200847006, v/v/w L」328twf.doc/n 九、發明說明: 【發明所屬之技術領域】 本發明是有關於一種儲存裝置、記憶卡存取裝置與其 讀寫方法,且特別是有關於一種具有安全性的儲存裝置、 S己憶卡存取裝置與其讀寫方法。 【先前技術】 記憶卡是一種數據儲存設備,其一般是以快閃記憶體 • 作為儲存媒體。快閃記憶體是一種電氣抹除式可編程唯讀 記憶體(EEPROM),其具有可寫入、可抹除、以及斷電 後仍可保存數據的優點,此外,快閃記憶體為非揮發性記 憶體(Non-Volatile Memory)的一種,其具有非揮發性記 憶體體積小、存取速度快、耗電量低的優點,且因^資料 抹除(Erasing)時係採用「一塊一塊」(B1〇ckbym〇'ck)抹 除的方式,所以具有操作速度快的優點。 由於記憶卡體積小容量大且攜帶方便,因此已廣泛用 _ 於個人重要資料的儲存。然而,當記憶卡不小心遺失時, 其所儲存的大量資料也可能隨之被盜用。 。、為解決此-問題,-般會在記憶卡帽存—驗證密碼 程式。當使肖者將記憶卡插至主機裝置時,使帛者必須在 域裝置上執行此驗證密碼程式。驗證密碼程式會將使用 者所輸入的密碼與儲存在記憶卡中的密碼進行比對。倘若 比對不成功或者未執行驗證密碼程式時,則主機 _到記憶卡中部分的記憶體空間,所以使用者無法讀取 儲存在記憶卡上的完整資料。偽若比對成功時,則使用者 5 200847006 uouzy ^j328twf.doc/n 可正常的使用整個記憶卡。 然而,在上述方式中,需將密碼讀取至記憶卡外(例 如在主機裝置上)來比對,因此增加了糾被破解的風險。 =者氣证始碼程式是在主機裝置上執行,因此即使沒有 岔碼亦可輕緖破解。基此’—旦驗雜碼程式或密碼被 破解後使用者資料就可能遭到盜用。 【發明内容】200847006, v/v/w L"328wf.doc/n IX. Description of the Invention: [Technical Field] The present invention relates to a storage device, a memory card access device and a method for reading and writing the same, and in particular A storage device with security, a memory card access device and a method for reading and writing the same. [Prior Art] A memory card is a data storage device that is generally a flash memory • as a storage medium. Flash memory is an electrically erasable programmable read-only memory (EEPROM) that has the advantage of being writable, erasable, and capable of saving data after power-off. In addition, the flash memory is non-volatile. One type of non-Volatile Memory, which has the advantages of small volume, low access speed, and low power consumption, and is used as a piece of material when erasing data (Erasing). (B1〇ckbym〇'ck) is erased, so it has the advantage of fast operation. Since the memory card is small in size and easy to carry, it has been widely used for the storage of important personal data. However, when a memory card is accidentally lost, a large amount of data stored therein may be stolen. . In order to solve this - problem, it will be stored in the memory card - verify the password program. When the reader is inserted into the host device, the latter must execute the verification password program on the domain device. The verification password program compares the password entered by the user with the password stored on the memory card. If the comparison is unsuccessful or the verification password program is not executed, the host _ goes to the memory space of the memory card, so the user cannot read the complete data stored on the memory card. If the comparison is successful, the user 5 200847006 uouzy ^j328twf.doc/n can use the entire memory card normally. However, in the above manner, the passwords need to be read out of the memory card (e.g., on the host device) for comparison, thus increasing the risk of hacking. = The gas code start code program is executed on the host device, so even if there is no weight, it can be cracked. Based on this, the user data may be stolen after the code program or password is cracked. [Summary of the Invention]
.本發明提供一種儲存裝置,其可降低密碼與所加密之 _貧料被破解的風險。基此,避免儲存於記憶卡中的使用者 貧料在未經許可下被盜用。 本發明提供一種記憶卡存取裝置,其可降低密碼盘所 力:密之資雜賴險。基此,避総存於記憶卡中的 使用者資料在未經許可下被盜用。 本發明提供一種用於儲存裝置的讀寫方法,盆可降低 加密之資料被破解的風險。基此,避免儲存於儲 子衣置中的使用者資料在未經許可下被盜用。 本發明提供一種用於記憶卡存取裝置的讀寫方法 I降低密碼與所域之㈣被破解賴險 ς 存於記憶卡巾的使时資料在未_可下被錢。錯 ^發明提出-種儲純置’包括非揮發性記憶體、控 ,加/解密單元。非揮發性記憶體分為根目錄區與 :’而根目錄區儲存密碼檔案,其中密碼槽案包括個人穷 連接至非揮發性記憶體,控制制以^ 儲存裝置的運似且透過通时面與域裝置進行通訊制 6 200847006 uouzy z3328tw£doc/n 加/解密單元配置在控制器中並且具有金鑰。其中,控制器 會監控是否有密碼檔案的寫人’並且當主機裝置的使用者 寫入密碼檔案時則會觸發密碼比對動作。在密碼比對動作 中控制為會將使用者所輸入的密碼與儲存在密碼構案中的 個人密碼進行崎以輕使用者的身份,並且倘若使用者 所輸入的密碼與儲存在密碼檔案中的個人密碼相符時則允 許使用者存取資料區中的資料,而倘紐用者所輸入的密 碼與,存在密碼餘巾的個人密碼不相符咖禁止使用者 存取貧料區巾的f料。加/職單元會使用金鑰對儲存在非 揮發性記憶體之資料區中的資料進行加密與解密。 μ 2發明之—實關巾,上述之非揮紐記憶體為快 网5己體。 ϋ叫在,4月之貝施例中,上述之快閃記憶體為NAND 快閃記憶體。 發明之—實施例中,上述之顧界面為通用序列 匯抓排(UmVersal Serial Bus,USB )界面。 在本發明之一實施例中,上述之通用界面為卿㈣ 界面。 絲ί發種記憶卡存取裝置,包括控制器、記憶 ♦,加/解密單S。控制器用以比對儲存於 檔案的個人密碼並且控制記憶卡存取裝置 與控制器電性連接,其用以與記憶卡 訊。加/解密單元配置在控制器中並且具有金鑰。 7 200847006 d328twf.doc/n 用“:5::有检碼檔案的寫入’並且當主機裝置的使 時則會觸發密碼比對動作。在密碼比對 中的個會將使用者所輸人的密碼與儲存在密碼檔案 行比對以確認使用者的身份,並且倘若使 二與儲存在密碼檔案中的個人密碼相符時 則允较用者存取記憶卡巾的資料,而倘The present invention provides a storage device that reduces the risk of passwords and encrypted packets being compromised. Therefore, the user who is stored in the memory card is prevented from being stolen without permission. The present invention provides a memory card access device which can reduce the power of the password disk: the security of the secret. Based on this, the user data stored in the memory card is stolen without permission. The present invention provides a method for reading and writing a storage device, which reduces the risk of encrypted data being cracked. Based on this, the user data stored in the storage unit is prevented from being stolen without permission. The present invention provides a method for reading and writing a memory card access device. I reduce the password and the domain (4) is hacked. The data stored in the memory card is not available. The invention has been proposed to provide a non-volatile memory, control, and encryption/decryption unit. The non-volatile memory is divided into the root directory area and: 'the root directory area stores the password file, wherein the password slot case includes the personal poor connection to the non-volatile memory, and the control system is operated by the storage device. Communication with domain devices 6 200847006 uouzy z3328tw£doc/n The encryption/decryption unit is configured in the controller and has a key. The controller will monitor whether there is a password file writer' and trigger a password comparison action when the user of the host device writes the password file. In the password comparison action, it is controlled that the password input by the user and the personal password stored in the password configuration are carried out by the user, and if the password entered by the user is stored in the password file. When the personal password matches, the user is allowed to access the data in the data area, and if the password entered by the new user does not match the personal password of the existing password, the user is prohibited from accessing the material of the poor area. The add/drop unit encrypts and decrypts the data stored in the data area of the non-volatile memory using the key. μ 2 invention - the real off towel, the above non-window memory is the fast net 5 body. Howling, in the April example, the above flash memory is NAND flash memory. In an embodiment of the invention, the above interface is a Universal Sequence Bus (USB) interface. In an embodiment of the invention, the general interface described above is a clear (four) interface. Silk card memory card access device, including controller, memory ♦, add/decrypt single S. The controller is configured to compare the personal password stored in the file and control the memory card access device to electrically connect to the controller for use with the memory card. The encryption/decryption unit is configured in the controller and has a key. 7 200847006 d328twf.doc/n Use ":5::write with code file" and trigger the password comparison action when the host device is enabled. The user in the password comparison will enter the user. The password is compared with the password stored in the password file to confirm the identity of the user, and if the second password is matched with the personal password stored in the password file, the user is allowed to access the data of the memory card.
的密碼與_結碼㈣㈣個人料不树時财歧 1者 =,二中的資料。加/解密單元會使用金錄對儲存 在efe卡中的資料進行加密與解密。 在本發明之-實施财,上叙記憶卡為多媒體卡 (Multl Medm Card,MMC )、安全數位(Secure Digital 卡或精巧快閃(Compact Flash,CF )卡。 ’ 在本發明之-實施例中,上述之通用界面為通用序列 匯流排(Universal Serial Bus, USB)界面。 在本發明之-實施例中,上述之通用界面為脏拉綱 界面。 本發明提出一種用於儲存裝置的讀寫方法,此讀寫方 法包括:判斷非揮發性記憶體的根目錄區中是否存^二碼 檔案;倘若在根目錄區中存有密碼檔案時,則比^使^者 所輸入之密碼與在密碼檔案中的個人密碼是否相符;倘若 使用者所輸人之密碼與密碼齡中之個人密碼為=符時右 則允許使用者對非揮發性記憶體的資料區進行寫入作業或 讀取作業’以及倘若使用者所輸入之密碼與密碼槽案/中1 個人密碼為不相符時,則禁止使用者對非揮‘性‘二體的 8 200847006 uouzy z^328twf.doc/n 資料區進行寫入作業或讀取作業。 在本發明之一實施例中,當進行該寫入作業時,上也 之儲存裴置會先以儲存於其中的金鑰來加密欲寫入的= 料,然後再將加密後的資料儲存於該資料區中,並且冬二 行讀取作業時’儲存裝置會先以金絲解密欲讀取二次 料’然後再傳送該資料。 貝 ^本發明提出一種用於記憶卡存取裝置的讀寫方法,此 讀寫方法包括:判斷記憶卡的根目錄區中是否存有密 案;倘若在根目錄區中存有密碼標案時,則比對使二者二 輸入之密碼與在密碼樓案中的個人密碼是否相符蚀 用者所輸入之密碼與密碼槽案中之個人密碼為相符時= 允较用者對記憶卡的資料區進行寫入作業或讀取、】 以及倘若使用者所輸人之密碼與密碼構案中之 ^ 業則禁止使用者對記憶卡的資料區進行寫Si 寫入的資料,麸後再將力。、 、i輪來加密欲 且錢的資料儲存於資料區中,If 且备進仃碩取作業時,記憶卡存人甲亚 欲讀取的資料,然後再傳送取衣置會先时输來解密 本發贿提出之儲魏置是使 個人密碼與金齡倾:雜 衣置内的 在儲存裝置内進行。因此,可降加密是 破解的風險。基此,更強化‘中;資料被 200847006 ^J328tw£doc/n 本發明所提出之記憶卡存取裝置是使用記 記取裝置之金絲保護資料,並且 可降柄二^加被疋在記億卡存取裝置内進行。因此’ 了 碼與所加密的資料被破解的風險。基 德卡巾之㈣的保護。 文强化 触所提出之讀寫方妓使用儲存裝置中之個人穷 :與力:金鑰來驗證使用者與加密儲存在儲存裝“ 枓。因此,可更強化儲存裝置中之資料的保護。 為讓本發明之上述特徵和優點能更明顯易懂,下 ,一些實施例’並配合所附圖式,作詳 、 【實施方式】 為讓本發明之上述和其他目的、特徵、和優點能明 下了文特舉一些實施例’並配合所附圖式,作詳細 第 塊圖 實施例 圖1是根據本發明第-實施騎示儲存裝置⑽的方 請參照圖卜儲存裝置100包括—控制器1〇2盥 揮發性記憶體104。 、 $ 非揮發性記憶體104包括一根目錄區1〇6與一資料 ⑽。根目錄區1〇6會儲存一密碼槽案贿。使用者可^ 一個人密碼儲存在密碼難驗中,其中個人密碼是用^ 驗證使?者身份。資料區⑽包括多個記憶胞驗,其月 以健存資料。非揮發性記憶體刚例如是快閃記憶體或美 200847006 uov^y ^3328twf.doc/n =儲存媒介。在本實施例非揮發性記憶體〗The password and _ knot code (four) (four) personal materials do not tree when the fiscal difference 1 =, the information in the second. The encryption/decryption unit encrypts and decrypts the data stored in the eDe card using the gold record. In the present invention, the memory card is a multimedia card (Multl Medm Card, MMC), a secure digital card (Secure Digital card or a Compact Flash (CF) card. In the embodiment of the present invention - The universal interface is a Universal Serial Bus (USB) interface. In the embodiment of the present invention, the general interface is a dirty interface. The present invention provides a method for reading and writing a storage device. The reading and writing method includes: determining whether the second code file is stored in the root directory area of the non-volatile memory; if the password file is stored in the root directory area, the password and the password entered by the ^^ Whether the personal password in the file matches; if the user enters the password and the password in the age of the password is =, the right allows the user to write or read the data area of the non-volatile memory. And if the password entered by the user does not match the password/file password, the user is prohibited from writing the 8200847006 uouzy z^328twf.doc/n data area of the non-swinging In an embodiment of the present invention, when the writing operation is performed, the upper storage device first encrypts the material to be written with the key stored therein, and then The encrypted data is stored in the data area, and when the winter line reads the job, the storage device first decrypts the secondary material with the gold wire and then transmits the data. The present invention proposes a method for The method for reading and writing the memory card access device includes: determining whether there is a secret file in the root directory area of the memory card; if the password is stored in the root directory area, the comparison makes the two If the entered password matches the personal password in the password building case, the password entered by the user matches the personal password in the password slot case = the user is allowed to write or read the data area of the memory card. , and if the user enters the password and password structure, the user is forbidden to write the information written in the data area of the memory card, and the bran will force again. And the money data is stored in the data area, If And when you are ready to take the homework, the memory card will be stored in the information that you want to read, and then the transfer will be sent to the store. The first time you lose it, you will be able to decrypt it. The inside of the garnish is carried out in the storage device. Therefore, the encryption can be reduced, which is a risk of cracking. Therefore, it is more intensive; the data is used by the memory card access device proposed by the present invention 200847006 ^J328 tw. The gold wire protection data of the device is recorded, and the handle can be lowered and the quilt is carried in the card reader. Therefore, the risk of the code and the encrypted data is cracked. The protection of the Kidd card towel (4) The text is enhanced by the readers who use the storage device to use the personal poor: the force: the key to verify the user and the encrypted storage in the storage device. Therefore, the protection of the data in the storage device can be further enhanced. The above described and other objects, features and advantages of the present invention will become apparent from the accompanying drawings. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT(S) Illustrated in the accompanying drawings, FIG. 1 is a first embodiment of a bicycle storage device (10) according to the present invention. The device 1〇2盥 volatile memory 104. The non-volatile memory 104 includes a directory area 1 〇 6 and a data (10). The root directory area 1〇6 will store a password slot. The user can ^ a person's password stored in the password is difficult to check, where the personal password is to use ^ to verify the identity of the person. The data area (10) includes a plurality of memory cells, and the monthly data is stored. The non-volatile memory is just for example a flash memory or US 200847006 uov^y ^3328twf.doc/n = storage medium. Non-volatile memory in this embodiment
快閃記憶體。 AND 控制器102用以控制整個儲存裝置刚的運作並 匕-通用界面(树示)與-主機裝置15G通訊。押制哭 102包括-加/解密單元搬a。加/解密單元聰且有= =亚且加/解密單元腿會使用此金錄對在非揮發性記 fef 104之貧料區⑽中的資料進行加/解密。以下^配人 圖式詳細說明儲存裝置100的運作。 _ 口 圖2疋根據本發明實施例緣示在儲存裝i 100中驗噔 使用者身份的流程圖。 " 請參照圖i與圖2,當將儲存裳置1〇〇插入主 150 (或與主機裝置15G連接)而啟動時,則 ⑽ 的控制器搬會讀取根目錄區刚中的資訊,並且尋 放使用者個人密碼的密碼檔案(作業S201)。在作業S203 :安器102找到此密碼槽案之後,其會記錄此密碼 ,木的叢集(dUSte〇並处控是否有此密碼職的寫入。 虽主機裝置15〇的使用者寫入此密碼稽案時,則會觸發穷 ,,驗證請求(作業S2G5)。而使用者寫人於密碼二 案的負料即為欲比對的個人密碼(作業)。 當控制器102接收到從主機裝置15〇中傳來之所輸入 的個人密碼之後’控制器1〇2會從在根目錄區1〇6中記錄 ,碼標案的叢集中讀取密碼槽案,並且將所接收到的個人 後碼與在密碼檔案中所讀取的個人密碼進行比對以確認使 用者身份(作業S209)。倘若比對成功時’則控制器1〇2 11 200847006Flash memory. The AND controller 102 is used to control the operation of the entire storage device and communicate with the -host device 15G. The escaping cry 102 includes an add/decrypt unit to move a. The encryption/decryption unit Cong and the == sub-addition/decryption unit legs use this record to encrypt/decrypt the data in the lean zone (10) of the non-volatile note fef 104. The following diagrams detail the operation of the storage device 100. Figure 2 is a flow chart showing the identity of the user in the storage device i 100 in accordance with an embodiment of the present invention. " Referring to Figure i and Figure 2, when the storage device is inserted into the main 150 (or connected to the host device 15G) and started, the controller of (10) will read the information in the root directory area. And the password file of the user's personal password is found (job S201). In operation S203: after the security device 102 finds the password slot case, it will record the password, the cluster of wood (dUSte〇 and control whether there is a write of the password job. Although the user of the host device 15〇 writes the password In the case of the case, the poor, verification request is triggered (job S2G5), and the user writes the password in the second case as the personal password (job) to be compared. When the controller 102 receives the slave device After the personal password entered in 15〇, the controller 1〇2 will record from the root directory area 1〇6, read the password slot in the cluster of code labels, and will receive the individual after the password. The code is compared with the personal password read in the password file to confirm the identity of the user (job S209). If the comparison is successful, then the controller 1〇2 11 200847006
ObOz^ ^i328twfdoc/n 二二宜衣i 150可對非揮發性記憶體104進行完整的 :貝厂,、、入作業(作業S2U)。倘若比對不成功時,則抑 制益102僅允許主機裝置15〇讀取根目錄區1〇6,對於= 他項取動作控制器102皆會以0x00作回應(S213)。八 ,本發明實施例巾,倘若控制器1〇2在根目錄區 j哥不到密碼樓案時,則控制器搬會判斷個人密碼未 設定。因此,主機裝置150可對非揮發性記憶體1〇4進ObOz^ ^i328twfdoc/n Two-two Yiyi i 150 can complete the non-volatile memory 104: shell factory,, and into operation (work S2U). If the comparison is unsuccessful, the suppression benefit 102 only allows the host device 15 to read the root directory area 1 〇 6, and the YES action controller 102 responds with 0x00 (S213). 8. In the embodiment of the present invention, if the controller 1〇2 is in the root directory area, the controller moves to determine that the personal password is not set. Therefore, the host device 150 can enter the non-volatile memory 1〇4
完整的讀取與寫入作業。 *根據本發明實施例,當控制器1〇2在根目錄區1〇6中 搜尋不到密碼檔案而判斷個人密碼未設定時,則控制器 102允許主機裝置150在根目錄區1〇6中寫入新的密碼檔 案來設定個人密碼以保護儲存裝置1〇〇。另外,當身份確 認成功之後,控制器102亦允許主機裝置15〇在根目錄區 106中寫入取代舊密碼檔案的新密碼檔案來設定新的個人 密碼以保護儲存裝置1〇〇。 圖3是根據本發明實施例繪示在儲存裝置1〇〇中確認 身份成功之後讀寫此儲存裝置1〇〇的流程圖。 請參照圖1與圖3,根據本發明實施例,當身份確認 成功之後,倘若主機裝置150欲寫入資料至非揮發性記憶 體104的資料區108(作業S3〇la)時,則加/解密單元102a 會先以其所儲存的金鑰來加密欲寫入的資料(作業 S303a),之後再將加密後的資料儲存至資料區log中(作 業 S305a)。 請參照圖1與圖3,當身份確認成功之後,倘若主機 12 200847006 ^J328twf.doc/n 裝置150欲從非揮發性記憶體1〇4的資料區1〇8中讀取資 料(作業S3〇lb)時,則加/解密單元i〇2a會先以其所儲 存的金鑰來解密欲讀取的資料(作業S3〇3b),之後再將已 解密後的資料傳送至主機裝置15〇 (作業S3〇5b)。 在本發明實施例中,控制器102更可包括一記錄區(未 '、、曰示)其用以兒錄禮碼比對失敗的次數,並且當失敗次 數超過預先3又疋的門模值(例如3次)時,則記憶卡將 % 被鎖住並且儲存於其中的資料將無法再被使用。 士根據本發明實施例,使用者必須先經過身份確認才可 讀取儲存在記憶卡中的資料。再者,儲存在記憶卡中的資 料會以存放在硬體的金鑰來加密,因此儲存在根據本實施 例的§己憶卡中的資料可受到更安全的保護。 圖4是根據本發明第二實施例繪示記憶卡存取裝置 400的方塊圖。 睛芩照圖4,記憶卡存取裝置4〇〇包括一通用界面 響 402、一記憶卡界面4〇4與一控制器4〇6。 通用界面402用以與一主機裝置450通訊。通用界面 402可以是USB界面、IEEE1394界面或其他資料通訊介 面。 纪憶卡界面404用以與所插入的記憶卡440通訊,j: 仰M MMC卡,卡、CF卡或其組合的通訊界面^ 控制器406用以控制記憶卡存取裝置400的運作,A 中控制ϋ包括-加/解密單元4嶋,崎在所插入之記 丨思卡440中的育料進行加/解密。以下將詳細說明記憶卡存 13 200847006 ^3328twf.doc/n 取裝置400的運作。 請參照圖2與圖4,當將記憶卡440插入與主機裝置 450連接的記憶卡存取裝置4〇〇時,則控制器4〇6會在記 億卡440的根目錄中尋找存放使用者個人密碼的密碼檔案 (S201)。當控制器4〇6找到此密碼檔案後,其會記錄此 密碼槽案的叢集(S203)並且監控是否有此密碼檔案的寫 入。當主機裝置450的使用者寫入此密碼檔案時,則會觸 • 發密碼比對的驗證請求(作業S205)。而使用者寫入二密 碼檀案的資料即為欲比對的個人密瑪(作業。 當控制器406接收到從主機裝置450中傳來之所輸入 的個人密碼之後,控制器概會從在記憶卡中記錄密碼播 案的叢集中言買取密碼檀案,並且將從主機裝置45〇中所接 收到的個人密碼與密碼檔案中所記錄的個人密碼做比對以 確認使用者身份(S209)。倘若比對成功時,則控制器4〇6 會允許主機裝置450對記憶卡440進行完整的讀取^寫入 作業(S211)。倘若比對不成功時,則控制器4〇6會僅允 ’許主機裝置450讀取記憶卡440之根目錄的資料,^於主 機裝置450其他的讀取動作控制器4〇6皆會以〇χ〇〇回 (S213)。 μ 在本發明實施例中’倘若控制器406搜尋不到密碼檔 案時,則控制器406會判斷個人密碼未設定,並且控制二 406會允許主機裝置450對記憶卡44〇進行完整^取^ 寫入作業。 〃 根據本發明實施例,當控制器4〇6搜尋不到密碼檔案 200847006 ^3328twf.doc/n 而判斷個人密碼未設定時,則控制器460會允許主機裝置 450寫入新的密碼檀案至記憶卡44〇中來設定個人密碼以 保護記憶卡440。在本發明實施例中,當身份確認成功之 後,控制器460亦允許主機裝置45〇寫入取代舊密碼檔案 的新密碼檔案來設定新的個人密碼以保護記憶卡44〇。Complete read and write jobs. * According to the embodiment of the present invention, when the controller 1〇2 cannot find the password file in the root directory area 1〇6 and judges that the personal password is not set, the controller 102 allows the host device 150 to be in the root directory area 1〇6. Write a new password file to set a personal password to protect the storage device. In addition, after the identity confirmation is successful, the controller 102 also allows the host device 15 to write a new password file in the root directory area 106 in place of the old password file to set a new personal password to protect the storage device. FIG. 3 is a flow chart showing reading and writing of the storage device 1 after the identity is confirmed in the storage device 1 according to an embodiment of the present invention. Referring to FIG. 1 and FIG. 3, after the identity verification is successful, if the host device 150 wants to write data to the data area 108 of the non-volatile memory 104 (job S3〇la), then The decryption unit 102a first encrypts the data to be written with its stored key (job S303a), and then stores the encrypted data in the data area log (job S305a). Referring to FIG. 1 and FIG. 3, after the identity verification is successful, if the host 12 200847006 ^J328twf.doc/n device 150 wants to read data from the data area 1〇8 of the non-volatile memory 1〇4 (job S3〇) In the case of lb), the encryption/decryption unit i〇2a first decrypts the data to be read with its stored key (job S3〇3b), and then transfers the decrypted data to the host device 15 ( Job S3〇5b). In the embodiment of the present invention, the controller 102 may further include a recording area (not ', , and so on), the number of times that the user's recording code comparison fails, and when the number of failures exceeds the threshold value of 3 in advance (For example, 3 times), the memory card will be locked and the data stored in it will no longer be used. According to an embodiment of the present invention, the user must first confirm the identity to read the data stored in the memory card. Furthermore, the data stored in the memory card is encrypted with the key stored in the hardware, so that the data stored in the § memory card according to the present embodiment can be more securely protected. 4 is a block diagram showing a memory card access device 400 in accordance with a second embodiment of the present invention. Referring to Figure 4, the memory card access device 4 includes a general interface 402, a memory card interface 4〇4 and a controller 4〇6. The universal interface 402 is used to communicate with a host device 450. The universal interface 402 can be a USB interface, an IEEE 1394 interface, or other data communication interface. The memory card interface 404 is used to communicate with the inserted memory card 440, j: the M MMC card, the card, the CF card or a combination thereof. The controller 406 is used to control the operation of the memory card access device 400. The middle control unit includes an encryption/decryption unit 4, and the feed in the inserted 丨卡卡 440 is added/decrypted. The operation of the memory card is described in detail below. Referring to FIG. 2 and FIG. 4, when the memory card 440 is inserted into the memory card access device 4 connected to the host device 450, the controller 4〇6 searches for the storage user in the root directory of the card 440. Password file for personal password (S201). When the controller 4〇6 finds the password file, it records the cluster of the password slot (S203) and monitors whether or not the password file is written. When the user of the host device 450 writes the password file, the authentication request for the password comparison is touched (job S205). The data written by the user to the two passwords is the personal milma to be compared (job. After the controller 406 receives the entered personal password transmitted from the host device 450, the controller will The cluster recording password recording in the memory card purchases the password Tan case, and compares the personal password received from the host device 45〇 with the personal password recorded in the password file to confirm the user identity (S209) If the comparison is successful, the controller 4〇6 will allow the host device 450 to perform a complete read/write operation on the memory card 440 (S211). If the comparison is unsuccessful, the controller 4〇6 will only The host device 450 is allowed to read the data of the root directory of the memory card 440, and the other read operation controllers 4 to 6 of the host device 450 will be bypassed (S213). μ In the embodiment of the present invention If the controller 406 does not find the password file, the controller 406 determines that the personal password is not set, and the control 406 allows the host device 450 to perform a complete write operation on the memory card 44. Inventive embodiment, when controlling When the controller 4〇6 cannot find the password file 200847006 ^3328twf.doc/n and judges that the personal password is not set, the controller 460 allows the host device 450 to write a new password to the memory card 44 to set the individual. The password protects the memory card 440. In the embodiment of the present invention, after the identity confirmation is successful, the controller 460 also allows the host device 45 to write a new password file in place of the old password file to set a new personal password to protect the memory card 44. Hey.
根據本發明實施例,如圖3之⑻所示,當身份確認成 功之後,倘若主機裝置450欲寫入資料至記憶卡44〇 (S301a)時,則加/解密單元4〇6&會先以其所儲存的金鑰 來加密欲寫入的資料(S303a),之後再將加密後的資料經 由記憶卡界面404來儲存至記憶卡440中(S3〇5a)。 另外,如圖3之(b)所示,當身份確認成功之後,倘若 主機衣置450欲從記憶卡440中讀取資料時, 則加/解密單元406a會先以其所齡的麵來解密欲讀取 的貧料(S3G3b),之後再將已解絲的資料經由通用界面 402來傳送至主機裝置450 (S305b)。 >根據本發明實施例,使用者必須先經過身份確認才可 項取儲存在記針巾的倾。再者,儲存在記憶卡中的資 =^以存放在硬體的金錄來加密。因此,藉由使用根據本 =㈣的域卡存取裝置紐記憶卡鱗讀冑,此記惊卡 中的資料可受到更安全的保護。 综上所述,在本發明所提出具安全性的儲存裝置中, ^具^加/解密單元並且會在記憶體中爾_特殊密碼稽 一。土此,本發明的儲存裝置可驗證使用 所儲存的資料進行加密。因此,制者的資料^^ = 15 200847006 ^3328twf.d〇c/n 何=程ί機裝置端也不需要增加額外硬體設備 存取 存一特殊密碼財。从,太如=所插人的魏卡中儲 證使用者的身份並且二可驗 用者的資料可獲得更安全的保護。=订力口=因,使 需要增加額外硬體設備或修改任何驅動程式。衣置^也不 雖然本發明已以較佳實施例揭露如上=缺 ==之二所屬r領域中具有通常:識 =本發明之保護範圍當視後附之中請專者 【圖式簡單說明】 圖。圖1驗據本發明第-實施㈣讀存裝置的方塊 圖2是根據本發明實施例繪示在儲存裝置中驗證使用 者身份的流程圖。 、圖3是根據本發明實施例繪示在儲存裝置中確認身份 成功之後讀寫此儲存裝置的流程圖。 Θ 4疋根據本發明第二實施例繪示記憶 方塊圖。 【主要元件符號說明】 100 :儲存裝置 16 200847006 z,_)328twf.doc/ii 102 :控制器 102a :加/解密單元 104 :非揮發性記憶體 106 .根目錄區 106a :密碼檔案 108 :資料區 108a ··記憶胞 150 :主機裝置 S201、S203、S205、S207、S2U、S213 :作業 S301a、S301b、S303a、S303b、S305a、S305b :作業 400 ··記憶卡存取裝置 402 ··通用界面 404 :記憶卡界面 406 :控制器 406a :加/解密單元 440 :記憶卡 450 :主機裝置 17According to the embodiment of the present invention, as shown in (8) of FIG. 3, after the identity confirmation succeeds, if the host device 450 wants to write data to the memory card 44 (S301a), the encryption/decryption unit 4〇6& The stored key encrypts the data to be written (S303a), and then the encrypted data is stored in the memory card 440 via the memory card interface 404 (S3〇5a). In addition, as shown in (b) of FIG. 3, after the identity verification succeeds, if the host device 450 wants to read data from the memory card 440, the encryption/decryption unit 406a first decrypts the face of its age. The poor material to be read (S3G3b) is then transferred to the host device 450 via the universal interface 402 (S305b). > According to an embodiment of the present invention, the user must first confirm by identity to select the tilt stored in the stylus. In addition, the money stored in the memory card = ^ is stored in the hardware record to encrypt. Therefore, by using the domain card access device according to this = (4), the data in the card can be more securely protected. In summary, in the security storage device proposed by the present invention, the device is added/decrypted and will be in the memory. Thus, the storage device of the present invention can verify the use of stored data for encryption. Therefore, the manufacturer's information ^^ = 15 200847006 ^3328twf.d〇c/n What = the machine does not need to add additional hardware devices to access a special password. From the identity of the user who is in the card of the inserted person, and the information of the second verifiable person can be more securely protected. =The power port = cause, you need to add additional hardware devices or modify any driver. The present invention has not been disclosed in the preferred embodiment. The above is the absence of the above = the second is in the field of r, and the scope of protection of the present invention is the scope of protection of the present invention. 】 Figure. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a block diagram of a fourth embodiment of the present invention. Figure 2 is a flow chart showing the verification of the identity of a user in a storage device in accordance with an embodiment of the present invention. FIG. 3 is a flow chart of reading and writing the storage device after confirming the identity success in the storage device according to an embodiment of the invention. A memory block diagram is illustrated in accordance with a second embodiment of the present invention. [Main component symbol description] 100: storage device 16 200847006 z, _) 328 twf. doc / ii 102: controller 102a: encryption/decryption unit 104: non-volatile memory 106. Root directory area 106a: password file 108: data Area 108a · Memory cell 150: Host device S201, S203, S205, S207, S2U, S213: Jobs S301a, S301b, S303a, S303b, S305a, S305b: Job 400 · Memory card access device 402 · General interface 404 : Memory Card Interface 406: Controller 406a: Add/Decrypt Unit 440: Memory Card 450: Host Device 17