TW202014923A - Data protection method and associated storage device - Google Patents
Data protection method and associated storage device Download PDFInfo
- Publication number
- TW202014923A TW202014923A TW108110224A TW108110224A TW202014923A TW 202014923 A TW202014923 A TW 202014923A TW 108110224 A TW108110224 A TW 108110224A TW 108110224 A TW108110224 A TW 108110224A TW 202014923 A TW202014923 A TW 202014923A
- Authority
- TW
- Taiwan
- Prior art keywords
- storage device
- data protection
- host
- data
- write
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
Abstract
Description
綜上所述,本發明的目的在於提供一個方法,能夠於漏洞仍存在或是惡意程式尚未被清除的情況下,在外接式儲存裝置掛載上電腦主機的一段時間之內,保護其內的資料不被任意刪除、修改及破壞。In summary, the object of the present invention is to provide a method that can protect the internal storage within a period of time when the external storage device is mounted on the computer host when the vulnerability still exists or the malicious program has not been cleared. The data will not be arbitrarily deleted, modified and destroyed.
附帶一提,“一段時間之內”係指從使用者將外接式儲存裝置掛載上電腦主機開始,到電腦主機辨認完成外接式儲存裝置、並將儲存裝置顯示在電腦主機上、讓使用者可以開始進行存取後結束的這段時間。此外,“掛載”一詞包含將裝置插入電腦主機、或是將裝置從電腦主機上卸載之後,再掛載上去。所謂 “卸載之後,再掛載上去”可包含軟體動作以及硬體動作,其中軟體動作是指裝置並沒有實際從電腦主機上拔除,而硬體動作則是指裝置經過實際被拔除、再插回電腦主機。Incidentally, "within a period of time" refers to the time when the user mounts the external storage device on the computer host, and the computer host recognizes the external storage device and displays the storage device on the computer host. The period of time after which access can begin and end. In addition, the term "mounting" includes inserting the device into the host computer or uninstalling the device from the host computer before mounting it. The so-called "after uninstalling, then mount it" can include software actions and hardware actions, where software actions mean that the device is not actually unplugged from the computer host, while hardware actions mean that the device is actually unplugged and then plugged back in Computer host.
由於便於攜帶以及插拔,外接式儲存裝置(諸如外接式硬碟、快閃記憶體裝置等)已在市面上極為盛行,而將照片、工作檔案存放在外接式儲存裝置內是目前常見的應用。在一般的認知上,在裝置連接上電腦主機之後,倘若使用者沒有再對電腦主機做進一步的操作,其資料應該不會被任意刪除、修改及破壞。然而,相關實際研究顯示,目前遍及全世界的電腦主機存在著讓外接式儲存裝置的資料的遺失的潛在風險,這是因為受到系統漏洞或惡意程式的影響而導致電腦的作業系統本身有可能對外接式儲存裝置內的資料進行複寫或是刪除的動作,且即便使用者只是剛將其外接式儲存裝置連接上電腦主機一段時間,其儲存資料就有可能突然間毀損、消失。舉例來說,使用者在透過USB連接線將硬碟或隨身碟接上電腦的USB插槽後,在數秒後,螢幕畫面上會彈出“您的裝置已可使用”的視窗,然而當使用者看到此訊息時或許已經太遲了,在這短暫的時間儲存裝置就有可能遭到改寫。External storage devices (such as external hard drives, flash memory devices, etc.) have become extremely popular on the market due to ease of portability and plugging and unplugging, and storing photos and work files in external storage devices is a common application. . In general, after the device is connected to the host computer, if the user does not perform further operations on the host computer, its data should not be arbitrarily deleted, modified, or destroyed. However, relevant practical research shows that there is a potential risk of data loss from external storage devices in computer hosts all over the world. This is because the operating system itself may be affected by the system vulnerability or malicious programs. The data in the external storage device is copied or deleted, and even if the user just connects the external storage device to the host computer for a period of time, the stored data may be suddenly damaged or disappear. For example, after a user connects a hard drive or flash drive to the USB slot of a computer via a USB cable, a few seconds later, a window of "your device is available" will pop up on the screen, but when the user It may be too late to see this message, and the storage device may be rewritten during this short period of time.
進一步來說,惡意程式會在外接式儲存裝置掛載上電腦主機後的一段時間,對儲存裝置內的檔案系統(file system)進行不正常的單數或複數寫入動作,進而導致資料的毀損或者消失。Further, the malicious program will perform abnormal singular or plural writing operations to the file system in the storage device for a period of time after the external storage device is mounted on the host computer, thereby causing data damage or disappear.
電腦主機系統廠商通常缺乏意願去解決這些潛在的漏洞,且即便在網站上提供系統更新檔(或稱系統補丁)來降低特定惡意程式所造成的傷害,使用者往往不會主動去下載這些更新檔,且製造廠商難以一次性地解決所有可能的潛在風險。製造廠商往往建議使用者將資料備份到雲端,但此作法並非沒有缺點,且使用外接式儲存裝置仍有其無可取代的方便性Computer host system manufacturers usually lack the will to resolve these potential vulnerabilities, and even if system update files (or system patches) are provided on the website to reduce the damage caused by specific malicious programs, users often do not actively download these update files. And it is difficult for manufacturers to solve all possible potential risks at once. Manufacturers often recommend users to backup data to the cloud, but this approach is not without its shortcomings, and the use of external storage devices still has its irreplaceable convenience
有鑑於以上問題,本發明的目的在於提供一個方法,能夠於漏洞仍存在或是惡意程式尚未被清除的情況下,在外接式儲存裝置掛載上電腦主機的一段時間之內,保護其內的資料不被任意刪除、修改及破壞。確切來說,本發明可透過更新外接式儲存裝置的韌體來實現這個上述目的。In view of the above problems, the object of the present invention is to provide a method that can protect the internal storage within a period of time when the external storage device is mounted on the computer host when the vulnerability still exists or the malicious program has not been cleared. The data will not be arbitrarily deleted, modified and destroyed. Specifically, the present invention can achieve this goal by updating the firmware of the external storage device.
本發明的一實施例提供一種資料保護方法,用於提供安全性防護。該資料保護方法包含以下步驟:(A):於一儲存裝置連接上一主機的初始時段,對該儲存裝置進行偵測,且判斷該儲存裝置是否需要進行資料保護;(B):當步驟A判斷該儲存裝置需要進行資料保護時,更改該主機對該儲存裝置的一預定寫入位置,以使來自該主機的資料寫入到不同於該預定寫入位置的另一寫入位置;或將來自該主機的資料寫入到該儲存裝置的控制晶片或橋接晶片的內部記憶體或內部暫存器,而不寫入到該儲存單元;以及(C):回報該主機系統寫入操作已完成。An embodiment of the present invention provides a data protection method for providing security protection. The data protection method includes the following steps: (A): at the initial period when a storage device is connected to a host, the storage device is detected, and whether the storage device needs data protection is determined; (B): when step A When it is judged that the storage device needs data protection, change a predetermined writing position of the host to the storage device, so that the data from the host is written to another writing position different from the predetermined writing position; or The data from the host is written to the control chip of the storage device or the internal memory or internal register of the bridge chip without writing to the storage unit; and (C): reporting that the host system write operation has been completed .
本發明的一實施例提供一種儲存裝置,用以資料處理並且提供安全性防護,該儲存裝置包含一儲存單元以及一處理器,其中該處理器用以執行以下步驟:(A):於該儲存裝置連接上一主機的初始時段,對該儲存裝置進行偵測,且判斷該儲存裝置是否需要進行資料保護;(B):當步驟A判斷該儲存裝置需要進行資料保護時,更改該主機對該儲存單元的一預定寫入位置,以使來自該主機的資料寫入到該儲存單元上不同於該預定寫入位置的另一寫入位置;或將來自該主機的資料寫入到該儲存裝置的控制晶片或橋接晶片的內部記憶體或內部暫存器,而不寫入到該儲存單元;以及(C):回報該主機系統寫入操作已完成。An embodiment of the present invention provides a storage device for data processing and security protection. The storage device includes a storage unit and a processor, wherein the processor is used to perform the following steps: (A): in the storage device Connect to the initial period of a host, detect the storage device, and determine whether the storage device needs data protection; (B): when step A determines that the storage device needs data protection, change the host to the storage A predetermined writing position of the unit, so that data from the host is written to the storage unit at another writing position different from the predetermined writing position; or writing data from the host to the storage device Control the internal memory or internal registers of the chip or bridge chip without writing to the storage unit; and (C): report that the write operation of the host system has been completed.
綜上所述,本發明能夠在外接硬碟剛連上電腦的這段等待時間提供保護來防止資料遭到刪除、竄改。此外,在電腦主機系統將指令及資料傳輸到儲存單元的過程當中,本發明係利用控制器來過濾特定的指令與資料,故可大幅降低資料被攻擊的可能性,進而保護儲存裝置內的資料在這段時間之內不被惡意的動作破壞。In summary, the present invention can provide protection during the waiting period when the external hard disk is just connected to the computer to prevent data from being deleted or tampered with. In addition, in the process of the computer host system transmitting commands and data to the storage unit, the present invention uses the controller to filter specific commands and data, so the possibility of data being attacked can be greatly reduced, thereby protecting the data in the storage device It will not be destroyed by malicious actions during this time.
在說明書及後續的申請專利範圍當中使用了某些詞彙來指稱特定的元件。所屬領域中具有通常知識者應可理解,硬體製造商可能會用不同的名詞來稱呼同樣的元件。本說明書及後續的申請專利範圍並不以名稱的差異來作為區分元件的方式,而是以元件在功能上的差異來作為區分的準則。在通篇說明書及後續的請求項當中所提及的“包含”係為一開放式的用語,故應解釋成“包含但不限定於”。另外,“耦接”一詞在此係包含任何直接及間接的電氣連接手段。因此,若文中描述一第一裝置耦接於一第二裝置,則代表該第一裝置可直接電氣連接於該第二裝置,或透過其他裝置或連接手段間接地電氣連接至該第二裝置。In the description and subsequent patent applications, certain words are used to refer to specific elements. Those with ordinary knowledge in the field should understand that hardware manufacturers may use different nouns to refer to the same components. The scope of this specification and subsequent patent applications does not use the difference in names as a means of distinguishing elements, but the difference in function of elements as a criterion for distinguishing. The "include" mentioned in the whole specification and the subsequent request items is an open-ended term, so it should be interpreted as "include but not limited to". In addition, the term "coupled" here includes any direct and indirect electrical connection means. Therefore, if it is described that a first device is coupled to a second device, it means that the first device can be directly electrically connected to the second device, or indirectly electrically connected to the second device through other devices or connection means.
為了解決外接式儲存裝置剛連接上電腦主機的這段時間內,能夠防止惡意程式對外接式儲存裝置進行修改、破壞,本發明提出了一種新穎的作法保護其內的資料不被任意刪除、修改及破壞。In order to solve the time period when the external storage device is connected to the host computer, it can prevent malicious programs from modifying and destroying the external storage device, the present invention proposes a novel method to protect the data in it from being arbitrarily deleted and modified And destruction.
請參考第1圖,第1圖為依據本發明一實施例之一種儲存裝置100的示意圖。儲存裝置100包含有一儲存單元120以及一控制器110,且控制器110係用來存取儲存單元120。依據本實施例,控制器110包含一處理器112、一記憶體112M、一控制邏輯114、一介面邏輯118以及一介面邏輯II 119。記憶體112M係用來儲存一程式碼112C,而處理器112則用來執行程式碼112C以控制對儲存單元120之存取(Access)。控制邏輯114或介面邏輯II 119用來執行對於儲存單元120的控制。請注意,第1圖中的諸多元件僅為舉例之目的,並非用以限定本發明的範疇,只要能實質上維持相關功能的運作,當中一些元件可予以置換或省略。Please refer to FIG. 1, which is a schematic diagram of a
在一實施例中,儲存裝置100可以是可攜式記憶裝置(例如:符合SD/MMC、CF、MS、XD標準之記憶模組),且主裝置130為一可與記憶裝置連接的電子裝置,例如手機、筆記型電腦、桌上型電腦…等等。而在另一實施例中,儲存裝置100可以是固態硬碟或符合通用快閃記憶體儲存(Universal Flash Storage,UFS)或嵌入式多媒體記憶卡(Embedded Multi Media Card,EMMC)規格之嵌入式儲存裝置,以設置在一電子裝置中,例如設置在手機、筆記型電腦、桌上型電腦之中,而此時主裝置130可以是該電子裝置的一處理器。In an embodiment, the
更進一步而言,儲存裝置100可實作為一硬碟外接盒,例如2.5吋或3.5吋硬碟外接盒。當儲存裝置100為2.5吋硬碟外接盒時,可由主裝置130進行供電;當儲存裝置100為3.5吋硬碟外接盒時,可另透過外接電源來供電。儲存裝置100包含控制器110以及儲存單元120,其中控制器110包含:介面邏輯118,用以進行與主裝置130之間的傳輸;處理器112,用以執行各種相關操作;以及控制邏輯114或介面邏輯II 119,用以進行與儲存單元120之間的傳輸。Furthermore, the
請參考第2圖,第2圖係為根據本發明一實施例的應用於儲存裝置的資料保護方法200的流程圖。請注意,假若可獲得實質上相同的結果,則這些步驟並不一定要遵照第2圖所示的執行次序來執行,且這些步驟之間亦不排除插入其他步驟的可能性。第2圖所示之方法可被第1圖所示之儲存裝置100所採用,並可簡單歸納如下:Please refer to FIG. 2, which is a flowchart of a
步驟202: 首先,將外接式儲存裝置(例如儲存裝置100)掛載上電腦主機,例如透過USB連接線、USB插槽等設計,但本發明並不限定外接裝置式只能是透過USB的方法連接到主機端。此外,主機可以內建有讀卡機(或是外接讀卡機亦可),以供插入記憶卡。Step 202: First, mount an external storage device (such as storage device 100) on the host computer, for example, through a USB cable, USB slot, etc., but the present invention does not limit the method of external device only through USB Connect to the host side. In addition, the host can have a built-in card reader (or an external card reader is also acceptable) for inserting a memory card.
步驟204: 控制器讀回儲存單元(例如儲存單元120)上的檔案系統(file system),並收集檔案系統內的相關資訊。Step 204: The controller reads back the file system on the storage unit (such as the storage unit 120) and collects relevant information in the file system.
步驟205: 判斷檔案系統是否存在?Step 205: Determine whether the file system exists?
步驟206: 當判斷儲存單元內沒有檔案系統存在、或者檔案系統已經毀損時,控制器不啟動(關閉)資料保護操作(因為此情況下沒有需要對資料進行保護),流程跳至步驟218。Step 206: When it is determined that there is no file system in the storage unit, or the file system has been damaged, the controller does not start (close) the data protection operation (because there is no need to protect the data in this case), and the flow jumps to step 218.
步驟207: 當判斷儲存單元內有檔案系統存在時,在電腦主機系統辨認外接式儲存裝置的初始化過程當中,控制器啟動資料保護操作。Step 207: When it is determined that a file system exists in the storage unit, the controller initiates the data protection operation during the initialization process of the computer host system identifying the external storage device.
步驟208: 在資料保護操作已啟動的情況下,判斷控制器收到的指令類型,當控制器收到至少一種特定指令時,流程進入步驟210;當控制器收到寫入指令時,流程進入步驟212。Step 208: When the data protection operation has been started, determine the type of command received by the controller. When the controller receives at least one specific command, the process proceeds to step 210; when the controller receives the write command, the process enters
步驟210: 關閉資料保護操作,接著跳至步驟214。Step 210: Close the data protection operation, and then skip to
步驟212: 改寫該寫入指令的寫入位置(例如改寫至與預定寫入位置不同的另一寫入位置;或改寫至該儲存裝置的控制晶片或橋接晶片的內部記憶體或內部暫存器,而不寫入到該儲存單元),或是將該寫入指令捨棄。Step 212: Rewrite the write position of the write command (for example, rewrite to another write position different from the predetermined write position; or rewrite to the internal memory or internal register of the control chip or bridge chip of the storage device , Without writing to the storage unit), or discard the write command.
步驟214: 回報電腦主機此寫入指令已寫入成功,藉此使主機系統判定寫入動作(亦即惡意程式的竄改動作)已完成。Step 214: Report to the computer host that the write command has been successfully written, so that the host system determines that the write operation (that is, the tampering operation of the malicious program) has been completed.
步驟216: 判斷是否已達預定時間(亦即外接裝置剛插上電腦主機這段時間)。若是,則進入步驟218;若否,則回到步驟205,重複執行流程直到資料保護操作被關閉(例如從步驟208進入步驟210)或是流程已達預定時間。Step 216: Determine whether the predetermined time has been reached (that is, the time when the external device has just been plugged into the host computer). If yes, go to step 218; if no, go back to
步驟218: 一旦資料保護操作被關閉,便不再啟動。(直到外接式儲存裝置重新“掛載”上主機後,才會再度判斷是否需要啟動資料保護操作)。Step 218: Once the data protection operation is closed, it will no longer be activated. (Until the external storage device "mounts" the host again, it will again determine whether it is necessary to start the data protection operation).
在儲存單元內有檔案系統存在的情況下,在電腦主機系統辨認外接式儲存裝置的初始化過程的這段時間之內(也就是資料容易受到攻擊的這一段時間內),控制器可透過以下幾種方式啟動資料保護操作:In the case of a file system in the storage unit, within the period of time during which the host computer system recognizes the initialization process of the external storage device (that is, the period when data is vulnerable to attack), the controller can There are several ways to start the data protection operation:
I. 是否收到某些指令的順序或某些指令的組合。I. Whether the order of certain commands or a combination of certain commands is received.
II. 是否收到某種特殊指令,或有規律性的收到某種特殊指令(例如每幾秒收到某種特殊指令)。II. Whether a special command is received, or a special command is received regularly (for example, a special command is received every few seconds).
III. 是否收到一或多個寫入指令寫入的一或多個位置(例如邏輯區塊位址(Logical Block Address,LBA),舉例來說,當寫入位置指向檔案系統磁區或Cluster範圍內的位置時,則啟動資料保護操作。III. Whether one or more locations written by one or more write commands are received (for example, logical block address (Logical Block Address, LBA), for example, when the write location points to the file system sector or Cluster When the position is within the range, the data protection operation is started.
IV. 是否收到一或多個讀取指令讀取的某個或某些位置(例如LBA),舉例來說,當讀取指令讀取儲存單元上的最後一個LBA時,則啟動資料保護操作。IV. Whether one or more locations (such as LBA) read by one or more read commands are received, for example, when the read command reads the last LBA on the storage unit, the data protection operation is initiated .
V. 無條件直接啟動。V. Unconditional direct start.
當資料保護操作已啟動,會根據控制器是否收到特定指令來決定是否關閉資料保護操作,也就是說,某些類型的指令可直接判斷為並非惡意程式的攻擊,因此可省去後續的防護動作。舉例來說,特定指令可包含(但不限定於)以下指令:When the data protection operation is started, it will decide whether to turn off the data protection operation according to whether the controller receives a specific command, that is to say, certain types of commands can be directly judged as not malicious program attacks, so subsequent protection can be omitted action. For example, specific instructions may include (but are not limited to) the following instructions:
I. 資料同步指令(例如SCSI指令的SYNCHRONIZE CACHE指令)。I. Data synchronization commands (such as the SYNCHRONIZE CACHE command of the SCSI command).
II. 某種指令的順序或是某些指令的組合。II. The order of a certain instruction or a combination of certain instructions.
在步驟212中,當資料保護操作已啟動、且控制器收到了“寫入指令”,則選擇以下兩者之一的指令處理方式:In
I. 改寫指令的寫入位置,將其寫入位置導入至檔案系統中並非實際存在的閒置空間,(可利用步驟204所收集到的檔案系統資訊判斷何者為閒置空間)。I. Rewrite the write location of the command and import the write location to the free space that is not actually present in the file system (you can use the file system information collected in
II. 將指令所攜帶的寫入資料導入至控制器內部的特定儲存空間,然後置之不理或捨棄,其中所述特定儲存空間係指內部的記憶體或內部的暫存器,但不限於這兩種儲存元件。所述特定儲存空間亦可理解為一垃圾蒐集區,其垃圾(即這些惡意程式、寫入指令)可置之不理,或待垃圾達一定的量時予以清除。II. Import the written data carried by the command into a specific storage space inside the controller, and then ignore or discard it, where the specific storage space refers to internal memory or internal temporary storage, but not limited to these two Storage element. The specific storage space can also be understood as a garbage collection area, and its garbage (that is, these malicious programs and writing instructions) can be ignored or removed when the garbage reaches a certain amount.
以上兩種方式都可以保護現有的資料不被破壞,換言之,由於惡意程式、寫入指令已經被導入一不存在的位置或是對儲存資料沒有影響的獨立空間,故可完全地防止儲存資料遭到修改或刪除。The above two methods can protect the existing data from being destroyed. In other words, because the malicious program, the write command has been imported to a non-existent location or a separate space that has no effect on the stored data, it can completely prevent the stored data from being damaged. To modify or delete.
在步驟214回報電腦主機此寫入指令已寫入成功後,即達到“欺騙”主機系統的目的,使主機系統判定寫入動作(亦即惡意程式的竄改動作)已完成,故達到了資料防護的目的。In
步驟216係於預定時間(亦即外接裝置剛插上電腦主機這段時間)持續判斷有沒有需要啟動資料保護操作的需要,直到預定時間結束。而一旦該預定時間結束後,資料保護操作被關閉後便不再啟動,因為在該預定時間儲存裝置已經不再有被竄改之虞,直到外接式儲存裝置自主機移除後,下次再進行連接時才會再度執行第2圖的流程。Step 216 is to continuously determine whether there is a need to start the data protection operation at the predetermined time (that is, the time when the external device is just plugged into the computer host) until the predetermined time ends. Once the predetermined time is over, the data protection operation will not be started after it is turned off, because the storage device will no longer be tampered with at the predetermined time, until the external storage device is removed from the host, the next time The flow of Figure 2 will be executed again when connected.
綜上所述,本發明能夠在外接硬碟剛連上電腦的這段等待時間提供保護來防止資料遭到刪除、竄改。此外,在電腦主機系統將指令及資料傳輸到儲存單元的過程當中,本發明係利用控制器來過濾特定的指令與資料,故可大幅降低資料被攻擊的可能性,進而保護儲存裝置內的資料在這段時間之內不被惡意的動作破壞。 以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。In summary, the present invention can provide protection during the waiting period when the external hard disk is just connected to the computer to prevent data from being deleted or tampered with. In addition, in the process of the computer host system transmitting commands and data to the storage unit, the present invention uses the controller to filter specific commands and data, so the possibility of data being attacked can be greatly reduced, thereby protecting the data in the storage device It will not be destroyed by malicious actions during this time. The above are only the preferred embodiments of the present invention, and all changes and modifications made in accordance with the scope of the patent application of the present invention shall fall within the scope of the present invention.
100:儲存裝置
110:控制器
120:儲存單元
112:處理器
112M:記憶體
112C:程式碼
114:控制邏輯
118:介面邏輯
119:介面邏輯II
130:主裝置
200:方法
202~218:步驟100: storage device
110: controller
120: storage unit
112:
第1圖為依據本發明一實施例之一種儲存裝置的示意圖。 第2圖係為根據本發明一實施例的應用於儲存裝置的資料保護方法的流程圖。FIG. 1 is a schematic diagram of a storage device according to an embodiment of the invention. FIG. 2 is a flowchart of a data protection method applied to a storage device according to an embodiment of the invention.
200:方法 200: Method
202~218:步驟 202~218: steps
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/589,162 US11144217B2 (en) | 2018-10-02 | 2019-10-01 | Data protection method and associated storage device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201862739866P | 2018-10-02 | 2018-10-02 | |
US62/739,866 | 2018-10-02 |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202014923A true TW202014923A (en) | 2020-04-16 |
TWI741271B TWI741271B (en) | 2021-10-01 |
Family
ID=70081575
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108110224A TWI741271B (en) | 2018-10-02 | 2019-03-25 | Data protection method and associated storage device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110990832A (en) |
TW (1) | TWI741271B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI775098B (en) * | 2020-06-17 | 2022-08-21 | 和碩聯合科技股份有限公司 | Removable storage device and data protection method thereof |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100464314C (en) * | 2006-03-23 | 2009-02-25 | 联想(北京)有限公司 | Digital data transparency protected safety read-write system and method |
WO2008078564A1 (en) * | 2006-12-22 | 2008-07-03 | Panasonic Corporation | Information processing device, integrated circuit, method, and program |
CN101373457B (en) * | 2007-07-31 | 2010-04-14 | 北京理工大学 | Hard disk write-protection lock based on USB equipment under Windows environment |
SE534099C2 (en) * | 2008-06-02 | 2011-04-26 | Klaus Drosch | Device for data protection |
CN101667161A (en) * | 2008-09-02 | 2010-03-10 | 联想(北京)有限公司 | Method and device for protecting data of storage device and computer system |
TWI451248B (en) * | 2012-01-13 | 2014-09-01 | Phison Electronics Corp | Data protecting method, memory controller and memory storage apparatus |
TWI514145B (en) * | 2013-10-21 | 2015-12-21 | Univ Nat Sun Yat Sen | Processor and cache, control method thereof for data trace storage |
CN105373734A (en) * | 2014-09-01 | 2016-03-02 | 中兴通讯股份有限公司 | Application data protection method and apparatus |
-
2019
- 2019-03-25 TW TW108110224A patent/TWI741271B/en active
- 2019-03-27 CN CN201910237397.9A patent/CN110990832A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI775098B (en) * | 2020-06-17 | 2022-08-21 | 和碩聯合科技股份有限公司 | Removable storage device and data protection method thereof |
Also Published As
Publication number | Publication date |
---|---|
TWI741271B (en) | 2021-10-01 |
CN110990832A (en) | 2020-04-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101622416B1 (en) | Peripheral device locking mechanism | |
CN107870968B (en) | Performing real-time updates to a file system volume | |
US20100154062A1 (en) | Virus Scanning Executed Within a Storage Device to Reduce Demand on Host Resources | |
US6016536A (en) | Method for backing up the system files in a hard disk drive | |
TWI451248B (en) | Data protecting method, memory controller and memory storage apparatus | |
US20100241875A1 (en) | External storage device and method of controlling the same | |
JP6201049B2 (en) | System and method for updating system level services in a read-only system image | |
US9286468B2 (en) | Option read-only memory use | |
US10102089B2 (en) | Input/output (I/O) device configuration signature | |
TW201337589A (en) | Systems and methods for providing dynamic file system awareness on storage devices | |
US11144217B2 (en) | Data protection method and associated storage device | |
CN113553006A (en) | Secure encrypted storage system for realizing data writing to read-only partition | |
US10013172B2 (en) | Electronic data storage device with multiple configurable data storage mediums | |
TWI741271B (en) | Data protection method and associated storage device | |
TW201305842A (en) | Method and apparatus for securing storage devices by real-time monitoring file system | |
US20060080518A1 (en) | Method for securing computers from malicious code attacks | |
US9207871B2 (en) | Internal notebook microSD reader with read-only switch | |
US11314453B2 (en) | Memory system managing map data based on risk of malware—infection of host, and operating method thereof | |
JPH11194938A (en) | Memory managing method for computer having hard disk drive | |
CN108108635B (en) | Data security processing method, device and system | |
TW202044034A (en) | Disabling software persistence | |
TW201508768A (en) | Electronic device | |
JP7202030B2 (en) | Modules and methods for detecting malicious behavior in storage devices | |
US20140351604A1 (en) | Electronic device and encryption control method | |
JPH11272562A (en) | Storage contents deletion method for computer system and storage medium |