TW201117040A - Method of password management and identification adapted for trusted platform module - Google Patents
Method of password management and identification adapted for trusted platform module Download PDFInfo
- Publication number
- TW201117040A TW201117040A TW98137158A TW98137158A TW201117040A TW 201117040 A TW201117040 A TW 201117040A TW 98137158 A TW98137158 A TW 98137158A TW 98137158 A TW98137158 A TW 98137158A TW 201117040 A TW201117040 A TW 201117040A
- Authority
- TW
- Taiwan
- Prior art keywords
- verification
- code
- password
- electronic device
- user
- Prior art date
Links
Abstract
Description
201117040 TW98023GB 32297twf.doc/n 六、發明說明: 【發明所屬之技術領域】 本發明是有關於-種密碼管理與驗證方法, 有關於-種適用具有可信任安全平台模組(Τ’·: Platform Moduie,簡稱TPM)之電子裝置的密碼管理與驗 • 【先前技術】 隨著電腦與網路的普及,各種電腦系統 常生活中不可或缺的工具’同時也是工作時主要的 理工具。在資料儲存上,硬碟(HardDisk,HD)為目前儲 存裝置中具有最大容量的儲存裳置,同時也是最主要的資 料儲存裂置。因此,資料安全對於電腦的㈣者而言日趨 重要,隨著越來越多的駭客入侵、木馬程式,電腦資料外洩 風險也越來越高’且筆記型電腦攜帶容易、單價高、容易變現, • 也常是竊賊最好的下手目標。一旦資料外流,造成的損失往往 無法估&十且無法挽回。 目前最主要的資訊防護技術規格為信賴運算集團 CTrusted Computing Group,簡稱 TCG)所推廣的 TPM,包括201117040 TW98023GB 32297twf.doc/n VI. Description of the Invention: [Technical Field of the Invention] The present invention relates to a method for managing and verifying passwords, and relates to a module having a trusted security platform (Τ'·: Platform) Moduie (TPM) is the password management and verification of electronic devices. [Prior Art] With the popularity of computers and networks, tools that are indispensable in the life of various computer systems are also the main tools at work. In data storage, HardDisk (HD) is the storage device with the largest capacity in the current storage device, and it is also the most important storage storage. Therefore, data security is becoming more and more important for computer users. As more and more hackers invade and Trojan horse programs, the risk of computer data leakage is getting higher and higher, and notebook computers are easy to carry, high unit price, and easy. Realizing, • It is also often the best target for thieves to get started. Once the data is outflowed, the damage is often unpredictable and unrecoverable. At present, the most important information protection technology specification is TPM promoted by Trusted Computing Group (TCG), including TCG.
Intel、Acer、LBM、HP、AMD、Sony、Sun Micro 及微軟等資 訊大廠全球一線資訊大廠都支持這個協定^ TpM可直接對硬 碟或育料夾加密,被加密過的檔案除了需要密碼以外還需要 TPM晶片才能進行解密’因此就算使用者的密碼被駭客竊 取’由於骇客的電腦並沒有對應的TPM晶片,因此也無法竊 201117040 TW98023GB 32297twf.doc/n 取被加密的資料。 士二3 ™晶片加密的槽案會要求使用者手動輸入密碼後 2對公料職以供使用者使用,以及達到操作權限及使用 =、㈣等魏。然而’料料遺失也不料記,一旦遺 後碼,讀變無法挽回,會對使用者造成相當大的困擾。 【發明内容】 本發供-_碼管轉驗 =之電子裝置’此方法可自動根據麗料產生-組 隨身碟或莊芽穿置所Μ的裝置’如 孤牙衣置中,4隨身碟成為Tm的電匙。 ==憶密碼’只要將隨身碟或藍芽裳置連接至電 子裝=可開啟ΤΡΜ所加密之資料夹或硬碟,相當方便。 f ^ ^ ^ ^ W 'i ^ ^ ^式產,可將隨身碟等儲存裝 : ; = =證裝置’將其設定為的電子錄 加密之資料夾或硬碟藍芽裝置來開啟麗所 於具= 與驗證方法’適用 列牛驟,营本, 述密碼管理與驗證方法包括下 4:取It:上述電子裝置所連接的-驗證褒置; 別碼與,者密碼產生為—驗=硬體二 於上述驗證裝置或電子^ a私證碼儲存 ^于裝置中,使上边驗證裝置成為一電 201117040 TW98023GB 32297twf.doc/n 子鑰匙;當上述驗證裝置連接至上述電子裝置時,自動驗 證上述驗證碼是否正確,若上述驗證碼正確則自動解密上 述電子裝置所加密之一資料夾或一硬碟供使用者使用。 在本發明一實施例中,上述驗證裝置包括通用序列匯 流排(UniVersal SeriaI Bus,簡稱USB)隨身碟或該 tooth)裝置或行動硬碟。上述硬體識別碼包括產品序號或媒Information vendors such as Intel, Acer, LBM, HP, AMD, Sony, Sun Micro, and Microsoft all support this agreement. TpM can directly encrypt hard drives or educational clips. In addition to passwords, encrypted files are required. In addition, the TPM chip is required for decryption 'so that even if the user's password is stolen by the hacker', since the hacker's computer does not have a corresponding TPM chip, it is impossible to steal the encrypted data from 201117040 TW98023GB 32297twf.doc/n. The slot 2 encryption of the TM 2 TM chip will require the user to manually enter the password after 2 pairs of public jobs for the user to use, and to achieve operational authority and use =, (four) and so on. However, the loss of the material is not remembered. Once the code is left, the reading cannot be recovered, which will cause considerable trouble to the user. [Summary of the Invention] This is an electronic device for the - code tube test = this method can be automatically generated according to the material - the set of flash drive or the device that the Zhuang bud wears, such as a toothless garment, 4 flash drive Become the key of Tm. ==Recall passwords. Just connect the flash drive or Bluetooth to the electronic device = you can open the encrypted folder or hard drive, which is quite convenient. f ^ ^ ^ ^ W 'i ^ ^ ^, which can be used to store the flash drive, etc.: = = = The device is set to the e-mail encrypted folder or the hard disk Bluetooth device to open With = and verification method 'applicable column, the business, the password management and verification methods include the following 4: Take It: the above-mentioned electronic device connected - verification device; other code and password generated - test = hard The second verification device or the electronic verification code is stored in the device, so that the upper verification device becomes a 201117040 TW98023GB 32297twf.doc/n subkey; when the verification device is connected to the electronic device, the above verification is automatically verified. If the verification code is correct, if the verification code is correct, one of the folders or a hard disk encrypted by the electronic device is automatically decrypted for use by the user. In an embodiment of the invention, the verification device comprises a Universal Serial Bus (USB) flash drive or a Bluetooth device or a mobile hard disk. The above hardware identification code includes product serial number or media
體存取控制位址(Media Access Control address,簡稱 MAC • addreSS)。上述電子裝置包括筆記型電腦或桌上型電腦或行 動電話。 在本發明一實施例中,其中在偵測上述電子裝置所連 接的上迷驗澄裝置之步驟後,更包括詢問使用者是否將上 述驗證裝置設定為上述電子鑰匙。 、在本發明一實施例中,其中在將上述硬體識別碼與上 述使用者密碼編碼為上述驗證碼之步驟更包括要求使用者 輪入上述使用者密碼。 擊 在本發明—實施例中,其中在自動驗證上述驗證碼是 f正ί之步驟更包括驗證上述驗證裝置之硬體 與驗證碼相符》 本發明一實施例中,上述密碼管理與驗證方法更包 當上述驗證裝置自上述電子裝置移除時,關閉上述電 子裝置所加密之資料夾或硬碟。 牛在本發明一實施例中,其中在自動驗證上述驗證碼之 ^更包括當上述電子裝置自—休眠餘恢復至一正常狀 恝枯,重新驗證上述驗證碼。 201117040 TW98023GB 32297twf.doc/n 在本發明-實補t,射在自驗證上述驗證碼是 否正確之步驟中更包括谓測TPM是否開啟,若τρΜ未開 啟則忽略上述驗證碼。 '•在本發mm,其中在根據上述硬體識別碼與 上述使用者密碼產生為上述驗證碼之步驟更包括對上述驗 證碼加密。 在本發明-實施例中,其中上述電子聚置係利用τρΜ 對上述資料线上述硬麵行喊或驗。上述使用者密 碼為一 TPM密碼。 山 个七β另抆出一種密碼驗證方法,適用於I有可俨任 安全平台餘(TfUSted Platf_ M_ie> _ τρΜ)“ ,子裝置’上述密碼驗證方法包括下列步驟:首先,檢 查TPM是否開啟;若TPM開啟則偵 =上述電子裝置;自動檢查所連接之二^ 裝置中之-驗證碼是否正確4上述驗證碼正 自動觸而所加密之—資做或—硬碟供使用 八,月又提{£{種電腦程式產品,包括至少一程式指 L迷程式指令用以载人—電子裝置以執行下列步驟: 置裝置所連接的—驗證裝置;讀取上述驗證裝 «識別碼,根據上述硬體識別顺—使用者密碼 述電述驗證碼儲存於上述驗證裝置或上 驗述驗證裝置成為-電子鑰匙;當上述 立、連接至上逑電子裝置時,自動驗證上述驗證碼是 201117040 TW98023GB 32297twf.doc/n f正確,若上述驗證碼正確則自動解密上述電子裝置所加 密之一資料夾或一硬碟供使用者使用。 _本發明又提出一種電腦程式產品,包括至少一程式指 々上述私式指令用以載入一電子裝置以執行下列步驟: 铋查TPM是否開啟;若TPM開啟則偵測是否有一驗證裝 置連接至上述電子裝置;自動檢查所連狀上述驗證裝置 或電子裝置中之一驗證碼是否正確;若上述驗證碼正確, 則自動解密TPM所加密之L域—硬碟供使用者使 用。 基於上述,本發明利用隨身碟或藍芽裝置來作為 的電子鑰匙,使用者可自行決所喜歡的驗證裝置來作為電 子鑰匙,在設定完成後,使用者可直接利用設定好的隨身 碟或藍芽裝置來開啟TPM加密的資料赌,不需記憶密 碼,相當方便。此外,本發明會根據隨身碟或藍芽裝^的 硬體辨識碼來判斷使用者所使用的電子鑰匙是否正確,以 防止隨身碟或藍芽裝置中的驗證碼失竊,進—步详 的安全性。 a 十 為讓本發明之上述特徵和優點能更明顯易懂,下文特 舉實施例,並配合所附圖式作詳細說明如下。 , 【實施方式】 第一實施例 本實施例提供-種密碼管理與驗證方法,其可依照使 用者的喜㈣驗證裝置設定為TPM的電子騎,讓<吏用 201117040 TW98023GB 32297twf.doc/nMedia Access Control address (MAC • addreSS). The above electronic device includes a notebook computer or a desktop computer or a mobile phone. In an embodiment of the invention, after detecting the step of the above-mentioned electronic device connected to the authentication device, the method further includes asking the user whether to set the verification device as the electronic key. In an embodiment of the invention, the step of encoding the hardware identification code and the user password into the verification code further comprises requiring the user to enter the user password. In the embodiment of the present invention, wherein the step of automatically verifying that the verification code is f positively includes verifying that the hardware of the verification device matches the verification code. In an embodiment of the present invention, the password management and verification method is further When the verification device is removed from the electronic device, the folder or hard disk encrypted by the electronic device is turned off. In an embodiment of the invention, the automatic verification of the verification code further includes re-verifying the verification code when the electronic device recovers from a sleep state to a normal state. 201117040 TW98023GB 32297twf.doc/n In the present invention - the real complement t, the step of self-verification whether the above-mentioned verification code is correct includes whether the TPM is turned on or not, and if the τρΜ is not turned on, the above verification code is ignored. In the present invention, the step of generating the verification code according to the hardware identification code and the user password described above further includes encrypting the verification code. In an embodiment of the invention, wherein the electron concentrating system utilizes τρΜ to scream or test the hard surface of the data line. The above user password is a TPM password. A seven-beta method is also used to verify the security of the platform (TfUSted Platf_M_ie> _ τρΜ), and the sub-device's password verification method includes the following steps: First, check whether the TPM is turned on; If the TPM is turned on, the above-mentioned electronic device is detected; automatically check whether the verification code in the connected device is correct. 4 The verification code is automatically encrypted and encrypted - the resource is used or the hard disk is used for eight months. {£{ kinds of computer program products, including at least one program refers to the L program command for manned - electronic device to perform the following steps: setting the device connected to the verification device; reading the above verification device «identification code, according to the above hard The physical identification verification code is stored in the above verification device or the above verification verification device becomes an electronic key; when the above-mentioned vertical connection is connected to the upper electronic device, the verification code is automatically verified as 201117040 TW98023GB 32297twf.doc /nf is correct, if the verification code is correct, one of the folders or a hard disk encrypted by the electronic device is automatically decrypted for the user to use. A computer program product, comprising at least one program for loading the electronic device to load an electronic device to perform the following steps: checking whether the TPM is enabled; and detecting whether a verification device is connected to the electronic device if the TPM is enabled; Automatically checking whether the verification code of one of the above verification devices or electronic devices is correct; if the verification code is correct, the L domain encrypted by the TPM is automatically decrypted for use by the user. Based on the above, the present invention utilizes the flash drive. Or the blue key device as the electronic key, the user can decide the favorite verification device as the electronic key. After the setting is completed, the user can directly open the TPM encrypted data by using the set flash drive or the Bluetooth device. It is quite convenient to gamble without remembering the password. In addition, the present invention determines whether the electronic key used by the user is correct according to the hardware identification code of the flash drive or the Bluetooth device to prevent the flash drive or the Bluetooth device. The verification code is stolen, and the safety of the step-by-step is detailed. a. To make the above features and advantages of the present invention more obvious, the following The embodiment is described in detail below with reference to the accompanying drawings. [Embodiment] The first embodiment provides a password management and verification method, which can be set as a TPM according to the user's favorite (4) verification device. Electronic riding, let <201117040 TW98023GB 32297twf.doc/n
者可直接以驗證裝置來開啟TPM加密的資料夾或硬碟。 使用者不需記憶所設定的TPM密碼,僅需將驗證裝置連 接至電子裝置’如筆記型電腦或桌上型電腦或行動電話, 電子裝置即會自動辨識所連接的驗證裝置是否正確,然後 自動開啟TPM加密的資料夾或硬碟給使用者使用,相當 便利。換句話說,本發明可取代人工輸入密碼的方式,讓 系統自動驗證並自動輸入TPM密碼以對加密的資料進行 解密。其中,可以設定為電子鑰匙的驗證装置則例如USB 身碟' 藍芽裝置或行動硬碟或具有儲存功能之手機等, 但本實施例並不受限於此。 舉例來說,請參照圖1,圖1為根據本發明第一實施 例之密碼管理與驗證方法流程圖,首先,偵測電子裝1所 連接的驗證裝置(步驟sll0),其連接方式包括有線或無 線,本實施例並不受限。此外,在步驟S110中也可詢^ 使用者是否將驗證裝置設定為電子鑰匙。然後,讀取驗證 裝置的—硬體識別碼(步驟sl2〇)。在步驟S120中,更可 提供所有可設定為電子鑰匙的驗證裝置列表讓使用者挑選 以及要求使用者設定一使用者密碼,例如TPM密碼。然 後,接下來,根據硬體識別碼與使用者密碼產生—驗證碼 Y步驟S130),然後自動將驗證碼儲存於所連接之驗證裴置 =電子裝;置中,使驗證裝置成為一電子錄匙(步驟Si^o)。 其中,驗證碼也可以經由加密後再儲存至驗證裝置中’其 加解始、的演算法並不受限。然後,當驗證裝置連接至電子 置時,自動驗5_s_驗證裝置或電子裝置中之驗證碼是否正 201117040The TPM-encrypted folder or hard drive can be opened directly by the verification device. The user does not need to memorize the set TPM password, and only needs to connect the verification device to the electronic device such as a notebook computer or a desktop computer or a mobile phone, and the electronic device automatically recognizes whether the connected verification device is correct, and then automatically It is quite convenient to open the TPM encrypted folder or hard disk for the user. In other words, the present invention replaces the manual entry of a password, allowing the system to automatically verify and automatically enter the TPM password to decrypt the encrypted material. The verification device that can be set as an electronic key is, for example, a USB flash drive, a Bluetooth device or a mobile hard disk, or a mobile phone having a storage function, but the embodiment is not limited thereto. For example, please refer to FIG. 1. FIG. 1 is a flowchart of a password management and verification method according to a first embodiment of the present invention. First, a verification device connected to an electronic device 1 is detected (step s110), and the connection manner includes wired. Or wireless, this embodiment is not limited. Further, in step S110, it is also possible to check whether the user sets the verification device as an electronic key. Then, the hardware identification code of the verification device is read (step sl2). In step S120, a list of all verification devices that can be set as an electronic key can be provided for the user to select and ask the user to set a user password, such as a TPM password. Then, according to the hardware identification code and the user password, the verification code Y is step S130), and then the verification code is automatically stored in the connected verification device=electronic device; the middle is made, so that the verification device becomes an electronic record. Spoon (step Si^o). The verification code can also be stored in the verification device after being encrypted. The algorithm for the start of the addition is not limited. Then, when the verification device is connected to the electronic device, it is automatically verified whether the verification code in the 5_s_ verification device or the electronic device is positive 201117040
解密的演算法或裝置。 丁展罝所加密之資料夾或 '。電子裝置可利用TPM對 但本實施例並不受限其加Decrypted algorithm or device. Ding Zhan's encrypted folder or '. The electronic device can utilize the TPM pair, but the embodiment is not limited to
一致,若不一致就不會解密資 這樣的驗證方式可以預防驗證Consistent, if it is inconsistent, it will not be decrypted. This verification method can prevent verification.
# 碼失斜,料躲證賴存知的驗裝置·來開啟 加雄棺案的情況發生。即使驗證碼失竊,只要所使用的驗 證裝置不-致,同樣無法開啟加密的標案,為加密的標幸 提供雙重的保障。值得注意的是,硬體辨識碼例如為產品 序號身分編碼或是媒體存取控制位址(Media a⑶娜 Ccmtroladdress ,簡稱MACaddress)等電子產品中獨有的 由上述說明可知,本發明可依據使用者所選擇的驗證 裝置與其使用者密碼來產生電子输匙,這樣的方式可以讓 使用者更簡便的使用TPM的加密機制,也不用擔心遺忘 密碼。此外,本實施例也可適用於一般的加密系統,使^ 者可以簡單的以隨身碟或藍芽裝置來製作個人化的電子鑰 沾,相當方便。此外,值得注意的是,驗證碼可依照使用 者設定將其儲存於所連接之驗證裝置或電子裝置即可達到 自動驗證的功能,當然也可同時存放於驗證裝置或電子裝 置中,本實施例並不受限。 本發明另提供一種電腦程式產品,其係包含程式指令 201117040 TW98023GB 32297twf.doc/n 用以執行上述圖l之密碼管理與驗證方法 程式產品基本上是由多數個程式碼片段所;= Ξ 立組織圖程式碼片段、簽核表單程式碼片 』= 片段、以及部署程式碼片段),並且這些 =:r之後’即可完成上述電子= 第一'實施例 上述圖1之步驟S150主要說明驗證驗縣置是否為 正確的電子鑰匙的過程,若將其應用於TPM之電子裝置 中’其實施方法可進-步說明如下。請參照圖2,圖^為 根據本發明第二實施例之密碼驗證方法流程圖。首先,檢 ΐ TfM是否開啟’若否則結束流程,不需進行密碼的^ a。右TEV[有開啟則進一步偵測是否有驗證裝置連接至 電子裝置(步驟S220)。若有,則自動檢查驗證裝置或電子 裝,中的驗證碼是否正確,包括檢查其TpM密碼(即使用 者,碼)與硬體辨識碼是否正確(步驟S23〇广然後,檢查系 ,疋,正從休眠狀態(suspend state,即S3)中恢復正常狀 態,若是則重新掃描,即重新執行步騾S21〇〜S23〇以避免 系統誤判(步驟S240)。若系統處於正常狀態則 自動解密 PM所加密的資料夾或硬碟供使用者使用(步驟 S250)。 值得注意的是’上述步驟S240主要是用來防止當系 、’-先自休眠狀態回復時,系統尚未穩定可能產生誤判而設 置。此一步驟S240可依照使用者設計需求增添或移除, 本實施例並不受限,同時也不會影響本實施例的功效。 201117040 TW98023GB 32297twf.doc/n 依照上述圖2的說明,本發明另提供—種 品,其係包含程式指令用以執行上述圖2 的步驟,此電腦程式產品基本上是由多數個 ί成:二織圖程式碼片段、簽核表單程式二 段5又疋私式碼片段、以及部署程式碼片段) 程式碼片段在载人電子裝置中並執行之後,即可 ^ 電子鑰匙的建立與密碼驗證功能。 疋成上述 第三實施例 在設定電子論匙的過程中,可藉由視覺化的使用者介 面協助❹者奴,其介面設定本實_並不^用= 來’以流程圖為㈣明本發财設定f切匙的方法,言主 參照圖3 ’圖3為根據本發明第三實施例之電子餘匙的^ 定^程圖。技’侧所有連接的驗證裝置(步驟削)°, 為電子錄匙之驗證裝置供使用者選擇(步驟 瑪驗用者所選擇的驗難㈣硬體識別 牌’、:技给说德碼產生一驗證碼(步驟S33〇),然後加密驗證 ‘’·、亚:、立碼儲存於使用者所選定的驗證裝置戋電子穿置 (步驟S3,此一儲存有驗證碼之難裝置即可作為τ;Μ 之電子錄匙,只要連接至電子裝置即可讓τρΜ解密,藉 此取代人卫輸出ΤΡΜ密碼的方絲進行密碼管理與驗 a增加使用者的方便性。關於本實施例中之驗證碼與其 餘細節請參照上述實施_說明,在此不加贅述。 第四實施例 、 請參照圖4,圖4為根據本發明第四實施例之硬體裝 201117040 TW98023GB 32297twf.doc/n 置圖。如圖4所示,筆記型電腦410中具有TPM,當USB 隨身碟420插入筆記型電腦410的USB槽時,筆記型電腦 410會自動驗證隨身碟420中是否有正確的驗證碼,若驗 證碼正確則自動開啟TPM加密的檔案供使用者使用。若 USB隨身碟420中不具有驗證碼,則使用者可透過使用者 介面來設定電子鑰匙,其設定方式如上述第三實施例所 述,在此不加贅述。 此外,值得注意的是,雖然上述實施例以ΤΙ>Μ為例 說明,但本發明並不限定於ΤΡΜ之系統,也可以將其應 用於其他資料加密方式的技術。同樣可藉由隨身碟或藍^ 裝置來取代人工輸入密碼的方式以增加使用者的便利=。 經由上述實施例之說明’本技術領域具有通常知識者應可 輕易推知其他應用方式,在此不加贅逑。 綜上所述’本發明利用隨身碟或藍芽裝置來作為電子 输匙以取代人工輸人密碼的方式,讓制者可以更 開^^加密㈣案。同時,本發明提供使用者設 定電子錄拍賊手段,祕用者可吻定個人 錄起二並且結合硬體辨_與使用者糾來作為電子^ 的驗證碼,讓使用者的賢料可以獲得雙重保产] ^ 雖然本發明已以實施例揭露如上,铁並】° 本發明,任何所屬技術領域中具有通常^者,,定 本發明之精神和範圍内,當可作些 在不脫離 發明之保護範圍當視後附之申本 201117040 TW98023GB 32297twf.doc/n 【圖式簡單說明】 圖1為根據本發明第一實施例之密媽管理與驗證方法 流程圖。 圖2為根據本發明第二實施例之密碼驗證方法流程 圖。 »/j 圖3為根據本發明第三實施例之電子鑰聲^ 圖0 〇#码失斜, the material to avoid the test of Lai Cunzhi · to open the situation of the Kaohsiung case. Even if the verification code is stolen, as long as the authentication device used is not correct, the encrypted standard cannot be opened, which provides a double guarantee for the encryption. It should be noted that the hardware identification code is unique to an electronic product such as a product serial number encoding or a media access control address (Media a (3) Ccmtrol address, abbreviated as MAC address), and the present invention can be based on the user. The selected verification device and its user password are used to generate an electronic key. This way, the user can more easily use the TPM encryption mechanism without worrying about forgetting the password. In addition, the embodiment can also be applied to a general encryption system, so that the user can easily create a personalized electronic key with a flash drive or a Bluetooth device, which is quite convenient. In addition, it is worth noting that the verification code can be automatically verified by being stored in the connected verification device or the electronic device according to the user setting, and can also be stored in the verification device or the electronic device at the same time. Not limited. The invention further provides a computer program product, which comprises a program instruction 201117040 TW98023GB 32297twf.doc/n for executing the password management and verification method of the above figure 1. The program product is basically composed of a plurality of code segments; = Ξ organization Figure code segment, sign-off form program chip 』 = segment, and deployment code segment), and these =: r after 'can complete the above electronic = first' embodiment Step S150 of Figure 1 above mainly describes the verification test The process of whether the county is the correct electronic key, if it is applied to the electronic device of the TPM, the implementation method can be further explained as follows. Referring to FIG. 2, FIG. 2 is a flowchart of a password verification method according to a second embodiment of the present invention. First, check if TfM is turned on. ‘If the process ends otherwise, no password is required. Right TEV [When turned on, it is further detected whether or not a verification device is connected to the electronic device (step S220). If yes, it will automatically check whether the verification code in the verification device or the electronic device is correct, including checking whether the TpM password (ie, user, code) and the hardware identification code are correct (step S23 is wide and then, check system, 疋, The normal state is being restored from the suspend state (S3), and if so, the scan is re-scanned, that is, steps S21〇 to S23 are re-executed to avoid system misjudgment (step S240). If the system is in a normal state, the PM is automatically decrypted. The encrypted folder or hard disk is used by the user (step S250). It is worth noting that the above step S240 is mainly used to prevent the system from being set up when the system is not stable after the system is not stable. This step S240 can be added or removed according to user design requirements, and the embodiment is not limited, and does not affect the efficacy of the embodiment. 201117040 TW98023GB 32297twf.doc/n According to the description of FIG. 2 above, the present invention Further provided is a product, which comprises program instructions for performing the steps of FIG. 2 above, and the computer program product is basically composed of a plurality of pieces: a two-text code segment Sign-form programming II, paragraph 5 and Piece Goods private type code fragments, as well as the deployment of a code snippet) snippet and after the implementation of the manned electronic device, the electronic key to ^ establish and password authentication. In the third embodiment, in the process of setting the electronic key, the user interface can be assisted by the visual user interface, and the interface is set to be _not ^ with = to 'flow chart (4) The method of setting the f-cut key is described with reference to Fig. 3, which is a diagram of the electronic spare key according to the third embodiment of the present invention. All the connected verification devices (steps) °, for the electronic key registration device for the user to choose (steps the tester selected by the tester (four) hardware identification card',: technology to say the code generation a verification code (step S33〇), and then the encryption verification ''·, sub:: the code is stored in the verification device selected by the user, and the electronic device is placed (step S3, the hard device storing the verification code can be used as τ; Μ The electronic key, as long as connected to the electronic device, can be decrypted by τρΜ, thereby replacing the square wire of the human ΤΡΜ output ΤΡΜ password for password management and verification a to increase user convenience. About the verification in this embodiment For the details of the code and the rest of the details, please refer to the above-mentioned implementations. The description will not be repeated here. The fourth embodiment, please refer to FIG. 4, and FIG. 4 is a diagram of the hardware installation 201117040 TW98023GB 32297twf.doc/n according to the fourth embodiment of the present invention. As shown in FIG. 4, the notebook computer 410 has a TPM. When the USB flash drive 420 is inserted into the USB slot of the notebook computer 410, the notebook computer 410 automatically verifies whether the correct verification code is present in the flash drive 420. The code is correct and it will open automatically. The TPM encrypted file is used by the user. If the USB flash drive 420 does not have a verification code, the user can set the electronic key through the user interface, and the setting manner is as described in the third embodiment above, and is not added here. In addition, it should be noted that although the above embodiment is described by way of example, the present invention is not limited to the system of ΤΡΜ, and can also be applied to other data encryption methods. The disc or the blue device replaces the manual input of the password to increase the user's convenience. According to the description of the above embodiment, those skilled in the art should be able to easily infer other application modes without any ambiguity. As described above, the present invention utilizes a flash drive or a Bluetooth device as an electronic input key to replace the manual input password, so that the system can open the encrypted (4) case. At the same time, the present invention provides the user to set the electronic record. The thief means that the secret user can kiss the personal record and combine it with the hardware to solve the problem with the user as the verification code of the electronic ^, so that the user's sage can get double PRODUCTION OF PRODUCTION] While the present invention has been disclosed in the above embodiments, the present invention, which is generally within the spirit and scope of the present invention, may be protected without departing from the invention. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a flow chart of a method for managing and verifying a mom according to a first embodiment of the present invention. FIG. 2 is a second embodiment of the present invention. Example of a password verification method flowchart. / / j Figure 3 is an electronic key sound according to a third embodiment of the present invention.
圖4為根據本發明第四實施例之硬體装I 【主要元件符號說明】 S110〜S150 :流程圖步驟 S210〜S250 :流程圖步驟 8310〜8340:流程圖步驟 410:筆記型電腦 420 :隨身碟4 is a hardware package according to a fourth embodiment of the present invention. [Main component symbol description] S110 to S150: flowchart steps S210 to S250: flowchart steps 8310 to 8340: flowchart step 410: notebook computer 420: portable dish
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW098137158A TWI502401B (en) | 2009-11-02 | 2009-11-02 | Method of password management and identification adapted for trusted platform module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW098137158A TWI502401B (en) | 2009-11-02 | 2009-11-02 | Method of password management and identification adapted for trusted platform module |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201117040A true TW201117040A (en) | 2011-05-16 |
TWI502401B TWI502401B (en) | 2015-10-01 |
Family
ID=44935089
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW098137158A TWI502401B (en) | 2009-11-02 | 2009-11-02 | Method of password management and identification adapted for trusted platform module |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI502401B (en) |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW420796B (en) * | 1999-01-13 | 2001-02-01 | Primax Electronics Ltd | Computer system equipped with portable electronic key |
US8118214B2 (en) * | 2006-03-24 | 2012-02-21 | Atmel Corporation | Method and system for generating electronic keys |
-
2009
- 2009-11-02 TW TW098137158A patent/TWI502401B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI502401B (en) | 2015-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11263020B2 (en) | System and method for wiping encrypted data on a device having file-level content protection | |
TWI462558B (en) | System and method for storing a password recovery secret | |
CN102508791B (en) | Method and device for encrypting hard disk partition | |
US8589680B2 (en) | System and method for synchronizing encrypted data on a device having file-level content protection | |
US8412934B2 (en) | System and method for backing up and restoring files encrypted with file-level content protection | |
US9507964B2 (en) | Regulating access using information regarding a host machine of a portable storage drive | |
JP4861423B2 (en) | Information processing apparatus and information management method | |
US20110252232A1 (en) | System and method for wiping encrypted data on a device having file-level content protection | |
EP1953670A2 (en) | System and method of storage device data encryption and data access | |
US20110131418A1 (en) | Method of password management and authentication suitable for trusted platform module | |
US8181028B1 (en) | Method for secure system shutdown | |
TWI436235B (en) | Data encryption method and system, data decryption method | |
EP2628133B1 (en) | Authenticate a fingerprint image | |
KR100443621B1 (en) | Method of authenticating an application for personal digital assistant using a unique ID based a person computer and system using thereof | |
US20130019110A1 (en) | Apparatus and method for preventing copying of terminal unique information in portable terminal | |
JP6231504B2 (en) | Method, apparatus and mobile terminal for information security management of mobile terminal | |
TW201211759A (en) | Method of clearing data in a computer and computer | |
JP2007094879A (en) | Authentication system for basic program of operating system, computer used for the same, and computer program | |
US20060059363A1 (en) | Method for controlling access to a computerized device | |
TWI428752B (en) | Electronic file delivering system, portable communication apparatus with decryption functionality, and related computer program product | |
TW201117040A (en) | Method of password management and identification adapted for trusted platform module | |
JP4600021B2 (en) | Encrypted data access control method | |
CN110659522B (en) | Storage medium security authentication method and device, computer equipment and storage medium | |
CN103020509A (en) | Terminal equipment encryption and decryption method, device and terminal equipment | |
CN102087683A (en) | Password management and verification method suitable for trusted platform module (TPM) |