200928738 九、發明說明: 【發明所屬之技術領域】 本發明是有關於一種儲存裝置操作控管方法’且特別是有 關於一種可設定檔案系統或視窗系統操作類型以控管資訊儲 存裝置操作之方法。 【先前技術】 =隨插即用的人性化特性卻考驗著資訊系統管理者的控管 内二如何有效運用企業網路架構實施遠端 Ξ管與權限設定,以及以直接設定於隨身 可攜式資訊儲存裝置的控管機制來開放或 点斗、一 :> #的存取型態’進而防止資訊儲存裝置的合法 對於企業中資訊部門的資訊系統管理者而言,無論是研發 籲工程師或業務類從業同仏對内與對外的資訊傳遞與分享的安 全控管,都是相當不易達成卻不可忽視的重點卫作項目。缺 而,因應電腦化趨勢與網路環境暢通所衍生的儲存資料量成長 與資訊傳播問題,可機式或外接式的資訊儲存裝置的便於播帶200928738 IX. Description of the Invention: [Technical Field] The present invention relates to a storage device operation control method, and in particular to a method for setting a file system or a window system operation type to control the operation of an information storage device . [Prior technology] = The plug-and-play humanization features test the control system administrator's control how to effectively use the enterprise network architecture to implement remote management and permission settings, and to directly set to portable The information storage device's control mechanism to open or click, one: &#; access type' to prevent the legality of the information storage device for the information system administrator of the information department in the enterprise, whether it is a research and development engineer or The security management of information dissemination and sharing between internal and external business is a key security project that is difficult to achieve but cannot be ignored. Insufficient, in response to the trend of computerization and the smooth flow of the network environment, the growth of stored data and information dissemination issues, the easy-to-use tape of machine-based or external information storage devices
發月提供之資訊儲存裝置操作控管方法,能夠藉由在遠 5 200928738 =ί ^減_作描述稽 :::進而亀密與杜絕資訊儲 徵中=』=二目:和優點可以從本發明所揭露的技術特 實施是其他目的’本發明- 鲁 〇 處理方式類型ί4摔;=;描述檔内容可以包含容許操作及 控u訊儲存裝置的掛載/却載與資料存取結果。 實雜ίίΐΐ之—或部份或全部目的或是其他目的,本發明一 取=處理類型’以控管資訊儲存裝置的掛載/卸载與資料存 在二 == 6 200928738 置的資訊控管與保護機制。 懂,述和其他目的、特徵和優點能更明顯易 下文特舉較佳實施例,並配合所關式,作詳細說明如下。 【實施方式】 配人明之前述及其他技術内容、特點與功效,在以下 • CT麥考圖式之一較佳實施例的詳細說明中將可清楚的呈 現0 Ο Ο 法細Γ·!’本發明—實闕之資訊儲存裝作控管方 程各步驟如圖所示。首先,於步驟SU0,系統管理 端資訊處理系統設定一操作描述檔後並送至-客 :端貝訊處理线儲存,操作描述_容可以包含容許操作及 型ΐ禁制操作及處理方式類型,而這些容許操作及 處理方式類魏含騎資補絲置(在 3外接式磁碟)的檔案系統或視窗系統容許操二= ,處理方式,❹允許·(Gpen)、新增(咖te)、讀取( ^入㈣e)特定格式檔案(例如“ doe為副槽名的槽案声後 細節描述’或是描述在特定條件下(例如符合所限 制的樓案大小)寫人特定格式㈣及處理方式,以及啟用特定 工具列操作選項相對應㈣,例如於微軟的轉應用 WORD域窗欲翻工具列的另存或列印等操作選項時,可 控制相對應子視窗的啟m面,禁制操作及處理 型可以包含對於㈣簡存裝置㈣系統或視窗系統不容g 操作之程序_,例如禁侧啟、禁騎增、制讀取與 寫入特定格式檔案與處理方式(例如不允許以Aut0CAD'鱼The information storage device operation control method provided by the monthly payment can be described in the far-reaching 5 200928738 = ί ^ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ The disclosed technical implementation is for other purposes 'the present invention - the reckless processing type ί4 falls; =; the description file content may include the allowable operation and control of the mount/load and data access results of the storage device. </ br> </ br> </ br> <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br> mechanism. The above, and other objects, features and advantages will be more apparent. The preferred embodiment will be described below, and the detailed description is as follows. [Embodiment] The above-mentioned and other technical contents, features and effects of the human beings will be clearly shown in the following detailed description of a preferred embodiment of the CT study format. Invention - The actual steps of the information storage and control equations are shown in the figure. First, in step SU0, the system management terminal information processing system sets an operation description file and sends it to the guest: the terminal processing line storage, and the operation description_capacity may include the allowable operation and the type of operation and processing mode, and These allowable operations and processing methods are included in the file system or window system of the Wei-Hui Threading (in 3 external disks). The processing method, ❹ permission, (Gpen), new (coffee), Read (^ into (4)e) a specific format file (for example, "doe is a detailed description of the slot name of the sub-slot name" or describe the specific format (4) and processing under certain conditions (such as conforming to the size of the restricted building) The way, as well as the specific toolbar operation options (4), for example, when Microsoft's application WORD domain window wants to flip the toolbar's save or print operation options, you can control the corresponding sub-window, the prohibition operation and The processing type may include a program that does not operate on the (4) system or the window system, such as forbidden side, no-ride, system read and write, and format (for example, not allowed to be Aut) 0CAD' fish
Adobe W咖等應_錄圖賴取後另相以竄改^ 7 200928738 ί 5 述在特定條件下(例如超過所限制的檔案大小) 不制寫人特疋格紹案及處财式(例如發料告通知 :=Γ儲存裝置使用者的主管),以糊啟用。特ϊ 項:對;對應視窗’例如不允許另存或列印等操作選 未經允許而備份或外流。 #訊儲存裝置内部機密資料 咨實施例’於步驟S12G將資訊儲存裝置連接到客戶端 經過驗證與掛載’然後於步驟si3〇在資訊儲 Ο ❹ ίϊίί 戶端資訊處理系統期間,客戶端資訊處理系統 比對使用者的操作類型,以控管主從式架 構下資訊儲存裝置的掛載/卸載與資料存取結果。 齡說_作描述㈣容’圖2為本發明操作描述 檔之虛擬程式碼與範例之實施示意。如圖所示,第一部份幻 伤22分別為檔案系統與視窗系統操作程序及處理方 ^23 &第四部份24分別為檔案系統與視 :作程序及處理方式程式範例。其中,第—部份21的 ’定211到214的意義分別是開啟(〇pen)、新增(_&)、 ^^ead)與寫入(write)特定格式槽案,其中的朽㈣繼處指 二操作檔案名難路徑,A_ute處描述職屬性為唯讀、可 讀寫或隱藏槽,Length處職述财大小㈣。因次 到233因為處理方式指定為ST〇p與alert而分別代表 =止對於WORD _職崎“、禁止寫人纽丨Mega y:s之檔案以及寫入w〇RD類型檔案時發送通知給管理者 ^制操作及處理方式。請再參閱圖2,第二部份22的格式 =221代表啟用(Ac㈣由咖處指定的特定工具列功能操 k項相對應子視窗,例如由範例241與242因為處理方式指 8 200928738 $ ί 虛而i相代表禁止啟用另存與列印等工具列功能操 窗’因此可限制使用者完成隨身碟内部播案 等:^儲^二^’從而防止資料任意外流並有效控管隨身碟 4貝戒儲存攻備的操作與存取方式。 太;圖3’本發明另—實補之資訊儲存裝置操作控管 方法細&程各步驟如圖所示。首先,於 ^=用者一資訊儲存裝置供其使用,其中= ❺ 〇 咨:i二ί者先設定的操作描述檔;接著於步驟_,在 理用客戶端資訊處理系統期間,客戶端資訊處 系統㈣描述檔持續輯使用者賴作_,以控 =儲存裝置的掛載/㈣與f料存取結果。在此實施例^,操 及?以包含容許操作及處理方式類型與禁制操作 =理方式_,而且這些料操作及處理方式翻包含對於 =訊儲存裝置(在此可以是俗稱為隨身碟的外接式磁碟)的檀 案系統或視窗系統容許操作的程序類型與處理方式,例如允 開啟、新增、讀取與寫入特定格式樓案(例如以d〇c為副射 =檔案)與後續處理方式細節描述,或是描述在特定條件^ 如符合所限·㈣大小)寫人特定格式難及處理^ 及啟用特定工具列操作選項相對應視窗。 承上實施例,禁制操作及處理方式類型可以包含 ^儲存裝m視窗系統;^容許操作之財翻i二 不制開啟、禁制新增、禁制讀取與禁制寫人特定格式槽案 理方式’歧描述在特紐件下(例如超過所限_ 特ί格式檔案及處理方式(例如發送警告通知給系統 者或此資滅存裝置使用者的主管),以及禁制啟用 工具列操作選項相對應視窗,例如不允許於微軟編輯應用程式 9 200928738 WORD 或 AutoCAD 與 Adobe Writer 等繪圖或閱 視窗選用工具列的另存或列印等操作選項而 P程式又 ::以控管此資訊儲存裝置内部機密資料未經允許二::: 更進-步來看’容許操作域理方式類顺該 類型還可以包含對於隨身碟容許與禁制 ❹ Ο „作或禁作及處理方式類型來控制=== $貝訊處理系統㈣為使歸名稱、密碼 與存取控财案之相其他實财式。 ^等掛載 雖财發明已以較佳實_揭露如上,然其 本發明,任何熟習此技藝者,在傾離本㈣ 2 内,當可作些許之更動與潤飾,因此本 = 附:申請專利範圍所界定者為準。另外本=== 申明專利範圍不須達成本發明所揭露之全部目的或優點或^ 點。此外,摘要部分和標題僅是时辅助專利 之^, 並非用來限制本發明之權利範圍。 寻之用, 圖式簡單說明】 圖1為本發明—實關之資訊儲存裝置操作控管 程圖 圖2 示意圖。 方法流 為本發明—實_之操作描_虛絲式碼與範例 程圖 圖3為本㈣—實_之資_存裝置猶控管方法流 200928738 【主要元件符號說明】 S110、S120、S130 :本發明一實施例之資訊儲存裝置操作控管 方法各步驟 21 :操作描述檔第一部份 211、212、213、214、221 :格式定義 22 :操作描述檔第二部份 23 :操作描述檔第三部份 231、232、233、241、242 :程式範例 24 :操作描述檔第四部份 w S310、S320 :本發明另一實施例之資訊儲存裝置操作控管方法 各步驟 Ο 11Adobe W, etc. should be _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Notice of notice: = 主管 storage device user's supervisor), enabled by paste. Special item: Yes; corresponding window ' For example, operations such as saving or printing are not allowed to be backed up or outbound without permission. #存存装置内密密信息咨询实施例 'Connecting the information storage device to the client after verification and mounting in step S12G' and then in step si3 during the information storage system, client information processing The system compares the type of operation of the user to control the mounting/unloading and data access results of the information storage device under the master-slave architecture. Age _ for description (four) capacity </ RTI> Figure 2 is a schematic diagram of the implementation of the virtual code and examples of the operation description file of the present invention. As shown in the figure, the first part of the illusion 22 is the file system and the window system operating program and the processing unit ^23 & the fourth part 24 respectively are the file system and the visual: program and processing mode program examples. Among them, the meaning of the first part of the 'set 211 to 214 is open (〇pen), new (_&), ^^ead) and write (write) specific format slot case, where the (four) following The second operation file name is difficult to refer to, and the A_ute description job attribute is read-only, readable and writable or hidden slot, and the length of the job is (4). The reason is to 233 because the processing method is specified as ST〇p and alert, respectively. ==For WORD _ Osaki, the file is forbidden to write, and the notification is sent to the management when writing w〇RD type files. Please refer to Figure 2, the format of the second part 22 = 221 means to enable (Ac (four) specific toolbar function specified by the coffee shop corresponding to the sub-window, for example by examples 241 and 242 Because the processing method refers to 8 200928738 $ ί virtual and i phase prohibits the enable of the save and print toolbar function window, so it can restrict the user to complete the internal drive of the flash drive, etc.: ^^^^^^ to prevent arbitrary data outflow And effectively control the operation and access mode of the 4th ring storage attack of the flash drive. Too; Figure 3' The other part of the invention is the information storage device operation control method fine and the steps are as shown in the figure. , ^ = user information storage device for its use, where = ❺ 〇 :: i ί 者 first set the operation description file; then in step _, during the use of the client information processing system, the client information System (4) description file continues to use _, _, control = storage device mount / (four) and f material access results. In this embodiment ^, operate to include the allowable operation and processing mode type and prohibition operation = rational mode _, and these materials Operation and processing methods include the types of programs and processing methods that can be operated for the Tan file system or the window system of the semaphore storage device (which may be an external disk of the flash drive), for example, enabling, adding, and reading. Take and write a specific format (for example, d〇c as a secondary shot = file) and detailed description of subsequent processing methods, or describe in a specific condition ^ if it meets the limit (4) size, write a specific format difficult to handle ^ And enable the specific toolbar operation option window. In the embodiment, the prohibition operation and processing type can include ^ storage m window system; ^ allow the operation of the financial system i do not open, prohibit new, prohibit reading And the prohibition of writing a specific format slot method of 'discrimination' in the special key (for example, exceeding the limit _ special format file and processing method (such as sending a warning notice to the system or the user of the device) ()), as well as the prohibition enable toolbar operation options corresponding to the window, for example, Microsoft editing application 9 200928738 WORD or AutoCAD and Adobe Writer and other drawing or reading windows, such as the save or print operation options of the toolbar, and the P program :: Controlling the confidential information inside this information storage device without permission 2::: Further step-by-step to see 'Allowable operation domain type shun type can also include for the portable disk allow and prohibit ❹ „ „ The type of processing and processing method to control === $BeiXun processing system (4) to make the name, password and access control financial case other solid financial style. ^etc. Although the financial invention has been better _ exposed as above However, in the present invention, any person skilled in the art can make some changes and refinements in this paragraph (4) 2, and therefore this is subject to the definition of patent application. In addition, the present invention is not intended to limit the scope of the invention. In addition, the abstract sections and headings are only the accompanying patents, and are not intended to limit the scope of the invention. For the purpose of searching, the simple description of the figure] Fig. 1 is a schematic diagram of the operation control of the information storage device of the present invention. Method flow is the invention - actual operation diagram _ virtual silk code and sample process diagram 3 is (4) - real _ resources _ storage device control method flow 200928738 [main component symbol description] S110, S120, S130 The information storage device operation control method according to an embodiment of the present invention is each step 21: operation description file first part 211, 212, 213, 214, 221: format definition 22: operation description file second part 23: operation description The third part 231, 232, 233, 241, 242: program example 24: operation description file fourth part w S310, S320: another step of the information storage device operation control method according to another embodiment of the present invention Ο 11