TW201738802A - A removable security device and a method to prevent unauthorized exploitation and control access to files - Google Patents

A removable security device and a method to prevent unauthorized exploitation and control access to files Download PDF

Info

Publication number
TW201738802A
TW201738802A TW106103728A TW106103728A TW201738802A TW 201738802 A TW201738802 A TW 201738802A TW 106103728 A TW106103728 A TW 106103728A TW 106103728 A TW106103728 A TW 106103728A TW 201738802 A TW201738802 A TW 201738802A
Authority
TW
Taiwan
Prior art keywords
security device
file
host device
detachable
identifier
Prior art date
Application number
TW106103728A
Other languages
Chinese (zh)
Inventor
朱立蓮 巴契曼
比爾 珊達
Original Assignee
納格維遜股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 納格維遜股份有限公司 filed Critical 納格維遜股份有限公司
Publication of TW201738802A publication Critical patent/TW201738802A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1063Personalisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A removable security device configured to prevent unauthorized exploitation of files, connectable with a host device, the removable security device comprising a central processor, an operating system, a graphic processor, memories and a communication link configured to exchange data with the host device. The removable security device further comprises an identification module for verifying conformity of at least one user credential received from the host device via the communication link. The operating system enables through a remote desktop agent remote access to at least one file and executes a file processing application with the at least one file. The operating system, the remote desktop agent and the file processing application are stored in a non-volatile memory of the removable security device. The graphic processor generates displayable frames corresponding to the execution of the application with the file. A watermarking module coupled to the graphic processor inserts additional data into the displayable frames, said additional data forming a watermark generated on all or part of the displayable frame. The additional data allows retrieving at least the identifier of the removable security device. The communication link transmits the watermarked displayable frames to the host device.

Description

用以防止檔案的未授權利用及控制存取的可卸式安全裝置及方法 Detachable security device and method for preventing unauthorized use and control access of files

本揭示一般相關於用以防止儲存在本地或遠端儲存裝置中檔案的未授權利用及控制存取的可卸式安全裝置及方法。 The present disclosure is generally related to detachable security devices and methods for preventing unauthorized use and control access to files stored in local or remote storage devices.

可連接到個人電腦之可卸式安全裝置可用於對遠端網路內容伺服器鑑別該個人電腦之使用者。可卸式安全裝置可包含儲存有介面軟體程式之記憶體,該介面軟體程式經組態以使用在初始化階段產生之加密/解密金鑰。介面軟體程式被執行在個人電腦上用於經由網路而將個人電腦界接(interfacing)到內容伺服器。加密/解密金鑰被介面軟體程式使用用於對內容伺服器鑑別該個人電腦之使用者,及用於建立個人電腦與內容伺服器間之安全連接。經由標準USB(通用串列匯流排)鏈路,可卸式安全裝置可被連接到個人電腦。 A removable security device connectable to the personal computer can be used to authenticate the user of the personal computer to the remote network content server. The removable security device can include a memory storing an interface software program configured to use the encryption/decryption key generated during the initialization phase. The interface software program is executed on a personal computer for interfacing the personal computer to the content server via the network. The encryption/decryption key is used by the interface software program to authenticate the user of the personal computer to the content server and to establish a secure connection between the personal computer and the content server. The removable security device can be connected to a personal computer via a standard USB (Universal Serial Bus) link.

由於可卸式USB裝置之記憶體係可覆寫的,故介面軟體程式在連接到個人電腦期間可經組態以寫入任何暫時性檔案於可卸式USB裝置記憶體之位置中而並非寫入到個人電腦之標準暫時性檔案夾中。此確保在關閉到內容伺服器之安全連接後及在移除可卸式安全USB裝置後,沒有含有機密資訊之暫時性檔案會保留在個人電腦上,並因此提供對抗駭客之增強的安全性。 Since the memory system of the removable USB device can be overwritten, the interface software program can be configured to write any temporary file in the position of the removable USB device memory instead of writing during connection to the personal computer. Go to the standard temporary folder of your PC. This ensures that after the secure connection to the content server is closed and after the removable secure USB device is removed, the temporary file without confidential information remains on the personal computer and thus provides enhanced security against the hacker. .

可卸式安全裝置可基於「USB供電之電腦」裝置,舉例而言基於已知為「USB armory」之裝置。此類型之可卸式裝置可被設計以可連接到個人電腦之USB埠,其提供電源與雙向串列資料鏈路於個人電腦與可卸式裝置之間。除了用於儲存應用軟體程式及相關資料之可覆寫記憶體之外,可卸式安全裝置可包含中央處理器及作業系統。儲存在非揮發性記憶體中的作業系統管理應用軟體程式以及雙向串列資料鏈路。 The detachable security device can be based on a "USB powered computer" device, for example based on a device known as "USB armory". This type of detachable device can be designed to be connected to a USB port of a personal computer that provides power and a two-way serial data link between the personal computer and the detachable device. In addition to the rewritable memory for storing application software programs and related materials, the detachable security device can include a central processing unit and an operating system. The operating system management application software program stored in the non-volatile memory and the bidirectional serial data link.

根據一實施例,揭示一種可卸式安全裝置,其經組態以防止儲存在本地或遠端儲存裝置中電腦檔案之未授權利用。 In accordance with an embodiment, a detachable security device is disclosed that is configured to prevent unauthorized use of computer files stored in a local or remote storage device.

根據另一實施例,揭示一種方法,其用以防止由與可卸式安全裝置相關之主機裝置存取電腦檔案之未授權利用。 In accordance with another embodiment, a method is disclosed for preventing unauthorized access to computer files from a host device associated with a detachable security device.

根據可卸式安全裝置之一實例,所揭示之可 卸式安全裝置可係基於「USB供電之電腦」裝置。此類型之可卸式裝置可經設計以可經由USB(通用串列匯流排)埠連接到主機裝置,該USB埠提供到可卸式裝置之電源及提供主機裝置與可卸式裝置之間的雙向串列資料鏈路。 According to one example of a detachable safety device, the disclosed The unloading safety device can be based on a "USB powered computer" device. This type of detachable device can be designed to be connected to a host device via a USB (Universal Serial Bus), which provides power to the detachable device and provides between the host device and the detachable device. Bidirectional serial data link.

可卸式USB安全裝置或USB供電之電腦具有可呈現為各種USB裝置之優點,諸如,呈現為具有USB類型通訊埠的外接插件之型態,其待被插入任何具有相對應USB埠之主機裝置。可實作其他類型之通訊埠,例如,Apple Lightning、FireWire IEEE 1394等。根據進一步實施例,可卸式安全裝置可被非主機裝置之USB埠的其他來源供電,例如內部電池或外部電源供應器。 A removable USB security device or a USB powered computer has the advantage of being able to be presented as a variety of USB devices, such as an external plug-in type having a USB type communication port, to be inserted into any host device having a corresponding USB port. . It can be used for other types of communication, such as Apple Lightning, FireWire IEEE 1394, etc. According to a further embodiment, the detachable security device can be powered by other sources of the USB port of the non-host device, such as an internal battery or an external power supply.

主機裝置可較佳地為亦稱作膝上型電腦的可攜式個人電腦(PC)或耦接到顯示器螢幕之桌上型個人電腦之型態。其他諸如平板電腦、智慧型手機、個人數位助理(PDA)或口袋PC之可攜式裝置亦可用作主機裝置。 The host device may preferably be a portable personal computer (PC), also referred to as a laptop, or a desktop personal computer coupled to a display screen. Other portable devices such as tablets, smart phones, personal digital assistants (PDAs) or pocket PCs can also be used as host devices.

根據第一實施例,可卸式安全裝置可含有包含至少一處理器、記憶體及經組態以與主機裝置交換資料之通訊鏈路的組件。儲存在可卸式安全裝置之記憶體中的作業系統管理該等組件及下述各種應用。舉例而言,藉由透過USB使用SSH(Secure Shell)連接或藉由使用遠端桌上型顯示器(舉例而言藉由使用微軟® RDP(遠端桌上型協定)提供),在主機裝置與可卸式安全裝置之間的通訊鏈路可被主機裝置管理,以允許自主機裝置與運行在可卸式安全裝置上之應用程式互動。此類可卸式安全裝置 旨在安全,並提供用以儲存及編輯檔案之安全內部工作環境。應用程式(例如,文字處理、表單、簡報等)可被使用於處理在可卸式安全裝置中的檔案。 According to a first embodiment, the detachable security device can include components including at least one processor, memory, and a communication link configured to exchange data with the host device. The operating system stored in the memory of the removable security device manages these components and the various applications described below. For example, by using an SSH (Secure Shell) connection via USB or by using a remote desktop display (for example, by using Microsoft® RDP (Remote Desktop Protocol)), on the host device and The communication link between the detachable security devices can be managed by the host device to allow interaction between the host device and an application running on the detachable security device. Such a removable safety device Designed to be secure and provide a secure internal working environment for storing and editing files. Applications (eg, word processing, forms, presentations, etc.) can be used to process files in a removable security device.

根據第二實施例,可卸式安全裝置可進一步包含網路介面,經組態以使用主機裝置之網路連接能力以與本地網路或諸如網際網路之公用網路上之網路資源通訊。網路資源可包含遠端伺服器、虛擬驅動器或資料庫,其可透過可卸式安全裝置被主機裝置存取用於提取及儲存檔案。可卸式安全裝置可因此被主機裝置辨識為,例如,有附接共享網路驅動器之有效網路資源。針對以可卸式安全裝置之應用程式來處理,檔案可自遠端伺服器下載到可卸式安全裝置之記憶體中,並在處理後被儲存在記憶體中及/或自記憶體被上傳到遠端伺服器。 According to a second embodiment, the removable security device can further include a network interface configured to communicate with the network resources of the local network or a public network such as the Internet using the network connectivity of the host device. The network resources can include a remote server, virtual drive, or database that can be accessed by the host device through a removable security device for extracting and storing files. The removable security device can thus be recognized by the host device as, for example, having an effective network resource attached to the shared network drive. For processing by an application of a removable security device, the file can be downloaded from the remote server into the memory of the removable security device and stored in the memory and/or uploaded from the memory after processing. Go to the remote server.

在若干實施例中,檔案被處理而無須被儲存在主機裝置上,防止複製到另一外部記憶體或驅動器上。可卸式安全裝置允許檔案使用於無軟體及版權保護的主機裝置上以防止潛在洩漏。 In several embodiments, the file is processed without being stored on the host device, preventing copying to another external memory or drive. The detachable security device allows files to be used on host devices without software and copyright protection to prevent potential leaks.

然而,習用防複製措施無法包括對於由主機裝置所顯示的內容之螢幕截圖或對於擷取對應於顯示影像的保護。舉例而言,截圖或螢幕擷取可以使用主機裝置之應用程式執行,亦可使用智慧型手機之照相機來擷取內容的全部或部分。針對擷取對應於所顯示的內容之數位訊號,主機裝置可經修改以重新導向來自顯示器之訊號到訊號記錄模組。 However, conventional anti-copy measures cannot include a screenshot of the content displayed by the host device or for capturing protection corresponding to the displayed image. For example, a screenshot or screen capture can be performed using an application of the host device, or a camera of a smart phone can be used to capture all or part of the content. The host device can be modified to redirect the signal from the display to the signal recording module for capturing the digital signal corresponding to the displayed content.

作為揭示方法及裝置之例示性態樣,係藉由將資訊整合到由可卸式安全裝置產生之可顯示訊框中以提供防複製保護,該訊框可顯示於主機裝置之螢幕上。經整合資訊可用以識別與可顯示訊框(例如,截圖或影像擷取)之未授權副本相關之可卸式安全裝置。此資訊最好對於使用者為不可見的。可卸式安全裝置由登錄於資料庫中之獨特識別符參照,該資料庫亦可使用此識別符來與使用者資料相關。之後稱為浮水印的該資訊,可能無法防止未授權複製(例如,螢幕擷取),但可賦能與顯示所複製訊框的主機裝置相關的可卸式安全裝置之識別。此外,浮水印亦可包括主機裝置之識別符與時間性資料。 As an illustrative aspect of the disclosed method and apparatus, the frame can be displayed on the screen of the host device by integrating the information into a displayable frame generated by the removable security device to provide anti-copy protection. The integrated information can be used to identify a removable security device associated with an unauthorized copy of a displayable frame (eg, a screenshot or image capture). This information is best not visible to the user. The detachable security device is referenced by a unique identifier registered in the database, which can also be used by the database to correlate with the user profile. This information, referred to hereinafter as a watermark, may not prevent unauthorized copying (eg, screen capture), but may be capable of identifying the removable security device associated with the host device displaying the copied frame. In addition, the watermark may also include the identifier and time data of the host device.

根據實施例,浮水印可以為允許至少擷取資料庫中可卸式安全裝置之識別符的碼。 According to an embodiment, the watermark may be a code that allows at least the identifier of the removable security device in the database to be retrieved.

10‧‧‧可卸式安全裝置 10‧‧‧Removable safety device

20‧‧‧主機裝置 20‧‧‧Host device

30‧‧‧追蹤伺服器 30‧‧‧Tracking server

40‧‧‧資料庫 40‧‧‧Database

100‧‧‧中央處理器 100‧‧‧ central processor

101‧‧‧作業系統 101‧‧‧Operating system

102‧‧‧記憶體 102‧‧‧ memory

102’‧‧‧隨機存取記憶體 102'‧‧‧ random access memory

103‧‧‧加密/解密模組 103‧‧‧Encryption/Decryption Module

104‧‧‧圖形處理器 104‧‧‧Graphic processor

105‧‧‧浮水印模組 105‧‧‧Watermark module

106‧‧‧識別模組 106‧‧‧ Identification module

107‧‧‧遠端桌上型代理器 107‧‧‧Remote desktop agent

108‧‧‧通訊埠 108‧‧‧Communication埠

109‧‧‧網路介面 109‧‧‧Network interface

109’‧‧‧無線網路通訊模組 109’‧‧‧Wireless Network Communication Module

109”‧‧‧無線網路通訊模組 109”‧‧‧Wireless Network Communication Module

110‧‧‧通訊鏈路 110‧‧‧Communication link

120‧‧‧檔案處理應用程式 120‧‧‧File Processing Application

121‧‧‧檔案處理應用程式 121‧‧‧File Processing Application

130‧‧‧文字文件 130‧‧‧ text file

圖1顯示耦接到主機裝置之可卸式安全裝置的方塊圖。在主機裝置上運作之遠端桌上型代理器允許存取、顯示、及編輯其中可藉由實作於可卸式安全裝置中的浮水印模組來插入附加資料之內容。 Figure 1 shows a block diagram of a detachable security device coupled to a host device. The remote desktop agent operating on the host device allows access, display, and editing of the content of the additional material that can be inserted by the watermarking module implemented in the removable security device.

圖2顯示可連接到主機裝置之可卸式安全裝置的更詳細方塊圖,該可卸式安全裝置允許主機裝置執行具有檔案本地地儲存或儲存在遠端伺服器中的檔案處理應用程式。浮水印模組將附加資料插入到由可卸式安全裝置之圖形處理器產生之可顯示訊框中。 2 shows a more detailed block diagram of a detachable security device connectable to a host device that allows the host device to execute an archival processing application that is stored locally or stored in a remote server. The watermark module inserts the additional data into a displayable frame generated by the graphics processor of the removable security device.

本揭示之可卸式安全裝置可較佳地經由標準USB(通用串列匯流排)埠被連接到主機裝置,此具有提供與主機裝置的快速雙向資料通訊鏈路之優勢。其亦可有利地提供電源到主機裝置。標準通用串列資料匯流排可係用於例如USB 2.0、USB 3.0、或USB 3.1類型,其中不同的類型因為其通量而有所差異,其分別具有480Mbit/s、5Gbit/s、及10Gbit/s之值的通量。 The removable security device of the present disclosure can preferably be connected to a host device via a standard USB (Universal Serial Bus), which has the advantage of providing a fast two-way data communication link with the host device. It may also advantageously provide power to the host device. The standard universal serial data bus can be used, for example, for USB 2.0, USB 3.0, or USB 3.1 types, where different types differ in their throughput, with 480 Mbit/s, 5 Gbit/s, and 10 Gbit/ respectively. The flux of the value of s.

可卸式安全裝置之模組 Removable safety device module

可卸式安全裝置10,如圖2之方塊圖所示意地說明者,可包含諸如中央處理器100、記憶體102、圖形處理器104、網路介面109、及通訊埠108(例如,USB埠)之硬體模組。記憶體可包含數個多類型的記憶體片段,諸如唯讀及讀取/寫入非揮發性記憶體102(亦即,非揮發性記憶體)、及隨機存取記憶體102’。 The removable security device 10, as illustrated in the block diagram of FIG. 2, may include, for example, a central processing unit 100, a memory 102, a graphics processor 104, a network interface 109, and a communication port 108 (eg, USB port). ) hardware module. The memory can include a plurality of types of memory segments, such as read-only and read/write non-volatile memory 102 (i.e., non-volatile memory), and random access memory 102'.

可卸式安全裝置10進一步包含使用可卸式安全裝置10之硬體資源而載入於非揮發性記憶體中的各種軟體模組。作業系統101管理不同硬體與軟體模組。為了確保儲存之軟體模組為安全的,可將可信根功能嵌入於作業系統101中,較佳地以硬體形式嵌入。硬體可信根相較於軟體可信根提供了較高層級之信任度,該軟體可信根典型上較易受駭客之攻擊。可信根提供以確保在可卸式安全 裝置10之不同操作模式期間(例如,供電、初始化、及一般操作模式),硬體與軟體完整性被保持,的服務(例如,監控)。 The detachable security device 10 further includes various software modules that are loaded into the non-volatile memory using the hardware resources of the detachable security device 10. The operating system 101 manages different hardware and software modules. To ensure that the stored software module is secure, the trusted root function can be embedded in the operating system 101, preferably in a hard form. The hardware trusted root provides a higher level of trust than the software trusted root, which is typically more vulnerable to hackers. Trusted roots are provided to ensure detachable security Services (eg, monitoring) of hardware and software integrity are maintained during different modes of operation of device 10 (eg, power, initialization, and general mode of operation).

軟體模組可包括識別模組106、檔案處理應用程式120、121、遠端桌上型代理器107、加密/解密模組103、及/或浮水印模組105。 The software module may include an identification module 106, a file processing application 120, 121, a remote desktop agent 107, an encryption/decryption module 103, and/or a watermark module 105.

識別模組106可接收及儲存至少一使用者身分碼,用於鑑別使用者以存取可卸式安全裝置10之資源。 The identification module 106 can receive and store at least one user identity code for authenticating the user to access the resources of the removable security device 10.

舉例而言,檔案處理應用程式120、121包含文字文件編輯器(諸如Microsoft ® Word)、投影片編輯器(諸如Microsoft ® Power Point)、或表單編輯器(諸如Microsoft ® Excel),或任何其他檔案建立/編輯應用程式。檔案處理應用程式120、121可被中央處理器100管理,其受作業系統101與專用使用者介面的控制。 For example, the file processing application 120, 121 includes a text file editor (such as Microsoft® Word), a slide editor (such as Microsoft® Power Point), or a form editor (such as Microsoft® Excel), or any other file. Create/edit an application. The file processing applications 120, 121 can be managed by the central processing unit 100, which is controlled by the operating system 101 and a dedicated user interface.

遠端桌上型代理器107可與作業系統101整合。遠端桌上型代理器107賦能到至少一檔案之遠端存取及至少具有該一檔案之檔案處理應用程式(例如120、121)之執行。遠端桌上型代理器107亦賦能與主機裝置20之通訊及賦能對該檔案與對檔案處理應用程式120、121之遠端存取,用於被主機裝置20執行。遠端桌上型代理器107可較佳地嵌入於作業系統101中並被硬體可信根保護,以防止任何竄改或未授權修改(例如,儲存檔案到主機裝置20中)。 The remote desktop agent 107 can be integrated with the operating system 101. The remote desktop agent 107 is configured to perform remote access to at least one file and execution of at least one file processing application (e.g., 120, 121) having the file. The remote desktop agent 107 is also enabled to communicate with the host device 20 and to enable remote access to the file and file processing applications 120, 121 for execution by the host device 20. The remote desktop agent 107 can preferably be embedded in the operating system 101 and protected by a hardware trusted root to prevent any tampering or unauthorized modification (e.g., storing files into the host device 20).

加密/解密模組103被耦接到網路介面109及被耦接到記憶體102。當檔案為了處理而被擷取時,加密/解密模組103在將檔案儲存與解密之前先將其加密。加密/解密操作可藉由使用具有對稱或非對稱加密金鑰之適當演算法而予以執行。網路介面109可被組態以利用主機裝置20之網路連接資源,用於與遠端伺服器30及資料庫40交換資料。經交換之資料可被加密/解密模組103加密。 The encryption/decryption module 103 is coupled to the network interface 109 and coupled to the memory 102. When the file is retrieved for processing, the encryption/decryption module 103 encrypts the file before storing and decrypting it. The encryption/decryption operation can be performed by using an appropriate algorithm with a symmetric or asymmetric encryption key. The network interface 109 can be configured to utilize the network connection resources of the host device 20 for exchanging data with the remote server 30 and the repository 40. The exchanged data can be encrypted by the encryption/decryption module 103.

浮水印模組105被耦接到圖形處理器104且可將附加資料插入到由圖形處理器104產生之可顯示訊框中。舉例而言,與主機裝置20相關之螢幕顯示訊框。將於下文中說明附加資料內容及擷取方法之不同實施例。 The watermark module 105 is coupled to the graphics processor 104 and can insert additional material into the displayable frame generated by the graphics processor 104. For example, the screen associated with the host device 20 displays a frame. Different embodiments of additional material content and methods of capture will be described below.

根據實施例,可卸式安全裝置10可包含與網路介面109相關之無線網路通訊模組(例如,圖2中的109’、109”)。網路介面109可以係,舉例而言,WiFi模組、諸如3G、4G、LTE(長期演進)類型模組之行動網路通訊模組等。在若干實施例中,可卸式安全裝置10可被連接到無網路通訊資源的主機裝置20。在若干實施例中,無線網路通訊模組109’、109”確保由主機裝置20對儲存在遠端伺服器30或虛擬驅動器上之檔案的存取。 According to an embodiment, the removable security device 10 can include a wireless network communication module (e.g., 109', 109" in FIG. 2) associated with the network interface 109. The network interface 109 can be, for example, WiFi module, mobile network communication module such as 3G, 4G, LTE (Long Term Evolution) type module, etc. In some embodiments, the removable security device 10 can be connected to a host device without network communication resources 20. In several embodiments, the wireless network communication modules 109', 109" ensure access by the host device 20 to files stored on the remote server 30 or virtual drive.

可卸式安全裝置之操作 Removable safety device operation

耦接到主機裝置20之通訊埠的可卸式安全裝置10可被自動地或手動地啟動(例如,藉由在可卸式安 全裝置10上的實體開關、按鈕等)。自動啟用可發生於將可卸式安全裝置10插入到主機裝置20之通訊埠上時。啟用可包含裝上可卸式安全裝置10作為用於主機裝置的有效網路裝置資源並與主機裝置20交換資訊之步驟。經交換之資訊可賦能對主機裝置20之使用者鑑別請求。主機裝置20之使用者介面可提示使用者輸入例如使用者名稱及密碼之身分碼。該等身分碼亦可為指紋或其他生物特徵資料之形式,其由使用者透過與主機裝置20相關之專用裝置或透過直接位於可卸式安全裝置10上的專用裝置輸入。該等身分碼亦可包括一次性密碼(OTP),其具有與使用者名稱或使用者位址相關之有限的有效性期間。 The detachable security device 10 coupled to the communication port of the host device 20 can be activated automatically or manually (eg, by means of detachable security) Physical switches, buttons, etc. on the entire device 10. Automatic activation can occur when the removable security device 10 is plugged into the communication device of the host device 20. Enabling may include the step of installing the removable security device 10 as an active network device resource for the host device and exchanging information with the host device 20. The exchanged information can be authenticated to the user of the host device 20. The user interface of the host device 20 can prompt the user to enter an identity code such as a username and password. The identity codes may also be in the form of fingerprints or other biometric data that is input by the user through a dedicated device associated with the host device 20 or through a dedicated device located directly on the detachable security device 10. The identity codes may also include a one-time password (OTP) having a limited validity period associated with the username or user address.

可藉由比較先前在可卸式安全裝置10之初始化階段期間所記錄在識別模組106中的使用者資料而驗證身分碼之一致性。當被記錄的使用者資料及輸入之身分碼匹配時,對可卸式安全裝置10資源的存取被有效化。透過經啟用之遠端桌上型代理器107,用於以主機裝置20處理檔案之應用程式與檔案變成可操作的。否則,當使用者鑑別失敗時,對檔案及應用程式之存取被否決。 The identity of the identity code can be verified by comparing the user profiles previously recorded in the identification module 106 during the initialization phase of the removable security device 10. When the recorded user data and the entered identity code match, access to the resources of the detachable security device 10 is validated. Through the enabled remote desktop agent 107, the applications and files used to process the files with the host device 20 become operational. Otherwise, access to files and applications is denied when user authentication fails.

根據一實例,透過USB類型鏈路之通訊可使用標準RDP協定(遠端桌上型協定)。RDP協定可提供使用者圖形介面,以透過網路連接連接到另一電腦。可卸式安全裝置10可被主機裝置20辨識為網路裝置。藉由將連接裝置間交換的資料加密,RDP協定可進一步提供安全連接。 According to an example, a standard RDP protocol (Remote Desktop Protocol) can be used for communication over a USB type link. The RDP protocol provides a graphical user interface to connect to another computer via a network connection. The detachable security device 10 can be recognized by the host device 20 as a network device. The RDP protocol can further provide a secure connection by encrypting the data exchanged between the connected devices.

儲存在可卸式安全裝置10中的遠端桌上型代理器107在主機裝置20上提供使用者介面。使用者介面可用於檔案選擇及啟動應用程式,以執行所選檔案之開啟與編輯。舉例而言,儲存在讀取/寫入非揮發性記憶體102中的文字文件130可被文字文件編輯器120開啟。桌上型代理器107可促進文字文件編輯器120之執行以及一旦文件在讀取/寫入非揮發性記憶體102中修改後促進文件的儲存,而不提供任何儲存文件之副本於主機裝置20之記憶體中的可能性。 The remote desktop agent 107 stored in the detachable security device 10 provides a user interface on the host device 20. The user interface can be used for file selection and launching of applications to perform the opening and editing of selected files. For example, the text file 130 stored in the read/write non-volatile memory 102 can be opened by the text file editor 120. The desktop agent 107 can facilitate execution of the text file editor 120 and facilitate storage of files once the files are modified in the read/write non-volatile memory 102 without providing a copy of any stored files to the host device 20 The possibility in the memory.

圖1說明其中儲存在可卸式安全裝置10之讀取/寫入非揮發性記憶體102中的文件130被文字文件編輯器120之執行所開啟時之實例,透過遠端桌上型代理器107提供對應視窗於主機裝置20上。 1 illustrates an example in which a file 130 stored in the read/write non-volatile memory 102 of the removable security device 10 is turned on by the execution of the text file editor 120, through the remote desktop agent. 107 provides a corresponding window on the host device 20.

應用程式120在作業系統101上操作,該作業系統101管理可卸式安全裝置10之硬體與軟體模組以及管理與主機裝置20之通訊鏈路110。 The application 120 operates on an operating system 101 that manages the hardware and software modules of the removable security device 10 and manages the communication link 110 with the host device 20.

具有文件檔案的文字文件編輯器120之執行(藉由圖形處理器104)賦能將被浮水印模組105標記浮水印之可顯示訊框的產生。在由文字文件編輯器120之檔案執行的終結處,該檔案可被儲存在可卸式安全裝置10之讀取/寫入非揮發性記憶體102中。 The execution of the text file editor 120 with the file archive (by the graphics processor 104) enables the generation of the displayable frame of the watermark by the watermark module 105. At the end of execution by the file of the text file editor 120, the file can be stored in the read/write non-volatile memory 102 of the removable security device 10.

根據實施例,除了存取儲存在可卸式安全裝置10之讀取/寫入非揮發性記憶體102中的檔案,遠端桌上型代理器107可允許對先前儲存在遠端伺服器30中或 虛擬驅動器上的檔案之存取。針對存取在遠端伺服器30上的檔案,遠端桌上型代理器107使用主機裝置20之網路資源及可卸式安全裝置10之網路介面109。根據較偏好之模式,在可卸式安全裝置10之啟用後執行之使用者鑑別亦經由可卸式安全裝置10賦能主機裝置20到遠端伺服器30之連接,並授權對儲存檔案之存取。可使用使用者個人加密金鑰將此等檔案加密以防止被未授權的使用者存取。 In accordance with an embodiment, in addition to accessing files stored in the read/write non-volatile memory 102 of the removable security device 10, the remote desktop agent 107 may allow for the previous storage at the remote server 30. Medium or Access to files on a virtual drive. The remote desktop agent 107 uses the network resources of the host device 20 and the network interface 109 of the removable security device 10 for accessing files on the remote server 30. According to the preferred mode, the user authentication performed after the activation of the detachable security device 10 also enables the connection of the host device 20 to the remote server 30 via the detachable security device 10, and authorizes the storage of the storage file. take. These files can be encrypted using the user's personal encryption key to prevent unauthorized access by unauthorized users.

在檔案處理階段(session)期間,遠端儲存之檔案可被下載到與可卸式安全裝置10之中央處理器100相關之隨機存取記憶體102’中,其被加密/解密模組103解密且被檔案處理應用程式120執行。在處理結束時,且假設已做出檔案之修改,則該檔案可被再加密且被儲存在遠端儲存器中及/或在可卸式安全裝置10之本地讀取/寫入非揮發性記憶體102中。針對唯讀所執行之檔案可被下載到隨機存取記憶體102’中且用於讀取而被解密,在遠端儲存器中的剩餘檔案係為加密形成。為了防止載入於隨機存取記憶體102’中檔案之任何擷取,較佳為將其刪除自隨機存取記憶體102’。在檔案處理應用程式120之終結後,遠端桌上型代理器107可將隨機存取記憶體102’清空,其中該檔案處理應用程式120將該執行之檔案關閉並儲存在可卸式安全裝置10之讀取/寫入非揮發性記憶體102中或在遠端伺服器30或虛擬驅動器中。 During the file processing session, the remotely stored file can be downloaded to the random access memory 102' associated with the central processing unit 100 of the removable security device 10, which is decrypted by the encryption/decryption module 103. And executed by the file processing application 120. At the end of the process, and assuming that a modification of the file has been made, the file can be re-encrypted and stored in the remote storage and/or read/written non-volatile locally in the removable security device 10. In memory 102. Files executed for read-only can be downloaded into random access memory 102' and decrypted for reading, and the remaining files in the remote storage are encrypted. In order to prevent any capture of the file loaded in the random access memory 102', it is preferably deleted from the random access memory 102'. After the end of the file processing application 120, the remote desktop agent 107 can empty the random access memory 102', wherein the file processing application 120 closes and stores the executed file in the removable security device. The read/write of 10 is in non-volatile memory 102 or in remote server 30 or virtual drive.

上述解決方法可解決文件被儲存在主機裝置 記憶體中之問題,因為取而代之地僅將該等檔案儲存在可卸式安全裝置上。 The above solution can solve the problem that the file is stored in the host device The problem in memory, because only these files are stored on the removable security device instead.

可顯示訊框之浮水印 Can display the watermark of the frame

進一步地,當處理檔案時,浮水印模組105修改由圖形處理器104所產生之可顯示訊框。浮水印模組105可插入附加資料到可顯示訊框之至少若干者中。 Further, when processing the file, the watermark module 105 modifies the displayable frame generated by the graphics processor 104. The watermark module 105 can insert additional data into at least some of the displayable frames.

當檔案處理應用程式120執行預判定檔案時,耦接到中央處理器100之圖形處理器104產生將被顯示為主機裝置20之螢幕上的影像之可顯示訊框。舉例而言,根據螢幕更新率標準而言,圖形處理器104每秒產生60訊框以使主機裝置20顯示該內容。浮水印模組105修改可顯示訊框,使得任何時間做出之影像擷取將包括附加資料。輸出到圖形處理器104之可顯示訊框將被浮水印模組105標記具浮水印,在經由通訊鏈路110將訊框遞送到主機裝置20之前,該浮水印模組105將附加資料插入到可顯示訊框中。浮水印模組可將各訊框或該等訊框之子集標記成具浮水印。 When the file processing application 120 executes the pre-determined file, the graphics processor 104 coupled to the central processor 100 generates a displayable frame that will be displayed as an image on the screen of the host device 20. For example, in accordance with the screen update rate criteria, graphics processor 104 generates a 60 frame per second to cause host device 20 to display the content. The watermark module 105 modifies the displayable frame such that image capture made at any time will include additional material. The displayable frame output to the graphics processor 104 will be marked with a watermark by the watermarking module 105, and the watermarking module 105 inserts the additional data into the host device 20 before being delivered to the host device 20 via the communication link 110. The message box can be displayed. The watermarking module can mark each frame or a subset of the frames as having a watermark.

浮水印較佳係對人眼為不可視的(隱形的),並將該浮水印插入到可顯示訊框中。舉例而言,可使用基於藉由應用預判定浮水印演算法以附加資料編碼可顯示訊框之視訊資料區塊的技術。因此僅有電腦為基之影像分析器能夠定位(localize)、提取(extract)、及讀取(read)自主機裝置擷取之影像中的浮水印。用於編碼 視訊資料區塊並能夠識別經編碼視訊資料區塊並知曉浮水印演算法之影像分析器可判定代表附加資料之浮水印。取決於浮水印演算法之類型,可藉由比較擷取影像之視訊資料與無浮水印之參考影像的視訊資料來判定浮水印。 The watermark is preferably invisible to the human eye (invisible) and the watermark is inserted into the displayable frame. For example, a technique based on encoding a video data block of a display frame with additional data by applying a pre-determined watermark algorithm may be used. Therefore, only computer-based image analyzers can localize, extract, and read watermarks from images captured by the host device. For coding The video data block and the image analyzer capable of identifying the encoded video data block and knowing the watermark algorithm can determine the watermark representing the additional data. Depending on the type of the watermarking algorithm, the watermark can be determined by comparing the video data of the captured image with the video data of the reference image without the watermark.

可顯示訊框之浮水印允許識別(例如)藉由在主機裝置20上之螢幕擷取所做出的內容副本之來源。根據實施例,可卸式安全裝置10之獨特識別符可用作附加資料。藉由影像分析器判定的螢幕擷取內容之浮水印允許可瞭解哪個可卸式安全裝置有產出該內容且附加地瞭解與可卸式安全裝置10之獨特識別符相關之使用者資料。 The watermark of the displayable frame allows identification of the source of the copy of the content made, for example, by the screen capture on the host device 20. According to an embodiment, the unique identifier of the detachable security device 10 can be used as additional material. The watermarking of the screen capture content as determined by the image analyzer allows for an understanding of which detachable security device has the content and additional knowledge of the user profile associated with the unique identifier of the detachable security device 10.

許多實施例可被實作用於提供將被浮水印模組105使用之附加資料,亦即: Many embodiments may be implemented to provide additional material to be used by the watermarking module 105, namely:

a)附加資料包括可卸式安全裝置10之獨特識別符。此識別符可被浮水印模組105擷取自本地唯讀記憶體(或非揮發性記憶體),並在浮水印處理期間將其插入到可顯示訊框中。 a) The additional information includes the unique identifier of the detachable security device 10. This identifier can be retrieved from the local read-only memory (or non-volatile memory) by the watermark module 105 and inserted into the displayable frame during the watermark processing.

b)包括可卸式安全裝置10之獨特識別符的附加資料可進一步包括主機裝置20之獨特識別符。在其啟用時,與可卸式安全裝置10交換資訊之步驟期間,可接收主機裝置識別符,並舉例而言,其將被識別模組106儲存到讀取/寫入非揮發性記憶體102中。浮水印模組105自記憶體擷取主機裝置識別符,且舉例而言,將主機裝置識別符與可卸式安全裝置10之識別符序連。 b) Additional material including the unique identifier of the detachable security device 10 may further include a unique identifier of the host device 20. When enabled, during the step of exchanging information with the detachable security device 10, the host device identifier can be received and, for example, it will be stored by the identification module 106 to the read/write non-volatile memory 102. in. The watermark module 105 retrieves the host device identifier from the memory and, for example, connects the host device identifier to the identifier of the removable security device 10.

c)包括可卸式安全裝置10之獨特識別符及/ 或主機裝置20之識別符的附加資料亦可包括代表當前檔案處理日期與時間之時間性資料及/或對話編號(session number)。日期與時間可經由遠端桌上型代理器107自主機裝置20接收或由可卸式安全裝置10之內部時鐘提供。對話編號可自對話計數器(例如,嵌入於與識別模組106相關之記憶體中)擷取。例如,在每次使用者鑑別成功後並開啟對話時,對話計數器增加。 c) includes the unique identifier of the detachable safety device 10 and / The additional information of the identifier of the host device 20 may also include temporal data and/or session number representing the date and time of the current file processing. The date and time may be received from the host device 20 via the remote desktop agent 107 or provided by the internal clock of the removable security device 10. The dialog number can be retrieved from a conversation counter (eg, embedded in memory associated with the recognition module 106). For example, the dialog counter is incremented each time the user authentication is successful and the conversation is opened.

d)附加資料包括由可逆數學函數(例如,藉由使用預判定參數之XOR、加法、乘法、或藉由使用反轉、取冪等之可逆轉換)對附加資料應用(如同在實施例a)、b)、或c)或其組合中一般)所提供之結果。此數學函數對追蹤伺服器為已知,以擷取附加資料之內容。 d) the additional material includes application of the additional data by a reversible mathematical function (for example, by using XOR of the pre-determined parameter, addition, multiplication, or by using a reversible transformation of inversion, exponentiation, etc.) (as in Example a) , b), or c) or a combination thereof, the results provided. This mathematical function is known to the tracking server to capture the contents of the attached material.

e)附加資料包括代表至少來自網路遠端資料庫40的可卸式安全裝置10之識別符的碼。根據實施例,使用可卸式安全裝置10在主機裝置20上執行之使用者鑑別將啟用主機裝置20到管理資料庫40之追蹤伺服器30的網路連接。該網路連接允許主機裝置20傳輸與相關於主機裝置20的可卸式安全裝置10相關之資料,以及傳輸與和可卸式安全裝置10之鑑別是成功的使用者相關之使用者資料,到追蹤伺服器30。追蹤伺服器30儲存此些接收資料到資料庫40中,存成給定對話的記錄之形式。本文中將對話定義為,在成功的使用者鑑別後,可卸式安全裝置10、主機裝置20、及追蹤伺服器30間的互動資料交換。當每次以可卸式安全裝置10將使用者鑑別後,新的 對話被開啟且新的記錄被追蹤伺服器30建立於資料庫40中。 e) The additional material includes a code representing an identifier of at least the removable security device 10 from the remote network repository 40. According to an embodiment, user authentication performed on the host device 20 using the detachable security device 10 will enable the network connection of the host device 20 to the tracking server 30 of the management repository 40. The network connection allows the host device 20 to transmit data associated with the removable security device 10 associated with the host device 20, as well as to communicate user data associated with the user whose authentication with the removable security device 10 is successful, to Tracking server 30. The tracking server 30 stores the received data in the database 40 and stores it in the form of a record for a given session. The dialog is defined herein as an interactive data exchange between the detachable security device 10, the host device 20, and the tracking server 30 after successful user authentication. When the user is authenticated each time with the detachable security device 10, the new one The conversation is opened and a new record is created by the tracking server 30 in the database 40.

在對話期間,經由可卸式安全裝置10之網路介面109與通訊鏈路110,主機裝置20傳輸自識別模組106擷取之使用者資料。舉例而言,使用者資料可包含使用者名稱、密碼、及其他鑑別資料。至少藉由可卸式安全裝置10之識別符,並藉由諸如主機裝置20之識別符、時間性資料、及對話編號的進一步資料,此使用者資料即為完整的。 During the conversation, the host device 20 transmits the user data retrieved from the identification module 106 via the network interface 109 of the removable security device 10 and the communication link 110. For example, the user profile may include a username, password, and other identifying information. The user profile is complete by at least the identifier of the removable security device 10 and by further information such as the identifier of the host device 20, the temporal data, and the session number.

相關於可卸式安全裝置10操作之資料亦可被主機裝置20傳輸到追蹤伺服器30,以將其加到資料庫40之記錄中。此資料可例如包括先前被可卸式安全裝置10處理的檔案之識別符、檔案處理時間性資料、用於處理檔案之應用程式版本及/或參考、等等。 Information relating to the operation of the detachable security device 10 can also be transmitted by the host device 20 to the tracking server 30 for addition to the record in the repository 40. This information may, for example, include an identifier of a file previously processed by the detachable security device 10, file processing time data, an application version and/or reference for processing the file, and the like.

相關於可卸式安全裝置10之硬體與軟體組態之資料亦可被加入到記錄中,例如,可卸式安全裝置10之類型參考或模式識別符、組態選項之參考、記憶體容量、已安裝應用程式之參考、作業系統類型與版本等。 Information relating to the hardware and software configuration of the detachable security device 10 can also be added to the record, for example, type reference or mode identifier of the detachable security device 10, reference to configuration options, memory capacity , reference to installed applications, operating system type and version, etc.

除了使用者資料外,被加密/解密模組用於加密/解密檔案之加密金鑰亦可使記錄更完整。此等金鑰可藉由使用者使用主機裝置20上的適當應用程式來產生。 In addition to user data, the encryption key used by the encryption/decryption module to encrypt/decrypt files can also make the record more complete. These keys can be generated by the user using a suitable application on the host device 20.

可以藉由將被用做用於將可顯示訊框標記具浮水印之附加資料的碼而完成該記錄。 The recording can be done by using a code that will be used to attach the displayable material to the additional material that is watermarked.

由追蹤伺服器產生之碼 Code generated by the tracking server

根據實施例,碼可被追蹤伺服器30產生並被加入到資料庫40之記錄中。碼可為與記錄相關之隨機數或由應用雜湊函數所獲得之文摘(digest)或對記錄資料之全部或部分的任何數學函數。 According to an embodiment, the code can be generated by the tracking server 30 and added to the record of the repository 40. The code can be a random number associated with the record or a digest obtained by applying the hash function or any mathematical function of all or part of the recorded data.

根據本實施例,當檔案經由遠端桌上型代理器107被可卸式安全裝置10之應用程式執行時,浮水印模組105傳送請求到追蹤伺服器30用於獲得來自資料庫40之碼。該請求可因此經由網路介面109、通訊鏈路110、及主機裝置20之網路資源而被浮水印模組105遞送到追蹤伺服器30。請求可包含至少可卸式安全裝置10之識別符及允許擷取碼於資料庫40之對應記錄中之指令。 According to this embodiment, when the file is executed by the application of the removable security device 10 via the remote desktop agent 107, the watermark module 105 transmits a request to the tracking server 30 for obtaining the code from the database 40. . The request may thus be delivered to the tracking server 30 by the watermarking module 105 via the network resources of the network interface 109, the communication link 110, and the host device 20. The request may include at least an identifier of the removable security device 10 and an instruction to allow the retrieval code to be in the corresponding record of the database 40.

當可卸式安全裝置10被多於一個的使用者使用時,請求可附加地包含在鑑別時已被追蹤伺服器30記錄的使用者之識別符。使用者之識別符可自識別模組106被浮水印模組105擷取,並連同可卸式安全裝置10之識別符被傳輸到追蹤伺服器30,其將返回該對應的碼。 When the detachable security device 10 is used by more than one user, the request may additionally include an identifier of the user that has been recorded by the tracking server 30 at the time of authentication. The identifier of the user can be retrieved from the recognition module 106 by the watermark module 105 and transmitted to the tracking server 30 along with the identifier of the removable security device 10, which will return the corresponding code.

回應該請求,可卸式安全裝置10因此經由主機裝置20之網路資源、通訊鏈路110、及可卸式安全裝置10之網路介面109而自追蹤伺服器30接收該碼。該碼接著被儲存於可卸式安全裝置10之記憶體102中,並對浮水印模組105為可用的。 In response to the request, the detachable security device 10 thus receives the code from the tracking server 30 via the network resources of the host device 20, the communication link 110, and the network interface 109 of the detachable security device 10. The code is then stored in the memory 102 of the removable security device 10 and is available to the watermark module 105.

針對各對話,追蹤伺服器30產生被加入到資料庫40之記錄中的新碼,浮水印模組105傳送請求到追 蹤伺服器30用於自對應於當前對話的資料庫記錄接收該碼。 For each session, the tracking server 30 generates a new code that is added to the record in the database 40, and the watermark module 105 transmits the request to the chase. The trace server 30 is configured to receive the code from a database record corresponding to the current session.

根據進一步的實施例,可卸式安全裝置10可請求追蹤伺服器30以傳輸該碼及包含在資料庫40中與當前對話相關的所有剩餘資料。經接收資料可被儲存在可卸式安全裝置10之非揮發性記憶體102中,以被用於離線模式中,在該離線模式中主機裝置20沒有與追蹤伺服器30及資料庫40之連接。 According to a further embodiment, the detachable security device 10 can request the tracking server 30 to transmit the code and all remaining data contained in the repository 40 associated with the current conversation. The received data can be stored in the non-volatile memory 102 of the detachable security device 10 for use in an offline mode in which the host device 20 is not connected to the tracking server 30 and the database 40. .

當檔案被應用程式執行時,由圖形處理器104產生之可顯示訊框的全部或部分將遵照該碼而被標記成具浮水印。 When the file is executed by the application, all or part of the displayable frame generated by graphics processor 104 will be marked as having a watermark in accordance with the code.

由可卸式安全裝置產生之碼 Code generated by a detachable safety device

根據進一步實施例,該碼可被可卸式安全裝置10而非被追蹤伺服器30產生,並被儲存在可卸式安全裝置10之非揮發性記憶體102中及被儲存在資料庫40中。 According to a further embodiment, the code can be generated by the detachable security device 10 instead of the tracked server 30 and stored in the non-volatile memory 102 of the detachable security device 10 and stored in the database 40. .

在此情況中,浮水印模組105傳送指令到追蹤伺服器30以儲存所產生之碼到資料庫40之對應於當前對話的記錄中。指令至少包含可卸式安全裝置10之識別符,其被用以找到其中用以儲存該碼之記錄。可卸式安全裝置10之識別符可被主機裝置20傳輸到追蹤伺服器30,並在對話起始被儲存在資料庫記錄中。 In this case, the watermarking module 105 transmits an instruction to the tracking server 30 to store the generated code into the record of the database 40 corresponding to the current conversation. The instructions include at least an identifier of the detachable security device 10 that is used to find a record in which to store the code. The identifier of the removable security device 10 can be transmitted by the host device 20 to the tracking server 30 and stored in the database record at the beginning of the session.

指令亦可包含使用者之識別符,做為對可卸 式安全裝置10之識別符的附加參數。在成功鑑別後,藉由訊問已儲存使用者身分碼之識別模組106,浮水印模組105獲得此使用者之識別符。浮水印模組105因此經由網路介面109、通訊鏈路110、及主機裝置20之網路資源而傳輸指令到追蹤伺服器30,以儲存先前產生於對應於所獲得使用者識別符之記錄中的碼。事實上,使用者之識別符被主機裝置20傳輸到追蹤伺服器30,並在對話開始時被儲存在資料庫記錄中。 The command can also contain the user's identifier as a detachable Additional parameters for the identifier of the safety device 10. After successful authentication, the watermark module 105 obtains the identifier of the user by interrogating the identification module 106 that has stored the user identity code. The watermarking module 105 thus transmits instructions to the tracking server 30 via the network resources of the network interface 109, the communication link 110, and the host device 20 to store the records previously generated in the corresponding user identifiers. Code. In fact, the user's identifier is transmitted by the host device 20 to the tracking server 30 and stored in the database record at the beginning of the session.

針對各對話,可卸式安全裝置10產生新碼,其藉由浮水印模組105而被傳送到追蹤伺服器30用於儲存於對應於當前對話之資料庫記錄中。 For each session, the removable security device 10 generates a new code that is transmitted by the watermarking module 105 to the tracking server 30 for storage in the database record corresponding to the current conversation.

根據進一步的實施例,可卸式安全裝置10可請求追蹤伺服器30以傳輸包含在資料庫40中與當前對話相關的所有資料。經接收資料可被儲存在可卸式安全裝置10之非揮發性記憶體102中,以被用於離線模式中,在該離線模式中主機裝置20沒有與追蹤伺服器30及資料庫40之連接。 According to a further embodiment, the detachable security device 10 may request the tracking server 30 to transmit all of the material contained in the repository 40 that is relevant to the current conversation. The received data can be stored in the non-volatile memory 102 of the detachable security device 10 for use in an offline mode in which the host device 20 is not connected to the tracking server 30 and the database 40. .

一旦傳輸到追蹤伺服器30用於儲存於資料庫40中,儲存在可卸式安全裝置10中的碼可被浮水印模組105直接使用,以用於將可顯示訊框標記具浮水印。 Once transmitted to the tracking server 30 for storage in the database 40, the code stored in the removable security device 10 can be directly used by the watermarking module 105 for watermarking the displayable frame.

碼之保護 Code protection

根據進一步實施例,被追蹤伺服器30傳輸到可卸式安全裝置10之碼(或反之亦然)可使用已知於追 蹤伺服器30與可卸式安全裝置10之金鑰來加密。此加密可防止碼之錯誤使用,例如,其在追蹤伺服器30與可卸式安全裝置10間的傳輸期間經由主機裝置20的攔截及修改。 According to a further embodiment, the code transmitted by the tracking server 30 to the detachable security device 10 (or vice versa) can be used to track The server 30 is encrypted with the key of the removable security device 10. This encryption prevents misuse of the code, for example, it is intercepted and modified by the host device 20 during transmission between the tracking server 30 and the detachable security device 10.

根據進一步實施例,為防止所捕獲碼之修改並避免使用該經修改的被捕獲碼用於浮水印標記,傳輸碼可被簽章。舉例而言,藉由應用單向無衝突雜湊演算法(例如,MD5或SHA類型)以獲得文摘,可計算碼之簽章。接著可藉由使用對追蹤伺服器30及可卸式安全裝置10而言為已知的金鑰將加密演算法應用到該文摘,以產生該簽章。由碼與簽章形成之集合可接著被傳輸。舉例而言,在以處理應用程式120執行檔案之前,可卸式安全裝置10作業系統之簽章驗證應用程式驗證該碼之簽章。在使用金鑰解密之文摘與使用碼再計算出之文摘有所失配之情況中,該碼不被可卸式安全裝置10接受,且檔案處理被簽章驗證應用程式阻擋。 According to a further embodiment, to prevent modification of the captured code and to avoid the use of the modified captured code for a watermark, the transmission code may be signed. For example, the signature of the code can be calculated by applying a one-way collision-free hash algorithm (eg, MD5 or SHA type) to obtain an abstract. The encryption algorithm can then be applied to the abstract by using a key known to the tracking server 30 and the detachable security device 10 to generate the signature. The set formed by the code and the signature can then be transmitted. For example, the signature verification application of the removable security device 10 operating system verifies the signature of the code before the processing application 120 executes the file. In the case where the digest using the key decryption is mismatched with the recalculated digest using the code, the code is not accepted by the detachable security device 10, and the file processing is blocked by the signature verification application.

碼之分析 Code analysis

可藉由分析所顯示之影像來提取被浮水印模組105插入作為浮水印之碼。可藉由主機裝置20之螢幕擷取應用程式或藉由自主機裝置20輸出對應數位訊號之任意者來從顯示器擷取影像。亦可使用照相機來執行螢幕擷取,且該擷取影像被輸出自照相機到影像分析器。藉由知曉所用之浮水印技術,影像分析器能夠自影像提取浮水 印,並將該提取之浮水印轉換成碼。 The code inserted by the watermark module 105 as a watermark can be extracted by analyzing the displayed image. The image may be captured from the display by the screen capture application of the host device 20 or by outputting any of the corresponding digital signals from the host device 20. The camera can also be used to perform a screen capture, and the captured image is output from the camera to the image analyzer. By knowing the watermarking technology used, the image analyzer can extract floating water from the image. Print and convert the extracted watermark into a code.

所獲得之碼可接著被提交給資料庫40用於擷取對應資料,其至少包含可卸式安全裝置10之識別符。與使用者相關之進一步資料(例如,使用者之識別符、時間性資料、及由追蹤伺服器30自主機裝置20所接收到的其他資料)允許識別該可顯示訊框之來源(origin)。 The obtained code can then be submitted to the database 40 for retrieval of at least the identifier of the removable security device 10. Further information related to the user (e.g., the user's identifier, time data, and other data received by the tracking server 30 from the host device 20) allows identification of the origin of the displayable frame.

追蹤伺服器30、儲存該檔案之伺服器、及資料庫40可形成專用於可卸式安全裝置管理之單一遠端伺服器實體。 The tracking server 30, the server that stores the file, and the database 40 can form a single remote server entity dedicated to the management of the removable security device.

根據進一步實施例,可將類型參考加入到附加資料用於定義所探討之附加資料是根據實施例a)、b)、c)、或d)係基於識別符,或是代表根據實施例e)允許自資料庫40擷取識別符之碼。舉例而言,領先位元(leading bit)0可指示基於有效識別符之附加資料,而領先位元1可指示由碼表示之附加資料。 According to a further embodiment, the type reference may be added to the additional material for defining the additional material under discussion according to the embodiment a), b), c), or d) based on the identifier or representative according to embodiment e) The code of the identifier is allowed to be retrieved from the database 40. For example, a leading bit 0 may indicate additional material based on a valid identifier, and leading bit 1 may indicate additional material represented by the code.

可卸式安全裝置之設計實例 Design example of detachable safety device

可卸式安全裝置10可經設計為外接插件,其可藉由使用通用通訊埠而連接到廣大種類之主機裝置20。舉例而言,外接插件可被提供具有USB或微USB連接器,其適配於大部分可攜式電腦或行動裝置之對應插口。實作於外接插件中並支援檔案處理應用程式之適當作業系統及適當通訊協定確保外接插件與最常使用主機裝置之相容性。 The detachable security device 10 can be designed as an external connector that can be connected to a wide variety of host devices 20 by using a universal communication port. For example, the external plug-in can be provided with a USB or micro USB connector that fits into the corresponding jack of most portable computers or mobile devices. The appropriate operating system and appropriate communication protocols implemented in the add-on and supporting the file processing application ensure compatibility of the external plug-in with the most commonly used host device.

10‧‧‧可卸式安全裝置 10‧‧‧Removable safety device

20‧‧‧主機裝置 20‧‧‧Host device

101‧‧‧作業系統 101‧‧‧Operating system

105‧‧‧浮水印模組 105‧‧‧Watermark module

107‧‧‧遠端桌上型代理器 107‧‧‧Remote desktop agent

108‧‧‧通訊埠 108‧‧‧Communication埠

110‧‧‧通訊鏈路 110‧‧‧Communication link

120‧‧‧檔案處理應用程式 120‧‧‧File Processing Application

130‧‧‧文字檔 130‧‧‧Text file

Claims (13)

一種經組態以防止檔案的未授權利用之可卸式安全裝置,其可與主機裝置連接,該可卸式安全裝置包含中央處理器、作業系統、圖形處理器、記憶體及經組態以與該主機裝置交換資料之通訊鏈路,該可卸式安全裝置進一步包含:識別模組,經組態以驗證經由該通訊鏈路自該主機裝置接收之至少一使用者身分碼的一致性,及用以儲存該至少一使用者身分碼於與該識別模組相關之記憶體中,該作業系統經組態以透過遠端桌上型代理器賦能至少一檔案之遠端存取,及用以執行具有該至少一檔案之檔案處理應用程式,該作業系統、該遠端桌上型代理器、及該檔案處理應用程式被儲存在該可卸式安全裝置之非揮發性記憶體中,圖形處理器,經組態以產生對應於具有該檔案之該應用程式之執行的可顯示訊框,以及,浮水印模組,耦接到該圖形處理器,該浮水印模組經組態將附加資料插入到該可顯示訊框中,所述附加資料形成至少該產生之可顯示訊框之全部或部分的浮水印,該附加資料至少允許擷取該可卸式安全裝置之識別符,該通訊鏈路經組態以傳輸該具浮水印之可顯示訊框到該主機裝置。 A detachable security device configured to prevent unauthorized use of a file, connectable to a host device, the detachable security device comprising a central processing unit, an operating system, a graphics processor, a memory, and a configuration a communication link for exchanging data with the host device, the removable security device further comprising: an identification module configured to verify consistency of at least one user identity code received from the host device via the communication link, And for storing the at least one user identity code in the memory associated with the identification module, the operating system configured to enable remote access of at least one file through the remote desktop agent, and For executing a file processing application having the at least one file, the operating system, the remote desktop agent, and the file processing application are stored in a non-volatile memory of the removable security device, a graphics processor configured to generate a displayable frame corresponding to execution of the application having the file, and a watermarking module coupled to the graphics processor, the watermark The set is configured to insert additional data into the displayable frame, the additional data forming a watermark of at least all or part of the generated displayable frame, the additional data allowing at least the removable security device to be retrieved An identifier, the communication link configured to transmit the watermarkable display frame to the host device. 如申請專利範圍第1項之可卸式安全裝置,其中,其進一步包含加密/解密模組,經組態以在儲存於記 憶體中之前將檔案加密,及以在以該檔案處理應用程式執行之前將該檔案解密,該加密/解密模組使用先前儲存在該可卸式安全裝置之記憶體中的使用者個人加密金鑰。 The detachable security device of claim 1, wherein the detachable security device further comprises an encryption/decryption module configured to be stored in the memory The file is previously encrypted and decrypted prior to execution by the file processing application, the encryption/decryption module using the user's personal encryption previously stored in the memory of the removable security device key. 如申請專利範圍第2項之可卸式安全裝置,其中,其進一步包含耦接到該加密/解密模組及該識別模組之網路介面,該網路介面經組態以利用該主機裝置之網路連接資源。 The detachable security device of claim 2, further comprising a network interface coupled to the encryption/decryption module and the identification module, the network interface configured to utilize the host device Network connection resources. 如申請專利範圍第1項之可卸式安全裝置,其中,將被插入到該可顯示訊框中的該附加資料包括該可卸式安全裝置之識別符,該識別符被儲存於該可卸式安全裝置之非揮發性記憶體中。 The detachable security device of claim 1, wherein the additional material to be inserted into the displayable frame comprises an identifier of the detachable security device, the identifier being stored in the detachable In the non-volatile memory of the safety device. 如申請專利範圍第1項之可卸式安全裝置,其中,將被插入到該可顯示訊框中的該附加資料包括該主機裝置之識別符,該識別符經由該通訊鏈路自該主機裝置接收並被儲存在該識別模組之記憶體中。 The detachable security device of claim 1, wherein the additional material to be inserted into the displayable frame comprises an identifier of the host device, the identifier being from the host device via the communication link Received and stored in the memory of the recognition module. 如申請專利範圍第4或5項之可卸式安全裝置,其中,將被插入到該可顯示訊框中的該附加資料進一步包括代表當前檔案處理之日期與時間之時間性資料,該時間性資料係經由該通訊鏈路或該遠端桌上型代理器自該主機裝置接收或由該可卸式安全裝置之內部時鐘提供。 The detachable security device of claim 4 or 5, wherein the additional material to be inserted into the displayable frame further comprises time data representing a date and time of current file processing, the temporality The data is received from the host device via the communication link or the remote desktop agent or provided by an internal clock of the detachable security device. 如申請專利範圍第6項之可卸式安全裝置,其中,將被插入到該可顯示訊框中的該附加資料包括由可逆數學函數提供之結果,該可逆數學函數被應用於該可卸式安全裝置之該識別符、該主機裝置之該識別符、時間性資 料或其組合上。 The detachable security device of claim 6, wherein the additional material to be inserted into the displayable frame comprises a result provided by a reversible mathematical function, the reversible mathematical function being applied to the detachable The identifier of the security device, the identifier of the host device, and the time resource On or in combination. 如申請專利範圍第3項之可卸式安全裝置,其中,將被插入到該可顯示訊框中的該附加資料包括允許自與遠端伺服器相關之資料庫擷取該可卸式安全裝置之至少該識別符的碼。 The detachable security device of claim 3, wherein the additional information to be inserted into the displayable frame comprises allowing the removable security device to be retrieved from a database associated with the remote server. At least the code of the identifier. 一種防止檔案之未授權利用之方法,該檔案受可卸式安全裝置之控制下係可存取的,該可卸式安全裝置可與主機裝置連接,該可卸式安全裝置包含中央處理器、作業系統、圖形處理器、記憶體及經組態以與該主機裝置交換資料之通訊鏈路,該方法包含以下之步驟:藉由該可卸式安全裝置之識別模組,驗證經由該通訊鏈路自該主機裝置接收之至少一使用者身分碼的一致性,儲存該至少一使用者身分碼於與該識別模組相關之記憶體中,藉由該作業系統,透過遠端桌上型代理器賦能至少一檔案之遠端存取,及執行具有該至少一檔案之檔案處理應用程式,該作業系統、該遠端桌上型代理器、及該檔案處理應用程式被儲存在該可卸式安全裝置之非揮發性記憶體中,藉由該圖形處理器,產生對應於具有該檔案之該應用程式之執行的可顯示訊框,藉由耦接到該圖形處理器之浮水印模組,將附加資料插入到該可顯示訊框中,所述附加資料形成在該產生之可顯示訊框之全部或部分上之浮水印,該附加資料至少允許 擷取該可卸式安全裝置之識別符,以及,經由該通訊鏈路傳輸該具浮水印之可顯示訊框到該主機裝置。 A method for preventing unauthorized use of a file, the file being accessible under the control of a removable security device, the removable security device being connectable to a host device, the removable security device comprising a central processing unit, An operating system, a graphics processor, a memory, and a communication link configured to exchange data with the host device, the method comprising the steps of: verifying, via the communication module, the identification module of the removable security device The at least one user identity code received by the host device is stored, and the at least one user identity code is stored in the memory associated with the identification module, and the remote desktop proxy is used by the operating system Configuring a remote access of at least one file and executing a file processing application having the at least one file, the operating system, the remote desktop agent, and the file processing application being stored in the detachable In the non-volatile memory of the security device, the display processor generates a display frame corresponding to the execution of the application having the file, by being coupled to the image The watermark processor module, additional information may be inserted into the display information box, all of the additional watermark data is formed on the portion of the frame may display information generated in or, at least the additional information to allow The identifier of the detachable security device is retrieved, and the watermarkable display frame is transmitted to the host device via the communication link. 如申請專利範圍第9項之方法,其中,該檔案被儲存在實作於該可卸式安全裝置中的非揮發性記憶體裡。 The method of claim 9, wherein the file is stored in a non-volatile memory implemented in the detachable security device. 如申請專利範圍第9項之方法,其中,該檔案被儲存在與通訊網路相關之遠端伺服器中,該可卸式安全裝置進一步包含允許經由該通訊網路對該遠端伺服器存取之網路介面,其係藉由利用該主機裝置之網路連接資源。 The method of claim 9, wherein the file is stored in a remote server associated with the communication network, the removable security device further comprising allowing access to the remote server via the communication network The network interface is connected to the network by utilizing the network of the host device. 如申請專利範圍第9項之方法,其中,其進一步包含藉由該可卸式安全裝置之加密/解密模組的加密步驟,該步驟用以在儲存於該本地非揮發性記憶體或該遠端伺服器中之前將該檔案加密,及在以該檔案處理應用程式執行之前將該檔案解密,藉由使用先前儲存在該可卸式安全裝置之記憶體中的使用者個人加密金鑰來執行該加密與解密。 The method of claim 9, wherein the method further comprises an encryption step of the encryption/decryption module of the removable security device, the step for storing in the local non-volatile memory or the remote The file is previously encrypted in the server and decrypted prior to execution by the file processing application, by using a user's personal encryption key previously stored in the memory of the removable security device This encryption and decryption. 如申請專利範圍第11項之方法,其中,該浮水印模組將附加資料插入到該可顯示訊框中,該附加資料包括允許自與該遠端伺服器相關之資料庫擷取該可卸式安全裝置之至少該識別符的碼。 The method of claim 11, wherein the watermark module inserts additional data into the displayable frame, the additional data comprising allowing the detachable data to be retrieved from a database associated with the remote server At least the code of the identifier of the safety device.
TW106103728A 2016-02-10 2017-02-03 A removable security device and a method to prevent unauthorized exploitation and control access to files TW201738802A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP16155007 2016-02-10

Publications (1)

Publication Number Publication Date
TW201738802A true TW201738802A (en) 2017-11-01

Family

ID=55361356

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106103728A TW201738802A (en) 2016-02-10 2017-02-03 A removable security device and a method to prevent unauthorized exploitation and control access to files

Country Status (2)

Country Link
TW (1) TW201738802A (en)
WO (1) WO2017137481A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11782761B2 (en) 2019-12-19 2023-10-10 Google Llc Resource management unit for capturing operating system configuration states and offloading tasks
TWI828307B (en) * 2019-12-19 2024-01-01 美商谷歌有限責任公司 Computing system for memory management opportunities and memory swapping tasks and method of managing the same

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10678929B2 (en) * 2018-03-09 2020-06-09 Citrix Systems, Inc. Systems and methods for embedding data in remote session displays

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2406403B (en) * 2003-09-26 2006-06-07 Advanced Risc Mach Ltd Data processing apparatus and method for merging secure and non-secure data into an output data stream

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11782761B2 (en) 2019-12-19 2023-10-10 Google Llc Resource management unit for capturing operating system configuration states and offloading tasks
TWI828307B (en) * 2019-12-19 2024-01-01 美商谷歌有限責任公司 Computing system for memory management opportunities and memory swapping tasks and method of managing the same

Also Published As

Publication number Publication date
WO2017137481A1 (en) 2017-08-17

Similar Documents

Publication Publication Date Title
JP6275653B2 (en) Data protection method and system
US9448949B2 (en) Mobile data vault
US8156331B2 (en) Information transfer
CN108763917B (en) Data encryption and decryption method and device
US11269984B2 (en) Method and apparatus for securing user operation of and access to a computer system
JP2005128996A (en) Information processing apparatus and system, and program
JP2008047085A (en) Data security system, apparatus and method using usb device
JP2008123490A (en) Data storage device
JP2011507414A (en) System and method for protecting data safety
US11727115B2 (en) Secured computer system
JP4998518B2 (en) Information processing apparatus, information processing system, and program
WO2018001082A1 (en) Upgrade file manufacturing method, upgrade method and device, and apparatus
TW201530344A (en) Application program access protection method and application program access protection device
EP2835997A1 (en) Cell phone data encryption method and decryption method
WO2015176531A1 (en) Terminal data writing and reading methods and devices
CA2891610C (en) Agent for providing security cloud service and security token device for security cloud service
TW201738802A (en) A removable security device and a method to prevent unauthorized exploitation and control access to files
JP2008005408A (en) Recorded data processing apparatus
CN113127844A (en) Variable access method, device, system, equipment and medium
KR101043255B1 (en) Usb hub device for providing datasecurity and method for providing datasecurity using the same
KR101156102B1 (en) Memory card reader apparatus having security features and the method thereof
Loftus et al. Android 7 file based encryption and the attacks against it
JP2007282064A (en) Device and method for processing data, storage medium and program
CN110674525A (en) Electronic equipment and file processing method thereof
KR101711024B1 (en) Method for accessing temper-proof device and apparatus enabling of the method