TW200411392A - Data protection method and system for storage unit - Google Patents

Data protection method and system for storage unit Download PDF

Info

Publication number
TW200411392A
TW200411392A TW91137821A TW91137821A TW200411392A TW 200411392 A TW200411392 A TW 200411392A TW 91137821 A TW91137821 A TW 91137821A TW 91137821 A TW91137821 A TW 91137821A TW 200411392 A TW200411392 A TW 200411392A
Authority
TW
Taiwan
Prior art keywords
storage unit
data
user
processing device
data processing
Prior art date
Application number
TW91137821A
Other languages
Chinese (zh)
Other versions
TW588244B (en
Inventor
kun-can Wu
rong-xun You
Yu-Cheng Sheng
Original Assignee
Foquest Advanced Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Foquest Advanced Inc filed Critical Foquest Advanced Inc
Priority to TW91137821A priority Critical patent/TW588244B/en
Application granted granted Critical
Publication of TW588244B publication Critical patent/TW588244B/en
Publication of TW200411392A publication Critical patent/TW200411392A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provides a data protection method and system for a storage unit, which includes the following steps: first making the user installing an user recognition module into a memory unit under normal operation system on a data processing device; next, making the user recognition module to encode and encrypt the identification code configured by the user, and store in a storage unit; then, making the user recognition module to encode and encrypt the data of partition table, and store in a specified position of the storage unit; next making the user recognition module to delete the data of partition table; finally, making the user recognition module to determine if the identification code inputted by the user is correct when the user turn on the power again of the data processing device; if so, decoding and recovering the encoded and encrypted partition table data and overwriting to the correct position of partition table for conducting the normal booting operation; if not, stopping the normal booting operation procedure.

Description

200411392 五、發明說明(〗) 【發明所屬之技術領域』 一種儲存單元資料保護方法 係有關於一種應用於具有系统,更 方法與系統。 早元之資料處之, 先前技術】 攻置的 由於電子資訊科技之一日千里 型電腦等資料處理裝置已成為曰2如個人 的-部分。使用者除了可以 2活中 j:記 編寫執行與單純資料之處理 胃處理裝置了或缺 能,作為聲音、影像或聲立旦是I透過強大^仃種式 播媒介,換言之,使:結合等多媒2算功 體之編輯製作及撥放等工作。另一方:處:裝置執行:: 線之網路通訊環境的日益成熟,復加 ^由於有線盔 之體積愈來愈輕薄短小,更便於使用者;ί資料處理裝置 之取得。基種種客觀環境因素,使::中進行資訊 樂意透過該寻二ί網路連結與資料傳輪二处者5觀上也更 置進行資訊的搜哥及取得。 犯之資料處理裝 承前所述’雖然我們能透過該資 、 訊快速流通之便利,欧’但於另一方面不置享受到資 的是資料安全f問題,使用者必須更進—牛二=用者擔心 保密性,^ "交於^主紙上作業時期資H考量資訊的 上’現今的資料處理襄复其所具有諸如;2記錄在書面 儲存裝置,已,可以提供使用者c形式之 影音等樓案於其中’雖然大幅減少了文;2J、圖像或200411392 V. Description of the invention (〗) [Technical field to which the invention belongs] A method for protecting data of a storage unit relates to a method and a system for applying to a system. Early Yuan's data is based on the prior technology] Data processing devices such as computers, which are one of the thousands of miles of electronic information technology, have become a part of the personal computer. In addition to the user's 2 live j: remember to write and execute and simple data processing stomach processing device or lack of energy, as sound, video or sound Li Dan is I through a powerful broadcast media, in other words, make: combine, etc. Editing, production and playback of multimedia 2 computing power. The other side: Office: Device implementation :: The increasingly mature network communication environment, plus ^ As the volume of wired helmets is getting lighter and thinner, it is more convenient for users; til the acquisition of data processing devices. Based on various objective environmental factors, we can :: carry out information in the middle of the network. Those who are willing to use the Internet link and data transmission wheel 5 will also set up a search and obtain information. The offender ’s data processing contract stated earlier, “Although we can facilitate the rapid circulation of the information through the information, the European Union”, but on the other hand, it is the data security problem that does not benefit from the data, and the user must advance—Niu Er = use Those who are concerned about confidentiality, ^ " handed in ^ master papers during the work period to consider information on the current information processing to restore their possessions such as; 2 recorded in the written storage device, has been provided, can provide users in the form of audio and video Wait for the case in which 'Although the text has been greatly reduced; 2J, image or

Wll2.ptd 第5 1 幻積,然相對 200411392 五、發明說明(2) 的也增加資料竊取 以透過諸如軟式磁 單的檔案複製步驟 習知之資料處 種··透過基本輸出 (Security)功能 執行該資料處理裝 輸出入系統會要求 判斷使用者是否有 輸出入系統才會繼 使用者於進入作業 儲存之資料定義一 輸入之識別碼開放 用者使用。 其中,透過前 僅需將主機板上之 Reset Jumper)短 間後再接上,均得 目的。而後者透過 他諸如軟碟或光碟 對於使用者而言均 【發明内容】 為解決上述習 提供一種儲存單元 與複製 碟、光 ,即得 理裝置 入系統 下設定 置之開 使用者 權使用 續執行 糸統後 識別碼 對應識 第三者可 方式等簡 送。 下列數 全 使用者在 ,該基本 馬内容之 ’該基本 種形式係 業環境或 使用者所 資料供使 之容易性。舉例言之, 碟燒錄甚至網路傳輸之 將所需之資料重製或傳 之資料保護技術不外有 (BIOS)内所提供之保 識別碼(password), 機(Power-on)過程中 輸入識別碼,藉由識別 該資料處理裝置,若是 後續之開機程序。另一 ,依據個人所設定之作 ’由作業系統依據不同 別碼之作業環境或儲存 述基本輸出入系統保護之方法,第三者 一基本輸出入系統重置跨接端(B I 〇s 路’亦或是拆掉主機板上之電池一段時 達到銃至該基本輸出入系統設定内^: 作業系統保護之方式,在使用者透過其 開機後,仍然能夠讀取硬碟中之資料。、 無法達到理想的保護目的。 知技術之缺點,本發明之主要目的在於 資料保護方法以及系統,得透過將分割Wll2.ptd The 5th magic product, but relative to 200411392 V. Invention Description (2) The data stealing is also increased to learn the data through the file copying steps such as the soft magnetic sheet. The basic output (Security) function is used to execute the The data processing and loading input / output system will ask the user to determine whether there is an input / output system before the user defines an input identification code for the user's input data stored in the operation. Among them, you only need to reset the jumper on the motherboard before you pass it. And the latter through him such as floppy disks or optical discs for users [Inventive Content] To solve the above-mentioned habits, a storage unit and a copy of the discs and optical discs are provided. After the system identification code can be sent to the third party to identify the way. The following data are available to all users, and the basic form of the horse's content is the business environment or the information provided by the user to make it easy. For example, the data protection technology to rewrite or transfer the required data during disc burning or even network transmission is nothing more than the password provided in the BIOS and Power-on process. Enter the identification code to identify the data processing device, if it is a subsequent boot process. In addition, according to the method set by the individual, the method of protecting the basic input / output system by the operating system according to the operating environment of different codes or storing the basic input / output system, the third party resets the basic input / output system (BI 〇s Road). Or remove the battery on the motherboard for a while to reach the basic input / output system settings ^: The operating system protection method, users can still read the data in the hard disk after they boot through it. To achieve the ideal protection purpose. Knowing the disadvantages of the technology, the main purpose of the present invention is the data protection method and system.

17112. ptd 第6頁 發明說明 表加密隱藏之機制,防止不當之使 行資料存取。 考進入作業系統以進 本發明之另一目的在於提供一種 -_ 法以及系統,得僅透過一軟體或韌早π資料保護方 保護儲存單元資料之目的。 < 程控機制即可達到 為達成 系統包括: 號、編解碼 該資料處理 單元;一用 及其他程式 以將使用者 元中之特定 而儲存於該 入正確之識 以解碼還原 裝置繼續進 透過前 料保護方法 中,接著進 使用者設定 特定位置中 行編碼加密 使用者辨識 以上所述之 一用以提供 及執行指令 裝置之基本 以提供該資 或資料之儲 所設定識別 位置;此外 儲存單元之 別碼時,自 後覆蓋至該 行正常之開 述之儲存單 係預先將該 行如下之步 之識別碼進 ; 其次,令 並儲存至一 模組將該分 目的,本發 該儲存單元 功能之中央 輸出入系統 料處理裝置 存單元·,— 碼加以編碼 ’復得將分 特定位置, 該儲存單元 分割表正確 機作業程序 元資料保護 使用者辨識 驟:首先, 4丁編碼加密 5亥使用者辨 指定之儲存 割表資料刪 明之儲存單 資料保護系 處理單元; 及其他軟體 儲存包括作 常駐於該記 加密並儲存 割表資料加 且於使用者 中取出該分 位置,俾供 之使用者識 糸統,執行 模組安裝至 令該使用者 後儲存至該 識模組將分 單元位置; 除;最後, 元資料保護 統擷取訊 一用以儲存 常式之記憶 業系統程式 憶單元中用 於該儲存單 以編碼加密 重新開機輸 割表資料加 該資料處理 別模組。 儲存單元資 該記憶單元 辨識模組將 儲存單元之 割表資料進 #者’令該 令該使用者17112. ptd page 6 Description of the invention The mechanism of table encryption and concealment prevents unauthorized access to data. Entering the operating system to enter another object of the present invention is to provide a method and a system that can protect the data of the storage unit only through a software or data protection method. < The program control mechanism can be achieved to achieve the system including: No., encoding and decoding the data processing unit; one and other programs to store the specific user's element in the correct knowledge to decode and restore the device before continuing through In the material protection method, the user enters a specific location to encode the user ’s identification. One of the above-mentioned devices is used to provide and execute the basic setting of the device to provide the identification location. When the code is written, the storage note covering the line from the normal opening is the identification code of the line in the following steps in advance; secondly, make and save to a module for this purpose, and issue the function of the storage unit The storage unit of the central input / output system material processing device, the code is encoded, and the specific location will be divided. The storage unit partition table is correct. The operating procedure metadata protects the user's identification. First, the 4 code is used to encrypt the 5 user. Identification of the specified storage cut-off table data deletion storage data protection system processing unit; and other software storage The storage includes resident in the record, encryption and storage of the cut table data, and taking out the sub-location from the user, providing the user with the identification system, executing the module installation to make the user save to the identification module Location of sub-units; except; finally, the metadata protection system captures a message for storing the routine memory system system program memory unit for the storage order to encode and restart the cut-off table data plus the data processing module . Storage unit information The memory unit identification module enters the cut-table data of the storage unit into # 者 ’order the order the user

五、發明說明(4) ___ 辨識模組於使用者重新開啟該資料處理、 使用者所輸入識別碼是否正確,若是,^ 毛源時,判斷 分割表資料解碼還原並覆蓋至正確的、2誘編碼加密之 正常之開機作f ;若否,則中止正 :J置’俾進行 相較於習=之儲存單元資料保護方法業程序。 明之儲存單元貧料保護方法以及系統,用系統,本發 透過一於開機程序中執行之使用者識別機供使用者僅 具有使用權限之使用者任意開啟該資料 壯即侍防止不 存單元中資料之存取。 衣置並進行錯 【實施方式】 請參與第1圖,於以下實施例中,本發 資料保護方法以及系統100,係應用於—二二之儲存單元 2 0 0架構中’以下僅就與本發明 ,D之個人電腦 以及系。咖關之單元與模組加SC;料保護方法 鍵盤或滑鼠等輸入單元以及螢幕等顯示於其他諸如 贅述之,合先敘明。 辱’均不為文 :參閱第2圖,該儲存單元資料保護 -使用者識別模組⑷。 財子單y乂及 ^該中央處理單元uo係用以提供該儲存單元資料保護 ^統1 00擷取信號、編解碼及執行指令之功能,旅得透過 資料傳輸路徑如匯流排等’以自其他資源傳遞及接收資 料。 、’、处· 該 舌己憶單元1 2 0係用以提供該儲存單元資科保護糸統V. Description of the invention (4) ___ When the identification module re-opens the data processing by the user, is the identification code entered by the user correct? If yes, when ^ Maoyuan, judge the data of the partition table to decode and restore it and cover it to the correct, 2 The normal booting operation of the coded encryption is f; if not, the operation is aborted: J is set to 俾 to compare the storage unit data protection method business procedure with Xi =. Method and system for protecting the lean material of the storage unit using the system, the system uses a user identification machine which is executed in the booting process for the user to only open the data if the user has the right to use it to prevent the data in the unit from being stored Access. Putting the wrong things together [Implementation] Please participate in Figure 1. In the following embodiment, the data protection method and system 100 of the present invention are applied to the storage unit 2 0 0 in the 22 architecture. Invention, D's personal computer and department. The unit and module of the coffee gate plus SC; material protection method The input unit such as the keyboard or mouse and the screen are displayed in other details, which will be described first. No shame is a word: refer to Figure 2, the data protection of this storage unit-user identification module.财 子 单 y 乂 and ^ The central processing unit uo is used to provide the data protection of the storage unit ^ System 1 00 functions of capturing signals, encoding and decoding, and executing instructions, and can travel through data transmission paths such as buses, etc. Other resources pass and receive information. , ', 处 · The Tongjiji unit 1 2 0 is used to provide the asset protection system of the storage unit.

17112· ptd 第8頁 200411392 五、發明說明(5) 1 0 0儲存包括基本輸出入系統及其他軟體程式及/或常式。 其性質上屬於不具有揮發性之記憶單元,亦即於該個人電 腦2 0 0之工作電源切斷後,儲存於該記憶單元中之資料不 會消失,俾於使用者啟動該個人電腦2 〇 〇之工作電源時, 得執行諸如該基本輸出入系統常式,以完成該個人電腦 2 0 0之開機程序。又,該記憶單元1 2 〇得為一電子可抹除可 程式化唯讀記憶體(Electrically Erasable17112 · ptd Page 8 200411392 V. Description of the Invention (5) 1 0 0 Storage includes the basic input / output system and other software programs and / or routines. It is a non-volatile memory unit in nature, that is, after the power of the personal computer 2000 is cut off, the data stored in the memory unit will not disappear, and the user starts the personal computer 2 00. When operating the power supply, such basic input / output system routines must be executed to complete the boot process of the personal computer 2000. In addition, the memory unit 12 may be an electronically erasable programmable read-only memory (Electrically Erasable

Programmable Read Only Memory; EEPROΜ)或一快閃記Programmable Read Only Memory; EEPROM) or a flash

憶體(F 1 a s h M e m o r y )。由於前述之記憶體均具有可程式 即可覆寫之特性’故得提供使用者視實際情況需要更新其 中諸如基本輸出入系統等之程式資料内容。 該儲存單元1 3 0係用以提供該個人電腦2 〇 〇儲存包括作 業系統程式及其他程式或資料。於本實施例中,該儲存單 元1 30係為一硬碟(Hard Di sk),該儲存單元i 3〇之功能 及架構為習知’故不另文贅述之。 該使用者識別模組1 4 0係常駐於該記憶單元中之軟體 程式,用以透過该中央處理單元1 1 0將使用者所設定識別 碼加以編碼加密並儲存於該儲存單元1 3 0中之特定位置; 此外,復得透過該中央處理單元1 1 〇將分割表資料加以編 碼加密而儲存於该儲存單元1 3 0之特定位置;且於使用者 重新開啟該個人電腦2 0 0之工作電源,執行開機程序輸入 之正確之識別碼時’自該儲存單元1 3 0中取出該分割表資 料,透過該中央處理單元11 0加以解碼還原後覆蓋至該分 割表正確位置,俾供該個人電腦2 0 0繼續進行正常之開機Memories (F 1 a s h Me m o r y). Since the foregoing memories have the characteristics of being programmable and overwritable ', users may be required to update the content of program data such as the basic input / output system according to the actual situation. The storage unit 130 is used to provide the personal computer 2000 with storage including operating system programs and other programs or data. In this embodiment, the storage unit 1 30 is a hard disk, and the function and structure of the storage unit i 30 are conventional, so they are not described in detail. The user identification module 1 40 is a software program resident in the memory unit, and is used to encode and encrypt the identification code set by the user through the central processing unit 1 10 and store in the storage unit 1 3 0 In addition, it retrieves the partition table data through the central processing unit 110 and stores it in a specific location in the storage unit 130. The user then re-opens the personal computer 2000 to work. When the power supply executes the correct identification code entered during the boot process, the data of the partition table is taken out from the storage unit 130, decoded and restored by the central processing unit 110, and overwritten to the correct position of the partition table for the individual Computer 2 0 0 continues normal boot

17112. ptd 第9頁 200411392 五、發明說明(6) ----一一 作業程序。 六押而另π] °兑明者’係於本實施例中,該分割表係指該儲 :, 亦即硬碟之分割表,而習知之硬碟係由複數個 、、主二1 USter)、磁頭(head)及磁區(sector)所組 ,,、而母一^兹區之容量為512個位元組(byte)。其中, 第0磁柱」第0磁頭之第1磁區係定義為分割磁區,於該磁 區中則端係儲存主啟動程式(Master Boot Program; MBP),後端則係用以儲存分割表資料。 立仲其次’該個人電腦2 0 0之開機程序約略如下:由該記 憶單兀120之記憶體位址0FFFF0H開始執行的,亦即( CS=:FFFF、丨卜0 0 0 0 )。該個人電腦之基本輸出入系統在該 0FFFF0H位址上的程式内容是: 「FFFF 0: JMP START」 跳到START之後,該記憶單元1 20之基本輸出入系統 (ROM β I 0S)首先會做一些初始的檢查工作,例如檢查隨 機存取記憶體、鍵盤、螢幕、磁碟機等。然後會讀入主啟 動程式’基本輸出入系統會將控制權交給主啟動程式繼 續執行下去。要言之,可分為以下幾個步驟: 1 ·電腦開機時,先執行基本輸出入系統,將該儲存 單元130第一個磁區的主啟動記錄(Master Boot Record; MBR )寫入隨機存取記憶體中再轉移控制權至主啟動記錄 中的程式碼。 2 ·主啟動記錄程式碼掃描整個主磁碟分割表,並在 第一個分割區放置一個旗標(f 1 ag),並將該分割區標示17112. ptd page 9 200411392 V. Description of invention (6) ---- one by one operation procedures. Six bets and another π] ° Ming Ming 'is in this embodiment, the partition table refers to the storage: that is, the hard disk partition table, and the conventional hard disk is composed of a plurality of, the main two 1 USter ), Magnetic head (head) and magnetic sector (sector), and the capacity of the mother-in-law area is 512 bytes (byte). Among them, the first magnetic zone of the "0th magnetic column" and the 0th magnetic head is defined as a divided magnetic zone. In this magnetic zone, a master boot program (MBP) is stored on the end, and a partition is stored on the back end. Table information. Li Zhong's second 'the boot process of the personal computer 2000 is roughly as follows: It is executed from the memory address 0FFFF0H of the memory unit 120, that is, (CS =: FFFF, bu 0 0 0 0 0). The content of the program of the basic input / output system of the personal computer at the address 0FFFF0H is: “FFFF 0: JMP START” After jumping to START, the basic input / output system (ROM β I 0S) of the memory unit 1 20 will first do Some initial inspections, such as checking random access memory, keyboards, screens, drives, etc. Then it will read in the main startup program, and the basic input / output system will transfer control to the main startup program to continue execution. To sum up, it can be divided into the following steps: 1. When the computer is turned on, first execute the basic input and output system, and write the master boot record (MBR) of the first sector of the storage unit 130 into the random storage. Take the code in memory and transfer control to the master boot record. 2 · The master boot record code scans the entire master disk partition table, places a flag (f 1 ag) on the first partition, and marks the partition

17112. ptd 第 10 頁 200411392 五、發明說明(7) 為可開機。接著寫入隨機在& ^ 、,# 個分割區裡的程式碼。存取❹體,^控制權傳給這 3·經由啟動程式將磁碟中的系統檔(如ms d〇s的ι〇· SYS及MSDOS. SYS)載入隨機存取記憶體,再將控制權交 給所載入的系統檔。 承上所述,於該個人電腦2 0 〇之開機程序中,該分割 表資料具有不可或缺之重要性,若無該分割表資料則系統 無法得知該儲存單元1 3 0之分割狀況,亦無法得知諸如視 窗XP或L I NUX等作業系統之儲存位置,當然無法順利完成 開機程序。 是故,該使用者識別模組1 4 0即依據前述分割表之特 性’透過刪除分割表資料以阻斷不具使用權限之使用者完 成開機程序,進而達到保護該個人電腦2 〇 〇之儲存 中儲存資料之目的。 請參閱第3 ( A)圖,其中顯示本發明之儲存單元次料 保護方法於執行儲存單元1 30資料保護之流程步驟。貝先 令使用者於該個人電腦2 〇 〇之正常作業系統下, 方 用者辨識模組1 4 〇至該記憶單元1 2 0中,隨即進 "· S301。 疋仃步驟 於步驟S3 01中,令該使用者辨識模組1 定之識別碼進行編碼加密後儲存至該儲存單元、 者= 位置中。於本實施例中,於該使用者辨 之特疋 該記憶單元12。後,該使用者識別模組二;= 安裝至 定一識別碼作為身分辨識之用,該識別碼^ ^ =用者設 传括任何數17112. ptd page 10 200411392 V. Description of invention (7) is bootable. Then write the code randomly in & ^, # partitions. To access the carcass, ^ control is passed to this 3. Load the system files in the disk (such as ι〇 · SYS and MSDOS. SYS of ms d0s) into the random access memory through the startup program, and then control Rights are transferred to the loaded system file. As mentioned above, in the boot process of the personal computer 2000, the partition table data is indispensable. Without the partition table data, the system cannot know the partition status of the storage unit 130. It is also impossible to know the storage location of operating systems such as Windows XP or LI NUX, and of course the boot process cannot be successfully completed. Therefore, the user identification module 140 is based on the characteristics of the aforementioned partition table 'by deleting the partition table data to block users who do not have permission to complete the boot process, thereby protecting the personal computer 2000 storage Purpose of storing data. Please refer to FIG. 3 (A), which shows the steps of protecting the storage unit secondary material according to the present invention in the process of performing data protection of the storage unit 130. Beishen instructed the user to identify the module 140 to the memory unit 120 under the normal operating system of the personal computer 2000, and then proceeded to " S301.疋 仃 Step In step S3 01, the identification code determined by the user identification module 1 is encoded and encrypted, and then stored in the storage unit, or = location. In this embodiment, the memory unit 12 is distinguished by the user. After that, the user identification module two; = installed to a fixed identification code for identity identification, the identification code ^ ^ = user set, including any number

200411392 五、發明說明(8) 字、文字與符號之組合。於使用者完成識別碼設定後,該 使用者識別模組1 4 0隨即將該識別碼編碼加密備份至該儲 存單元1 30中之一特定位置,接著進行步驟S3 0 2。 於步驟S 3 0 2中,令該使用者辨識模組1 4 0將分割表資 料進行編碼加密並儲存至一指定之儲存單元1 3 0位置。於 本實施例中,該使用者識別模組1 4 0於執行完識別碼加密 備份之步驟後,隨即將該分割磁區中知該分割表資料加以 編碼加密,並於編碼加密完成後,將該加密資料儲存至該 儲存單元130中之另一指定位置,隨即進行步驟S303。 於步驟S 3 0 3中,令該使用者辨識模組1 4 0將該分割表 資料刪除。於本實施例中,當該使用者辨識模組1 4 0完成 分配表資料加密儲存之步驟後,隨即將該分配表資料自該 記憶單元1 2 0中刪除。由於該分配表資料已自該記憶單元 1 2 0中刪除,則在使用者重新開啟該個人電腦2 0 0之工作電 源,並執行開機程序之過程中,若無法輸入正確之識別 碼,則該使用者辨識模組1 4 0即不會將該分配表資料還原 覆蓋於正確之分配表磁區,該個人電腦2 0 0即無法完成正 常開機程序,以進入作業系統。實際操作步驟則如下所 述。 請參閱第3 ( B)圖,其中顯示當該完成資料保護設定 程序之個人電腦2 0 0,為一使用者重新開啟工作電源,以 執行驗證保護階段之流程步驟。 於步驟S 3 1 1中,令該使用者辨識模組1 4 0於開機程序 中要求使用者輸入識別碼,接著進行步驟S 3 1 2。200411392 V. Description of the invention (8) Combination of words, characters and symbols. After the user completes the setting of the identification code, the user identification module 140 then encrypts and backs up the identification code to a specific location in the storage unit 130, and then proceeds to step S302. In step S302, the user identification module 140 is configured to encode and encrypt the segment table data and store it in a designated storage unit 130 position. In this embodiment, after the user identification module 140 performs the steps of encrypting and backing up the identification code, the partition table data is then encoded and encrypted, and after the encoding and encryption is completed, the user identification module 140 The encrypted data is stored in another designated location in the storage unit 130, and then step S303 is performed. In step S303, the user identification module 140 is caused to delete the partition table data. In this embodiment, after the user identification module 140 completes the steps of encrypting and storing the allocation table data, the allocation table data is then deleted from the memory unit 120. Since the data of the allocation table has been deleted from the memory unit 120, when the user restarts the working power of the personal computer 2000 and executes the boot process, if the correct identification code cannot be entered, the The user identification module 140 will not restore the allocation table data to the correct allocation table magnetic area, and the personal computer 200 will not be able to complete the normal boot process to enter the operating system. The actual operation steps are described below. Please refer to Fig. 3 (B), which shows that when the personal computer 2000 that completes the data protection setting procedure is turned on, the working power is turned on again for a user to perform the process steps of the authentication protection phase. In step S 3 11, the user identification module 1 40 is required to ask the user to input an identification code during the booting process, and then step S 3 1 2 is performed.

第12頁 17112. ptd 200411392 五、發明說明(9) 於步驟S312中,令該使用者辨識模組14〇判斷 所輪入之識別碼是否與儲存於該儲存單元13〇中之用考 相同,若是,則進行步驟S313;若否則進至步驟碼 於步驟S313中,令該使用者辨識模組14〇將儲於 單★ 13〇中之分割表資料讀出,並覆蓋至正確:乂 :: 表貧料磁區,接著進行步驟s 3 1 4。 刀口 於步驟S314中,令該個人電腦200依據正常之 2進入作業系統,俾供有權限使用 ”幾私 中資料之存取。 疋仃忒储存早兀1 30 於步驟S3!5中,因使用者無法輪入正確 5亥使用者辨識模組1 4 0不會執行分刻本次M 識別碼,則 ,的,該儲存單元13〇中步驟, 去為該啟動程式所擷取,故無法執行正^糸、、先貧料無 序,俾達到防止無權限使用者存取開機作業程 料。 儲存早元13 0中之資 綜上所述,本發明之儲存單元資料保错 $ ’用以提供使用者僅透過一於開c系 :別機制,即得防止不具有使用權限之使使用者 人電腦2 0 0並進行儲存單元1 g q中資料 任思開啟该 存單元1 3 0為不知道識別碼之使用者貝拆、之存取。即使該儲 :的電腦裝置進行資料之存取, 除,仍無法透過其 目的。 只達到資料保護之 70貝料保護方法以及系 月之實質技術内容之範 以上所述僅為本發明之儲存單 統之較佳實施例’非用以限定本發Page 12 17112. ptd 200411392 V. Description of the invention (9) In step S312, the user identification module 14 is caused to judge whether the identification code rotated in is the same as the use test stored in the storage unit 13, If yes, proceed to step S313; otherwise, proceed to step code in step S313, so that the user identification module 14 reads out the partition table data stored in the bill ★ 13 ° and overwrites it to the correct: 乂 :: The surface is lean, and steps s 3 1 4 are performed. In step S314, the knife edge allows the personal computer 200 to enter the operating system according to the normal 2 and is provided for access by authorized users. 疋 仃 忒 Save early 1130 In step S3! 5, due to use The user cannot turn in the correct 5 user identification module 1 4 0 will not execute the M identification code this time, then, the storage unit 13 steps to retrieve for the startup program, so it cannot be executed It is not orderly enough to prevent the unauthorized users from accessing the booting process. According to the above description, the storage unit data of the present invention is error-proof. Provide the user only through one-on-c system: another mechanism, that is to prevent the user from having the right to use the computer 2 0 0 and store the data in the unit 1 gq Rensi open the storage unit 1 3 0 is unknown The user of the identification code dismantles and accesses it. Even if the computer device storing the data accesses it, it cannot pass through its purpose. Only 70 methods of data protection for data protection and the essential technical content of the month The above description is only for the invention The preferred embodiment of the deposit system 'not intended to limit the invention

200411392 五、發明說明(ίο) 圍,其他與個人電腦相似,如筆記型電腦、伺服器及工作 站等,且具有儲存單元者均有本發明之適用。本發明之儲 存單元資料保護方法以及系統其實質技術内容係廣義地定 義於下述之申請專利範圍中,任何他人所完成之技術實體 或方法,若與下述之申請專利範圍所定義者完全相同,或 為等效之變更,均將被視為涵蓋於此專利範圍之中。200411392 V. Description of invention (ίο). Others are similar to personal computers, such as notebook computers, servers, and workstations, and have storage units that are applicable to the present invention. The storage unit data protection method and system of the present invention are broadly defined in the following patent application scope. Any technical entity or method completed by another person is exactly the same as defined in the following patent application scope. , Or equivalent changes, will be considered to be covered by this patent.

17112. ptd 第14頁 200411392 圖式簡單說明 【圖式簡單說明】 第1圖係一應用架構示意圖,用以顯示執行本發明之 儲存單元資料保護系統應用於一個人電腦上之系統架構; 第2圖係一方塊示意圖,用以顯示本發明之儲存單元 資料保護系統中單元與模組間之相互關係;以及 第3 ( A)及3 ( B)圖係流程圖,用以顯示執行本發明 之儲存單元資料保護方法之流程步驟。 1 〇 〇 儲存單元資料保護系統 110 中央處理單元 120 記憶單元 1 3 0 儲存單元 1 4 0 使用者識別模組 2 0 0 個人電腦17112. ptd Page 14 200411392 Simple illustration of the drawing [Simplified illustration of the drawing] Fig. 1 is a schematic diagram of an application architecture for showing the system architecture of the storage unit data protection system for implementing a personal computer in accordance with the present invention; Fig. 2 It is a block diagram showing the relationship between units and modules in the storage unit data protection system of the present invention; and Figures 3 (A) and 3 (B) are flowcharts showing the storage for implementing the present invention Process steps of the unit data protection method. 1 〇 〇 Storage unit data protection system 110 Central processing unit 120 Memory unit 1 3 0 Storage unit 1 4 0 User identification module 2 0 0 Personal computer

第15頁 17112. ptdPage 15 17112.ptd

Claims (1)

200411392 六、申請專利範圍 1. 一種儲存單元資料保護方法,其係應用於一具有儲存 單元之資料處理裝置上,該儲存單元資料保護方法包 括: 令一使用者辨識模組將使用者設定之識別碼進行 編碼加密後儲存至該儲存單元之特定位置; 令該使用者辨識模組將分割表資料進行編碼加密 並儲存至一指定之儲存單元位置; 令該使用者辨識模組將儲存於記憶單元之分割表 資料刪除;以及 令該使用者辨識模組於使用者重新開啟該資料處 理裝置電源時,判斷使用者所輸入識別碼是否正確, 若是,則將該編碼加密之分割表資料解碼還原並覆蓋 至正確的分配表位置,俾進行正常之開機作業;若否 ,則中止正常之開機作業程序。 2. 如申請專利範圍第1項之方法,其中,該儲存單元可為 一内建式硬碟、外接式硬碟及抽取式硬碟其中任一者 〇 3. 如申請專利範圍第1項之方法,其中,該資料處理裝置 可為一個人電腦、筆記型電腦、平板電腦、液晶電腦 、伺服器及工作站其中任一者。 4. 如申請專利範圍第1項之方法,其中,該使用者辨識模 組係為一軟體程式,於安裝至該記憶單元後常駐於該 記憶單元,並於該資料處理裝置執行開機程序時進行 使用者識別工作。200411392 VI. Application Patent Scope 1. A storage unit data protection method, which is applied to a data processing device with a storage unit. The storage unit data protection method includes: making a user identification module identify the user settings The code is encrypted and stored in a specific location of the storage unit; the user identification module is used to encode and store the partition table data in a specified storage unit location; the user identification module is stored in the memory unit Delete the partition table data; and enable the user identification module to determine whether the identification code entered by the user is correct when the user turns on the data processing device again, and if so, decode and restore the encrypted encrypted partition table data and Cover to the correct allocation table position, and perform normal boot operation; if not, abort the normal boot operation procedure. 2. If the method of the first scope of the patent application, the storage unit may be any one of a built-in hard disk, an external hard disk and a removable hard disk. Method, wherein the data processing device may be any one of a personal computer, a notebook computer, a tablet computer, an LCD computer, a server, and a workstation. 4. For the method of applying for the first item of the patent scope, wherein the user identification module is a software program, which is resident in the memory unit after being installed in the memory unit and is performed when the data processing device executes a boot process. User identification work. 17112. ptd 第16頁 200411392 六、申請專利範圍 5. 如申請專利範圍第1項之方法,其中,該記憶單元可為 一電子可抹除可程式化唯讀記憶體及快閃記憶體其中 任一者。 6. 如申請專利範圍第1項之方法,其中,該識別馬可為文 字、數字、符號、文字與數字、文字與符號、符號與 數字及文字、符號與數字其中任一者所組成之内容。 7. —種儲存單元資料保護系統,其係應用於一具有儲存 單元之資料處理裝置上,該儲存單元資料保護系統包 括: 一中央處理單元,其係用以提供該儲存單元資料 保護系統擷取訊號、編解碼及執行指令功能; 一記憶單元,其係用以儲存該資料處理裝置之基 本輸出入系統及其他軟體程式; 該儲存單元,其係用以提供該資料處理裝置儲存 包括作業系統程式及其他程式或資料之;以及 一使用者識別模組,其係常駐於該記憶單元中用 以將使用者所設定識別碼加以編碼加密並儲存於該儲 存單元中之特定位置;此外,復得將分割表資料加以 編碼加密而儲存於該儲存單元之特定位置,且於使用 者重新開機輸入正確之識別碼時,自該儲存單元中取 出該分割表資料加以解碼還原後覆蓋至該分割表正確 位置。 8. 如申請專利範圍第7項之系統,其中,該儲存單元可為 一内建式硬碟、外接式硬碟及抽取式硬碟其中任一者17112. ptd page 16 200411392 6. Application for patent scope 5. For the method of applying for patent scope item 1, the memory unit can be an electronically erasable programmable read-only memory and flash memory. One. 6. The method according to item 1 of the scope of patent application, wherein the identification mark is composed of any one of words, numbers, symbols, words and numbers, words and symbols, symbols and numbers and words, symbols and numbers . 7. A storage unit data protection system, which is applied to a data processing device with a storage unit. The storage unit data protection system includes: a central processing unit that is used to provide the storage unit data protection system capture Signal, codec, and execute command functions; a memory unit, which is used to store the basic input / output system and other software programs of the data processing device; the storage unit, which is used to provide the data processing device storage including operating system programs And other programs or data; and a user identification module, which resides in the memory unit to encode and encrypt the identification code set by the user and stores it in a specific location in the storage unit; The partition table data is encoded and encrypted and stored in a specific location of the storage unit, and when the user restarts and enters the correct identification code, the partition table data is taken out from the storage unit and decoded and restored to cover the partition table correctly. position. 8. If the system of claim 7 is applied for, the storage unit may be any one of a built-in hard disk, an external hard disk, and a removable hard disk. 17112. ptd 第17頁 200411392 六、申請專利範圍 〇 9.如申請專利範圍第7項之系統,其中,該資料處理裝置 可為一個人電腦、筆記型電腦、平板電腦、液晶電腦 、伺服器及工作站其中任一者。 1 0 .如申請專利範圍第7項之系統,其中,該使用者辨識模 組係為一軟體程式,於安裝至該記憶單元後常駐於該 記憶單元,並於該資料處理裝置執行開機程序時進行 使用者識別工作。 1 1.如申請專利範圍第7項之系統,其中,該記憶單元可為 一電子可抹除可程式化唯讀記憶體及快閃記憶體其中 任一者。 1 2 .如申請專利範圍第7項之系統,其中,該識別馬可為文 字、數字、符號、文字與數字、文字與符號、符號與 數字及文字、符號與數字其中任一者所組成之内容。17112. ptd Page 17 200411392 VI. Application for Patent Scope 09. If the system for application for Item 7 is patented, the data processing device can be a personal computer, notebook computer, tablet computer, LCD computer, server and workstation Any of them. 10. The system according to item 7 of the scope of patent application, wherein the user identification module is a software program, which is resident in the memory unit after being installed in the memory unit and when the data processing device executes a boot process Perform user identification. 1 1. The system according to item 7 of the patent application scope, wherein the memory unit may be any one of an electronically erasable programmable read-only memory and a flash memory. 1 2. The system according to item 7 of the scope of patent application, wherein the identification horse is composed of any one of words, numbers, symbols, words and numbers, words and symbols, symbols and numbers and words, symbols and numbers content. 17112. ptd 第18頁17112.ptd Page 18
TW91137821A 2002-12-30 2002-12-30 Data protection method and system for storage unit TW588244B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW91137821A TW588244B (en) 2002-12-30 2002-12-30 Data protection method and system for storage unit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW91137821A TW588244B (en) 2002-12-30 2002-12-30 Data protection method and system for storage unit

Publications (2)

Publication Number Publication Date
TW588244B TW588244B (en) 2004-05-21
TW200411392A true TW200411392A (en) 2004-07-01

Family

ID=34058096

Family Applications (1)

Application Number Title Priority Date Filing Date
TW91137821A TW588244B (en) 2002-12-30 2002-12-30 Data protection method and system for storage unit

Country Status (1)

Country Link
TW (1) TW588244B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8504849B2 (en) 2004-12-21 2013-08-06 Sandisk Technologies Inc. Method for versatile content control
US8601283B2 (en) 2004-12-21 2013-12-03 Sandisk Technologies Inc. Method for versatile content control with partitioning
US8639939B2 (en) 2006-07-07 2014-01-28 Sandisk Technologies Inc. Control method using identity objects
US8613103B2 (en) 2006-07-07 2013-12-17 Sandisk Technologies Inc. Content control method using versatile control structure
US9104618B2 (en) 2008-12-18 2015-08-11 Sandisk Technologies Inc. Managing access to an address range in a storage device

Also Published As

Publication number Publication date
TW588244B (en) 2004-05-21

Similar Documents

Publication Publication Date Title
EP2335181B1 (en) External encryption and recovery management with hardware encrypted storage devices
US6654820B1 (en) System capable of recording a content onto a recording medium which does not have a medium ID
US7818567B2 (en) Method for protecting security accounts manager (SAM) files within windows operating systems
KR102139179B1 (en) Security subsystem
JP5565040B2 (en) Storage device, data processing device, registration method, and computer program
US20100058066A1 (en) Method and system for protecting data
US7900043B2 (en) Hard disk security method in a computer system
KR20120104175A (en) Authentication and securing of write-once, read-many (worm) memory devices
TW201025072A (en) Method and apparatus for providing access to files based on user identity
RU2353969C2 (en) Method and device for computer memory binding to motherboard
US20130191636A1 (en) Storage device, host device, and information processing method
US20050193195A1 (en) Method and system for protecting data of storage unit
TW200832181A (en) System and method of data encryption and data access of a set of storage device via a hardware key
CN114662164A (en) Identity authentication and access control system, method and equipment based on encrypted hard disk
US11468159B2 (en) Memory system
TW200411392A (en) Data protection method and system for storage unit
JP2006195629A (en) Portable storage device
CN109583197B (en) Trusted overlay file encryption and decryption method
WO2015116204A1 (en) Encrypted in-place operating system migration
WO2010151722A1 (en) Accessing a serial number of a removable non-volatile memory device
JP2003208234A (en) Software recording part separation type information processor and software managing method
JP2018139025A (en) Data erasing method, data erasing program, computer with data erasing program and data erasing management server
TW201939289A (en) Storage apparatus managing method and storage apparatus managing system
JP6150943B2 (en) Control device
KR101161686B1 (en) Memory device with security function and security method thereof

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees