201137656 、發明說明: 【發明所屬之技術領域】 本發明係關於一種具有安全鎖之電腦系統與執行安 全鎖之方法,特別是指一種藉由開機程序驗證密碼以暫 時解除鎖定一記憶裝置執行系統運作之電腦系統及其執 行方法。 【先前技術】 現今軟體智慧財產權越來越受重視,使用者開發出 的作業系統或是應用程式若儲存於一般的記憶裝置將相 當容易遭到有心人士的盜取。舉例而言,若所欲保護之 軟體儲存於電腦系統之記憶裝置,當該記憶裝置從電腦 系統中移除後,任一其他電腦系統皆可讀取該記憶裝 置。因此,軟體將會輕易的被複製及散佈。 目前一般的保護方式係將所欲保護的軟體加入一段 驗證程序,當軟體啟動時會去檢查某個硬體或是記憶體 中的字串,若是軟體内與硬體或記憶體的字串不符合, 將無法執行軟體,而藉以達成保護作用。然而純軟體的 保護機制在作業系統中相當容易被破解,使得軟體喪失 保護。此外,若需藉由軟體的保護,必須於每一所欲保 護的軟體皆須設定保護方式,若是有大量的軟體需要保 護,將造成使用者不便及資源與時間的浪費。 有鑑於此,尚需要一種具有安全鎖之電腦系統與執 行安全鎖之方法,可藉由同時寫入密碼以鎖定一記憶裝 置,進而解決上述問題。 【發明内容】 ; 本發明之目的之一係提供一種具有安全鎖之電腦< 201137656 統用以將一密碼同時寫入— :以鎖定該記憶裝置:存單元及-記憶震 來暫時解_定該記憶裝僅,機程序方得驗證密碼 -種執行安全鎖之方法, ^之目的之—係提供 二密碼同時寫人—系統館存I施於-電統,用以將 A °己憶裝置,並僅由蘭德# _元及5己憶褒置,以錯定 鎖定該記億裝置。 序方得驗證密碼來暫時解除 處理單全二之電腦系統,包括:— 統錯存單元’其特徵在於··兮:系統晶片模組包含-系 理單元的一寫入指令,將—密:^曰:曰片模組接收自該處 凡及一記億裝置,以鎖時寫入該系統錯存單 開機時,藉由該系統儲’使該電腦系統在 置暫時解除鎖定,而 3放的密碼將該記憶裝 儲存的内容。 °"電如系統存取該記憶裝置所 另方面’本發明接徂— 施於一電腦系統,前述方執行安全鎖之方法,實 程式以發送-寫人指 ^ ^以下步驟:執行一庫 以,存“及指令’將-密二 戶:存放的密碼將該記以2,藉由該系統儲存單元、 腦系f存取該記憶裳置所鎖定,而便於該電 根據本發明所儲存的内容。 =全鎖之方法,使用者鎖之電腦系統與執行 全。藉由以下實施太\解鎖,進而使得電腦系統更知ϋ 有安全鎖之電腦系式之說明,可同時瞭解到本I女 實施方式。電—級織設計與執行=== 4 201137656 【實施方式】 以下即配合圖式說明本發明之具體實施方式; 瞭解的疋,這些圖式中所標示 J :月 晰之用不代表實際的尺寸與比例, 潔以中亦省略了習知元件之繪製。 示,本發明電腦系統100包含:一處理單元 統晶片模組120。系統晶片模組以 统 開機程式122之系統儲存單 储存糸統 棬中,處理單元no九本發明一種實施態 樣中處早〇為一中央處理器(Central Processing 统ΐ="12°係包含設置於電腦系』 = pset)’而系統儲存單元121為 舉例而言’系統儲存單元⑵為願 令,自處理單元u〇的-寫入指 馬门時寫入系統儲存單 記憶裝置13 0的記憶體,其中^呆留Q及一 腦系統以連接系統晶片模組12〇二上可插接於電 130為快閃記憶體或硬盤式二:μ:己憶裝置 Hard Driver)。本發明的一種 ash Me贿y沉 包含-控制ϋ與-詩發樣;^記«置130 統晶片模組120所提供之密碼,以使該密 ==接收系 裝置130的非揮發性記憶體。 以‘、,、破寫入吞己憶 藉由該密碼,控制器得以鎖 憶裝置m在未解除敎或暫^=」3〇贵且, 統將無法存取記憶裝置13G ’電腦系 於開機時,處理單元110執=的内谷。電腦系統 斷系_單元™區===》 201137656 的保留區存在該密碼,則開機程序中將 驗也系統儲存單元121所儲存的該 =中將 裝置130 _存的該密碼,以進—步決=2,記憶 裝置13G執行暫時解除鎖定或解除鎖^若°亥3己憶 單元121所儲存的該密碼相同於記憶裝:念^存 存放的密碼將記餘置13G執行暫_除鎖定 二 電腦系統100存取記憶裝置130。若是系統儲存單元⑵ 所儲存的該密碼不相同於記憶裝置13〇 130所儲存的内容,甚至電腦系統停止開機程序。 在本發明的一種實施態樣中,處理單元11〇執行一 應用程式以發送該寫入指令。舉例而言,使用者藉:電 腦系統的作業系統發出一高技術配置BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computer system with a security lock and a method for executing a security lock, and more particularly to a method for verifying a password by booting a program to temporarily unlock a memory device to perform system operation. Computer system and its implementation method. [Prior Art] Today's software and intellectual property rights are gaining more and more attention. Users who develop operating systems or applications stored in general memory devices will be vulnerable to theft by interested people. For example, if the software to be protected is stored in a memory device of a computer system, the memory device can be read by any other computer system after the memory device is removed from the computer system. Therefore, the software will be easily copied and distributed. The current general protection method is to add the software to be protected to a verification program. When the software starts, it will check the string of a certain hardware or memory. If it is a string of software and hardware or memory, If it is met, the software will not be executed and the protection will be achieved. However, the protection mechanism of pure software is quite easy to be cracked in the operating system, so that the software loses protection. In addition, if you want to protect by software, you must set the protection method for each software you want to protect. If there is a large amount of software to protect, it will cause user inconvenience and waste of resources and time. In view of this, there is still a need for a computer system with a security lock and a method of executing a security lock, which can solve the above problem by simultaneously writing a password to lock a memory device. SUMMARY OF THE INVENTION One object of the present invention is to provide a computer with a security lock <201137656 to write a password at the same time - to lock the memory device: memory unit and - memory shock temporary solution The memory device only has to verify the password - the method of executing the security lock, the purpose of which is to provide the second password and write the person - the system library I is applied to the system, and the A system is used to And only by Rand # _ yuan and 5 have recalled, to lock the device. The preamble has to verify the password to temporarily dismiss the computer system of the single and full two, including: - the system of the faulty unit 'characterized by: · The system chip module contains a write command of the system unit, the key is: ^曰: The film module is received from the place and a hundred million devices, when the lock is written to the system, when the system is turned on, the system is temporarily unlocked by the system, and the computer system is temporarily unlocked. The password stores the contents of the memory. °"Electricity as the system accesses the memory device, the other aspect of the invention is applied to a computer system, the foregoing method of executing the security lock, the actual program to send-write the person's finger ^ ^ the following steps: execute a library In order to save the "and instructions" will be - the two households: the stored password will be recorded as 2, by the system storage unit, the brain system f access to the memory is locked, and the electricity is saved according to the present invention. The content of the full lock method, the user locks the computer system and the execution. With the following implementation too \ unlock, so that the computer system knows more about the computer system with security lock, you can also understand this I Female embodiment. Electric-grade design and execution === 4 201137656 [Embodiment] The following is a description of the specific embodiments of the present invention; Representing the actual size and proportion, the drawing of the conventional components is also omitted. The computer system 100 of the present invention comprises: a processing unit wafer module 120. The system wafer module is a system storage list of the system startup program 122. Store In the system, the processing unit no nine embodiments of the invention are as early as a central processing unit (Central Processing system = " 12 ° system is included in the computer system = pset) ' and the system storage unit 121 is For example, the system storage unit (2) is a memory of the single memory device 130 stored in the system when the write unit refers to the gate, and the system and the brain system are connected to the system. The chip module 12 can be plugged into the power 130 as a flash memory or a hard disk type II: μ: Hard Driver. The ash Me bribe y sink of the present invention contains - control ϋ and - poetry hair sample The password provided by the system chip module 120 is set so that the density == the non-volatile memory of the receiving device 130. The password is controlled by ',,, and by the password. If the device is unlocked or not, the system will not be able to access the memory device 13G. When the computer is turned on, the processing unit 110 performs the inner valley. If the password exists in the reserved area of the 201137656, the password will be stored in the booting program, and the password stored in the system storage unit 121 will be saved. If the value is 2, the memory device 13G performs the temporary unlocking or unlocking. If the password stored in the unit is the same as that in the memory device, the password stored in the memory will be stored in the 13G. The computer system 100 accesses the memory device 130. If the password stored in the system storage unit (2) is not the same as the content stored in the memory device 13〇130, even the computer system stops the booting process. In one embodiment of the invention, processing unit 11 executes an application to transmit the write command. For example, the user borrows: the operating system of the computer system issues a high-tech configuration
Technology Attachment ATA)指令,處理單元 ιι〇執行作 業系統中對應於發出高技術配置指令的程式,而發送寫 入指令。 ' 请參閱第二圖,該圖顯示本發明具有安全鎖之電腦 系統的具體實施例示意圖。在本發明的一種實施態樣 中’電腦系統200包含:一中央處理器21〇及一系統晶 片模組220,其中系統晶片模組220包含一北橋晶片 225、一南橋晶片226與一系統儲存單元221。 系統晶片模組220的系統儲存單元221儲存一系統 開機程式222並包含一保留區223。一般而言,系統儲 存單元221為非揮發性記憶體,其可包含:快閃記憶體 (Flash Memory)、唯讀記憶體(Read Only Memory, ROM)、可擦除唯讀記憶體(Erasable Read Only Memory, EROM)、電可擦除唯讀記憶體(Electrically Erasable 201137656Technology Attachment ATA) command, processing unit ιι〇 executes the program in the operating system corresponding to the program that issued the high-tech configuration command, and sends the write command. Referring to the second figure, there is shown a schematic diagram of a specific embodiment of a computer system having a security lock of the present invention. In one embodiment of the present invention, the computer system 200 includes a central processing unit 21 and a system wafer module 220. The system wafer module 220 includes a north bridge wafer 225, a south bridge wafer 226, and a system storage unit. 221. The system storage unit 221 of the system chip module 220 stores a system boot program 222 and includes a reserved area 223. Generally, the system storage unit 221 is a non-volatile memory, which may include: a flash memory, a read only memory (ROM), and an erasable read-only memory (Erasable Read). Only Memory, EROM), electrically erasable read-only memory (Electrically Erasable 201137656
Read Only Memory,EEROM)、可擦除可編程唯讀記憶 體(Erasable Programmable Read Only Memory, EPROM)、或電可擦除可編程唯讀記憶體(mectrica办Read Only Memory (EEROM), Erasable Programmable Read Only Memory (EPROM), or electrically erasable programmable read-only memory (mectrica)
Erasable Programmable Read Only Memory,EEPROM)。 因為系統儲存單元221為非揮發性記憶體,系統開機程 式222、以及其保留區223所儲存之資料不會因為關閉 電腦系統200的電源而消失。在本發明的一種實施例 中,系統開機程式222係儲存於系統儲存單元221的基 本輸出輸入系統碼段(BIOS Code)。 系統晶片模組220包含一北橋晶片225與一南橋晶 片226,其中,北橋晶片225連接中央處理器21〇且南 橋晶片226連接北橋晶片225、一記憶裝置230與系統 儲存单元221 ’且南橋晶片226包含一 IDE控制器224, 5亥IDE控制器224可介接一外部的記憶體裳置230。 中央處理器210執行一應用程式以發送一寫入指 令。如上所述,使用者意欲鎖定記憶裝置23〇時,可^ 由電腦系統的作業系統發出高技術配置指令,中央處理 器210執行作業系統中對應於發出高技術配置指令的程 式’而發送該寫入指令。南橋晶片226經由北橋晶片 225接收自中央處理器21〇的該寫入指令後,將一=碼 同時寫入系統儲存单元221及介接IDE控制器224的$ ’it裝置230。寫入系統儲存單元221之該密碼係儲存於 系統儲存單元221中的保留區223。本實施態樣中, 控制器224連接記憶裝置230,將該密碼寫入記憶裝置 230。同時,IDE控制器224所接收的寫入指令為二^ 指令。 … 一般而言,記憶裝置230為非揮發性記憶體,其可 包含:快閃記憶體(Flash Memory)、唯讀記憶體(Rea(| s 201137656Erasable Programmable Read Only Memory, EEPROM). Since the system storage unit 221 is non-volatile memory, the system boot mode 222 and the data stored in its reserved area 223 are not lost by turning off the power of the computer system 200. In one embodiment of the invention, the system boot program 222 is stored in the BIOS code of the system output unit 221. The system wafer module 220 includes a north bridge wafer 225 and a south bridge wafer 226. The north bridge wafer 225 is connected to the central processing unit 21 and the south bridge wafer 226 is connected to the north bridge wafer 225, a memory device 230 and the system storage unit 221 'and the south bridge wafer 226. An IDE controller 224 is included, and the 5th IDE controller 224 can interface with an external memory device 230. The central processor 210 executes an application to send a write command. As described above, when the user intends to lock the memory device 23, the high-tech configuration command can be issued by the operating system of the computer system, and the central processing unit 210 executes the program corresponding to the high-tech configuration command in the operating system. Enter the instruction. After the south bridge chip 226 receives the write command from the central processing unit 21 via the north bridge chip 225, a = code is simultaneously written into the system storage unit 221 and the $'it device 230 that interfaces with the IDE controller 224. The password written to system storage unit 221 is stored in reserved area 223 in system storage unit 221. In this embodiment, the controller 224 is coupled to the memory device 230 to write the password to the memory device 230. At the same time, the write command received by the IDE controller 224 is a binary instruction. In general, the memory device 230 is a non-volatile memory, which may include: a flash memory (Flash Memory), a read-only memory (Rea (| s 201137656)
Only Memory, ROM)、可擦除唯讀記憶體(Erasable Read Only Memory, EROM)、電可擦除唯讀記憶體 (Electrically Erasable Read Only Memory,EEROM)、可 擦除可編程唯讀記憶體(Erasable Programmable Read Only Memory,EPROM)、或電可擦除可編程唯讀記憶體 (Electrically Erasable Programmable Read Only Memory, EEPROM)。 本發明一種實施態樣中,記憶裝置230包含一控制 器與一非揮發性記憶體,且以使該密碼被寫入記憶裝置 230。如上所述,記憶裝置230的非揮發性記憶體為一 NAND快閃記憶體,且該控制器可對NAND快閃記憶體 執行讀取,清除,寫入動作。 藉由該密碼以鎖定記憶裝置230。當記憶裝置230 從電腦系統200中移除後,記憶裝置23〇即未通電且被 鎖定。因此,在未儲存有該密碼之電腦系統將無法解鎖 以存取記憶裝置230。舉例而言,若記憶裝置23〇被有 =人士自電腦系統200移除,且意欲在其他電腦系統中 讀取5己憶裝置230時,因為其他電腦系統並未儲存有該 密碼,因此無法讀取將記憶裝置23〇解除鎖定。同時= ,電腦系統200關機時,記憶裝置23〇即未通電且被鎖 冤腩糸統200在開機時,執行系統開機程式222 ^統儲存單元221之保留區223是否存在該密碼,, 二—區223有被寫入該密碼,則驗證保留區223儲存会 =碼是否相同於記憶裝置23G儲存的該密碼,以決, =,憶裝置230暫時解除鎖定。若是相同,系^ 23則藉由保留區223所存放的密碼將記憶裝; 暫時解除鎖定’而便於電腦系統2〇〇存取記憶^ 9 201137656 230。如上所述,雖然記憶裝置230處於暫時解除鎖定 的狀態,但當記憶裝置230從電腦系統200中移除或電 腦系統200關機時,記憶裝置230立即被鎖定。 必須注意到,習知本技術領域之人士將可瞭解到本 發明具有系統救援之電腦系統中各元件間的連接可透過 各種介面,例如:低接腳數量架構(Low-Pin-Count, LPC)、勃體路由(Firmware Hub,FWH)、序列週邊介面 (Serial Peripheral Interface,SPI)等介面之其一或其組 合。 第三圖為本發明執行安全鎖之方法實施於電腦系統 的寫入密碼流程步驟圖,相關之系統架構請同時參照第 二圖。如上所述,系統晶片模組22〇包含系統儲存單元 22卜系統儲存單元221儲存系統開機程式222及保留區 223。步驟301+,中央處理器2職行應用程式以發送 步驟3〇2中’電腦系統200透過系統晶片模 = H 230是否已經安裝成功。若是沒有 f裝成功·’則執行步驟則,檢查記憶裝置303是否錯 3:3二^,已經損壞。若是檢查記憶裝置 憶裝置230是否已經安裝成 行步:二Γ二=:3:已經安裝成功,則執 (S—統管理中斷 模組220目前所執行的動作,並進一步m統晶片 224將密碼寫人至記憶 :3G6中,糟由IDE控制器 第四圖為本發明執行安全鎖己憶裝置。 的解除鎖定流程步驟圖。步、 法實施於電腦系統 開機時,中央處:刊1中,電腦系統200在 為210將執行系統開機程式222 j 201137656 驟40^2中,開機程序將判斷系統儲存單元22ι之保留區 223是否存在密碼。若保留區223有存在密碼,則執行 步驟403。若保留區223不存在密碼,則執行步驟406。 步驟403中,系統晶片模組220驗證保留區223儲存的 =是否相同於記鮮置23G儲存的密碼。若密碼驗證 步驟撕;若密碼驗證不成功,則執行步 孙υ4中,藉由IDE控制器224將記憔梦署 230暫時解除鎖定’而便於電腦系統測得 = 步,步驟4〇6中,繼續執行^ 凡歼機若在碼驗證不成功,則在步驟4〇5 不解除記憶裝置23〇的鎖定狀態,並停止執行開 機程序以保護記憶裝置230的儲存資料。 I接tt述敘述可知,本發明實為—新穎、進步且具產 T貝生之發明。雖然本發明已以較佳實施例揭露如 上’然其並非用以較本發明,任何熟悉此技藝者Only Memory, ROM), Erasable Read Only Memory (EROM), Electrically Erasable Read Only Memory (EEROM), Erasable Programmable Read Only Memory ( Erasable Programmable Read Only Memory (EPROM), or Electrically Erasable Programmable Read Only Memory (EEPROM). In one embodiment of the invention, memory device 230 includes a controller and a non-volatile memory such that the password is written to memory device 230. As described above, the non-volatile memory of the memory device 230 is a NAND flash memory, and the controller can perform read, erase, and write operations on the NAND flash memory. The memory device 230 is locked by the password. When the memory device 230 is removed from the computer system 200, the memory device 23 is not powered and is locked. Therefore, the computer system that does not store the password will not be able to unlock to access the memory device 230. For example, if the memory device 23 is removed from the computer system 200 and is intended to read the 5 memory device 230 in other computer systems, the password cannot be read because the other computer system does not store the password. The memory device 23 is unlocked. At the same time, when the computer system 200 is turned off, the memory device 23 is not powered, and when the system is turned on, the system is executed, and the password is executed in the reserved area 223 of the system boot unit 221, 2 If the area 223 is written with the password, the verification reserve area 223 stores whether the code is the same as the password stored by the memory device 23G, so that the device 230 is temporarily unlocked. If it is the same, the system 23 will store the memory by the password stored in the reserved area 223; temporarily unlocking ', and the computer system 2 can access the memory ^ 9 201137656 230. As described above, although the memory device 230 is in a state of being temporarily unlocked, when the memory device 230 is removed from the computer system 200 or the computer system 200 is turned off, the memory device 230 is immediately locked. It should be noted that those skilled in the art will appreciate that the connections between the various components of the computer system with system rescue of the present invention can be accessed through various interfaces, such as Low-Pin-Count (LPC). One or a combination of interfaces such as Firmware Hub (FWH) and Serial Peripheral Interface (SPI). The third figure is a flow chart of the process of writing a password implemented in the computer system by the method for executing the security lock of the present invention. For the related system architecture, please refer to the second figure. As described above, the system chip module 22 includes a system storage unit 22, and the system storage unit 221 stores the system boot program 222 and the reserved area 223. Step 301+, the CPU 2 job application is sent in step 3〇2, the computer system 200 passes through the system chip module = H 230 has been successfully installed. If there is no f installed successfully, then the steps are executed, and it is checked whether the memory device 303 is wrong 3:3 2^, which has been damaged. If it is checked whether the memory device 230 has been installed in the line step: 2:2: 3: The installation has been successfully performed, then the operation performed by the S-system management interrupt module 220 is performed, and the password is further written by the chip 224. Human to memory: In the 3G6, the fourth picture of the IDE controller is the implementation of the security lock device. The step of the unlocking process is implemented. When the computer system is turned on, the central office: Publication 1, Computer The system 200 will execute the system boot program 222 j 201137656 step 40^2, and the boot program will determine whether there is a password in the reserved area 223 of the system storage unit 22. If the reserved area 223 has a password, step 403 is performed. If there is no password in the area 223, step 406 is performed. In step 403, the system chip module 220 verifies whether the stored area of the reserved area 223 is the same as the password stored in the record 23G. If the password verification step is torn; if the password verification is unsuccessful, Then, in the step Sun υ 4, the IDE controller 224 temporarily unlocks the 憔 憔 230 230, and it is convenient for the computer system to measure = step, in step 4 〇 6, continue to execute ^ If the verification is unsuccessful, the locked state of the memory device 23 is not released in step 4〇5, and the booting process is stopped to protect the stored data of the memory device 230. As can be seen from the description, the present invention is novel, advanced, and The invention has the invention of T-Beisheng. Although the invention has been disclosed in the preferred embodiments above, it is not intended to be more than the invention, and anyone skilled in the art is familiar with the art.
=脫離本發明之精神和範_,當可作各種之更動與潤 飾。 J 201137656 【圖式簡單說明】 第一圖為具有安全鎖之電腦系統的示意圖。 第二圖顯示本發明具有安全鎖之電腦系統的具體實 施例示意圖。 第三圖為本發明執行安全鎖之方法實施於電腦系統 的寫入密碼流程步驟圖。 第四圖為本發明執行安全鎖之方法實施於電腦系統 的解除鎖定流程步驟圖。 【主要元件符號說明】 100 電腦糸統 221 系統儲存單元 110 處理單元 222 系統開機程式 120 糸統晶片模組 223 保留區 121 系統儲存單元 224 IDE控制器 122 系統開機程式 225 北橋晶片 130 記憶裝置 226 南橋晶片 200 電腦糸統 230 記憶裝置 210 中央處理器 301- 306 步驟 220 糸統晶片权組 401-406 步驟 11= Deviation from the spirit and scope of the present invention, when various changes and modifications can be made. J 201137656 [Simple description of the diagram] The first picture is a schematic diagram of a computer system with a security lock. The second figure shows a schematic diagram of a specific embodiment of a computer system with a security lock of the present invention. The third figure is a flow chart of the process of writing a password implemented in the computer system by the method for executing the security lock of the present invention. The fourth figure is a step-by-step diagram of the unlocking process implemented by the method for executing a security lock in a computer system according to the present invention. [Main component symbol description] 100 computer system 221 system storage unit 110 processing unit 222 system boot program 120 system chip module 223 reserved area 121 system storage unit 224 IDE controller 122 system boot program 225 north bridge chip 130 memory device 226 south bridge Wafer 200 Computer System 230 Memory Device 210 Central Processing Unit 301-306 Step 220 System Chip Rights Group 401-406 Step 11