TW550459B - Computer data protection device - Google Patents

Computer data protection device Download PDF

Info

Publication number
TW550459B
TW550459B TW90129348A TW90129348A TW550459B TW 550459 B TW550459 B TW 550459B TW 90129348 A TW90129348 A TW 90129348A TW 90129348 A TW90129348 A TW 90129348A TW 550459 B TW550459 B TW 550459B
Authority
TW
Taiwan
Prior art keywords
encryption
interface
processing unit
patent application
scope
Prior art date
Application number
TW90129348A
Other languages
Chinese (zh)
Inventor
De-Fu Chen
Original Assignee
De-Fu Chen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by De-Fu Chen filed Critical De-Fu Chen
Priority to TW90129348A priority Critical patent/TW550459B/en
Application granted granted Critical
Publication of TW550459B publication Critical patent/TW550459B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provides a computer data protection device, which includes a processing unit, an encrypter/decrypter, and one or more storage devices, wherein the encrypter/decrypter are connected with the processing unit through a first interface for receiving the control command transmitted from the processing unit to start the encrypter/decrypter. The encrypter/decrypter are connected with the processing unit through a second interface for data transmission, and for data encryption or decryption by the encrypter/decrypter. The encrypter/decrypter are also connected with a third interface having a plurality of output ends. These storage devices are connected wit the output end of the third interface respectively for receiving the encrypted data transmitted by the encrypter/decrypter, or transmitting the encrypted data in the storage device to the encrypter/decrypter for decryption and recovering. Thus, when the processing unit is going to write data into the storage device or read the data in the storage device, it can achieve the data protection effect by the encrypter/decrypter.

Description

550459550459

【發明領域】 裝置,特別係關於一種在 s·)之前,由使用者先行 之裝置,俟進入O.S.後, 輸的資料進行加/解密的 本發明係一種電腦資料保護 電腦進入作業系統(以下簡稱Q 設定或輸入密碼,並設定欲加密 便會將電腦與該等裝置之間所傳 動作,以防止資料被盜用者。 【發明背景】 按,習知電腦作業時1儲存有重要的㈣,可藉由 設定密碼來加以保護,其作法有在基本輸出入系統(以下 簡稱M0S)巾設定開機密碼’或有在進入〇 s•後執行應用 程式以產生安全密碼。 惟,上述B I 0S設定之開機密碼,只要變換接腳( jumper )的位置使其短路,此開機密碼即被清除,而經由 軟體加密的方式’竊取者只要在進入〇· S·後執行一外加之 應用程序,便可探測出密碼將其破解。 此外,縱令不破解密碼,竊取者亦可直接拆解電腦抽 取出儲存裝置’藉此獲取資料内容,以硬碟為例,只要在 別台電腦主機上使用有相同型號的晶片組,即可直^妾轉移 使用,倘若晶片組不同時,除非硬碟内安裝有〇· S·(尤其 是Windows 2 0 0 0 R以上版本),其在執行時會發生問題外 ,僅儲存有資料的硬碟或不將其作為工作硬碟使用的話皆 可被順利地讀取,因而資料保密的工作可謂防不勝防。 緣是,本發明人有感上述缺失之可改善,乃特潛心研[Field of the Invention] The device, in particular, relates to a device that is performed by a user before s ·), and after entering the OS, the input data is encrypted / decrypted. The present invention is a computer data protection computer entering an operating system (hereinafter referred to as Q Set or enter a password, and set to encrypt the computer and these devices will be transferred to prevent theft of data. [Background of the invention] Press, it is important to know that 1 is stored in the computer operation. It is protected by setting a password, which includes setting a boot password in the basic input / output system (hereinafter referred to as M0S) or running an application after entering 0s • to generate a secure password. Password, as long as the position of the jumper is changed to make it short-circuited, the power-on password is cleared, and the software stealer can detect it by entering an additional application program after entering the 0 · S · The password will crack it. In addition, even if the password is not cracked, the thief can also directly disassemble the computer to extract the storage device. The hard disk is taken as an example. As long as the same type of chipset is used on another computer host, it can be transferred directly. If the chipset is different, unless the hard disk is installed with 0 · S · (especially Windows 2 0 Version above 0 0 R), in addition to problems during implementation, only hard disks with data stored or not used as working hard disks can be read smoothly, so the work of data confidentiality can be described as impossible. Yes, the inventors feel that the above-mentioned defects can be improved.

550459550459

五、發明說明(2) 一種設計合理且有效改善 究並配合學理之運用,終於提出 上述缺失之本發明。 【發明目的】 本發明之主要目的即是提供一種電腦資料保護裝置, 續非對傳輸通道加以抑能或致能,乃直接針對資料加以保 二’其係於資料傳輪時透過中繼之硬體做加密的動作,使 :it ί的:料變成亂碼來保護f #,而其餘的控制命令則 、/、加密,且密碼確認的時機在電腦進入Q s 月匕有效防範有心人士破解。 · · 文 【發明特徵 為了達 料保護裝置 個以上之儲 連接至該處 令,以啟動 連接至該處 密器對資料 面’其具有 三介面之輪 料’或將該 解在、還原。 本發明 成上述目的,本發明主要係在提供一種 !包::處理早a、一加/解密器及一或一貝 ::中’該加’解密器係藉由-第一介面 :早…以接受該處理單元 二面 遠加/解密器,該加/解密器並藉由 控p曰 :單元,用以進行資料的傳輸 二-广面 作加密或解密,該加/解密器又連接」第加/解 後數個輸出端;該等儲存器係分別第二介 出端,用以接受該加/解密器所 该第 儲存器内加密過之資料傳送至U加密資 及加/解密器作 並提供一種加/解密器,係 作為處理單元與 550459 五、發明說明(3) 碟間之資料轉# ’包括-系統f理匯流排介面 /解碼器及複數個解碼器,其中該系統管理 是數個連扁 接-系統管理匯流排而與該處理單元相連通1 連 =單元所傳送之控制指令,該等編/解碼 又" 統管理匯流排介面,用以接受該系統管理匯流排介、面轉糸入 之控制指令,以啟動該編/解馬哭 ^ / ir 剧 接一眘粗® 士姑盘兮走編/解碼器分別連 貝枓匯抓排與4處理單元相連通,係將與該 2傳輸之資料作編碼或解碼,該複數個 =^ ,,解碼H,另-端並連接於該處理單元,接 ς理早兀欲傳送至該硬碟之硬碟控制命令作解碼,再送^ Μ編/解碼器作編碼,使得該控制命令得保持不變。 【發明内容詳細說明】 ^為了使貴審查委員能更進一步瞭解本發明為達成預 :的:斤採取之技術、手段及功效,料閱以下有關本發 砰細說明與附圖,相信本發明之目的、特徵與特點, :可,此得一深入且具體之瞭解,然而所附圖式僅提供參 亏與說明用,並非用來對本發明加以限制者。 ^ 清參閱第一圖所示,係為本發明之電路方塊圖,係在 電知系統中包括有一處理單元1及一加/解密器2 ,其中 /’該+處理單元1可為一般之主機板電路之南橋晶片,該加 、解密/器2可為一ASIC電路,其與該處理單元1之間並透 , 系統管理匯流排(s y s t e m m a n a g e m e n t b u s ;以下簡 再SM bus) 3來接受該處理單元i所傳送之控制指令,並V. Description of the invention (2) A rationally designed and effectively improved research combined with the application of theories, finally presents the above-mentioned missing invention. [Objective of the Invention] The main purpose of the present invention is to provide a computer data protection device. Continued to disable or enable the transmission channel, but to protect the data directly. It is the hardening of data transmission through relays. The body performs the encryption action, making: it ί: material becomes garbled to protect f #, and the rest of the control commands are encrypted, and the timing of password confirmation is entered into the computer by the computer, which effectively prevents people from cracking it. [Inventive Features] In order to achieve the protection of more than one storage device, connect to the order to start the connection to the data pair on the data surface, which has a wheel with three interfaces, or to decompose and restore it. The present invention achieves the above-mentioned object, and the present invention is mainly to provide a package !: processing early a, an encryption / decryptor and one or one shell ::: the 'the encryption' decryptor is through-the first interface: early ... In order to accept the processing unit on both sides of the remote encryption / decryption device, the encryption / decryption device is also used to control the data transmission unit-wide area for encryption or decryption, and the encryption / decryption device is connected again. Several output terminals after the first encryption / decryption; these storages are respectively second output terminals, which are used to accept the encrypted data in the first storage by the encryption / decryption device and send them to the U encryption data and encryption / decryption device. An encryption / decryption device is provided and is provided as a processing unit and 550459. V. Description of the invention (3) Data transfer between discs # 'Include-system management bus interface / decoder and multiple decoders, where the system management is Several connections-the system management bus is in communication with the processing unit. 1 connection = control instructions sent by the unit, and these encoding / decoding are also the "management management bus interface" for receiving the system management bus interface. , Turn into the control instructions to start the editing / demapping Cry ^ / ir drama one by one rude ^ gu gu xi xi encoder / decoder connected to bei huihui and 4 processing unit respectively, is to encode or decode the data transmitted with the 2, the plural = ^, Decode H, the other-end and connect to the processing unit, and then send the hard disk control command to the hard disk for decoding, and then send ^ encoder / decoder for encoding, so that the control command can be obtained. constant. [Detailed Description of the Invention] ^ In order to allow your reviewers to further understand the technology, means and effects adopted by the present invention in order to achieve the following: Please read the following detailed description and drawings of the present invention, I believe Purpose, features, and characteristics: Yes, this has a deep and specific understanding, but the drawings are provided for reference and explanation only, and are not intended to limit the present invention. ^ Please refer to the first figure, which is a circuit block diagram of the present invention, which includes a processing unit 1 and an encryption / decryption device 2 in the telematics system, where / 'The + processing unit 1 can be a general host The south bridge chip of the board circuit, the encryption / decryption device 2 can be an ASIC circuit, which is transparent to the processing unit 1, and the system management bus (system management bus; SM bus) 3 to accept the processing unit i The control instructions sent, and

550459 五、發明說明(4) 啟動加密或解密之作用,該加/解密器2與該處理單元1 之間另透過一第一 IDE介面4進行資料的傳輸,且該第一 IDE介面4可分為一主通道(primary channel ) 4 1及一 次通道(secondary channel ) 4 2。 該加/解密器2之另一端又連接有一第二IDE介面5 , 其亦分為一主通道5 1及一次通道5 2 ,而依該第二IDE "面5之特性’每個通道又分接有一 master輸出端5 1 a 、52a及一 siave輸出端5 、52b ,使得該第二 IDE介面5可對外連接4個儲存器6 ,且該儲存器6可為硬 碟:光碟機、燒錄器或磁光碟機(Magnet〇 〇ptical )等 支援I D E介面的儲存設備。 μ忒加/解密器2内部之電路方塊如第一圖A所示,其 ^ 、^/解碼裔2 1,*別透過一 SM buS控•介面2 2 二 US 3相連通,係接受該SM bus 3所傳送之控制^ = ί = ; =器21並分別透過-資料匯流 相連通,以卢理單-丨面4之主、_人通道4 1 、4 2 的作用,該等蝙/解碑:”所傳輸的資料進行編碼或解石1 道“、= 介面4之主、次通 至該儲存器6之控制癸人f主、次通道4 2、4 2傳送 制命令在送至該加/解17穷7 作解碼再作編碼,俾讓該控 該加/解密器2便 ^ ,過程中保持不變;據此, 請參閱第便H;二貝枓加密保護之作用。 圖所不,係為本發明之第一實施例,假毅550459 V. Description of the invention (4) Start the function of encryption or decryption. The encryption / decryption device 2 and the processing unit 1 transmit data through a first IDE interface 4 and the first IDE interface 4 can be divided. It is a primary channel 4 1 and a secondary channel 4 2. The other end of the encryption / decryption device 2 is connected with a second IDE interface 5 which is also divided into a main channel 5 1 and a primary channel 5 2. According to the characteristics of the second IDE " surface 5 ', each channel is The tap has a master output terminal 5 1 a, 52 a and a siave output terminal 5, 52 b, so that the second IDE interface 5 can be externally connected to four storage devices 6, and the storage device 6 can be a hard disk: optical disk drive, burner Storage devices such as recorders or magneto-optical drives (Magnet〇ptical) that support IDE interfaces. The circuit block inside the μ 忒 encryption / decryption device 2 is shown in the first figure A. Its ^, ^ / decode 2 1, * don't connect through a SM buS control • interface 2 2 US 2 and accept the SM The control transmitted by bus 3 ^ = ί =; = device 21 and connected through-data confluence respectively, with the role of Lu Lidan-face 4 master, _ person channel 4 1, 4 2 Stele: "Encode or calcite 1 transmitted data", = master of interface 4 and control to the storage 6 f master, secondary channel 4 2, 4 2 The transmission order is being sent to the Encryption / decryption 17 is used for decoding and then encoding, so that the encryption / decryption device 2 will be controlled, and the process remains unchanged. Based on this, please refer to Article H; the role of encryption protection. The figure does not show the first embodiment of the present invention.

550459 五、發明說明(5) 該第二IDE介面5之主通道master輸出端5 1 a所連接的 儲存器6為一硬碟,該第二IDE介面5之主通道slave輸出 端5 1 b所連接的儲存器6為一光碟機,則一般電腦硬體 在組裝完成後,須先安裝0. S .,則其設定步驟如下: 步驟100:將安裝光碟片置於該光碟機内; 步驟1 0 1 :將BIOS設定為由主通道slave輸出端5 1 b 之光碟機開機; 步驟1 0 2 :電腦開機後,該BIOS會進行自我開機偵測(550459 V. Description of the invention (5) The storage device 6 connected to the master output terminal 5 1 a of the second IDE interface 5 is a hard disk, and the slave output terminal 5 1 b of the main channel of the second IDE interface 5 The connected storage device 6 is an optical disc drive. After the general computer hardware is assembled, 0.S. must be installed first. The setting steps are as follows: Step 100: Place the installation disc in the optical disc drive; Step 10 1: Set the BIOS to boot from the drive of the slave output terminal 5 1 b of the main channel; Step 102: After the computer is turned on, the BIOS will perform a self-boot detection (

Power On Self Test,以下簡稱POST)自動 對電腦元件及週邊進行初始化工作; 步驟1 0 3 :當該B10S偵測到該硬碟及光碟機時,便發出 一中斷要求,而在螢幕上顯示一對話框,詢 問使用者是否啟動該加/解密器2 ? 若是,則進入步驟1 0 4 ; 若否,則返回POST,並於結束後直接進入 0. S.,不作加密動作1 0 7 ; 步驟1 0 4 :系統詢問是否對該主通道m a s t e r輸出端5 1 a加密(即對該硬碟加密)? 若是,則設定密碼1 0 8 ,並進入步驟1 0 5 ; 若否,則直接進入步驟1 0 5 ; 步驟1 0 5 :系統詢問是否對該主通道slave輸出端5 1 b加密,此時,該光碟機若置入的是標準的 安裝光碟片,則使用者不得設定密碼,若為Power On Self Test (hereinafter referred to as POST) automatically initializes the computer components and peripherals; Step 103: When the B10S detects the hard disk and optical drive, it sends an interrupt request, and displays a message on the screen. A dialog box asks the user whether to enable the encryption / decryptor 2? If yes, go to step 104; if not, return to POST, and go directly to 0. S. after the end, no encryption action 1 0 7; steps 1 0 4: The system asks whether to encrypt the output of the master channel 5 1 a (ie, to encrypt the hard disk)? If yes, set the password 10 8 and proceed to step 105; if not, go directly to step 10 5; step 105: the system asks whether to encrypt the slave output 5 1 b of the main channel. At this time, If the optical disc drive is equipped with a standard installation disc, the user must not set a password.

550459 五、發明說明(6) 已利用相同型號之加/解密器2加密過而燒 錄之安裝光碟片,則使用者須輸入密碼; 步驟1 0 6 :設定完成後,該BIOS便返回POST,繼續未完 成的流程,並於結束後進入安裝程序(即自 該光碟機安裝資料至該硬碟)。 在上述步驟1 〇 5中,使用者若置入標準的安裝光碟 片卻自行設定密碼,則安裝時送至該處理單元1的資料因 經過加密,該處理單元1無法辨識而不能進行安裝程序。 請參閱第三圖所示,係為本發明之第二實施例,假設 使用者設定為主通道master輸出端5 1 a加密(即對該硬 碟加密),主通道slave輸出端5 1 b不加密(即不對該光 碟機加密),則其安裝程序如下: 步驟2 0 0 :由該光碟機讀取資料,並直接送至該處理單 元1 ; 步驟2 0 1 ··該處理單元1經由處理後,便經由該第一 ID E介面4送出資料至該加/解密器2 ; 步驟2 0 2 :該加/解密器2將資料加密後,便經由該第 二ID E介面5將加密過之資料送至該硬碟, 並重覆步驟200至2 02 ,直到安裝結束 2 0 3° 據此,該硬碟所安裝之資料即經過加密保護。 之後,若要由該加密過之硬碟讀出資料至該處理單元 1 ,則如第四圖所示,包括有下列步驟: 步驟3 0 0 :由該硬碟將欲讀取的資料送至該加/解密器550459 5. Description of the invention (6) The installation disc that has been encrypted and encrypted with the encryption / decryption device 2 of the same model, the user must enter the password; Step 106: After the setting is completed, the BIOS returns to POST. Continue the unfinished process, and enter the installation process after the end (that is, install data from the optical drive to the hard disk). In the above step 105, if the user inserts a standard installation disc but sets a password by himself, the data sent to the processing unit 1 during the installation is encrypted, the processing unit 1 cannot recognize and cannot perform the installation process. Please refer to the third figure, which is the second embodiment of the present invention. Assume that the user is set to encrypt the master channel output terminal 5 1 a (that is, to encrypt the hard disk), and the slave channel output terminal 5 1 b is not. If it is encrypted (that is, the optical disc drive is not encrypted), the installation procedure is as follows: Step 2 0 0: Read data from the optical disc drive and send it directly to the processing unit 1; Step 2 0 1 ·· The processing unit 1 is processed through Then, the data is sent to the encryption / decryption device 2 through the first ID E interface 4; Step 2 02: After the encryption / decryption device 2 encrypts the data, it encrypts the data through the second ID E interface 5 The data is sent to the hard disk, and steps 200 to 2 02 are repeated until the installation is completed. 3 ° According to this, the data installed on the hard disk is encrypted and protected. After that, to read data from the encrypted hard disk to the processing unit 1, as shown in the fourth figure, it includes the following steps: Step 3 0 0: The hard disk sends the data to be read to The Encryptor / Decryptor

第9頁 550459 五、發明說明(7) 步驟3 〇 1 ·該加/解密器2解密後,便經由該第一 IDE介 面4送出資料至該處理單元丄來讀取。 請 通道s 1 欲將該 驟: 步驟4 0 0 參閱第五圖所示,此時假設該第二ID E介面5之主 a v e輸出端5 1 b連接的儲存器6為一燒錄機,則 硬碟之資料燒錄至該燒錄機時,其流程包括下列步 將該BIOS 1 a之硬 步驟4 0 1 :電腦開機 步驟4 0 2 :當偵測到 要求’而 者是否啟 若是, 若否, 0. S.,不 步驟403:對該主通 步驟4 0 4 :系統詢問 b加密( 若是, 0 5; 若否, 步驟4 0 5 ·設定完成 成的流程 設疋為由该主通道Master輸出端5 碟開機; 後,該BIOS進行POST ; 該硬碟及燒錄機時,便發出一中斷 在螢幕上顯示一對話框,詢問使用 動該加/解密器2 ? 則進入步驟4 0 3 ; 則返回POST,並於結束後直接進入 作加密的動作4 0 9 ; 道master輸出端5 1 a輸入密碼; 是否對該主通道slave輸出端5 1 即對該燒錄碟加密)? 則設定密碼4 1 0,並進入步驟4 則直接進入步驟4 0 5 ; 後,該BIOS便返回POST,繼續未完 ’並於結束後進入〇 · s · ’Page 9 550459 V. Description of the invention (7) Step 3 〇 1 After the encryption / decryption device 2 decrypts, it sends data to the processing unit 经由 via the first IDE interface 4 for reading. Please refer to channel s 1 for this step: Step 4 0 0 Refer to the fifth figure. At this time, assuming that the storage device 6 connected to the main ave output terminal 5 1 b of the second ID E interface 5 is a recorder, then When the data of the hard disk is burned to the recorder, the flow includes the following steps: the hard step of the BIOS 1 a: step 4 0: the computer starts the step 4 0 2: when a request is detected, and whether it is enabled, if No, 0. S., no Step 403: The main communication step 4 0 4: The system asks b encryption (if yes, 0 5; if no, step 4 0 5) The completed process is set to the main channel Master output terminal 5 disks boot; After that, the BIOS performs POST; When the hard disk and the burner, an interrupt is issued to display a dialog box on the screen and ask to use the encryption / decryption device 2? Then go to step 4 0 3; then return to POST, and directly enter the encryption action 4 0 9 after the end; enter the password at the master output terminal 5 1 a; whether the master channel slave output terminal 5 1 is to encrypt the burning disc)? Then set the password 4 1 0 and enter step 4 directly to step 4 5; After that, the BIOS will return to POST and continue unfinished ’and enter 〇 · s ·’ after the end

第10頁 550459 五、發明說明(8) _ 步驟406 該硬碟欲被讀取之資料送至該加,解密器 步驟4 0 7Page 10 550459 V. Description of the invention (8) _ Step 406 The data to be read from the hard disk is sent to the encryption and decryption device. Step 4 0 7

-IDE 步驟4 0 8 5加/解密器2作解密後,便經由該 面4送至該處理單元丄; 理單元1經由處理後,若 步驟4 0 9 步驟4 1 0 m步驟409’若設定加密則= rms錄機進行燒錄,並回到步驟 4 0 6 ,直到燒錄完成4丄工· 將資料至送至該加/解密器2作加密,之德 行::由該第二1卯介面5送至該燒錄機進 4”:並回到步驟4〇6,直到燒錄完成 俟燒錄完成後,若要繼續燒錄,可 s 錄機重新設定密碼;另,此燒錄完成之光否對該燒 類型之電腦且知道設定密碼之條件下4::;;在相同 電腦將無法讀取使用。 令辦法頊取,其他 此外,上述之加/解密器2亦可 之晶片組内或其他儲存設傷之控於该處理單元丄 器6 (但須再增設控制及規劃該加/解密上哭’或内肷於儲存 連接其他之匯流排與該處理單元丄 拯。2之指令,或 據此’該處理單元1及健存 於經過該加/解密器2作加密或解密曰—所傳輸的資料,由 設定密碼,即使被外人盜取至別台電;旦使用者事先已 從用,並不能辨識 550459 五、發明說明(9) 2邠貝料’而僅是顯示—堆亂碼;另,使用者所設定的 =碼不同’該加/解密器2所執行的加/解密方式亦有所不 同。 又,該光碟機或燒錄機之類的裝置,亦可允許在o.s. 下女裝驅動程式,由使用者規劃該加/解密器2來達到加 密的作用。 、此外,由於輸入密碼的時機係在該電腦進入〇· s•前, 且為硬體加饴方式’故若要利用外加的軟體程序破解密碼 的話相當不容易,因此,本發明實具有高度的資料保密作 用。 另,上述之第一 IDE介面4及第二IDE介面5亦可由 SCSI、IEEE 1394、USB 2.0、Serial ΑΤΑ 等介面取代,則 該儲存器6相對應為支援SCSI、IEEE 1394、USB 2. 0、 Serial ΑΤΑ等介面的儲存設備。 綜上所述,本發明完全符合專利申請之要件,故爰依 專利法提出申請,請詳查並請早曰惠准專利,實感德便, 以保障發明者之權益,若 鈞局之貴審查委員有任何的稽 疑,請不吝來函指示。 惟,以上所述’僅為本發明最佳之一的具體實施例之 詳細說明與圖式,惟本發明之特徵並不侷限於此,並非用 以限制本發明,本發明之所有範圍應以下述之申請專利範 圍為準,凡合於本發明申請專利範圍之精神與其類似變化 之實施例,皆應包含於本發明之範疇中,任何熟悉該項技 藝者在本發明之領域内,可輕易思及之變化或修飾皆可涵 550459 五、發明說明(ίο) 蓋在以下本案之專利範圍。 第13頁 550459 圖式簡單說明 第 一 圖 係 本發明之電 路 方 塊丨 圖 0 第 一 圖 A 係本發明加/解密器 内 部 之電路方塊圖< 第 - 圖 係 本發明第一 實 施 例. 之設定流程圖。 第 二 圖 係 本發明第二 實 施 例- 之安裝流程圖。 第 四 圖 係 本發明第二 實 施 例 中硬碟讀出資料至處 理單 元之 操 作 流 程 圖。 第 五 圖 之 一及第五圖 之 二 係> 私發明第二實施例中 硬碟 燒錄 資 料 至 燒 錄機之操作 流 程 圖 0 [ 圖 式 中 之參照號數 ] 1 處 理單元 2 加/解密器 2 1 編/解碼器 2 2 SM bus控制介面 2 3 資 料匯流排 2 4 控制匯流排 2 5 解 碼器 3 系 統管理匯流 排 4 第 一 I DE介面 4 1 主 通道 4 2 次通道 5 第 二I DE介面 5 1 主 通道 5 1 a 主 通道mas ter 出 端 5 1 b主通道s 1 ave 輸出 端 5 2 次 通道 5 2 a 次 通道mas ter 輸 出 端 5 2 b次通道slave 輸出 端 儲存器 6-IDE Step 4 0 8 5 After the encryption / decryption device 2 performs decryption, it is sent to the processing unit through the face 4; After the processing unit 1 is processed, if step 4 0 9 step 4 1 0 m step 409 'if set Encryption = rms recorder to burn, and return to step 4 0, until the burning is completed. 4. Send the data to the encryption / decryptor 2 for encryption. Virtue :: from the second 1 卯The interface 5 is sent to the burner and enters 4 ”: and returns to step 406 until the burn is completed. After the burn is completed, if you want to continue the burn, you can reset the password on the recorder; otherwise, the burn is completed If the light is on the type of computer and knows the setting password, 4 :: ;; can not be read and used on the same computer. Order method is taken, other In addition, the above encryption / decryption device 2 is also a chipset The internal or other storage device is controlled by the processing unit device 6 (but additional control and planning must be added to the encryption / decryption program) or the internal connection between storage and other buses and the processing unit. 2 instructions , Or according to this, the processing unit 1 and the Jiancun are encrypted or decrypted by the encryption / decryption device 2—the transmitted data By setting a password, even if it is stolen to another Taipower by a foreigner; once the user has used it in advance, it cannot be identified 550459 V. Description of the invention (9) 2 邠 shell material 'but only display-pile garbled; In addition, the user The set = code is different. The encryption / decryption method performed by the encryption / decryption device 2 is also different. In addition, devices such as the optical disc drive or recorder can also allow women's drivers under os. The user plans the encryption / decryption device 2 to achieve the function of encryption. In addition, since the timing of inputting the password is before the computer enters 0 · s •, and it is a method of adding hardware, it is necessary to use additional software It is not easy to crack the password by the program, so the present invention has a high degree of data security. In addition, the first IDE interface 4 and the second IDE interface 5 described above can also be replaced by interfaces such as SCSI, IEEE 1394, USB 2.0, and Serial ΑΤΑ. Then, the storage 6 corresponds to a storage device supporting interfaces such as SCSI, IEEE 1394, USB 2.0, Serial AT, etc. In summary, the present invention fully complies with the requirements of a patent application. Therefore, an application is filed according to the patent law. Please check and approve the Huizun patent in advance, and have a sense of virtue to protect the rights of the inventors. If the Bureau ’s expensive review committee has any suspicions, please do not hesitate to write instructions. However, the above-mentioned 'only the most The detailed description and drawings of one of the preferred embodiments, but the features of the present invention are not limited to this, and are not intended to limit the present invention. The full scope of the present invention shall be subject to the scope of the following patent applications. The spirit of the scope of the patent application of the present invention and its similar variations should be included in the scope of the present invention. Anyone skilled in the art can easily think of the changes or modifications in the field of the present invention. The invention description (ίο) is covered by the patent scope of the following case. 550459 on page 13 is a simple illustration. The first diagram is a circuit block of the present invention 丨 FIG. 0 The first diagram A is a block diagram of the internal circuit of the encryption / decryption device of the present invention < The-diagram is the first embodiment of the present invention. Set flow chart. The second figure is an installation flowchart of the second embodiment of the present invention. The fourth diagram is an operation flow chart of reading data from a hard disk to a processing unit in the second embodiment of the present invention. One of the fifth picture and the second of the fifth picture > The flowchart of the operation of burning data from the hard disk to the burner in the second embodiment of the private invention 0 [reference number in the drawing] 1 processing unit 2 plus / Decryptor 2 1 Encoder / decoder 2 2 SM bus control interface 2 3 Data bus 2 4 Control bus 2 5 Decoder 3 System management bus 4 First I DE interface 4 1 Main channel 4 2 Secondary channel 5 Second I DE interface 5 1 main channel 5 1 a main channel mas ter output 5 1 b main channel s 1 ave output 5 2 secondary channel 5 2 a secondary channel mas ter output 5 2 b secondary channel slave output storage 6

第14頁Page 14

Claims (1)

550459 六、申請專利範圍 1 、一種電腦資料保護裝置,係包括: 一處理單元; 一加/解密器,係藉由一第一介面連接至該處理單元 ,用以接受該處理單元所傳送之控制指令,以啟動 該加/解密器,該加/解密器並藉由一第二介面連接 至該處理單元,用以進行資料的傳輸,且由該加/ 解密器對資料作加密或解密,該加/解密器又連接 一第三介面,其具有複數個輸出端;以及 一或一個以上之儲存器,係分別連接至該第三介面之 輸出端,用以接受該加/解密器所傳送之加密資料 ,或將該儲存器内加密過之資料傳送至該加/解密 器作解密還原; 藉此,該處理單元欲寫入資料至該儲存器或讀取該儲 存器之資料時,因經過該加/解密器而達到資料保 護之作用。 2、 如申請專利範圍第1項所述之電腦資料保護裝置,其 中該處理單元係可為主機板電路。 3、 如申請專利範圍第1項所述之電腦資料保護裝置,其 中該加/解密器係為一 A S I C電路。 4、 如申請專利範圍第1項所述之電腦資料保護裝置,其 中該加/解密器係設於該處理單元之晶片組内。 5、 如申請專利範圍第1項所述之電腦資料保護裝置,其 中該加/解密器係設於其他儲存設備之控制晶片上。 6、 如申請專利範圍第1項所述之電腦資料保護裝置,其550459 6. Scope of Patent Application 1. A computer data protection device comprising: a processing unit; an encryption / decryption device connected to the processing unit through a first interface for receiving control transmitted by the processing unit Instructions to start the encryption / decryption device, the encryption / decryption device is connected to the processing unit through a second interface for data transmission, and the encryption / decryption device encrypts or decrypts the data, the The encryption / decryption device is further connected to a third interface, which has a plurality of output terminals; and one or more storage devices are respectively connected to the output terminals of the third interface for receiving the data transmitted by the encryption / decryption device. Encrypt the data, or send the encrypted data in the storage to the encryption / decryption device for decryption and restoration; by this, when the processing unit wants to write data to the storage or read the data in the storage, The encryption / decryption device achieves data protection. 2. The computer data protection device described in item 1 of the scope of patent application, wherein the processing unit can be a motherboard circuit. 3. The computer data protection device described in item 1 of the scope of patent application, wherein the encryption / decryption device is an A S I C circuit. 4. The computer data protection device described in item 1 of the scope of patent application, wherein the encryption / decryption device is set in the chip set of the processing unit. 5. The computer data protection device described in item 1 of the scope of patent application, wherein the encryption / decryption device is provided on a control chip of another storage device. 6. The computer data protection device described in item 1 of the scope of patent application, which 第15頁 550459 六、申請專利範圍 中該加/解密器係内嵌於該儲存器内,而控制及規劃 該加/解密器之指令則須再增設,或透過其他之匯流 排與該處理單元相連接。 7、 如申請專利範圍第1項所述之電腦資料保護裝置,其 中該第一介面係為一系統管理匯流排(sys tem management bus ; SM bus ) 〇 8、 如申請專利範圍第1項所述之電腦資料保護裝置,其 中該第二介面及第三介面係為一 IDE介面。 9、 如申請專利範圍第1項所述之電腦資料保護裝置,其 中5亥第一介面及第三介面係為一 SCSI、IEEE 1394、 USB 2· 〇 或Serial ΑΤΑ 之介面。 1 0、如申請專利範圍第1項所述之電腦資料保護裝置, 其中該儲存器係為硬碟、光碟機、燒錄器或磁光碟 機(Magneto Opt i cal )之支援IDE介面的儲存設傷Page 15 550459 6. In the scope of the patent application, the encryption / decryption device is embedded in the storage, and the instructions for controlling and planning the encryption / decryption device must be added, or through other buses and the processing unit.相 连接。 Phase connection. 7. The computer data protection device described in item 1 of the scope of patent application, wherein the first interface is a system management bus (SMtem bus) 〇8, as described in item 1 of the scope of patent application A computer data protection device, wherein the second interface and the third interface are IDE interfaces. 9. The computer data protection device as described in item 1 of the scope of patent application, wherein the first interface and the third interface of the 5H are a SCSI, IEEE 1394, USB 2.0 or Serial ATA interface. 10. The computer data protection device as described in item 1 of the scope of patent application, wherein the storage device is a storage device supporting an IDE interface, which is a hard disk, a compact disc drive, a recorder, or a magneto-optical drive (Magneto Opt i cal). hurt 如申請專利範圍第1項所述之電腦資料保護裝置, 其中該儲存器係為硬碟、光碟機、燒錄器或磁光碟 機(Magneto Optical)之支援 SCSI、IEEE 1 3 9 4 USB 2· 0或Serial ΑΤΑ介面的儲存設備。 、 —種加/解密器,係作為處理單元與硬碟間之資料 系統管理匯流排介面,連接一系統管理匯流排而 與該處理單元相連通,用以接受該處理單元所 送之控制指令; #The computer data protection device described in item 1 of the scope of the patent application, wherein the storage device is a hard disk, an optical disc drive, a recorder, or a magneto optical drive that supports SCSI, IEEE 1 3 9 4 USB 2 · 0 or Serial ΑΑΑ interface storage device. -An encryption / decryption device is used as a data system management bus interface between a processing unit and a hard disk, and is connected to a system management bus to communicate with the processing unit for receiving control instructions sent by the processing unit; # 550459 六、申請專利範圍 ________ 複數個編/解碼器,連 7 ~ ,用以接受該系統管理^玄/統官理匯流排介面 令,以啟動該編/解碼器匯^排介面輪入之控制指 接一資料匯流排與該處理且_該^編/解碼器分別連 j理單元間傳輸之資料:】D:係將與該 硬=解碼器,分別連接於該二解二,以及 f =接於該處理單元,用以將該處理單_另一端 至邊硬碟之硬碟控制命令作解碼,/欲傳送 解碼器作編碼’使得該控制命令=編/550459 6. Scope of patent application ________ Multiple coders / decoders, 7 ~, used to accept the system management ^ Xuan / Tongguan bus interface order to start the rotation of the code / decoder interface ^ Control refers to a data bus and the processing, and the _ codec / decoder is connected to the data transmitted between the processing unit:] D: will be connected with the hard = decoder, respectively connected to the two solutions, and f = Connected to the processing unit, used to decode the hard disk control command from the other end to the side hard disk, / to send the decoder for encoding 'make the control command = edit / 第17頁Page 17
TW90129348A 2001-11-27 2001-11-27 Computer data protection device TW550459B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW90129348A TW550459B (en) 2001-11-27 2001-11-27 Computer data protection device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW90129348A TW550459B (en) 2001-11-27 2001-11-27 Computer data protection device

Publications (1)

Publication Number Publication Date
TW550459B true TW550459B (en) 2003-09-01

Family

ID=31713436

Family Applications (1)

Application Number Title Priority Date Filing Date
TW90129348A TW550459B (en) 2001-11-27 2001-11-27 Computer data protection device

Country Status (1)

Country Link
TW (1) TW550459B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7739468B2 (en) 2006-06-02 2010-06-15 Min-Ta Chang Data protection system for controlling data entry point employing RFID tag
TWI733375B (en) * 2020-03-17 2021-07-11 群聯電子股份有限公司 Data transfer method and memory storage device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7739468B2 (en) 2006-06-02 2010-06-15 Min-Ta Chang Data protection system for controlling data entry point employing RFID tag
TWI733375B (en) * 2020-03-17 2021-07-11 群聯電子股份有限公司 Data transfer method and memory storage device

Similar Documents

Publication Publication Date Title
TWI364682B (en) Method and system for secure system-on-a-chip architecture for multimedia data processing
JP4140905B2 (en) Storage device and program
TW556160B (en) Revocation information updating method, revocation information updating apparatus and storage medium
US8165301B1 (en) Input-output device and storage controller handshake protocol using key exchange for data security
JP6622275B2 (en) Mobile data storage device with access control function
JP2006268851A (en) Data transcription in data storage device
CN104951409A (en) System and method for full disk encryption based on hardware
US20090046858A1 (en) System and Method of Data Encryption and Data Access of a Set of Storage Devices via a Hardware Key
US8966280B2 (en) Storage device, memory device, control device, and method for controlling memory device
JP2004201038A (en) Data storage device, information processing apparatus mounted therewith, and data processing method and program thereof
US20070014403A1 (en) Controlling distribution of protected content
TW201211821A (en) Storage device and method for communicating a password between first and second storage devices using a double-encryption scheme
JP2003067256A (en) Data protection method
TW201216061A (en) Method and system for securing access to a storage device
CN105354479A (en) USB flash disk authentication based solid state disk and data hiding method
JP2007226667A (en) Data processor, data processing method and program
WO2006004130B1 (en) Data management method, program thereof, and program recording medium
CN105354503A (en) Data encryption/decryption method for storage apparatus
JP2018124959A (en) Mobile device with built-in access control functionality
CN102346716B (en) Encryption method and decryption method of hard disk storage device and encryption and decryption system used for hard disk storage device
JP6751856B2 (en) Information processing equipment and information processing system
TW201019113A (en) Authenticable USB storage device and method thereof
TWI503692B (en) Secure storage method, terminal and system based on virtualization
WO2021190218A1 (en) Data encryption method and control device
TW550459B (en) Computer data protection device

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent
MM4A Annulment or lapse of patent due to non-payment of fees