200844840 九、發明說明: 【發明所屬之技術領域】 ,尤指與外部 本發明有關-種儲存裝置及其控制方法 系統通訊的安全儲存裝置及其控制方法。 【先前技術】 相對於其他檔案系統,檐案配置表(Fiie Au〇cati〇n200844840 IX. Description of the invention: [Technical field to which the invention pertains], particularly relates to a storage device and a control method thereof, and a secure storage device for system communication and a control method thereof. [Prior Art] Compared to other file systems, the file configuration table (Fiie Au〇cati〇n
Table,FAT)的優點為結構簡單,且為大部分現存的個人電 腦作業系統所支援。FAT標㈣統的特點在於具有位於磁 碟區中最頂端的真實表格’即為名符其實的檑案配置表 (FAT),絲記錄檔案位置、檔案屬性等相關資料。簡 單、容易操作、支援度廣的特性使其成為理想的儲存裝置 檔案系統,也適合用作不同的電腦作業㈣中的資料交 流’其特性相對無法防堵個人播案資料的安全性問題。遂 有-些防止個人資_方法的增益改良為人所揭示。 /如吳國第7,062,585號專利所述(如圖】),該專利揭露 執行主機相依行為的流程圖。請參照圖〗,第一步驟如方塊 10所不’包含主機-目的裝置登入過程,其中主機與目的裝 置(如磁碟陣彼此交換資訊並形成通訊連接。 在登入過程期間,主機提供主機序號給目的裝置。成功登 入後,允許目的裝置接收來自主機的命令,如方塊12所示。 5 200844840 =均職的已接收命令,目«置依據域的通訊協 疋來判定是否執行該命令,如方塊15所示。此步驟藉由將 已接收的命令和具有〇/S相關要件的命令清單做比對 成。假設該命令排除主機的通訊協定而執行,則不合齡 方塊15以下的步驟,此方法流程圖於方塊以結束。:: 比對過程巾發現有符合〇/S相關命令的匹配,則會 15以下的步驟。 % 下-步驟請參照方塊20,主要為取得定義預設⑽通訊 協定之模式參數的值。舉例來說,此模式參數可設定為所 有HPUX通訊協定的預設值,不限於表單中所列。該表單事 先儲存於目的裝置中的非揮發性記憶體。請進一步參照方 塊30^包含存取上述儲存有主機序號及與它相關的嶋貞型 的表單。此方法進-步包括方塊4G的步驟,欺在表單中 是否有如方塊10所述的登入過程期間取得的主機序號的匹 配。條若在料中發現有主機序號的匹配,則覆蓋〇/s通訊 協定的預設模式參數指示,選取與匹配的主機序號有關的 o/s通訊協定,如圖的方塊5〇所示。 如上所述省知方法與系統藉由比對主機序號來選取 與主機相依的適當通訊協定,僅能處理異質性主機可能會 產生的相合性以及桓稜的問題,卻忽略了防堵資料外浅的 重要性。因此’目前亟需一種能有效提高資料安全性的儲 存衣置及方法以避免不肖人士恶惠竊取機密實竹的凤 6 200844840 險。有別於傳統的儲存裝 系統裝置),本發明禁止料定7,100,160號專利之 人機密資料,大為改正先^;之的1 部系統裝置任意存取私 引技術的缺點並解決上述的問題。 【發明内容】 有鑒於習知技藝受制於上述之 為接屮接他田士人1 @ ’本I日月的目的即 為&出-種使用於外部系統 用邏輯控制器來控制資料存取。存衣置及其控制方法,利 為達上述目的,本發明之較廣義實施樣態為提供一種 /、卜邛糸統通汛的儲存裝置,· /、 一利用儲存區第-部m 至少一儲存區;至少 予1_弟 刀形成的邏輯分割區,用以儲左次 料,以及邏輯控制5|,Μ古Μ 貝 Φ…證設定模組’當外部系统要 求存取邏輯分割區時,該 制邏輯分割區的存取。 又疋存取模式以控 根據本發明之構想,其中邏輯控制器進—步 接收存取要求的主機驗證模組。 =本:明之構想’储存裝置進一步包含利 存…-部分形成的樓案配置表,用以索引資料登錄糊。 根據本發明之構想,其中邏輯分割區包 、 存取的一般區域。 邛系統可 根據本發明之構想,其中邏輯分割 系統可存取的保密區域。 〜的外部 7 200844840 根據本發明之構想 錯誤登錄欄。 根據本發明之構想 登錄欄的隱藏區域。 根據本發明之構想 分割區的裝置識別模式 根據本發明之構想 其中保密區域具有正確登錄欄和 其中保密區域包含用以儲存正確 其中存取模式包含容許存取邏輯 其中存取模式包含禁止存取邏輯 分割區之保密區域的裝置限定模式。 根據本發明之構想,儲存裝置包含USB隨身碟、安全 數位記憶(Secure Digital, SD)卡、多媒體儲存卡(Multi Media Card,MMC)、以及快閃隨身碟。 本發明之另一較廣義實施樣態為提供一種控制外部系 統存取儲存裝置的方法,該儲存裝置具有包含一般區域及 保密區域之邏輯分割區,其步驟如下:a)要求存取儲存於 邏輯分割區中的資料;b)判定資料是否儲存於一般區域或 保密區域;c)當要求存取的資料儲存於保密區域時,確認外 部系統是否為事先約定裝置;d)設定邏輯分割區的存取模 式;以及e)依據所設定的存取模式輸出資料。 根據本發明之構想,其中儲存裝置進一步包含利用部 分儲存區形成的檔案配置表,用以索引資料登錄欄。 根據本發明之構想,其中邏輯分割區包含外部系統可 存取的一般區域。 200844840 根據本發明之構想 系統可存取的保密區域 根據本發明之構想 錯誤登錄搁。 根據本發明之構想 登錄欄的隱藏區域。 根據本發明之構想 分割區的裝置識別模式 根據本發明之構想 其中邏輯分割區包含約定的外部 其中保密區域具有正確登錄欄和 其中保密區域包含用以儲存正確 其中存取模式包含容許存取邏輯 其中存取模式包含禁止存取邏輯 分割區之保密區域的裝置限定模式。 根據本發明之構想,進一步包含當外部系統非約定裝 置時取得錯誤登錄欄的步驟。 根據本發明之構想,進一步包含當外部系統約定裝置 時取得正確登錄欄的步驟。 根據本發明之構想,其中儲存裝置包含USB隨身碟、 安全數位記憶(Secure Digital, SD)卡、多媒體儲存卡(Multi Media Card, MMC)、以及快閃隨身碟。 【實施方式】 體現本發明特徵與優點的一些實施例將在後段的說明 中詳細敘述。本發明能夠在不同的態樣上具有各種的變 9 200844840 化,皆不脫離本發明的範圍,且其中的說明及圖式在本質 上當作說明之用,而非用以限制本發明。 請參照圖2,揭露本發明之用於外部系統之儲存裝置的 内部結構圖。儲存裝置(最好為USB隨身碟)包括與外部系統 20通訊的邏輯控制器21、儲存區30、及邏輯控制器21中包 括用來接收來自外部系統20之廠商命令的主機驗證模組 211,以及用來設定存取模式的認證設定模組212,上述元 件將於後段說明中詳細敘述。 儲存裝置除了邏輯控制器21和儲存區30以外,提供利 用儲存區30的第一部分形成的邏輯分割區40,用以儲存檔 案資料,以及利用儲存區30第二部分形成的檔案配置表 (FAT)50,用來索引檔案資訊。其中邏輯分割區40分割為一 般區域401與保密區域402。檔案配置表50由多個相同大小 的登錄欄所組成,如圖2所示,其中含有檔案結構、檔案位 址、以及檔案屬性等相關資訊。每一個登錄欄的大小隨著 檔案系統的版本(FAT16或FAT32)而不同。每一個登錄欄 對應於相同位址的區域,而該區域儲存有該登錄欄指向的 檔案。 每當儲存裝置連接至外部系統20時,外部裝置20可任 意存取一般區域4(Π。然而,惟有在儲存裝置連接至約定的 外部系統20時,保密區域402才可為外部系統20所存取。此 外,保密區域402設定於特定的邏輯位址,並計箅兴所對應 200844840 檔案配置表50之登錄欄位置,將此指向其正確位址的FAT 資訊儲存於保密區域402的隱藏區域4021。指向保密區域 402錯誤位址的FAT資訊則存入檔案配置表50内原正確FAT 資訊的登錄欄位置。同樣地,一般區域401亦設定於特定的 邏輯位址。 再者,認證設定模組212根據來自邏輯控制器21的信 號,將邏輯分割區40的保密區域402設定為裝置識別模式或 裝置限定模式。當邏輯控制器21的主機驗證模組211接收到 來自外部系統20無法識別的廠商命令要求存取邏輯分割區 40的保密區域402,且該外部系統20確認非約定之系統,保 密區域402即設定處於裝置限定模式,其存取要求不被容 許。在其他實施例中,外部系統20在缺少廠商命令的情況 下,該外部系統20確認非約定之系統,使得保密區域402 無法被存取。相反地,假如邏輯控制器211可辨識送自外部 系統20的廠商命令,可存取保密區域402的通訊協定便發 出,保密區域402即設定處於裝置識別模式。 請參照3A與3B,揭示本發明之控制存取儲存裝置的方 法流程圖。如圖3A之步驟S31所示,提供外部系統20—儲 存裝置。存取檔案配置表50以查詢每一個檔案的登錄欄於 步驟S32。其後,外部系統20進一步要求存取檔案,如圖 3A之步驟S33。下一步判定該要求存取的檔案是否儲存於 保密區域402,如步驟S34。假設要求存取的檑茱傭眘於一 11 200844840 般區域401,即可順利找出並輸出該要求存取的檔案,如 圖3A的步驟S35。 假設要求存取的檔案系儲存於保密區域402,步驟S34 則會採行另一途徑,自圖3A的步驟S41開始以下步驟。外 部系統20傳送廠商命令至邏輯控制器21。在其他實施例, 廠商命令隨著外部系統而有所不同,可能的因素包含不同 的廠商/製造商、作業系統、版本等其他因素。在步驟S42 中,邏輯控制器21的主機驗證模組211進一步確認廠商命 令是否送自約定的外部系統。如步驟S43,倘若該廠商命令 送自非約定的外部系統,認證設定模組212即設定保密區域 402處於裝置限定模式,只能在檔案配置表中取得錯誤的登 錄欄,如步驟S44。由於錯誤登錄欄指向錯誤的檔案位址, 導致不正確的檔案輸出,如圖3A的步驟S45。此外,在缺 少廠商命令的情況下,外部系統20被視為非約定之系統, 使得保密區域402無法被存取。另一方面,假設廠商命令確 認送自約定之外部系統,步驟S42則會被導引至另一條途 徑,從圖3A中的A接續至圖3B的步驟S51。 請參照圖3B。如步驟S51,邏輯控制器21傳送一通訊 協定,使得保密區域402切換至裝置識別模式。因此,邏 輯分割區40的保密區域402在裝置識別模式下已解除存取 限制,如步驟S52。指向要求存取的檔案正確位址的正確的 登錄欄,可自保密區域402的隱藏區域4021取得,如夕驟 12 200844840 S53。成功地輸出該要求存取的檔案,完成整個存取控制的 操作流程,如圖3B的步驟S54 綜上所述,本發明提供一種安全儲存裝置及其控制方 法,非約定的外部系統無法取得檔案資料的正確位址,大 幅地提升機密資料檔案的安全性。本發明不僅與現存的檔 案系統相容,並利用邏輯控制器與含有一連串指向檔案位 址的登錄欄之檔案配置表,達到有效控制儲存於保密區域 的檔案資料存取。非約定的外部系統僅可存取儲存於一般 區域的檔案資料。當非約定的外部系統試圖存取儲存於保 密區域中的檔案時,只能取得指向錯誤檔案位置的錯誤登 錄攔。用來索引檔案資料的正確登錄欄儲存於保密區域, 僅能為約定之外部系統存取。邏輯控制器的主機驗證模組 用來記錄各種不同廠商命令,以分辨哪些外部系統為非約 定。本發明可廣泛應用於USB隨身碟、SD卡、MMC,以及 快閃隨身碟。有別於習知技藝容許對儲存裝置進行直接資 料讀寫以及其他操作,本發明禁止不當取得儲存裝置内的 密檔案資料,不僅解決習知潛在的安全性漏洞問題,並避 免檔案資料在讀寫過程中為有心人士所竊取,使得儲存裝 置的安全機制共為完善。 縱使本發明已由上述之實施例詳細敘述而可由熟悉本 技藝之人士任施匠思而為諸般修飾,然皆不脫如附申請專 利範圍所欲保護者。 13 200844840 【圖式簡單說明】 圖1為習知主機相依行為的流程示意圖; 圖2揭示本發明用於外部系統的儲存裝置結構圖;及 圖3A與圖3B揭示本發明另一較佳實施例之控制儲存 裝置之流程圖。 【主要元件符號說明】 20 外部系統 21 邏輯控制器 211 主機驗證模組 212 認證設定模組 30 儲存區 40 邏輯分割區 401 一般區域 402 保密區域 4021 隱藏區域 50 檔案配置表 S31〜S54 步驟 14Table, FAT) has the advantage of being simple in structure and supported by most existing personal computer operating systems. The FAT standard (4) is characterized by having a real table at the top of the disk area, which is a veritable file configuration table (FAT), and records the file location, file attributes and other related information. The simple, easy-to-operate, and wide-ranging features make it an ideal storage device file system, and is also suitable for use as a data exchange in different computer operations (4). Its characteristics are relatively incapable of preventing the security of personal broadcast data.遂 There are some gains to prevent personal _ methods from being improved. / As described in U.S. Patent No. 7,062,585 (Fig.), the patent discloses a flow chart for performing host dependent behavior. Referring to the figure, the first step, as in block 10, does not include the host-destination device login process, in which the host and the destination device (such as the disk array exchange information and form a communication connection with each other. During the login process, the host provides the host serial number to The destination device. After successful login, the destination device is allowed to receive commands from the host, as shown in block 12. 5 200844840 = The received command of the unified job, the destination communication protocol determines whether to execute the command, such as a block. Figure 15. This step is performed by comparing the received command with a list of commands having 〇/S related requirements. Assuming that the command is executed by excluding the host's protocol, the method is not the age of 15 or less. The flow chart ends in the block.:: If the matching process towel finds a match that matches the 〇/S related command, it will be the following steps. % Next - Step Please refer to block 20, mainly to obtain the definition preset (10) communication protocol. The value of the mode parameter. For example, this mode parameter can be set to the default value of all HPUX protocols, not limited to the one listed in the form. Non-volatile memory stored in the destination device. Please refer to block 30^ for further access to the above-mentioned form in which the host serial number and its associated type are stored. This method further includes the step of block 4G, which is deceived. Whether there is a matching of the host serial number obtained during the login process as described in block 10 in the form. If a matching of the host serial number is found in the material, the preset mode parameter indication of the 〇/s protocol is overwritten, and the matching host is selected. The serial number related o/s communication protocol is shown in block 5 of the figure. As described above, the method and system can select the appropriate communication protocol depending on the host by comparing the host serial number, and only the heterogeneous host can be generated. The consistency and the problem of ignorance, but neglect the importance of anti-blocking information. Therefore, there is a need for a storage device and method that can effectively improve the security of data to avoid unscrupulous people from stealing secret bamboo. Feng 6 200844840 risk. Different from the traditional storage system device), the invention prohibits the confidential information of the person who has patent No. 7,100,160, and greatly corrects it first; The system of any one of the access apparatus incorporated private art drawbacks and solve the problems described above. SUMMARY OF THE INVENTION In view of the above-mentioned art, it is subject to the above-mentioned purpose of connecting to the other person's day and month. The purpose of this is to use the external controller to control data access. The storage device and the control method thereof are advantageous for the above purpose, and a generalized embodiment of the present invention provides a storage device for /, a 汛 汛 汛 , , · 一 一 一 利用 利用 利用 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少Storage area; at least 1_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Access to the logical partition. Further, the access mode is controlled to control the concept according to the present invention, wherein the logic controller further receives the host verification module required for access. = Ben: The concept of the 'reservoir' further includes a list of building blocks formed by the ...-partition for indexing data. In accordance with the teachings of the present invention, a logical partition partitions, a general area of access. The system may be in accordance with the teachings of the present invention, wherein the logical segmentation system has access to a secure area. ~ External 7 200844840 In accordance with the concept of the present invention, the error log field. According to the concept of the invention, the hidden area of the login bar. Apparatus recognition mode according to the present invention conceiving partitions according to the teachings of the present invention wherein the secure area has a correct login field and wherein the secure area contains for correct storage wherein the access mode includes allowable access logic wherein the access mode includes the access inhibit logic A device-defined mode of the secret area of the partition. According to the concept of the present invention, the storage device includes a USB flash drive, a Secure Digital (SD) card, a Multi Media Card (MMC), and a flash drive. Another broad aspect of the present invention provides a method of controlling an external system access storage device having a logical partition including a general area and a secret area, the steps of which are as follows: a) requiring access to be stored in the logic The data in the partition; b) whether the data is stored in the general area or the secret area; c) when the data to be accessed is stored in the secret area, whether the external system is a pre-agreed device; d) setting the storage of the logical partition Take the mode; and e) output the data according to the set access mode. According to the concept of the present invention, the storage device further includes an archive configuration table formed by using a partial storage area for indexing the data entry field. According to the concept of the invention, the logical partition contains a general area accessible by the external system. 200844840 In accordance with the teachings of the present invention, a secure area accessible by the system in accordance with the teachings of the present invention. According to the concept of the invention, the hidden area of the login bar. The device identification mode according to the present invention contemplates a partition according to the present invention, wherein the logical partition includes an agreed external portion, wherein the secure region has a correct login field and wherein the secure region is included for storing correctly, wherein the access mode includes an allowable access logic The access mode includes a device-defined mode that prohibits access to the secret area of the logical partition. According to the concept of the present invention, there is further included the step of obtaining an error registration field when the external system is not a contracting device. In accordance with the teachings of the present invention, the method further includes the step of obtaining a correct login field when the external system appoints the device. According to the concept of the present invention, the storage device includes a USB flash drive, a Secure Digital (SD) card, a Multi Media Card (MMC), and a flash drive. [Embodiment] Some embodiments embodying the features and advantages of the present invention will be described in detail in the following description. The present invention is capable of various modifications in the various aspects of the invention and is not intended to limit the scope of the invention. Referring to Figure 2, an internal structural view of a storage device for an external system of the present invention is disclosed. The storage device (preferably a USB flash drive) includes a logic controller 21 in communication with the external system 20, a storage area 30, and a logic controller 21 including a host verification module 211 for receiving vendor commands from the external system 20. And an authentication setting module 212 for setting an access mode, which will be described in detail in the following description. The storage device provides, in addition to the logic controller 21 and the storage area 30, a logical partition 40 formed using the first portion of the storage area 30 for storing archive data and a file configuration table (FAT) formed using the second portion of the storage area 30. 50, used to index file information. The logical partition 40 is divided into a general area 401 and a secret area 402. The file configuration table 50 is composed of a plurality of login columns of the same size, as shown in Figure 2, which contains information such as file structure, file address, and file attributes. The size of each login bar varies with the version of the file system (FAT16 or FAT32). Each login field corresponds to an area of the same address, and the area stores the file pointed to by the login field. Whenever the storage device is connected to the external system 20, the external device 20 can arbitrarily access the general area 4 (Π. However, only when the storage device is connected to the agreed external system 20, the secure area 402 can be stored in the external system 20. In addition, the security area 402 is set to a specific logical address, and the location of the login field of the 200844840 file configuration table 50 corresponding to the device is stored, and the FAT information pointing to the correct address is stored in the hidden area 4021 of the security area 402. The FAT information pointing to the error address of the security area 402 is stored in the login field position of the original correct FAT information in the file configuration table 50. Similarly, the general area 401 is also set to a specific logical address. Furthermore, the authentication setting module 212 The secure area 402 of the logical partition 40 is set to the device identification mode or the device limited mode according to a signal from the logic controller 21. When the host verification module 211 of the logic controller 21 receives a vendor command that is not recognized by the external system 20. Requesting access to the secure area 402 of the logical partition 40, and the external system 20 confirms the non-agreed system, the secure area 402 is set to In the defined mode, the access requirements are not allowed. In other embodiments, the external system 20 confirms the non-contracted system in the absence of a vendor command, such that the secure area 402 cannot be accessed. If the logic controller 211 can recognize the vendor command sent from the external system 20, the communication protocol for accessing the secure area 402 is issued, and the secret area 402 is set to the device identification mode. Referring to 3A and 3B, the control of the present invention is disclosed. A flowchart of a method for accessing the storage device, as shown in step S31 of FIG. 3A, provides an external system 20 - a storage device. The file configuration table 50 is accessed to query the login field of each file in step S32. Thereafter, the external system 20 Further requesting access to the file is as shown in step S33 of FIG. 3A. Next, it is determined whether the file requested to be accessed is stored in the security area 402, as in step S34. It is assumed that the request for access is cautious in an area 401 of 11 200844840, The file requested to be accessed can be successfully found and output, as shown in step S35 of FIG. 3A. It is assumed that the file to be accessed is stored in the secure area 402, step S. 34, another approach will be taken, starting with step S41 of Figure 3A. The external system 20 transmits the vendor command to the logic controller 21. In other embodiments, the vendor command varies with the external system, possible factors Other factors including different manufacturers/manufacturers, operating systems, versions, etc. In step S42, the host verification module 211 of the logic controller 21 further confirms whether the vendor command is sent from the agreed external system. In step S43, if the manufacturer The command is sent from the non-contracted external system, and the authentication setting module 212 sets the security area 402 to be in the device-defined mode, and can only obtain the incorrect login field in the file configuration table, as in step S44. Since the error login column points to the wrong file address, an incorrect file output is caused, as shown in step S45 of FIG. 3A. Moreover, in the absence of vendor commands, external system 20 is considered a non-contracted system such that privacy zone 402 cannot be accessed. On the other hand, assuming that the vendor command confirms the delivery from the agreed external system, step S42 is directed to the other path, from A in Fig. 3A to step S51 in Fig. 3B. Please refer to FIG. 3B. In step S51, the logic controller 21 transmits a communication protocol to cause the secure area 402 to switch to the device identification mode. Therefore, the security area 402 of the logical partition 40 has been de-restricted in the device identification mode, as by step S52. The correct login field pointing to the correct address of the file requested for access may be obtained from the hidden area 4021 of the secure area 402, as in the case of 12 200844840 S53. Successfully outputting the file to be accessed, completing the operation flow of the entire access control, as shown in step S54 of FIG. 3B. In summary, the present invention provides a secure storage device and a control method thereof, and the non-contracted external system cannot obtain the file. The correct address of the data greatly enhances the security of the confidential data file. The present invention is not only compatible with existing file systems, but also utilizes a logical controller and a file configuration table containing a series of login fields pointing to file addresses to effectively control access to archive data stored in a secure area. Non-contracted external systems can only access archives stored in general areas. When a non-contracted external system attempts to access a file stored in the protected area, only the wrong login block pointing to the wrong file location can be obtained. The correct login field for indexing archives is stored in a secure area and can only be accessed by an agreed external system. The host controller verification module of the logic controller is used to record various vendor commands to distinguish which external systems are not intended. The invention can be widely applied to USB flash drives, SD cards, MMCs, and flash flash drives. Different from the prior art, the direct reading and writing of the storage device and other operations are allowed. The present invention prohibits improper access to the confidential file in the storage device, not only solves the problem of the potential security vulnerability, but also prevents the file from being read and written. In the process, it is stolen by people who are interested, so that the security mechanism of the storage device is perfect. The present invention has been described in detail by the above-described embodiments, and may be modified by those skilled in the art, without departing from the scope of the appended claims. 13 200844840 BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic flow chart of a conventional host dependent behavior; FIG. 2 is a structural diagram of a storage device for an external system of the present invention; and FIGS. 3A and 3B disclose another preferred embodiment of the present invention. A flow chart for controlling the storage device. [Main component symbol description] 20 External system 21 Logic controller 211 Host verification module 212 Authentication setting module 30 Storage area 40 Logical partition 401 General area 402 Confidential area 4021 Hidden area 50 File configuration table S31~S54 Step 14