TW201327259A - Data protection method - Google Patents

Data protection method Download PDF

Info

Publication number
TW201327259A
TW201327259A TW100148396A TW100148396A TW201327259A TW 201327259 A TW201327259 A TW 201327259A TW 100148396 A TW100148396 A TW 100148396A TW 100148396 A TW100148396 A TW 100148396A TW 201327259 A TW201327259 A TW 201327259A
Authority
TW
Taiwan
Prior art keywords
password
execution
startup
database
account
Prior art date
Application number
TW100148396A
Other languages
Chinese (zh)
Inventor
Yi-Yang Jiang
Original Assignee
401Th Arsenal Materiel Production Ct
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 401Th Arsenal Materiel Production Ct filed Critical 401Th Arsenal Materiel Production Ct
Priority to TW100148396A priority Critical patent/TW201327259A/en
Publication of TW201327259A publication Critical patent/TW201327259A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

A data protection method comprises a facilities connection step, an authentication identification ID step, a startup virtual system step, a startup application program step, and an access right authentication step. Users have to pass several authentication mechanisms, such as identification ID authentication, startup password authentication, execution account authentication, and right authentication, to be allowed to access a confidential file database. Accordingly, the purpose of protecting confidential information can be achieved by avoiding utilization of confidential file without authorization.

Description

資料保護方法Data protection method

本發明係與一種資料保護方法有關,特別是指一種利用虛擬系統來保護機密資料之資料保護方法。The present invention relates to a data protection method, and more particularly to a data protection method for protecting confidential data by using a virtual system.

按,隨著科技的發展,目前的資訊傳遞與保存工作已大量藉由電腦來執行,以期透過電子化處理的方式來增加工作效率,其中,為了防範機密檔案之外洩,坊間常會對該機密檔案進行加密,強迫使用者必須使用特定之應用程式進行解密,才能開啟該機密檔案,進而能夠達到管控該機密檔案之使用,保護該機密檔案免於洩露等效果。According to the development of technology, the current information transmission and preservation work has been carried out by computer, in order to increase the efficiency of work through electronic processing. In order to prevent the leakage of confidential files, the secrets are often The file is encrypted, forcing the user to use a specific application for decryption, in order to open the confidential file, thereby controlling the use of the confidential file and protecting the confidential file from leakage.

惟,上述使用加密的方式雖可達到管控該機密檔案使用之效果,但該機密檔案一但被解密就會失去保護,無法防止非經授權之使用,而雖然目前有業者係於該應用程式內增加保護機制,以進一步控制該機密檔案之使用,但此種方法必須修改該應用程式的程式碼,並不適用於已開發完成的系統,是以,本案發明人在觀察到上述缺點後,認為該習知資料保護方法實有進一步改良之必要,而隨有本發明之產生。However, although the above-mentioned method of using encryption can achieve the effect of controlling the use of the confidential file, once the confidential file is decrypted, it will lose protection and cannot prevent unauthorized use, and although the current system is in the application, The protection mechanism is added to further control the use of the confidential file, but this method must modify the code of the application, and is not applicable to the system that has been developed. Therefore, after observing the above shortcomings, the inventor of the present invention thinks This prior art data protection method is necessary for further improvement, and is accompanied by the present invention.

本發明之目的係在提供一種資料保護方法,其係可直接套用於現有之作業系統,並能夠有效防止機密檔案未經授權使用。SUMMARY OF THE INVENTION The object of the present invention is to provide a data protection method which can be directly applied to an existing operating system and which can effectively prevent unauthorized use of confidential files.

為達上述目的,本發明所提供之一種資料保護方法,其係包含有一設備連接步驟、一驗證識別ID步驟、一啟動虛擬系統步驟、一啟動應用程式步驟以及一驗證存取權限步驟,其中,該設備連接步驟係將一驗證裝置連接於一電腦主機,且該驗證裝置內係儲存有一識別ID,而該電腦主機內則設有一作業系統,該作業系統係安裝有一起始程式,該起始程式係連接有一識別ID資料庫、一啟動密碼資料庫以及一執行帳號資料庫,另,該作業系統更連接有一虛擬系統,且該虛擬系統係連接有一機密檔案資料庫以及一權限資料庫,又,該作業系統更安裝有一應用程式;而該驗證識別ID步驟則是指,當使用者將該驗證裝置連接於該電腦主機後,該起始程式會將該驗證裝置內儲存之識別ID與該識別ID資料庫進行比對,判斷該識別ID是否有效;而該啟動虛擬系統步驟則是指,若該驗證裝置之識別ID為有效,則該起始程式會要求輸入一啟動密碼,並將該啟動密碼與該啟動密碼資料庫進行比對,以判斷該啟動密碼是否正確,若該啟動密碼為正確,則啟動該虛擬系統;而該啟動應用程式步驟則是指,若該驗證裝置之識別ID為有效,則該起始程式會要求輸入一執行帳號,並將該執行帳號與該執行帳號資料庫進行比對,以判斷該執行帳號是否有效,若該執行帳號有效,則啟動該應用程式;而該驗證存取權限步驟則是指,當應用程式欲存取該機密檔案資料庫時,此時該應用程式必須以該執行帳號登入該虛擬系統,該虛擬系統會將該執行帳號與該權限資料庫進行比對,判斷該執行帳號是否有存取該機密檔案資料庫之權限,若該執行帳號具有存取該機密檔案資料庫之權限,則允許該應用程式存取該機密檔案資料庫。In order to achieve the above objective, a data protection method provided by the present invention includes a device connection step, a verification identification ID step, a startup virtual system step, an activation application step, and a verification access permission step, wherein The device connecting step is to connect a verification device to a computer host, and the verification device stores an identification ID, and the computer host is provided with an operation system, and the operation system is installed with an initial program, the start The program system is connected with an identification ID database, a startup password database, and an execution account database. In addition, the operating system is further connected with a virtual system, and the virtual system is connected with a confidential file database and a permission database. The operating system further includes an application; and the verification identification ID step means that when the user connects the verification device to the computer host, the startup program stores the identification ID stored in the verification device with the Identifying the ID database for comparison, determining whether the identification ID is valid; and the step of starting the virtual system means If the identification ID of the verification device is valid, the startup program may request to input a startup password, and compare the startup password with the startup password database to determine whether the startup password is correct, if the startup password is If it is correct, the virtual system is started; and the startup application step means that if the identification ID of the verification device is valid, the startup program will request to input an execution account, and the execution account and the execution account data. The library performs comparison to determine whether the execution account is valid. If the execution account is valid, the application is started; and the verification access step refers to when the application wants to access the confidential file database. The application must log in to the virtual system with the execution account, and the virtual system compares the execution account with the permission database to determine whether the execution account has the right to access the confidential file database, and if the execution is performed The account has access to the confidential archive database, allowing the application to access the confidential archive.

本發明之資料保護方法,透過該設備連接步驟、該驗證識別ID步驟、該啟動虛擬系統步驟、該啟動應用程式步驟以及該驗證存取權限步驟,讓使用者必須逐一通過識別ID驗證、啟動密碼驗證、執行帳號驗證以及權限驗證等多道驗證機制,才能存取該機密檔案資料庫,藉此,不僅能夠防止機密檔案未經授權使用,以達到保護機密資料之目的,且因為該起始程式、該虛擬系統以及各資料庫係可直接安裝於現有的作業系統,所以本發明不用修改任何程式之程式碼,即可達到保護資料之功效。The data protection method of the present invention, through the device connection step, the verification identification ID step, the startup virtual system step, the startup application step, and the verification access permission step, so that the user must verify and activate the password by identifying the ID one by one. The verification, execution of account verification and permission verification and other multi-pass authentication mechanisms can access the confidential file database, thereby not only preventing unauthorized use of confidential files, but also protecting the confidential data, and because the start program The virtual system and each database can be directly installed in an existing operating system. Therefore, the present invention can achieve the effect of protecting data without modifying the program code of any program.

請參閱第一圖所示,係為本發明之較佳實施例之設備連接示意圖,並請配合參閱第二圖所示,係為本發明之較佳實施例之方塊示意圖,其係揭露有一種資料保護方法100,該資料保護方法100主要係包含有下列步驟:設備連接步驟S1:將一驗證裝置10連接於一電腦主機20,其中,該驗證裝置10內係儲存有一識別ID 11、一啟動密碼12、一執行帳號13以及一執行密碼14,而該電腦主機20內則設有一作業系統30,且該作業系統30係安裝有一起始程式31,該起始程式31係連接有一識別ID資料庫32、一第二密碼資料庫33、一啟動密碼資料庫34以及一執行帳號資料庫35,另,該作業系統30更連接有一虛擬系統36,且該虛擬系統36係連接有一機密檔案資料庫37以及一權限資料庫38,又,該作業系統30更安裝有一應用程式39,於本實施例中,該驗證裝置10係為一USB金鑰,而該虛擬系統36則安裝於該作業系統30內,同時該啟動密碼12更切割成一第一啟動密碼121與一第二啟動密碼122,且該第一啟動密碼121係儲存於該驗證裝置10,而該第二啟動密碼122則儲存於該第二密碼資料庫33,此外該執行密碼14亦切割成一第一執行密碼141與一第二執行密碼142,且該第一執行密碼141係儲存於該驗證裝置10,而該第二執行密碼142則儲存於該第二密碼資料庫33,另,該識別ID資料庫32內係可預先存有複數個該識別ID 11,而該啟動密碼資料庫34內則可預先存有複數個該啟動密碼12,而該執行帳號資料庫35內則可預先存有複數個該執行帳號13及與該執行帳號13相匹配之該執行密碼14,而該權限資料庫38內則可預先存有複數個該執行帳號13,又,必須說明的是,該驗證裝置10亦可為其他諸如IC卡等裝置,而該虛擬系統36則可安裝於另一電腦主機,再透過乙太網路等方式連線至該作業系統30,本實施例僅為其中一種較佳實施方式,並不會限縮本發明之申請專利範圍。BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram of a preferred embodiment of the present invention, and is a block diagram of a preferred embodiment of the present invention, which is a schematic diagram of a preferred embodiment of the present invention. The data protection method 100 mainly includes the following steps: a device connection step S1: connecting a verification device 10 to a computer host 20, wherein the verification device 10 stores an identification ID 11 and a startup The password 12, an execution account 13 and an execution password 14, and the computer host 20 is provided with an operating system 30, and the operating system 30 is provided with an initial program 31, and the initial program 31 is connected with an identification ID data. The library 32, a second password database 33, a startup password database 34, and an execution account database 35. In addition, the operating system 30 is further connected to a virtual system 36, and the virtual system 36 is connected to a confidential file database. 37 and a permission database 38. In addition, the operating system 30 is further provided with an application 39. In the embodiment, the verification device 10 is a USB key, and the virtual system 36 is The boot password 12 is further cut into a first boot password 121 and a second boot password 122, and the first boot password 121 is stored in the verification device 10, and the second boot password is stored in the operating system 30. 122 is stored in the second password database 33, and the execution password 14 is also cut into a first execution password 141 and a second execution password 142, and the first execution password 141 is stored in the verification device 10, and the The second execution password 142 is stored in the second password database 33. In addition, the identification ID database 32 may pre-store a plurality of the identification IDs 11, and the startup password database 34 may be pre-stored. The activation password 12 is plural, and the execution account database 35 may pre-store a plurality of the execution account 13 and the execution password 14 matching the execution account 13, and the permission database 38 may be pre- There are a plurality of the execution accounts 13 and, in addition, it must be noted that the verification device 10 can also be other devices such as an IC card, and the virtual system 36 can be installed on another computer host and then through the Ethernet. Connect to Operating system 30, wherein the present embodiment is only a preferred embodiment and does not limit the scope of the patent condensing invention.

驗證識別ID步驟S2:當使用者將該驗證裝置10連接於該電腦主機20後,該起始程式31會將該驗證裝置10內儲存之識別ID11與該識別ID資料庫32進行比對,判斷該識別ID 11是否有效。Verifying the identification ID step S2: After the user connects the verification device 10 to the computer host 20, the startup program 31 compares the identification ID 11 stored in the verification device 10 with the identification ID database 32, and determines Whether the identification ID 11 is valid.

啟動虛擬系統步驟S3:若該驗證裝置10之識別ID 11為有效,則該起始程式31會要求輸入一個啟動密碼12,並將該啟動密碼12與該啟動密碼資料庫34進行比對,以判斷該啟動密碼12是否正確,若該啟動密碼12為正確,則啟動該虛擬系統36,於本實施例中,因為該啟動密碼12係預先儲存於該驗證裝置10內,所以該起始程式31將會自動讀取該啟動密碼12,其中,該起始程式31係先自動由該驗證裝置12讀取該第一啟動密碼121,再由該第二密碼資料庫33讀取對應之該第二啟動密碼122,最後再將該第一啟動密碼121與該第二啟動密碼122經演算合成該啟動密碼12。Starting the virtual system step S3: If the identification ID 11 of the verification device 10 is valid, the startup program 31 will request to input a startup password 12, and compare the startup password 12 with the startup password database 34 to It is determined whether the startup password 12 is correct. If the startup password 12 is correct, the virtual system 36 is activated. In this embodiment, since the startup password 12 is pre-stored in the verification device 10, the startup program 31 is The startup password 12 will be automatically read, wherein the startup program 31 automatically reads the first startup password 121 by the verification device 12, and then reads the corresponding second by the second password database 33. The password 122 is activated, and finally the first startup password 121 and the second startup password 122 are calculated and synthesized into the startup password 12.

啟動應用程式步驟S4:若該驗證裝置之識別ID為有效,則該起始程式31會要求輸入一個執行帳號13,並將該執行帳號13與該執行帳號資料庫35進行比對,以判斷該執行帳號13是否有效,若該執行帳號13有效,則進一步要求輸入一個執行密碼14,並將該執行密碼14與該執行帳號資料庫35進行比對,以判斷該執行密碼14是否與該執行帳號13相匹配,若該執行密碼14與該執行帳號13相匹配,則啟動該應用程式39,於本實施例中,因為該執行帳號13與該執行密碼14係預先儲存於該驗證裝置10內,所以該起始程式31將會自動讀取該執行帳號13與該執行密碼14,其中,該起始程式31係先自動由該驗證裝置14讀取該第一執行密碼141,再由該第二密碼資料庫33讀取對應之該第二執行密碼142,最後再將該第一執行密碼141與該第二執行密碼142經演算合成該執行密碼14。Starting the application step S4: If the identification ID of the verification device is valid, the startup program 31 will request to input an execution account 13 and compare the execution account 13 with the execution account database 35 to determine the Whether the execution account 13 is valid, if the execution account 13 is valid, further requesting an execution password 14 and comparing the execution password 14 with the execution account database 35 to determine whether the execution password 14 is related to the execution account. If the execution password 14 matches the execution account 13, the application 39 is started. In this embodiment, the execution account 13 and the execution password 14 are pre-stored in the verification device 10, Therefore, the startup program 31 will automatically read the execution account 13 and the execution password 14, wherein the startup program 31 automatically reads the first execution password 141 by the verification device 14, and then the second The password database 33 reads the corresponding second execution password 142, and finally combines the first execution password 141 and the second execution password 142 into the execution password 14.

驗證存取權限步驟S5:當應用程式39欲存取該機密檔案資料庫37時,此時該應用程式39必須以該執行帳號13登入該虛擬系統36,該虛擬系統36會將該執行帳號13與該權限資料庫38進行比對,判斷該執行帳號13是否有存取該機密檔案資料庫37之權限,若該執行帳號13具有存取該機密檔案資料庫37之權限,則允許該應用程式39存取該機密檔案資料庫37。Verifying Access Rights Step S5: When the application 39 wants to access the confidential file repository 37, the application 39 must log in to the virtual system 36 with the execution account 13 at the moment, and the virtual system 36 will execute the account 13 Comparing with the permission database 38, determining whether the execution account 13 has the right to access the confidential file database 37, and if the execution account 13 has the right to access the confidential file database 37, the application is allowed. 39 access to the confidential archive database 37.

為供進一步瞭解本發明構造特徵、運用技術手段及所預期達成之功效,茲將本發明使用方式加以敘述,相信當可由此而對本發明有更深入且具體之瞭解,如下所述:請再同時參閱第三圖所示,係為本發明之較佳實施例之操作流程圖,當使用者欲存取該機密檔案資料庫37內時,此時使用者必須先將該驗證裝置10連接於該電腦主機20,之後,該起始程式31便會自動讀取該驗證裝置10內之識別ID 11,並將該識別ID 11與該識別ID資料庫32進行比對,以判斷該識別ID 11是否有效,若該識別ID 11為有效,則該起始程式31會進一步由該驗證裝置10內讀取該第一啟動密碼121,以及由該第二密碼資料庫33內讀取對應該識別ID 11之第二啟動密碼122,並將該第一啟動密碼121與該第二啟動密碼122經演算合成該啟動密碼12,再將該啟動密碼12與該啟動密碼資料庫34進行比對,以判斷該啟動密碼12是否正確,若該啟動密碼12為正確,則啟動該虛擬系統36,並讓該虛擬系統36處於待機狀態;此外於讀取該第一啟動密碼121的同時,該起始程式31亦會由該驗證裝置10內讀取該執行帳號13,並將該執行帳號13與該執行帳號資料庫35進行比對,以判斷該執行帳號13是否有效,若該執行帳號13有效,則進一步由該驗證裝置10內讀取該第一執行密碼141,以及由該第二密碼資料庫33內讀取對應該執行帳號13之第二執行密碼142,並將該第一執行密碼141與該第二執行密碼142經演算合成該執行密碼14,再將該執行密碼14與該執行帳號資料庫35進行比對,以判斷該執行密碼14是否與該執行帳號13相匹配,若該執行密碼14與該執行帳號13相匹配,則啟動該應用程式39;最後,當該虛擬系統36與該應用程式39皆啟動後,使用者必須進一步以該執行帳號13登入該虛擬系統36,該虛擬系統36會自動將該執行帳號13與該權限資料庫38進行比對,以判斷該執行帳號13是否具有存取該機密檔案資料庫37之權限,若該執行帳號13具有存取該機密檔案資料庫37之權限,則允許該應用程式39存取該機密檔案資料庫37,藉此,讓使用者必須逐一通過識別ID驗證、啟動密碼驗證、執行帳號驗證以及權限驗證等多道驗證機制,才能存取該機密檔案資料庫37,而可限制權限不足的使用者僅能存取該電腦主機20內的其他檔案,從而能夠防止機密檔案未經授權使用,以達到保護機密資料之目的,同時因為該起始程式31、該虛擬系統36以及各資料庫係可直接安裝於現有的作業系統,所以本發明不用修改任何程式之程式碼,即可達到保護資料之功效。In order to further understand the structural features of the present invention, the application of the technical means, and the intended effect, the manner of use of the present invention will be described. It is believed that the invention can be more deeply and specifically understood as follows: Referring to the third embodiment, which is a flowchart of the operation of the preferred embodiment of the present invention, when the user wants to access the confidential file database 37, the user must first connect the verification device 10 to the user. The host computer 20, after which the start program 31 automatically reads the identification ID 11 in the verification device 10 and compares the identification ID 11 with the identification ID database 32 to determine whether the identification ID 11 is If the identification ID 11 is valid, the startup program 31 further reads the first startup password 121 from the verification device 10, and reads the corresponding identification ID 11 from the second password database 33. The second startup password 122 is used to calculate the startup password 12 by synthesizing the first startup password 121 and the second startup password 122, and then comparing the startup password 12 with the startup password database 34 to determine the password. start up If the code 12 is correct, if the startup password 12 is correct, the virtual system 36 is activated and the virtual system 36 is placed in a standby state; in addition, while the first startup password 121 is read, the startup program 31 is also The execution account 13 is read by the verification device 10, and the execution account 13 is compared with the execution account database 35 to determine whether the execution account 13 is valid. If the execution account 13 is valid, the The first execution password 141 is read in the verification device 10, and the second execution password 142 corresponding to the account 13 is read by the second password database 33, and the first execution password 141 and the second execution are executed. The password 142 is calculated to synthesize the execution password 14, and the execution password 14 is compared with the execution account database 35 to determine whether the execution password 14 matches the execution account 13, if the execution password 14 and the execution After the account 13 matches, the application 39 is started; finally, after the virtual system 36 and the application 39 are started, the user must further log in to the virtual system 36 with the execution account 13, the virtual system. 36, the execution account 13 is automatically compared with the permission database 38 to determine whether the execution account 13 has the right to access the confidential file database 37, and if the execution account 13 has access to the confidential file database The permission of 37 allows the application 39 to access the confidential archive database 37, thereby allowing the user to save the identification by multiple functions such as ID verification, password verification, account verification, and authority verification. The confidential file database 37 is taken, and the user with insufficient authority can only access other files in the computer host 20, thereby preventing unauthorized use of the confidential file, so as to protect the confidential data, and because The startup program 31, the virtual system 36, and the respective database systems can be directly installed in the existing operating system. Therefore, the present invention can achieve the effect of protecting data without modifying the program code of any program.

茲,再將本發明之特徵及其可達成之預期功效陳述如下:本發明之資料保護方法,透過該設備連接步驟、該驗證識別ID步驟、該啟動虛擬系統步驟、該啟動應用程式步驟以及該驗證存取權限步驟,讓使用者必須逐一通過識別ID驗證、啟動密碼驗證、執行帳號驗證以及權限驗證等多道驗證機制,才能存取該機密檔案資料庫,藉此,不僅能夠防止機密檔案未經授權使用,以達到保護機密資料之目的,且因為該起始程式、該虛擬系統以及各資料庫係可直接安裝於現有的作業系統,所以本發明不用修改任何程式之程式碼,即可達到保護資料之功效。Further, the features of the present invention and the achievable expected effects thereof are as follows: the data protection method of the present invention, through the device connection step, the verification identification ID step, the startup virtual system step, the startup application step, and the The step of verifying access rights allows the user to access the confidential file database by identifying multiple authentication mechanisms such as ID verification, password verification, account verification, and permission verification, thereby preventing not only confidential files but also confidential files. Authorized to use for the purpose of protecting confidential information, and because the starting program, the virtual system and each database can be directly installed in an existing operating system, the present invention can be achieved without modifying the program code of any program. Protect the effectiveness of the data.

綜上所述,本發明在同類產品中實有其極佳之進步實用性,同時遍查國內外關於此類結構之技術資料,文獻中亦未發現有相同的構造存在在先,是以,本發明實已具備發明專利要件,爰依法提出申請。In summary, the present invention has excellent advancement and practicability in similar products, and at the same time, the technical materials of such structures are frequently investigated at home and abroad, and the same structure is not found in the literature. The invention already has the invention patent requirements, and the application is filed according to law.

惟,以上所述者,僅係本發明之一較佳可行實施例而已,故舉凡應用本發明說明書及申請專利範圍所為之等效結構變化,理應包含在本發明之專利範圍內。However, the above-mentioned ones are merely preferred embodiments of the present invention, and the equivalent structural changes of the present invention and the scope of the claims are intended to be included in the scope of the present invention.

100...資料保護方法100. . . Data protection method

10...驗證裝置10. . . Verification device

11...識別ID11. . . Identification ID

12...啟動密碼12. . . Start password

121...第一啟動密碼121. . . First startup password

122...第二啟動密碼122. . . Second boot password

13...執行帳號13. . . Executive account

14...執行密碼14. . . Execution password

141...第一執行密碼141. . . First execution password

142...第二執行密碼142. . . Second execution password

20...電腦主機20. . . Computer host

30...作業系統30. . . working system

31...起始程式31. . . Starter

32...識別ID資料庫32. . . Identification ID database

33...第二密碼資料庫33. . . Second password database

34...啟動密碼資料庫34. . . Start password database

35...執行帳號資料庫35. . . Executive account database

36...虛擬系統36. . . Virtual system

37...機密檔案資料庫37. . . Confidential file database

38...權限資料庫38. . . Permission database

39...應用程式39. . . application

S1...設備連接步驟S1. . . Device connection step

S2...驗證識別ID步驟S2. . . Verify ID step

S3...啟動虛擬系統步驟S3. . . Start virtual system steps

S4...啟動應用程式步驟S4. . . Launch application step

S5...驗證存取權限步驟S5. . . Verify access steps

第一圖係本發明之較佳實施例之裝置連接示意圖。The first figure is a schematic view of the connection of the device of the preferred embodiment of the present invention.

第二圖係本發明之較佳實施例之方塊示意圖。The second drawing is a block diagram of a preferred embodiment of the invention.

第三圖係本發明之較佳實施例之操作流程圖。The third drawing is a flow chart of the operation of the preferred embodiment of the present invention.

S1...設備連接步驟S1. . . Device connection step

S2...驗證識別ID步驟S2. . . Verify ID step

S3...啟動虛擬系統步驟S3. . . Start virtual system steps

S4...啟動應用程式步驟S4. . . Launch application step

S5...驗證存取權限步驟S5. . . Verify access steps

Claims (8)

一種資料保護方法,其係包含有下列步驟:設備連接步驟:將一驗證裝置連接於一電腦主機,其中,該驗證裝置內係儲存有一識別ID,而該電腦主機內則設有一作業系統,且該作業系統係安裝有一起始程式,該起始程式係連接有一識別ID資料庫、一啟動密碼資料庫以及一執行帳號資料庫,另,該作業系統更連接有一虛擬系統,且該虛擬系統係連接有一機密檔案資料庫以及一權限資料庫,又,該作業系統更安裝有一應用程式;驗證識別ID步驟:當使用者將該驗證裝置連接於該電腦主機後,該起始程式會將該驗證裝置內儲存之識別ID與該識別ID資料庫進行比對,判斷該識別ID是否有效;啟動虛擬系統步驟:若該驗證裝置之識別ID為有效,則該起始程式會要求輸入一啟動密碼,並將該啟動密碼與該啟動密碼資料庫進行比對,以判斷該啟動密碼是否正確,若該啟動密碼為正確,則啟動該虛擬系統;啟動應用程式步驟:若該驗證裝置之識別ID為有效,則該起始程式會要求輸入一執行帳號,並將該執行帳號與該執行帳號資料庫進行比對,以判斷該執行帳號是否有效,若該執行帳號為有效,則啟動該應用程式;驗證存取權限步驟:當應用程式欲存取該機密檔案資料庫時,此時該應用程式必須以該執行帳號登入該虛擬系統,該虛擬系統會將該執行帳號與該權限資料庫進行比對,判斷該執行帳號是否有存取該機密檔案資料庫之權限,若該執行帳號具有存取該機密檔案資料庫之權限,則允許該應用程式存取該機密檔案資料庫。A data protection method includes the following steps: a device connection step: connecting a verification device to a computer host, wherein the verification device stores an identification ID, and the computer host is provided with an operation system, and The operating system is installed with a starting program, the starting program is connected with an identification ID database, a startup password database and an execution account database, and the operating system is further connected with a virtual system, and the virtual system is connected The connection has a confidential file database and a permission database, and the operating system further has an application installed; the verification identification ID step: when the user connects the verification device to the computer host, the startup program verifies the verification The identification ID stored in the device is compared with the identification ID database to determine whether the identification ID is valid; and the virtual system is started: if the identification ID of the verification device is valid, the startup program may request to input a startup password. And comparing the startup password with the startup password database to determine whether the startup password is correct, if If the password is correct, the virtual system is started; the application step is started: if the identification ID of the verification device is valid, the startup program may request to input an execution account, and the execution account and the execution account database are performed. Comparing to determine whether the execution account is valid, if the execution account is valid, launch the application; verify access rights step: when the application wants to access the confidential file database, the application must The execution account is logged into the virtual system, and the virtual system compares the execution account with the permission database, and determines whether the execution account has the right to access the confidential file database, and if the execution account has access to the secret The permissions of the archive database allow the application to access the confidential archive. 依據申請專利範圍第1項所述之一種資料保護方法,其中,該啟動密碼係預先儲存於該驗證裝置內,可供於該啟動虛擬系統步驟時,讓該起始程式自動讀取該啟動密碼。According to the data protection method of claim 1, wherein the startup password is pre-stored in the verification device, and is configured to allow the startup program to automatically read the startup password when the virtual system is started. . 依據申請專利範圍第2項所述之一種資料保護方法,其中,該起始程式更進一步連接有一第二密碼資料庫,而該啟動密碼係切割成一第一啟動密碼與一第二啟動密碼,且該第一啟動密碼係儲存於該驗證裝置,該第二啟動密碼則儲存於該第二密碼資料庫,可供於該啟動虛擬系統步驟時,讓該起始程式自動由該驗證裝置讀取該第一啟動密碼,以及由該第二密碼資料庫讀取該第二啟動密碼,並將該第一啟動密碼與該第二啟動密碼經演算合成該啟動密碼。According to the data protection method of claim 2, the start program is further connected to a second password database, and the startup password is cut into a first startup password and a second startup password, and The first startup password is stored in the verification device, and the second startup password is stored in the second password database, so that when the step of starting the virtual system is enabled, the startup program is automatically read by the verification device. The first startup password, and the second startup password is read by the second password database, and the first startup password and the second startup password are calculated and synthesized into the startup password. 依據申請專利範圍第1項所述之一種資料保護方法,其中,於該啟動應用程式步驟時,該起始程式會更進一步要求輸入一執行密碼,並將該執行密碼與該執行帳號資料庫進行比對,以判斷該執行密碼是否與該執行帳號相匹配,若該執行密碼與該執行帳號相匹配,才能啟動該應用程式。According to the data protection method of claim 1, wherein, when the application step is started, the startup program further requires an execution password to be entered, and the execution password is performed with the execution account database. The comparison is to determine whether the execution password matches the execution account, and the application can be started if the execution password matches the execution account. 依據申請專利範圍第4項所述之一種資料保護方法,其中,該執行帳號與該執行密碼係預先儲存於該驗證裝置內,可供於該啟動應用程式步驟時,讓該起始程式自動讀取該執行帳號與該執行密碼。According to the data protection method of claim 4, the execution account and the execution password are pre-stored in the verification device, and the start program is automatically read when the application step is started. Take the execution account and the execution password. 依據申請專利範圍第5項所述之一種資料保護方法,其中,該起始程式更進一步連接有一第二密碼資料庫,而該執行密碼係切割成一第一執行密碼與一第二執行密碼,且該第一執行密碼係儲存於該驗證裝置,該第二執行密碼則儲存於該第二密碼資料庫,可供於該啟動應用程式步驟時,讓該起始程式自動由該驗證裝置讀取該第一執行密碼,以及由該第二密碼資料庫讀取該第二執行密碼,並將該第一執行密碼與該第二執行密碼經演算合成該執行密碼。A data protection method according to claim 5, wherein the initial program is further connected to a second password database, and the execution password is cut into a first execution password and a second execution password, and The first execution password is stored in the verification device, and the second execution password is stored in the second password database, so that when the application step is started, the startup program is automatically read by the verification device. First executing the password, and reading the second execution password by the second password database, and synthesizing the first execution password and the second execution password into the execution password. 依據申請專利範圍第1項所述之一種資料保護方法,其中,該驗證裝置係為一USB金鑰。A data protection method according to claim 1, wherein the verification device is a USB key. 依據申請專利範圍第1項所述之一種資料保護方法,其中,該虛擬系統係安裝於該作業系統內。A data protection method according to claim 1, wherein the virtual system is installed in the operating system.
TW100148396A 2011-12-23 2011-12-23 Data protection method TW201327259A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW100148396A TW201327259A (en) 2011-12-23 2011-12-23 Data protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW100148396A TW201327259A (en) 2011-12-23 2011-12-23 Data protection method

Publications (1)

Publication Number Publication Date
TW201327259A true TW201327259A (en) 2013-07-01

Family

ID=49225056

Family Applications (1)

Application Number Title Priority Date Filing Date
TW100148396A TW201327259A (en) 2011-12-23 2011-12-23 Data protection method

Country Status (1)

Country Link
TW (1) TW201327259A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI696934B (en) * 2018-01-30 2020-06-21 日商東芝記憶體股份有限公司 Data accumulation device, data processing system, application system and data processing method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI696934B (en) * 2018-01-30 2020-06-21 日商東芝記憶體股份有限公司 Data accumulation device, data processing system, application system and data processing method

Similar Documents

Publication Publication Date Title
US11126754B2 (en) Personalized and cryptographically secure access control in operating systems
US11012241B2 (en) Information handling system entitlement validation
JP5021838B2 (en) Enforcing the use of chipset key management services for encrypted storage devices
TWI438686B (en) System and method for protected operating system boot using state validation
US8214630B2 (en) Method and apparatus for controlling enablement of JTAG interface
CN101901313B (en) Linux file protection system and method
AU2002368159B2 (en) System and method for authentication
JP6072091B2 (en) Secure access method and secure access device for application programs
US20110314279A1 (en) Single-Use Authentication Methods for Accessing Encrypted Data
CN107563213B (en) Safety secrecy control device for preventing data extraction of storage equipment
KR20080071529A (en) System and method of storage device data encryption and data access via a hardware key
CN104794394B (en) A kind of virtual machine starts the method and device of verification
CN101916348A (en) Method and system for safely guiding operating system of user
WO2016065636A1 (en) Data management method and data management device for terminal, and terminal
NL2033980B1 (en) New method for trusted data decryption based on privacy-preserving computation
US8863273B2 (en) Method of using an account agent to access superuser account shell of a computer device
TW201327259A (en) Data protection method
WO2012050421A1 (en) Secure external storage system and method thereof
JP2009245135A (en) Information processing terminal device and start authentication method of application program
EP3168768B1 (en) Software protection
CN103942482B (en) Mainframe security protection method based on embedded type
GB2544328B (en) Software protection
KR20130116485A (en) Apparatus and method for file encryption
TWM322687U (en) Starter for ID certification
GB2574316A (en) Controlling access to data