations thereof.

In addition, the embodiments described herein will be described with reference to cross-sectional views and / or plan views, which are ideal illustrations of the present invention. Accordingly, the embodiments of the present invention are not limited to the specific forms shown but also include changes in necessary forms. For example, the area shown at right angles may be rounded or may have a shape with a certain curvature. Thus, the regions illustrated in the figures have schematic attributes, and the shapes of the regions illustrated in the figures are intended to illustrate specific forms of regions of the apparatus and are not intended to limit the scope of the invention.

Like reference numerals refer to like elements throughout the specification. Accordingly, although the same reference numerals or similar reference numerals are not mentioned or described in the drawings, they may be described with reference to other drawings. Further, even if the reference numerals are not shown, they can be described with reference to other drawings.

Hereinafter, an SSD-based storage medium according to a preferred embodiment of the present invention will be described in detail with reference to the drawings.

FIG. 3 is a block diagram showing a configuration of a system including a first connector 140 for a main interface, a second connector 142 for a password and status information interface, and a second controller 13 having a RAID control function according to the present invention SSD < / RTI >

The basic structure for forming an SSD-based storage medium is the same as the structure (1) shown in FIG. 1 of the related art. However, in the present invention, various types of data buses for adding a data protection function are formed, Providing a means of connecting data buses for the second time to connect.

First, a bus switch 110 is provided on the main data bus between the first connector unit 140 and the second controller 13 in FIG. 3, or a bus switch 110 is provided on the main data bus for connecting the second controller 13 and the data storage unit. A bus switch 112 is provided on the main data bus between the third connector portion 32 and the fourth connector portion 26 and the first bus switch 112 is controlled by controlling the connection enable pins of the bus switch 112 Data bus formation or connection control means are provided.

In the case of the first data bus formation or connection control means, a space between the first connector portion 140 and the second control portion 13 is narrow or a space between the second control means and the third If the space between the connector portion 32 and the fourth connector portion 26 is narrow, the arrangement of the components on the printed circuit board 5-1 may not be easy.

If the activation signal for the second control unit 13 itself performing the RAID function is provided or the second control unit 13 is connected to the first bus unit 110 connected to the main data bus instead of the bus switch 110, When an input pin for activating the bus connection to the connector 140, the third connector 32 and the fourth connector 26 is provided, the activation signal input pin is connected to the second data bus Forming or connection control means.

If a clock generation activation signal is provided to the clock signal generation unit 111 for outputting a clock signal to the second control unit 13, this can be utilized as a third data bus formation or connection control means.

Finally, the configuration of the power supply unit 18 is subdivided and the power supplied from the power pin group (not shown) of the first connector unit 140 is supplied to the signal conversion unit 115, the first control unit (or the switching control unit) 116 A second control unit 13, a first storage medium 34, and a second storage medium 35 (not shown) for supplying a constant power to an operation block not used for data bus formation or connection control, The first connector unit 140 is connected to the first connector unit 140 in a manner of shutting off or supplying power by controlling an output power supply pin provided from the power supply IC of the main power supply unit, The second control unit 13, the first storage medium 34, and the second storage medium 35, as shown in FIG.

Each of the activation pins used in the first to fourth data bus forming or connecting means is connected to the signal converting unit 115 via the second connector unit 142, A first control scheme may be provided which is directly connected to the designated output pin of the computer 300 and is directly controlled by the software 370 of the computer 300 in which the SSD-based storage medium 100 is installed.

Here, the signal conversion unit 115 refers to an electronic component that converts a PCI Express signal into a USB signal and converts the bus format of one side into another bus format, and peripheral devices thereof.

If the data conversion function between the different buses of the signal conversion unit 115 is built in the second control unit 116, the designated output pin of the second control unit 116 is connected to the first and fourth data bus formation or connection Means for direct bus formation or connection to the main data bus by a control signal by the software 370 of the computer system 300 that is directly connected to each activation pin used in the computer system 300, Control operation is performed.

The first control unit (or the switching control unit) 116 according to the circuit configuration of the SSD-based storage media 100 and 200 having the data protection function of the present invention includes the signal conversion unit 115 The signal converter 115 and the first controller 116 so that the first to fourth data buses are formed or connected to the designated output pins of the first controller 116, And each of the activation pins used in the means may be connected to be controlled.

In the case of the first control method operating as described above, the direct control of the bus switches 110, 112 or other connection control means by the output pin of the signal conversion unit 115 is controlled by the software 370 If the hacker intruded into the computer system 300 intrudes and converts the control bits of the bus switches 110 and 112 to the forcedly connected state, 32, and the fourth connector 26, the data protection function of the present invention can not be performed.

In order to solve this problem, in the present invention, a separate DIP switch 147 and a rotary DIP switch 148 are additionally provided to bypass the simple control method by the control signal of the software 370 such as the first control method The hardware password input by the user through the ROTARY DIP switch 148 on the SSD-based storage medium having the data protection function of the present invention and the software password input on the graphical user interface 390 on the software 370 And SSD-based storage media 100 and 200 in which data access control is performed by a highly-used strong encryption scheme.

The ROTARY DIP switch 148 may be a series of a plurality of switches for extending the digits of the hardware password.

The DIP switch 147 is directly connected to the first control unit 116 like the ROTARY DIP switch 148 and is used for setting a cipher mode.

The detailed use of the DIP switch 147 according to the unit switch is as follows.

-DS8DS6: Number of ROTARY DIP switches 148 actually used as hardware ciphers

-DS5DS4: Password operation mode

· PRE-POSITION (front position of hardware password for software password)

· POST-POSITION (rear position of hardware password for software password)

· ROTATION (position cycle for the password originally set for each access control operation)

· SCATTER-GATHER (Distributed Transmission and Restoration of Password Data According to Internal Encryption Operation Protocol)

-DS3: hardware password + software password (1), software password (0)

-DS2: Software password (1), software control bit (0)

-DS1: data access control (1), always-on connection (0)

When the DS1 output of the DIP switch 147 is at the power level, the SSD-based storage media 100 and 200 having the data protection function of the present invention perform the data access control operation. When the output is at the ground level And is normally connected to the computer system 300 and operates in the same manner as a general storage medium.

When the DS1 of the DIP switch 147 is at the ground level, it does not operate with the settings by other detailed switches but operates in the normal connection mode. In this state, when the operation mode recognition switch 15 is pressed, The settings for the other detailed switches are also recognized as initialized on the first control unit 116, and when the DS1 is switched to the power supply level, the settings are switched to the settings by the respective switches.

This switch enables the user to easily access SSD-based storage media having the data protection function of the present invention while maintaining the setting states related to various encryption operations, It is used to receive data backup immediately.

When the DS2 output of the DIP switch 147 is at the power supply level, the access control operation based only on the software encryption provided through the graphic user interface 390 provided in the software of the computer system 300 is performed, ) Level output, it operates in a simple control bit scheme by the software 370. [

When the DS3 output of the DIP switch 147 is at the power level, the hardware password set at the time of installation on the SSD-based storage medium having the data protection function of the present invention and the graphic provided on the software 370 of the computer system 300 Operates in combination with the software prompting provided through the user interface 390 and operates only with the software password provided through the graphical user interface 390 on the software 370 if the output is a ground level.

DS5 to DS4 of the DIP switch 147 are used as a cipher operation mode and provide various cipher operation modes according to the set state.

When the DS5 to DS4 of the DIP switch 147 is set to the PRE-POSITION, the hardware password is forwards to the software password given to the graphical user interface 390 provided by the software 370 of the computer system 300, When a password is transmitted from the software 370 side to the SSD-based storage media 100 and 200 having the data protection function of the present invention, the hardware password Is replaced with an arbitrary fake password and transmitted to the hardware side.

If DS5 to DS4 of the DIP switch (147) is set to POST-POSITION, the same operation as that of PRE-POSITION is performed, but the position of the hardware password is located behind the software password and replaced with any random password and transmitted to the hardware side .

When the DS5 to DS4 of the DIP switch 147 are set to ROTATION, the hardware password and the software password are combined in a predetermined order, and each time the SSD-based storage media 100 and 200 having the data protection function of the present invention are accessed The encrypted password is transmitted in a rotated state by one bit, and the original password is restored by reflecting the rotated state in the first control unit 116 of the hardware side 100, 200 and reflected.

When the DS5 to DS4 of the DIP switch 147 are set to the SCATTER-GATHER mode, the cipher data is transmitted from the software 370 to the hardware 100, 200 in accordance with the encryption operation protocol between the hardware 100, 200 and the software 370, 200) side, the first control unit 116 on the hardware side (100, 200) side reflects the decrypted decrypted data in such a manner that decrypted decrypted data is restored to the original decrypted data.

The ROTARY DIP switch 148 has been described as an example of the hardware encryption method of the present invention. However, since the general rotary DIP switch 148 can only express 09 or 0F, it is preferable to use a separate DIP switch 147), and a text display means (not shown) separately from the DS8 to DS6 in the Dot-Matrix system, and is replaced with a dot-matrix display means in accordance with the DS8 to DS6 position setting of the DIP switch 147 The same effect as that of inputting using the keyboard (not shown) of the computer system 300 can be obtained.

Most preferably, the method of designating a hardware password in the present invention is to input the password inputted by using the keyboard (not shown) in the computer system 300 at the time of initial password application to the Init- Password 342 to the SSD-based storage medium having the data protection function of the present invention, and displays the transmitted data in the Dot-matrix display means (not shown) It is determined whether a hardware password has been correctly transferred. Then, the operation mode recognition switch 15 simultaneously connected to the first control unit 116 and the second control unit 13 is pressed to transmit the transmitted hardware password from the first control unit 116 And stored in a designated area of the PROM 16, as shown in FIG.

Since the physical ROTARY DIP switch 148 is not used in assigning the hardware password to the SSD-based storage media 100 and 200 having the data protection function of the present invention, regardless of the number of digits of the password to be provided It is possible to grant a much stronger hardware password.

At this time, the second controller 13, which performs the RAID function, if there is no changed setting of the operation mode setting pin 14 for setting the RAID operation mode, there is no changed value even when the operation mode recognition switch 15 is pressed, The changed RAID operation mode is sequentially stored in the designated area of the PROM 16 in addition to the encryption data on the first control unit 116 if the operation mode setting pin 14 is changed together .

4 is a block diagram of an SSD tripler having a plurality of main interface connectors 240, 241 and 242 and a connector 243 for an encryption and status information interface according to the present invention. 4 is that the second control unit 13 supporting the RAID function is removed and the first connector unit 140 of FIG. 4 corresponding to the first connector unit 140 of FIG. 3 A second connector portion 241 and a third connector portion 242 are newly added to correspond to the respective storage media 46, 47 and 48 in addition to the first and second connector portions 241 and 240.

4, the first connector portion 240 is connected to the first storage medium 46 via the first bus switch 120, and the second connector portion 240 241 are connected to the second storage medium 47 through the second bus switch 122 and the third connector 242 is connected to the third main data bus 242 through the third bus switch 124. [ Bus are connected to the third storage medium 48, respectively.

The seventh connector portion 243 which is a port for transferring control and encryption data from the computer system 300 corresponds to the second connector portion 142 of Fig. 3, and the signal conversion portion 215 and the first control portion Control unit) 216, the encryption DIP switch 248, and the DIP switch unit 247 have the same configuration and function as those of FIG.

Therefore, in the circuit configuration as shown in FIG. 4, there is no second control unit 13 for providing the RAID function, so the second and third data bus formation or connection control means mentioned above are not provided, It is only possible that each main data bus is controlled by the three bus switches 120, 122,

3, the configuration of the power supply unit 50 is described in detail as a normal power supply unit (not shown) in the structure in which the first to third bus switches 120, 122, and 124 are not provided on each main data bus. 47 and 48 from the main power supply unit (not shown) by the main power supply unit (not shown) and the main power supply unit Pin is connected to a designated output pin of the first control unit 216 so that the output power is controlled to be turned on / off so as to be utilized as the fourth data bus formation or connection control means mentioned in FIG.

FIG. 5 is a perspective view and a front view of an SSD double-burner 100 as one embodiment of an SSD-based storage medium having a data protection function according to the present invention, and a heat dissipation cover 150 is provided on a front surface thereof. And bay supports 160-1 and 160-2 for a bay configuration for media loading are provided on the left and right sides, respectively.

A first connector portion 140 and a second connector portion 142 are provided at the lower end of the heat dissipation cover 150. The first connector portion 140 and the second connector portion 142 protrude to the outside.

Most of the circuit components except the display and operation means such as the LED display unit 19, the DIP switch unit 147, the operation mode setting pin 14, the operation mode recognition switch 15 and the like are located at the lower end of the heat radiation cover 150, The LED display unit 19 is provided in the recessed groove (not shown) at the lower end of the bay support members 160-1 and 160-2 which are transparent materials, The LED display unit 19 can be implemented through the LEDs.

Various functional blocks necessary for operating the SSD-based storage medium 100 having the data protection function of the present invention are disposed outside the bay supports 160-1 and 160-2. The DIP switch unit 147, the encryption DIP A switch 148, an operation mode setting pin 14, an operation mode recognizing switch 15, and the like.

FIG. 6 is a perspective view and a front view of an SSD trippler 200, which is one embodiment of an SSD-based storage medium having a data protection function according to the present invention. The bay supports 260-1 and 260-2 have a structure in which one bay is further added to the bay supports 160-1 and 160-2 in Fig.

The first connector portion 240, the second connector portion 241 and the third connector portion 242 and the seventh connector portion 243 corresponding to the second connector portion of FIG. 5 are provided outside the heat dissipation cover 250 of the front portion Are provided.

The first connector portion 240 is connected to the first storage medium 46 provided at the lower end of the first connector portion 240 and the second storage medium 47 provided at the middle portion of the second connector portion 241 and the third connector portion 243 And connected to the third storage medium 48 provided on the upper side by respective main data buses.

In the embodiment of FIG. 5, the first connector 140 is configured as a SATA connector, whereas in FIG. 6, the first connector 240 is configured as an SFF-8639 connector (or a U.2 connector).

The bottom surface of the SFF-8639 connector 240 is provided with a series of pins for the SATA interface, such as the first connector portion 140 of FIG. 5, and in addition to supporting the SAS interface through the additional pins, Has a series of pins for a PCI Express x4 interface.

Although the second connector portion 241 and the third connector portion 242 are formed of the SFF-8643 connector in the embodiment of the present invention, they may be formed using a general RIGHT ANGLE type SATA 7-pin connector.

6, the first through third connector units 240, 241, and 242 may be provided in the case where the storage media included in the bay supports 260-1 and 260-2 are for SAS, The first to third connector units 240, 241 and 242 are connected to each other via a PCI Express cable (not shown) ) To operate as a PCI Express interface.

The LED display unit 19 is provided on the uneven groove (not shown) provided at the lower ends of the bay support members 260-1 and 260-2, and the LED module 249 is disposed on the side surface.

A series of encryption DIP switches 248-1, 248-2, and 248-3 and a password operation mode setting DIP switch 247, which are necessary for the operation of the SSD-based storage medium having the data protection function of the present invention, As shown in FIG. 5, except that the bay supports 260-1 and 260-2 are provided outside the bay supports 260-1 and 260-2, respectively.

FIG. 7 is an M.2 Card and a PCIe Add-in Card for PCI Express-USB signal conversion for the SSD-based storage media 100 and 200 and a password and status information interface according to the present invention, Is provided in the M.2 slot 324 of the installed computer system 300 and the PCIe Add-in Card 280 is located in any of the first PCI EXPRESS expansion ports 318 or the second PCI EXPRESS expansion slot (320).

The PCIe to USB conversion control units 273 and 283 and the PCI Express to Edge conversion control units 273 and 283 are provided as internal core components though the external shape of the two PCIe to USB conversion cards 270 and 280 are different. The USBe interface between the PCIe to USB conversion control units 273 and 283 and the two USB connectors 275, 277, 285 and 287 is connected to the PCIe x1 interface between the finger units 271 and 281.

However, in the PCIe to USB conversion card 270 of the M.2 card type, vertical USB connectors 275 and 277 are provided for spatial efficiency when a USB cable is connected, and a PCIe to USB In the conversion card 280, it is preferable that RIGHT ANGLE USB connectors 285 and 287 are used.

The USB connectors 275 and 277 of the PCIe to USB conversion card 270 of the M.2 Card type are connected to the SSD-based storage media 100 and 100 having the data protection function of the present invention by using a separate USB cable (not shown) 200 to the seventh and eighth connector portions 142 and 243, respectively.

8 is a block diagram of the computer system 300 in which the SSD-based storage media 100 and 200 of the present invention are installed.

A central processing unit (CPU) 302 for processing various operations is connected to a memory channel hub (MCH) 306. The memory channel hub itself includes a graphics signal processing block and, in some cases, a first RAID function block And is connected to the system memory 308.

The graphics signal output from the memory channel hub is connected to a monitor 328, which is external display means, via a graphics signal output port 304.

On the other hand, the system memory 308 stores I / O addresses of various plug-and-play devices recognized by the central processing unit 302 during the booting process of the computer. Data and memory map address data information, various user application programs including various registers and operating system reside, and a graphical user interface (GUI) and registers associated with the SSD doubler of the present invention are also stored on the system memory 308 Resident.

The memory channel hub 106 is connected to an external graphics card or first PCI EXPRESS expansion slots 318 for the purpose of processing a large amount of data and is connected to an IO channel hub ICH, 316 are connected.

The first PCI EXPRESS expansion slots 318 and the IO channel hub 316 described above are connected to the PCI EXPRESS bus centered on the memory channel hub 306.

The I / O channel hub 316 includes a PCI-E to SATA conversion block and a second RAID function block. The I / O channel hub 316 includes SATA connectors 310 and CD -ROM drive 314 and the like are connected by the SATA bus, and a port for the M 2, 324 memory module based on the PCI EXPRESS interface is connected by the PCI EXPRESS bus.

The IO channel hub 316 is connected to the ROM BIOS 322 and the second PCI-E expansion slots 320 for controlling the booting of the computer or setting various states, and the PCI-E to USB conversion block Nowadays, the USB port 326 is connected to the IO channel hub 316 in a form embedded therein.

9 is a register map 370 of the system memory 308 according to an embodiment of the present invention showing a memory structure in which the software 370 used in the SSD-based storage media 100 and 200 of the present invention resides will be.

 The GUI 374 represents the portion of the software 370 system memory 308 of the present invention where the main software resides, including the graphical user interfaces 380 and 390.

The P.W REGISTER 373 is a memory space in which software password information designated by the user is stored or temporarily stored hardware password information.

The kernel ' API (Application Program Interface) 372 represents a memory space of a portion performing the interface between the main software portion including the GUI 374 and the PCI Express to USB conversion cards 270 and 280 illustrated in Fig. will be.

The STATUS REGISTER 376 is a memory space for storing various status information of the SSD-based storage media 100 and 200 and the software 370 having the data protection function of the present invention.

FIG. 10 is a schematic diagram illustrating a method of mapping an installed storage medium among graphic user interfaces 374 according to an embodiment of the present invention in a state where it is installed in a corresponding location in the computer system 300. Detailed description of each component is given in Respectively.

The Menu Bar 381 lists the various functional blocks in a similar category for full use after executing the software of the present invention.

The ICON Bar 382 is a place where the detailed function of the Memy Bar 381 is arranged to reflect the nature of the execution image.

Tool Boxes 330, 340, 350 and 360 are installed with SSD-based storage media 100 and 200 having the data protection function according to the present invention, mapping, managing passwords, And how to present the results to the user in advance.

The Stage Window 388 is opened in one window without boundaries in cooperation with the Tool Boxes 330, 340, 350 and 360. In order to allow the user to smoothly perform the functions of the Tool Box, List-up information and various images and window information for inducing pre-defined user actions to assign them.

The Status Bar 389 displays various status information of the SSD-based storage media 100 and 200 and the software 370 having the data protection function of the present invention according to the execution of the software 370.

An example of the Tool Box 1 (330) of FIG. 10 will be described in more detail as follows.

When the user executes the software 370 and presses the Tool Box 1 330, the user is displayed as a unit with the Stage Window 388. In the Stage Window 388, various guide elements to be performed in the Tool Box 1 330 are displayed on the screen Lt; / RTI >

As an embodiment of the present invention, a rectangular parallelepiped which is a virtual computer 331 representing a computer system 300 is displayed on the left side of the Stage Window 388. The user holds a corner of the rectilinear body with a mouse, Define it to be similar in appearance.

When the user selects Storage Media as a mouse in the device list-up window 333 provided on the right side, the list-up various storage media are displayed at the bottom.

10, an SSD doubler 335, an SSD tripler 337, and an SSD slide stacker 339 are displayed as storage media, and an operating system (not shown) corresponding to the vertical scroll bar Storage media registered as devices such as installed C: drive, backup hard disk drive, and USB storage medium are displayed.

The user may drag and drop the storage media listed on the right side of the rectangular parallelepiped of the virtual computer 331 representing the computer system 300 on the left side with a mouse and drag and drop the storage medium, Rotate the virtual 3D image horizontally / vertically to position it as it is actually installed.

The user can access only the SSD-based storage media 100 and 200 having the data protection function of the present invention, which is capable of access control by encryption in the software 370 of the present invention, The device registration using Box1 (330) may be performed, or additionally, device registration may be performed for all other storage media including the C: drive in which the operating system is installed.

The user can register the device on the virtual internal computer system 331 provided on the left side in the same manner by selecting other devices besides the storage media in the device list-up window 333 provided on the right side, In order to do so, it is possible to provide a 3D image for the device, or to register and provide a virtual representative 3D image capable of changing the shape.

The devices that can be registered through the device list-up window 333 are detailed devices constituting the computer system 300 and include a motherboard 301, a CPU 302, a graphic card (not shown), a system memory card 308 A hard disk drive 312, a CD-ROM drive 314 and a power supply unit (not shown), and a keyboard (not shown), a mouse (not shown), a monitor 328 May be represented in a similar manner.

When a device indicated by a virtual 3D image registered through the Tool Box 1 (330) is clicked with a mouse, various status information about the device is displayed in a specific area on the stage window 388 Or a separate pop-up window is displayed, and only the representative property display of the corresponding device can be displayed on the status bar.

The user can select a device displayed on the lower side of the device list-up window 333 or a device on the virtual computer system 331 to change the attribute of the device.

The user presses the OK button 332 or finally the Cancel button to cancel registration of various devices on the virtual computer 331 via the Tool Box1 330. [

FIG. 11 is a flowchart illustrating a method of assigning a password to each of the SSD-based storage media 100 and 200 of the present invention installed through the Tool Box 1 330 shown in FIG. 10 among the graphical user interface 390 according to an embodiment of the present invention, And the operation mode is designated by the following description.

The user selects the Tool Box 2 340 as a mouse and proceeds to the next step of the Password Operation 341 related to the password assignment on the screen integrated with the Stage Window 380.

1. Preparations in the graphical user interface 390 of Figure 10:

After the SSD-based storage media 100 and 200 having the data protection function of the present invention are installed in the T computer system 300 and the device registration by the Tool Box 1 is performed, the Stage Window 380 in the Tool Box 2 340, Gt; Init-Password 342 < / RTI >

At this time, the Normal Operation Password 343 is in the released state, and the check boxes of the Read 345 and Write 346 are changed to the selection buttons.

2. Preparation steps on hardware 100, 200:

The DS1 of the DIP switches 147 and 247 is switched to the LOW state to maintain the always-connected state (0).

This is necessary for reading or writing hardware passwords, and when DS1 is HIGH, it can neither load nor write the password set on the hardware (100, 200).

3. Write the hardware 100, 200 password in the graphical user interface 390:

(1) When the hardware password storage means is the PROM 16:

Write 346 is selected with the Init-Password 342 selected and the target storage medium is selected from the DISK 344 registered in the Tool Box 1. [

The user ID of the account registered in the computer system 300 is described in the User name (ID) field 347, the PW password field 348 is entered in the PW ID field 348, Write the hardware password.

When the passwords described in the two fields are the same, if the OK button 351 is pressed, the written password is transmitted to the hardware 100 and 200 and the software 370 is sent to the designated address of the PROM 16 through the first control unit 116, The software 370 reads the hardware password data stored in the PROM 16 again and judges that the hardware password is effectively registered if it is determined that the hardware password is identical with the password originally designated by the user The hardware password registration is terminated and an error message is output if it is determined that they do not match.

When the error message is output, the PCI Express to USB conversion cards 270 and 280, the second connector unit 142 to the first control unit 116 to the PROM 16 or the seventh connector unit 243 in the data transfer process, There is a problem in hardware between the first control unit 216 and the PROM 16, and then it should be tried again after the problem is solved.

(2) When the hardware password storage means is the encryption DIP switch (148, 248):

When the passwords set on the rotary DIP switches 148 and 248 are all ZERO in the state where the PROM 16 is provided, the password DIP switches 148 and 248 are generally used as the ROTARY DIP switches. The hardware password storage means according to the item (1) is the PROM 16. When the passwords set in the ROTARY DIP switches 148 and 248 are not all zeros, they are set on the ROTARY DIP switches 148 and 248 Apply the value as a hardware password.

Therefore, when a hardware password is set to any value in the ROTARY DIP switches 148 and 248, the user inputs a password set on the ROTARY DIP switches 148 and 248 in the PW Input Field 348 and the PW Confirm Field 349 You have to disaster.

If another password is ignored, the software 370 reads the transferred value and the values of the rotary DIP switches 148 and 248 to detect the difference and outputs an error message.

4. Reading the hardware (100, 200) password from the graphical user interface 390:

If the DS1 of the DIP switches 147 and 247 is kept in the LOW state and maintained in the always-connected state, if the OK-button 351 is pressed while the Init-Password 342 and the Read 345 are selected, It is possible to display the hardware password registered in the Input Field 348.

In order to prevent the possibility of exposing the password by storing it in another storage medium in order to store the hardware password, it is also possible to consider a method that can be transmitted as text on a smart phone or the like separately. However, the DS1 of the DIP switches 147 and 247 It is possible to manage hardware passwords simply and safely with only the manipulation of the position of the hardware.

When the DS1 of the DIP switches 147 and 247 is switched to the HIGH state and the data access control state is maintained, the hardware password is not pressed even if the OK (351) button is pressed with the Init-Password 342 and Read 345 selected The hardware password is not transmitted to the hardware 100, 200 side even if the OK (351) button is pressed while the Init-Password 342 and the Write 346 are selected.

The hardware password is sent to the hardware side and then cleared without being left to the software side such as P.W REGISTER 373 or the like.

5. Register the software password in the graphical user interface 390:

In order for the SSD-based storage media 100 and 200 having the data protection function of the present invention to perform a normal data protection function, a hardware password and a software password must be registered together.

Hardware passwords, combined with software passwords, increase the overall number of digits to prevent an intruder from easily stealing passwords.

When the user selects the Normal Operation Password 343, the Read 345 and Write 346 are switched from the selection button to the check box.

At this time, the user selects DISK 344 to be applied. If the user desires to apply data access control only for the write operation to the storage medium, the user selects the Write (346) check box, Check the Read (345) check box if you want to apply it.

The user then enters the user account in the User name (ID) field 347 and the software password to use the P.W input field 348 and P.W Confirm field 349 to grant the software password.

When the OK button 351 is pressed, the software password is transferred to the hardware 100 or 200 and stored in the designated address of the PROM 16 or in the internal register of the first controller 116 or 216.

6. Perform data access control during use:

The software 370 interlocked with the SSD-based storage media 100 and 200 having the data protection function of the present invention may be configured such that the detailed registers of the DIP switches 147 and 247, Depending on the setting of the switch, it operates as follows.

First, in order for the data access control for the target storage medium to be executed, the DS1 of the DIP switches 147 and 247 must be kept in the HIGH state and the data access control is maintained in the activated state.

If the DS3 of the DIP switches 147 and 247 is set to the LOW state and the data access control is performed only by the software password, in the state where the DS2 is LOW, the software 370 does not transmit the preset software password, Only the control bits are transmitted. Therefore, the transmission time on the USB interface, which is a serial transmission method, is the shortest through the PCI Express to USB conversion cards 270 and 280, so that the data access speed is the fastest.

On the other hand, if the data access control is performed only by the software password in the state where the setting state of the DS2 is HIGH, the size of the encrypted data is somewhat larger than that of transmitting the control bit according to the software encryption, However, it is not easy to identify and execute by an intruder. However, if the software control bit is controlled simultaneously and set to the data access mode, the data can be taken. Therefore, Protection can be considerable.

When the setting of the DS3 is maintained in the HIGH state, the access control is performed in the form of a combination of a hardware password and a software password, which were given at the time of installation of the SSD-based storage medium of the present invention.

In this case, the encryption processing operation is performed in various ways according to the cipher operation mode setting state of DS5 to DS4. For example, when the PRE-POSITION mode is set, the hardware password is replaced with random cipher random number, The first control unit 116 or 216 replaces the dummy password with a previously registered hardware password to determine whether the combined software password is a previously registered password. If it is determined that the combined software password is a registered password, Access.

Therefore, when the DS3 setting state of the DIP switches 147 and 247 is operated by a hardware password and a software encryption method, the digit of the encryption data transmitted from the software 370 is the longest, However, the transmission time of the cryptographic data becomes the longest, which indicates the longest delay time to perform the data access control.

Therefore, if the user using the SSD-based storage media 100 and 200 having the data protection function of the present invention is allowed to read and write only the authorized user to the file to be used, the longest data access control delay time And if it is intended to protect various files on the storage medium by an intruder such as Ransomware, it is possible to set the data access control only for the write operation so that the faster data access control can be performed have.

Also, by setting data access control only for the read operation according to the specific use, the data can be registered but can be used for preventing the outflow of the registered data.

However, in the SSD-based storage media 100 and 200 having the data protection function of the present invention, the software is written every time data access (read operation, write operation) occurs to determine that the user is an authorized user The method is troublesome in practicality, for example, the user must remember the usual password, and the password must be remembered every time it is executed. Since the system for granting and verifying the password is performed in a single computer system, The possibility of the exposure is somewhat exposed.

Accordingly, the SSD-based storage media 100 and 200 having the data protection function of the present invention are provided outside the computer body with the information devices of FIGS. 14 to 16, thereby eliminating the inconvenience of storing and writing passwords The general operation according to the flowchart will be described by the FLOW CHART of FIG. 12, and the information devices 430, 500, and 501 listed in FIG. 14 to FIG. As follows.

For reference, the odd-numbered STEP number in FLOW CHART shown in FIG. 12 is an operational flow operating on a computer system, and the even-numbered STEP number indicates the flow of operation in an external information device.

The second connector unit 142 and the seventh connector unit 243 included in the SSD-based storage media 100 and 200 having the data protection function of the present invention may be connected to the motherboard It is possible to connect the USB port 326 only on the external information devices 430, 500 and 501. However, in order to provide a stronger security function, And is utilized for connection control to the bus switches 110, 112, 120, 122, 124 provided in the storage media 100, 200 of the present invention.

To this end, the computer system 300 is connected to the motherboard 301 separately from the motherboard 301 by using the USB ADD-IN card-type USB board 410 and the USB cable 420, 13, consisting of four USB connectors 412, 414, 416 and 418, two USB signal conversion elements (not shown) for converting a USB signal into a general digital signal and one 2-input AND gate (not shown) And a connection structure between the respective components is connected to the USB port 326 on the motherboard 301 and is connected to the motherboard 301 side of the computer 300 through the USB connector 326 A second USB connector 414 connected to the external information devices 430, 500 and 501, and a second USB connector 414 receiving the control signal and the power, A third USB connector 416 connected to another USB connector 326 of the gear motherboard 301, a first USB connector 412 and a second USB connector 414, (Not shown) for converting the USB signal into a general digital signal, and a bus switch 110, 112, 120, 122, 124 connected to the digital signal outputted from the two USB signal conversion elements, And a third USB connector 418 connected to the output pins of the 2-input and gate, and a second USB connector 418 connected to the output pins of the 2-input and gate. 4 USB connector 418 is connected to the second connector portion 142 or the seventh connector portion 243 provided on the storage media 100 and 200 of the present invention.

When a separate USB board 410 is connected to connect external information devices as shown in the above configuration, the signal converter 215 provided on the storage media 100 and 200 of the present invention It may be switched to the BYPASS state or replaced by a signal BUFFER element (not shown) such as a SCHMITT TRIGGER. However, if external information devices 430, 500, 501 are used without being connected, And is directly connected to the USB port on the motherboard 301 without replacement.

In the flowchart of FIG. 12, it is assumed that information devices 430, 500, and 501 are provided outside to provide a stronger security function. In order to connect the USB devices 410, ) Will be used as follows.

First, the operations performed on the computer side will be described as follows.

When the user turns on the computer 300 equipped with the SSD-based storage media 100 and 200 having the data protection function of the present invention at steps S1 and S3, the computer system 300 reads PLUG & (Memory map address, IO map address, interrupt, etc.) RESOURCE information for the corresponding devices is read by reading attribute information about each device such as DEVIE ID and VENDER ID for peripheral devices while performing PLAY operation (S5).

When the search and the resource allocation of the various devices of the computer 301 are completed, the ROM BIOS 322 refers to the BOOT-LOADER of the storage medium 312 (HDD, etc.) in which the operating system is installed, The allocation information is UPLOADed to the system memory 308 including the RAM (S7).

The software 370 related to the storage media 100 and 200 of the present invention performs a program 372 operating in the KERNEL mode to read various attribute information from the storage media 100 and 200 of the present invention, 308) (S9).

The KERNEL program 372 then outputs data for blocking the connection of the bus switches 110, 112, 120, 122, 124 to any USB port 326 connected to the storage media 100, 200 of the present invention (S11).

The KERNEL program 372 reads from the storage media 100 and 200 of the present invention and refers to various attribute information stored in the system memory 308 to store the virtual storage media 100 and 200 corresponding to the storage media 100 and 200 (S13).

The user then designates access (read, write) information for the storage medium of the present invention through a graphical user interface (GUI) 374 that is popped up to the activation of the KERNEL program 372. (S15)

The steps S1 to S15 are preparatory steps for using the SSD-based storage media 100 and 200 having the data protection function of the present invention. If the security operations are performed through data transmission in any of the steps S1 to S15 As follows.

For example, assuming that the user copies a file located on any storage medium to the storage media 100 and 200 of the present invention, The KERNEL program 372 checks whether access to the storage media 100 and 200 of the present invention has occurred (S17). If the access to the storage media 100 and 200 of the present invention occurs The connection to the bus switches 110, 112, 120, 122, and 124 in the storage media 100 and 200 of the present invention is interrupted (S39). If it is determined that the access has occurred, (S19) by referring to the contents of the access information designation in which the access to the operation is allowed or not.

If it is confirmed that access to the write operation of the storage media 100 and 200 of the present invention is permitted (S21), the external information devices 430 and 500 501, and 501 in the process of confirming the connection status of the bus switches 110, 112, 120, 122, and 124 with reference to the access information output from the external information devices 430, The KERNEL program 372 is transferred to the USB port side to which the storage media 100 and 200 of the present invention are connected to the bus switches 110, 112 and 120 in the storage media 100 and 200 of the present invention (S29) The storage media 100 and 200 of the present invention transmit control signals to set connection of the bus switches 110, 112, 120, 122 and 124, (300) performs HOT SWAP operation and is recognized as a storage medium connected to the computer (301) side S33).

Accordingly, the writing operation to the storage media 100 and 200 of the present invention is executed (S35).

Upon completion of the write operation to the storage media 100 and 200 of the present invention, the KERNEL program 372 UPDATES the attribute information of the file in which the write operation has occurred in the virtual storage medium corresponding to the storage medium of the present invention (S37 ), The data for interrupting the connection of the bus switches 110, 112, 120, 122 and 124 is transmitted to the corresponding USB port so that the storage media 100 and 200 of the present invention are separated from the computer 301 And after the write operation is completed, the access to the storage medium of the present invention is maintained in a state in which the access to the storage medium is blocked (S39).

If it is determined that the attempted access is not the previously designated access information (S21), the KERNEL program 372 determines whether the user is the authorized user (S23).

For reference, the determination as to whether or not the user is authorized from the information device shown in Figs. 14 to 16 will be described later in the description of steps S2 to S16.

 If the biometric data reading result signal (or the user identification signal) SS transmitted from the information device to the USB port 326 of the computer 301 is determined to be the user to which the storage media of the present invention If the bus switches 110, 112, 120, 122, and 124 are connected in the case of a user to which all of the applied user determination signals HS from the information devices transmitted to the first, State is maintained, and if it is blocked, it is switched to the connection state (S33).

(S23, SS), the bus switches 110, 112, 120, 122 and 124 are confirmed to be unauthorized on the KERNEL program 372 of the computer 301, The bus switches 110, 112, 120, 122 and 124 are switched to the disconnected state (S25).

This state is considered to be executed by the intruder through the network on the computer 301, and a timer is activated to take a predetermined time to attempt to re-access the storage media 100 and 200 of the present invention, so that impatient hackers It causes the hacking attempt to cause irritation and induces the user to give up, and records the attempted access to the storage media information, the start time, the number of times, and the end time in the form of a log file. The message is sent out.

At this time, the set time of the timer is proportionally increased in proportion to the intruder attempting re-access, thereby inducing the intruder to abandon the hacking attempt of the storage media 100 and 200 of the present invention (S27).

If the user discrimination signal SS inputted from the external information devices 430, 500, and 501 is input as an unauthorized person in step S29, the intruder disables the user discriminator signal SS and manipulates the user discrimination signal SS as an authorized user In the storage media 100 and 200 of the present invention, this possibility is possibly caused by the user identification signal SS transmitted through the USB port 326 of the computer 300, If it is determined that any one of the signals is not an authorized user, the bus switch 110, 112, 120 , 122, and 124 (S29, S31, and S25), thereby blocking access to unauthorized persons.

The access control operation for the read operation is performed in the same manner, and the access control operation for both the read operation and the write operation is performed in the same manner as described above. When set, the read and write operations are performed in accordance with the respective read and write operations. Since the erase operation can be regarded as the write operation, the copy operation is replaced with the read operation and the write operation, respectively.

Since the bus switches 110, 112, 120, 122, and 124 on the storage media 100 and 200 of the present invention remain connected while the read operation or the write operation is in progress, The KERNEL program 372 generates a file handle for an individual file to be operated upon operation of the folder or file specified by the user, so that the ACCESS operation for the other file is not performed in parallel.

Hereinafter, the operation performed by the external information device will be described.

In the state where the information device is turned on (S2, S4), the user registers his / her biometric information (fingerprint recognition, iris recognition, facial recognition, etc.) as an authorized user (S6).

Next, the information devices 430, 500, and 501 are connected to the second USB connector 412 of the USB board 410 using the USB cable 420 configured as the USB connecting means 400 as illustrated in FIG. 13 (S8).

The information devices 430, 500, and 501 used to enhance the security performance of the SSD-based storage media 100 and 200 having the data protection function of the present invention scan the user's biometric information (S10) After performing the discrimination operation in comparison with the registered biometric information registered in step S6, the operation for discriminating whether the user is the authorized user is performed (S12).

It is determined whether or not the authorized user according to the result of user discrimination S14 is transmitted to the USB board 410 as a digital control signal and transmitted to the computer system 300 and the storage media 100 and 200 of the present invention The biometric information scan operation of the user is repeatedly performed (S10-S16).

14 shows a mouse 432 in which a fingerprint recognition sensor 434 is embedded as an external information device 400. In FIG.

The fingerprint recognition sensor 434 provided on the mouse 432 registers the fingerprint for the authorized user among the plurality of internal personnel and scans the fingerprint of the user when using the computer system 300 to check the registered fingerprint And is used for the purpose of allowing access to the storage media 100 and 200 of the present invention only when it is determined that the user is an authorized user.

14 is connected to a second USB connector 414 for connecting an external information device of the USB board 410 shown in FIG. 13, and the mouse 430 having the fingerprint sensor shown in FIG. The connection relationship to the USB connectors 414, 416, 418 is the same as described above.

If the computer system 300 is used by only a single user or is regarded as an authorized user for the internal personnel, the user does not need to use the mouse 432 with the built-in fingerprint recognition sensor 434 It may be used as a general mouse. When a general mouse is used, an action of clicking the mouse wheel 436 on the mouse 430 while attempting to access the storage media 100 and 200 of the present invention causes the fingerprint sensor 434 to scan the fingerprint And outputting the result as a control signal for controlling the bus switches 110, 112, 120, 122, and 124, respectively.

The mouse is connected to the third USB connector 416 provided on the USB board 410 through another USB connector 326 on the motherboard 301 during the completion of file transfer to the storage media 100 and 200 of the present invention. And a signal indicating that the transmission is completed through the second USB connector 414 to which the mouse 430 is connected.

In this state, even if the user clicks the mouse wheel 436 once in place of the fingerprint recognition sensor 434, the user can use the bus switch 110 provided on the storage media 100 and 200 , 112, 120, 122, 124).

 In this way, even when a hacker who intrudes through the network into the computer system 300 tries to hack the storage media 100 and 200 of the present invention, the hacker can not physically push the mouse wheel 436 from the outside The bus switches 110, 112, 120, 122 and 124 provided in the storage media 100 and 200 of the present invention are not connected to each other, so that a state in which access is impossible is maintained.

FIG. 15 is a conceptual diagram (500) illustrating a biometric (facial recognition) by a camera according to an embodiment using a PC camera 520 as another external information device. It is also possible to utilize iris recognition.

The PC camera 520 may be fixed to the upper end of the monitor 328 of the computer 300 or fixed to the wall of the rear surface of the monitor 328 in order to easily recognize the user's face A camera body 520 connected to the support base 524 and a USB connection port 526 provided inside the support base 524. The camera body 520 includes a camera lens 522, a camera lens 522, A PROM storing a facial recognition pattern using non-illustrated circuit components, a facial contour and an outlier are extracted from a facial image captured by the camera body 520, (MICRO CONTROLLER UNIT) -based control unit performing a comparison with the face recognition pattern for comparison and outputting the comparison result as a digital signal which can be read by whether the user is an authorized user It consists of a USB signal converter for converting the digital output signal to a USB signal, and the like.

The USB connection port 526 provided on the support base 524 of the camera 520 is connected to the second USB connector 414 on the USB board 410 using the USB cable 420 shown in FIG. The remaining USB connectors 412, 416, and 418 on the USB board 410 are in accordance with the connection method described above in the description of the USB board 410.

The method of detecting an authorized user by face recognition by the PC camera 520 shown in FIG. 14 is similar to that of the mouse 430 in which the fingerprint recognition sensor 434 mentioned above scans the fingerprint and compares the fingerprint with the verification fingerprint pattern The output of the comparison result with the check pattern is converted into the USB signal by the digital control signal, and the conversion of the USB signal into the USB signal is the same. Therefore, the authorized user and the non- The method of allowing or blocking access to the storage media 100 and 200 of the present invention is the same as that of the present invention, so that detailed description will not be repeated.

14, the PC camera 520 does not require the user to accurately recognize the thumb of the finger on the fingerprint recognition sensor 434, 300 is used more naturally and provides a natural use environment of the computer system 300 even in a mixed state of users with or without access rights to the storage media 100 and 200 of the present invention.

 16 is a view showing a state in which a smart phone 530 with a built-in high-performance camera 532 is popularized and a smart phone 530 ) And the facial recognition app built therein to replace the PC camera 520 described above with reference to FIG.

In the case of using the smartphone 530, security is improved because the user is discriminated by facial recognition in addition to the first unlocking of the smartphone 530 for each user. However, The user of the smartphone 530 may not be able to access the smartphone 530 because the environment of the smartphone 530 is used by the user. Therefore, in order to enhance security by the facial recognition of the smartphone 530 under the environment of the computer system 300 used by a plurality of users, A separate security program installed in the smart phone 530 must be installed and linked with the storage medium of the present invention in this security program.

Although the preferred embodiments of the present invention have been described in detail, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope of the appended claims.

1: SSD doubler, which is a type of SSD-based storage medium having a single interface connector and a control unit of the prior art,
5: printed circuit board
5-1: Printed circuit board on the control unit side
5-2: Bay configuration side printed circuit board
7: Block area dividing line
10:
13: Second control unit (RAID control unit or PCI EXPRESS switch control unit)
14: Operation mode setting pin
15: Operation mode recognition switch
16: PROM (PROGRAMMABLE ROM)
17: Program Port
18:
19: LED indicator
26: fourth connector portion
28: Vertical connection board
30: a fifth connector portion
32: sixth connector portion
34: First storage medium
35: Second storage medium
38: SSD tripler with three interface ports according to the prior art
40:
41: second connector portion
42:
43:
44: fourth connector portion
45: fifth connector portion
46: 1st storage medium
47: Second storage medium
48: Third storage medium
49: LED indicator
50:
51: + 12V detection unit
52:
110, 112: bus switch
120: first bus switch
122: second bus switch
124: third bus switch
111: clock generator
115: Signal conversion section
116: first control section (switching control section)
118: DIP switch section for encryption
140: first connector portion
142:
145 (145-1, 145-2): Lower end fixing hole
146 (146-1, 146-2, 146-3): side portion fixing holes
147: Dual-INLINE-PACKAGE (DIP) switch
148: ROTARTY DIP switch
149: LED module
150: Front cover
160 (160-1, 160-2): Bay support
240: first connector portion
241:
242:
243:
247: DIP switch
248 (248-1, 248-2, 248-3): ROTARY DIP switch
249: LED module
250: Front cover
260 (260-1, 260-2): bay support
270: PCIe to USB conversion M.2 Add-in Card
271, 281: PCI Express Edge Finger Unit
273, 283: PCIe to USB conversion control section
275, 277: USB connector (vertical type)
280: PCIe to USB Conversion PCIe Add-in Card
285, 287: USB connector (horizontal)
300: Block diagram of a computer system used in the present invention
301: Motherboard
302: central processing unit (CPU)
304: Graphic signal output port
306: MEMORY CHANNEL HUB (MCH)
308: System memory
310: SATA connector
312: Internal hard disk drive (HDD)
314: CD-ROM drive
316: ICH (IO CHANNEL HUB)
318: First PCI EXPRESS Expansion Slots
320: Second PCI EXPRESS Expansion Slots
322: ROM BIOS
324: Mdatto (M.2) connection port
326: USB connection port
328: Monitor
330: Tool Box1
331: My Computer Confiuration
332: OK / Cancel button
333: Device List-up window (or device selection window)
335: SSD DOUBLER
337: SSD TRIPLER
339: SSD SLIDE-STACKER
340: Tool Box2
341: Password action selection
342: Init-Password selection button
343: Normal Operation Password
344: Disk selection window
345: Read check box
346: Write check box
347: User name (ID)
348: Password input field
349: Password confirmation field
351: OK / Cancel button
350: Tool Box3
360: Tool Box4
370: Software on main memory
372: Fault register (FAULT REGISTER)
373: Password Register
374: GRAPHIC USER INTERFACE (GUI)
376: Status information register (STATUS REGISTER)
380: Graphical user interface (Tool Box1)
381: Menu Bar
382: ICON Bar
389: Status Bar
390: Graphical user interface (Tool Box2)
400: USB connection means
410: USB board
412: 1st USB connector
414: Second USB connector
416: Third USB connector
418: Fourth USB connector
420: USB cable
422, 424: USB connection port
430: Fingerprint Mouse
432: fingerprint recognition mouse body
434: Fingerprint sensor
436: Mouse wheel
500: Biometric (facial recognition, iris recognition) concept by PC camera
501: Biometrics (facial recognition, iris recognition) concept by smartphone
510: User face
520: PC camera body
522: Camera lens
524: camera support
526, 5, 34: USB connection port
530: User smart phone body
532: Smartphone front camera
536: Smartphone LCD
S1 to S39 (odd): Computer-side execution steps
S2 to S16 (even number): Information equipment side performing step
HS: Whether the user is authorized (hardware signal)
SS: User discrimination signal (software signal)

Claims (43)

A printed circuit board having at least one or more internal connectors for connecting a series of connector ports exposed to the outside with data storage means mounted therein;
A first connector unit connected to a computer and connected to a main data bus and an external power supply;
A second connector connected to the computer and to which the password data set by the user is transmitted;
A data bus formation / connection unit for allowing the data bus to be formed or connected between the first connector unit and the data storage unit, or to prevent the data bus from being formed or connected;
A switching controller for converting the user set password received through the second connector unit into a control bit and outputting the control bit for the data bus forming / connecting unit as a control signal; ,
Wherein the main data bus is formed or unformed, or the main data bus is connected or disconnected. The method according to claim 1,
Wherein the switching control unit receives the user setting password transmitted from the signal converting unit connected to the second connector unit, and the control bit is output as a control signal by the designated output pin. 3. The method of claim 2,
The switching control unit is transmitted to a separate MCU used as the switching control unit without going through the signal conversion unit connected to the second connector unit, and the MCU receives the user setting password, The SSD-based storage medium has a data protection function. 3. The method of claim 2,
The switching control unit is transmitted to the separate MCU used as the switching control unit through the signal conversion unit connected to the second connector unit, and the MCU receives the user setting password, Wherein the SSD-based storage medium has a data protection function. The method according to claim 1,
Wherein the switching control unit further comprises at least one or more DIP switches or a rotary DIP switch and / or PROM having a hardware encryption value or an operation mode setting state value preset by a user. SSD-based storage media. 6. The method of claim 5,
The switching controller may determine whether to set the password value set on the ROTARY DIP switch to a PRE-POSITION password, a POST-POSITION password, or a preset password according to a setting state of a DIP switch set by a user Wherein the control unit specifies whether to use the RATATE or SCATTER-GATHER password according to the communication protocol. 6. The method of claim 5,
The switching control unit stores the hardware password transmitted through the graphical user interface of the user at a designated hardware password address of the PROM and stores the hardware password value stored in the hardware password address of the PROM into PRE -POSITION Specifies whether to place the password, POST-POSITION password, or ROTATE or SCATTER-GATHER password according to the preset communication protocol. Based SSDs with data protection. The method according to claim 1,
When a second controller for controlling RAID or PCI EXPRESS SWITCH is additionally provided between the first connector and the connector for connecting the data storage unit, a bus switch is additionally provided between the first connector unit and the second controller, And the bus switch is connected or disconnected by the switching control unit. The method according to claim 1,
A second controller for controlling the RAID controller or the PCI EXPRESS switch is additionally provided between the connector for connecting the first connector and the data storage unit, and a main data bus enable (ENABLE) controller externally controlled to the second controller, Wherein the second controller is connected to the switching controller to form the main data bus enable pin or the main data bus enable pin when the pin is provided. The method according to claim 1,
When the at least one or more connector portions are added to the first connector portion and are exposed to the outside, the connector for connecting the data storage means respectively connected to the connector portions of the added external exposure forms a different main data bus And a bus switch is added to each of the additional main data buses to be controlled by the output pins of the switching control unit so that the main data bus is connected or disconnected in accordance with the set password of the user. SSD based storage media. The method according to claim 1,
And the second connector unit is connected to the computer by a PCI Express to USB conversion card additionally provided in the computer. 6. The method of claim 5,
The computer transmits the hardware password written through the graphic user interface of the software residing on the main memory to the switching control unit through the second connector unit and transmits the hardware password transmitted to the switching control unit through the second connector unit Reads the data from the storage medium, rewrites the data with software, compares the data with the hardware password written by the user, and confirms whether the hardware password written by the user is surely transferred to the switching control unit. 13. The method of claim 12,
Wherein the switching controller transmits a value set by the DIP switch and / or the hardware password connected to the switching controller to the software by a read operation of the software. 13. The method of claim 12,
Wherein the data protection function does not transmit the value set by the DIP switch and / or the hardware password to the software side despite the reading operation of the software when the data access control setting pin among the setting pins of the DIP switch is in an active state. SSD based storage media. 13. The method of claim 12,
The software loads various kinds of OSD-based storage media installed in the computer by DRAG & DROP method from the device list, and displays the mounted state as it is, reads the state value of the switching control unit from each device, And reading the set hardware password and operation setting mode value of the SSD-based storage medium. 13. The method of claim 12,
Wherein the software comprises software for providing a hardware password after installation in order to perform data access control for an MSD-based storage medium installed in the computer, and software for providing a software password in use SSD-based storage media with protection. 17. The method of claim 16,
Wherein the software is capable of selecting whether to perform access control only for a read operation, access control only for a write operation, or access control for both a read operation and a write operation. SSD-based storage media. 13. The method of claim 12,
Wherein the switching control unit extracts a valid password from the data value transmitted from the software according to the setting state of the DIP switch and determines whether or not the valid password matches the stored password data value set by the user in advance. SSD based storage media. 19. The method of claim 18,
If the setting state of the DIP switch is PRE-POSITION, the switching control unit replaces the data corresponding to the PRE-POSITION with the password preset by the user, Wherein the SSD-based storage medium has a data protection function. 19. The method of claim 18,
If the setting state of the DIP switch is POST-POSITION, the switching control unit replaces the data corresponding to the POST-POSITION with the password preset by the user, Wherein the SSD-based storage medium has a data protection function. 19. The method of claim 18,
Wherein the switching control unit controls the switching of the DIP switch according to a predetermined protocol according to a predetermined protocol when the setting state of the DIP switch is disturbed and the SCATTER-GATHER is applied to the data transmitted from the software, And a password is computed to extract a password necessary for the control, wherein the SSD-based storage medium has a data protection function. A first connector unit connected to a computer and connected to a main data bus and an external power supply;
A control unit connected between the first connector unit and the at least one storage medium via a main data bus with the first connector unit and connected to at least one storage medium through respective data buses;
The first connector portion and the control portion or between the control portion and the storage medium to connect or disconnect the main data bus between the first connector portion and the control portion or to connect the data bus between the control portion and the storage medium Or shut off;
A second connector portion to which a control signal for the bus switch is connected from an external cable; Respectively,
A signal received through the second connector unit is used as a control signal for the bus switch so that a main data bus connected to the first connector unit or a data bus connected to the storage medium is connected or disconnected Based SSDs with data protection. 23. The method of claim 22,
And a signal conversion unit between the second connector unit and the bus switch, wherein the signal change unit outputs a control signal to the bus switch based on data received through the second connector unit. An SSD-based storage medium having a plurality of storage media. 24. The method of claim 23,
And a switching controller between the signal converter and the bus switch, wherein the switching controller outputs a control signal for the bus switch based on data received through the signal converter. SSD-based storage media. 25. The method of claim 24,
Wherein the signal conversion unit is built in the switching control unit and the switching control unit outputs a control signal for the bus switch based on data received through the second connector unit. media. 23. The method of claim 22,
Wherein the second connector unit is connected to an arbitrary USB port provided on the motherboard of the computer in which the storage medium based on the SASD is installed and receives the bus switch control signal data from the computer side. SSD-based storage media. 23. The method of claim 22,
The computer includes a USB board, wherein the first USB connector is connected to an arbitrary USB port provided on a motherboard of the computer, the second USB connector is connected to an external information device, Wherein the third USB connector is connected to any other USB port provided on the motherboard, and the fourth USB connector is connected to the second connector. 28. The method of claim 27,
Wherein the first USB connector and the second USB connector are respectively connected to a USB signal converter for converting a USB signal to a digital signal and connected to the output of the first USB connector and the USB signal converter connected thereto, Wherein the output of the logic element is connected to a fourth USB connector, wherein the output of the logic element is connected to a logic element that receives the output of the USB signal converter as an input, and the output of the logic element is coupled to a fourth USB connector. 29. The method of claim 28,
Wherein an output pin of the logic element is connected to a USB signal converter, and a USB signal of the USB signal converter is connected to the fourth USB connector. 28. The method of claim 27,
Wherein the computer is connected to an external information device having biometrics means for discriminating an authorized user and periodically receives biometrics data or biometrics discrimination result data from the information device. SSD-based storage media. 28. The method of claim 27,
The computer identifies the data input from the external information device and, if it is determined that the user is the authorized user, refers to the user's dictionary access designation item for the storage medium and transmits data allowing the access operation to the designated arbitrary input / And transmits data for blocking access to the storage medium to the arbitrary input / output port if it is determined that the user is an unauthorized user. 32. The method of claim 31,
If only the read operation is designated when the user's access control operation for the storage medium occurs, only the write operation is performed when the read operation is in progress. Only when the write operation is in progress and both the read and write operations are designated Wherein the access permission data for the storage medium is transmitted to the designated arbitrary port only when a read or write operation is in progress. 31. The method of claim 30,
Wherein the external information device having the biometrics means is a face recognition camera having a USB port or a smart phone having a face recognition function. 23. The method of claim 22,
Wherein the second connector unit receives data for the data bus forming / connection unit control signal from an external information device other than a computer having the storage medium based on the SASD-based storage medium installed therein. 35. The method of claim 34,
Wherein the storage medium is connected to an external information device having biometrics means for discriminating an authorized user and periodically receives biometrics data or biometrics identification data periodically from the information device. SSD - based storage media. 36. The method of claim 35,
The external information device outputs data permitting access to the storage medium if it is determined that the user is an authorized user through periodic biometrics, and if access is determined to be unauthorized user, access to the storage medium is blocked And outputting data to the SSD-based storage medium. 23. The method of claim 22,
Wherein the bus switch is kept in a connected state while the computer system in which the MSD-based storage medium is installed is booting, and the bus switch is kept shut off immediately after booting is completed. SSD based storage media. 39. The method of claim 37,
The computer system generates virtual storage media representing storage media having the same attribute information in an arbitrary area of the system memory constituting the computer system by referring to various attribute information of the storage media based on the SASD And then the bus switch is kept in a cut-off state. 38. The method of claim 38,
Wherein the computer system selectively designates access information for a read and / or write operation on the MSD-based storage medium immediately after the virtual storage medium is created. Based storage media. 40. The method of claim 39,
Wherein the computer system determines whether to access or block access by referring to the access information when an attempt is made to access the storage media based on the SASD, In this case, it is determined whether the access attempt is an authorized user. If the access attempt is an authorized user, the bus switch is kept in a connected state The SSD-based SSD-based SSD-based SSD-based SSD-based SSD-based SSD-based SSD-based SSD- Storage media. 41. The method of claim 40,
Wherein the computer system updates attribution information of the storage medium to the virtual storage medium when the access operation to the storage medium based on the SASD is completed, so that the virtual storage medium has the same attribute And the bus switch is switched to the cutoff state after the data is protected by the data protection function. 41. The method of claim 40,
If the access operation to the storage medium based on the SASD is not a previously permitted access and is determined not to be an access by an authorized user, the computer system attempts to access the storage medium by an external intruder The control unit maintains the bus switch in the cutoff state and activates the variable timer to increase the allowable time for re-access in proportion to the attempt to access the storage medium. Storage media. A first connector unit connected to a computer and connected to a main data bus and an external power supply;
A bus switch located between the first connector and at least one or more storage media to connect or disconnect the main data bus between the first connector and the storage media;
A second connector portion to which a control signal for the bus switch is connected from an external cable; Lt; / RTI >
A signal received through the second connector is used as a control signal for the bus switch so that a data bus connecting the first connector and the storage medium is connected or disconnected. SSD-based storage media with protection.

Images