TW588244B - Data protection method and system for storage unit - Google Patents

Data protection method and system for storage unit Download PDF

Info

Publication number
TW588244B
TW588244B TW91137821A TW91137821A TW588244B TW 588244 B TW588244 B TW 588244B TW 91137821 A TW91137821 A TW 91137821A TW 91137821 A TW91137821 A TW 91137821A TW 588244 B TW588244 B TW 588244B
Authority
TW
Taiwan
Prior art keywords
storage unit
data
user
processing device
scope
Prior art date
Application number
TW91137821A
Other languages
Chinese (zh)
Other versions
TW200411392A (en
Inventor
Kuen-Tsan Wu
Rung-Shiun You
Yu-Cheng Sheng
Original Assignee
Foquest Advanced Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Foquest Advanced Inc filed Critical Foquest Advanced Inc
Priority to TW91137821A priority Critical patent/TW588244B/en
Application granted granted Critical
Publication of TW588244B publication Critical patent/TW588244B/en
Publication of TW200411392A publication Critical patent/TW200411392A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provides a data protection method and system for a storage unit, which includes the following steps: first making the user installing an user recognition module into a memory unit under normal operation system on a data processing device; next, making the user recognition module to encode and encrypt the identification code configured by the user, and store in a storage unit; then, making the user recognition module to encode and encrypt the data of partition table, and store in a specified position of the storage unit; next, making the user recognition module to delete the data of partition table; finally, making the user recognition module to determine if the identification code inputted by the user is correct when the user turn on the power again of the data processing device; if so, decoding and recovering the encoded and encrypted partition table data and overwriting to the correct position of partition table for conducting the normal booting operation; if not, stopping the normal booting operation procedure.

Description

588244 五、發明說明 【發明所 (1) 屬之技 係有 方法 【先 型電 的一 編寫 能, 播媒 體之 線之 之體 之取 樂意 置進 訊快 的是 保密 上, 儲存 影音 關於 與系 前技 由於 腦等 部分 執行 作為 介, 編輯 網路 積愈 得。 透過 行資 承前 速流 資料 性, 現今 裝置 等檔 術領域】 種儲存單元資料保護方法以及系統,更詳而言之, 一種應用於具有硬碟儲存單元之資料處理裝置的 統。 術】 電子資 資料處 。使用 與單純 聲音、 換言之 製作及 通訊環 來愈輕 基於上 該等具 訊的搜 所述, 通之便 安全的 因為相 的資料 ,已經 案於其 訊科技之一 理裝置已成 者除了可以 資料之處理 影像或聲音 ,使用者得 撥放等工作 境的日益成 薄短小,更 述種種客觀 有網路連結 尋及取得。 雖然我們能 利性,但於 問題,使用 較於以往紙 處理裝置其 可以提供使 中,雖然大 曰千里 為我們 透過該 外,復 影像相 透過該 〇另一 熟,復 便於使 環境因 與資料 ,諸如 曰常生 資料處 得透過 結合等 資料處 方面, 加上該 用者於 素,使 傳輸功 個人電 活中所 理裝置 強大的 多媒體 理裝置 也由於 等資料 行動中 用者主 能之資 腦或筆記 不可或缺 進行程式 運算功 資料之傳 執行多媒 有線及無 處理裝置 進行資訊 觀上也更 料處理裝 透過該資料處理裝置享受到資 另一方面不得不令使用者擔心 者必須更進一步的考量資訊的 上作業時期資料均記錄在書面 所具有諸如硬式磁碟等形式之 用者記錄大量的文字、圖像或 幅減少了文件的體積,然相對588244 V. Description of the invention [The invention belongs to the (1) technology department has a method [the first type of writing power, the body of the broadcast line of the media is willing to put the news quickly, keep it confidential, and store the audio and video about the system Foreword, as the brain and other parts of the implementation as an introduction, editing network accumulation. Through the rapid acceptance of data, the current field of equipment, etc., a storage unit data protection method and system, and more specifically, a system applied to a data processing device with a hard disk storage unit. Technology] Electronic Information Office. The use of simple sound, in other words production and communication loops, is lighter and easier. Based on the above-mentioned searches, it is safe and easy to use because the relevant information has been filed with one of its information technology devices. The processing of images or sounds, and the need for users to play and work are becoming increasingly thin and short, and all kinds of objective network links can be found and obtained. Although we can benefit, but in terms of problems, compared to the previous paper processing device, it can provide a medium. Although it is a thousand miles for us to pass through this, the complex image is transmitted through the other. It is convenient to make environmental factors and data. In terms of data sources, such as regular data, through the combination of the user and the user, the powerful multimedia devices used in the transmission of personal electrical activities are also used by the users. Or note is indispensable to carry out the calculation of program data. Multi-media wired and non-processing devices are also more informative in terms of information processing equipment. Enjoy data through this data processing device. On the other hand, users who have to worry about it must go further. The information about the last working period of the information is recorded in the written form, such as a hard disk. The user records a large amount of text, images, or frames, which reduces the size of the file.

111111

I1L 11 1111 17112. ptd 第5頁 588244 五、發明說明(2) 的也增加資料竊取與複製之容易性。舉例言之,第三者可 以透過諸如敕式磁碟、光碟燒錄甚至網路傳輸之方式等簡 單‘的檔案複製步驟,即得將所需之資料重製或傳送。 習知之資料處理裝置之資料保護技術不外有下列數 種:透過基本輸出入系統(B10 S)内所提供之保全 (•Security)功能下設定識別碼(password),使用者在 執行該資料處理裝置之開機(power-on)過程中,該基本 輸出入糸統會要求使用者輸入識別碼,藉由識別碼内容之 使用者是否有權使用該資料處理裝置,若是,該基本 入系統才會繼續執行後續之開機程序。另一種形式係 使用者於進入作業系統後,依據個人所設定之作業環境或 儲存之資料疋義一識別碼,由作業系統依據不同使用者所 輸入之識別碼開放對應識別碼之作業環境或儲存資料供使 用者使用。 、引迷基本輛出入糸統保護之方法,第三者 僅需將主機板上之山 /I1L 11 1111 17112. ptd Page 5 588244 5. The description of the invention (2) also increases the ease of data stealing and copying. For example, a third party can reproduce or transfer the required data through simple 'file copying steps' such as flash disks, CD burning, and even network transmission. The data protection technology of the conventional data processing device includes the following: through the security function provided in the basic input / output system (B10 S), an identification code (password) is set, and the user performs the data processing During the power-on process of the device, the basic input / output system will require the user to enter an identification code, and whether the user with the content of the identification code has the right to use the data processing device. If so, the basic input system will Continue to the subsequent boot process. Another form is that after entering the operating system, the user defines an identification code based on the operating environment or stored data set by the individual, and the operating system opens the operating environment or stored data corresponding to the identification code according to the identification codes entered by different users. For users. The method of protecting the basic access of basic vehicles, the third party only needs to put the mountain on the motherboard /

η ^ τ ^ 基本輸出入系統重置跨接端(Β10Sη ^ τ ^ Basic I / O system reset jumper (B10S

Reset Jumper) 4¾ ^ 士上 〇 Η後真垃卜认路,亦或疋拆掉主機板上之電池一段時 。而%水头達到銳至该基本輪出入系統設定内容之 •勺。而後者透過 &如軟碟或光碟:業糸統保護之方式’纟使用者透過其 對於使用者而古均j機後,仍然能夠讀取硬碟中之資料。 【發明内容】。句無法達到理想的保護目的。 • 為解決上述習4 η、 提供一種儲.技術之缺點’本發明之主要目的在於 子早元貧料保護方法以及系統,得透過將分割Reset Jumper) 4¾ ^ Taxi 〇 After that, I really recognize the way, or when I remove the battery on the motherboard for a while. And the% water head reached the level of the basic wheel access system setting spoon. And the latter through & such as floppy disks or optical discs: a way to protect the industry ’s user ’s gujun j machine for users, can still read the data in the hard disk. [Summary of the invention]. Sentences fail to achieve the desired purpose of protection. • In order to solve the above-mentioned problem 4 η, and provide a storage technology shortcoming ’the main purpose of the present invention is to protect the method and system of the early and poor materials, through the division

588244 五、發明說明(3) 表加密隱藏之機制,防止不當之使用者進入作業系統以進 行貧料存取。 本發明之另一目的在於提供一種儲存單元資料保護方 法以及系統,得僅透過一軟體或韌體之程控機制即jT達到 保護儲存單元資料之目的。 為達成以上所述之目的,本發明之儲存單元資料保護 系統包括:一用以提供該儲存單元資料保護系統擷取訊 號、編解碼及執行指令功能之中央處理單元;一用以儲存 該資料處理裝置之基本輸出入系統及其他軟體常式之記憶 單元;一用以提供該資料處理裝置儲存包括作業系統程式 及其他程式或資料之儲存單元;一常駐於該記憶單元中用 以將使用者所設定識別碼加以編碼加密並儲存於該儲存單 元中之特定位置;此外,復得將分割表資料加以編碼加密 而儲存於該儲存單元之特定位置,且於使用者重新開機輸 入正確之識別碼時,自該儲存單元中取出該分割表資料加 以解碼還原後覆蓋至該分割表正確位置,俾供該資料處理 ) 裝置繼續進行正常之開機作業程序之使用者識別模組。 透過前述之儲存單元資料保護系統,執行儲存單元資 料保護方法係預先將該使用者辨識模組安裝至該記憶單元 中,接著進行如下之步驟:首先,令該使用者辨識模組將 使用者設定之識別碼進行編碼加密後儲存至該儲存單元之 特定位置中;其次,令該使用者辨識模組將分割表資料進 行編碼加密並儲存至一指定之儲存單元位置;再者,令該 使用者辨識模組將該分割表資料刪除;最後,令該使用者588244 V. Description of the invention (3) The mechanism of table encryption and hiding, to prevent improper users from entering the operating system for poor material access. Another object of the present invention is to provide a storage unit data protection method and system, which can achieve the purpose of protecting the storage unit data only through a software or firmware program control mechanism, namely jT. In order to achieve the above-mentioned object, the storage unit data protection system of the present invention includes: a central processing unit for providing the storage unit data protection system with functions of capturing signals, encoding, decoding, and executing instructions; and a processing unit for storing the data. A memory unit for the basic input / output system of the device and other software routines; a storage unit for providing the data processing device to store operating system programs and other programs or data; a resident in the memory unit for storing user information The identification code is set to be encoded and encrypted and stored in a specific location in the storage unit; in addition, the data of the partition table is encrypted and stored in a specific location in the storage unit, and when the user restarts and inputs the correct identification code , Taking out the partition table data from the storage unit, decoding and restoring it to cover the correct position of the partition table, and processing it for the data) The device continues the user identification module of the normal booting process. Through the foregoing storage unit data protection system, the storage unit data protection method is implemented by installing the user identification module into the memory unit in advance, and then performing the following steps: First, the user identification module is configured to set the user The identification code is encoded and encrypted and stored in a specific location of the storage unit; second, the user identification module is configured to encode and store the partition table data into a specified storage unit location; further, make the user The identification module deletes the partition table data; finally, the user

17112.ptd 第7頁 588244 五、發明說明(4) 辨識模組於使用者重新開啟該資料處理裝置電源時,判斷 使用者所輸入識別碼是否正確,若是,則將該編碼加密之 分·割表資料解碼還原並覆蓋至正確的分配表位置,俾進行 正常之開機作業;若否,則中止正常之開機作業程序。 相較於習知之儲存單元資料保護方法以及系統,本發 明之儲存單元資料保護方法以及系統,用以提供使用者僅 透過一於開機程序中執行之使用者識別機制,即得防止不 具有使用權限之使用者任意開啟該資料處理裝置並進行儲 存單元中資料之存取。 ιΛ施方式】 請參與第1圖,於以下實施例中,本發明之儲存單元 資料保護方法以及系統1 0 0,係應用於一習知之個人電腦 2 0 0架構中,以下僅就與本發明之儲存單元資料保護方法 以及系統1 0 0相關之單元與模組加以闡述,至於其他諸如 鍵盤或滑鼠等輸入單元以及螢幕等顯示單元等,均不為文 贅述丨之,合先钦明。 請參閱第2圖,該儲存單元資料保護系統1 0 0包括:一 中央處理單元1 1 0、一記憶單元1 2 0、一儲存單元1 3 0以及 一g吏用者識別模組1 4 0。 _該中央處理單元11 0係用以提供該儲存單元資料保護 _系統1 0 0擷取信號、編解碼及執行指令之功能,並得透過 資料傳輸路徑如匯流排等,以自其他資源處傳遞及接收資 料。 該記憶單元1 2 0係用以提供該儲存單元資料保護系統17112.ptd Page 7 588244 V. Description of the invention (4) When the user turns on the data processing device again, the identification module judges whether the identification code entered by the user is correct. If so, the code is encrypted and divided. The table data is decoded, restored and overwritten to the correct allocation table position, and the normal boot operation is performed; if not, the normal boot operation procedure is suspended. Compared with the conventional storage unit data protection method and system, the storage unit data protection method and system of the present invention are used to provide users with a user identification mechanism implemented only during a boot process, thereby preventing users from having no use rights. The user arbitrarily opens the data processing device and accesses data in the storage unit. ιΛ approach] Please participate in Figure 1. In the following embodiments, the storage unit data protection method and system 100 of the present invention are applied to a conventional personal computer 200 architecture. The following is only related to the present invention. The storage unit data protection method and system 100 related units and modules will be explained. As for other input units such as keyboards or mice, and display units such as screens, they are not described in detail here. Please refer to FIG. 2. The storage unit data protection system 1 0 0 includes a central processing unit 1 1 0, a memory unit 1 2 0, a storage unit 1 3 0, and a user identification module 1 4 0. . _The central processing unit 110 is used to provide data protection for the storage unit._System 100 captures signals, encodes, decodes, and executes instructions, and can pass data transmission paths such as buses to transfer from other resources. And receive information. The memory unit 120 is used to provide a data protection system for the storage unit.

17112. ptd 第8頁 588244 五、發明說明(5) 1 0 0儲存包括基本輸出入系統及其他軟體程式及/或常 其性質上屬於不具有揮發性之記憶單元,亦即於該個工° 腦2 0 0之工作電源切斷後,儲存於該記憶單元中之資料電 會消失,俾於使用者啟動該個人電腦2 0 0之工作電;原#不 付執行諸如該基本輸出入系統常式,以完成該個人電似 2 0 0之開機程序。又,該記憶單元1 2 0得為一電子可林如 、 4 j ί禾除π 程式化唯讀記憶體(Electrically Erasable Programmable Read Only Memory; EEPROM)或一快閃 ^ 憶體(Flash Memory)。由於前述之記憶體均具有可程D 即可覆寫之特性,故得提供使用者視實際情況需要更^ ^ 中诸如基本輸出入糸統等之程式資料内容。 , 該儲存單元1 3 0係用以提供該個人電腦2 〇 〇儲存包括作 業系統程式及其他程式或資料。於本實施例中,該儲存單 元130係為一硬碟(Hard Disk),該儲存單元i3〇之功能 及架構為習知,故不另文贅述之。 該使用者識別模組1 4 0係常駐於該記憶單元中之軟體 程式,用以透過該中央處理單元110將使ς'者所設定識別 碼加以編碼加密並儲存於該儲存單元丨3 〇中之特定位置; 此外,復得透過該中央處理單元i i 0將分割表資料加以編 碼加密而儲存於該儲存單元i30之特定位置;且於使用者 重新開啟該個人電腦2 0 0之工作電源,執行開機程序輸入 之正確之識別碼時,自該儲存單元13〇中取出該分割表資 料,透過該中央處理單元110加以解碼還原後覆蓋至該分 割表正確位置,俾供該個人電腦2〇〇繼續進行正常之開機17112. ptd Page 8 588244 V. Description of the invention (5) 1 0 0 Storage includes the basic input / output system and other software programs and / or memory units which are generally non-volatile in nature, that is, in this work. After the working power of the brain 200 is turned off, the data stored in the memory unit will disappear, and the user will start the working power of the personal computer 200; the original # will not perform such basic routines as the basic input / output system. To complete the personal computer's boot process like 2000. In addition, the memory unit 12 may be an electronic corinable, 4 j, and π programmable electric read-only memory (EEPROM) or a flash memory. Because the foregoing memories have the characteristics of being programmable and overwritable, users may be required to provide more program data content such as basic input / output systems according to the actual situation. The storage unit 130 is used to provide the personal computer 2000 with storage including operating system programs and other programs or data. In this embodiment, the storage unit 130 is a hard disk, and the function and structure of the storage unit i30 are known, so they will not be described in detail. The user identification module 1 40 is a software program resident in the memory unit, and is used to encode and store the identification code set by the user through the central processing unit 110 and store in the storage unit 丨 3 〇 In addition, FOUND encodes and encrypts the partition table data through the central processing unit ii 0 and stores it in a specific location of the storage unit i30; and when the user turns on the working power of the personal computer 2000 again, executes When the correct identification code is input during the boot process, the partition table data is taken out from the storage unit 13 and decoded and restored by the central processing unit 110 to cover the correct position of the partition table for the personal computer 2000 to continue. Perform a normal boot

17112. ptd 588244 五、發明說明(6) 作業程序。 * ,別說明I ’係於本實施例中,該分割表係指該儲 ^ 3 0亦即硬碟之分割表,而習知之硬碟係由複數個 ,枉(cluster)、磁頭(head)及磁區(sect〇r)所組 ,,而每一磁區之容量為512個位元組(byte)。其中, ϊ 1兹柱第0磁頭之第1磁區係定義為分割磁區,於該磁 = p/·前端係儲存主啟動程式(Master Boot Program; ’後端則係用以儲存分割表資料。 鲁1、人β亥個人電腦2 0 0之開機程序約略如下:由該記 ti120之記憶體位址0FFFF0H開始執行的,亦即( CS = FFFF、IP = 0000 0FFFF0H位址上的程式:$電腦之基本輸出入系統在該 .「FFFF〇: JMP "疋 START」 跳到 START之後, _ (ROM BIOS)首先會做」X此\心早兀I20之基本輸出入系統 機存取記憶體、鍵盤、:;初始的檢查工作,例如檢查隨 動程式,基本輸出A /幕、磁碟機等。然後會讀入主啟 續執行下去。要古之 '、、先曰將控制權交給主啟動程式繼 • 電腦開機°時,先可勃分為装以下幾個步驟: 单元1 3 〇第一個磁區的主仃二本輪出入系統,將該儲存 MBR)寫入隨機存取記 ,記錄(Master Boot Record; 中的程式碼。 3'再轉移控制權至主啟動記錄 - 2 ·主啟動記錄程式民 第一個分割區放置一個旅描整個主磁碟分割表,並在 〜 ( f 1 ag),並將該分割區標示 五、發明說明(7) 為可開機。接著寫入以 個分割區裡的程式碼二機存取記憶體,並將控制權傳給這 3 ·經由啟動程式 SYS及MSDOS· SYS)載 ▲碟中的系統檔(如MS —D0^ Ι〇· 給所載入的系統檔。入隧機存取記憶體,再將控制權交 承上所述’方〜# 表資料具有不可或;電腦200之開機程序中,該分割 無法得知該儲存單元要性,若無該分割表資料則系統 窗XP或L· I NUX等作孝系#之分割狀況,亦無法得知諸如視 開機程序。 ^統之儲存位置’當然無法順利完成 性,ί;刪即依據… 成開機程序,進而達到伴=斷不具使用榷限之使用者完 中儲存資料之目的相保^個人電腦败儲存單元& 凊參閱第3 ( Α)圖,j:中一 ;;方;=行儲存單元;、3 7使用者於該個人電腦2〇〇之正 乂 “。預先 ,者辨識模組〗40至該記憶單元12时、/隨’安裳該使 S301 〇 r 化即進行步驟 m驟53〇1中,令該使用者辨識模組14 疋之識別碼進行編碼加密後 、使用者設 位置*。於本實施例中,於該使用者:$:,〇之特定 巧單元_,該使用者識別模二=〇安裝至 疋一識別碼作為身分辨識之用,該識別碼彳_; ί ί使用者設 于马包括任何數 588244 t 五、發明說明(8) 字、文字與符號之組合。於使用者完成識別碼設定後,該 使用者識別模組1 4 0隨即將該識別碼編碼加密備份至該儲 存單元130中之一特定位置,接著進行步驟S3 0 2。 於步驟S3 0 2中,令該使用者辨識模組140將分割表資 料進行編碼加密並儲存至一指定之儲存單元1 3 0位置。於 本實施例中,該使用者識別模組1 4 0於執行完識別碼加密 備份之步驟後,隨即將該分割磁區中知該分割表資料加以 -編碼加密,並於編碼加密完成後,將該加密資料儲存至該 儲存單元1 3 0中之另一指定位置,隨即進行步驟S 3 0 3。 鲁於步驟S 3 0 3中,令該使用者辨識模組1 4 0將該分割表 資料刪除。於本實施例中,當該使用者辨識模組1 4 0完成 分配表資料加密儲存之步驟後,隨即將該分配表資料自該 記憶單元1 2 0中刪除。由於該分配表資料已自該記憶單元 ί 2 0中刪除,則在使用者重新開啟該個人電腦2 0 0之工作電 渾,並執行開機程序之過程中,若無法輸入正確之識別 碼,則該使用者辨識模組1 4 0即不會將該分配表資料還原 覆蓋於正確之分配表磁區,該個人電腦2 0 0即無法完成正 常開機程序,以進入作業系統。實際操作步驟則如下所 it ° ® 請參閱第3 ( B)圖,其中顯示當該完成資料保護設定 ,程序之個人電腦2 0 0,為一使用者重新開啟工作電源,以 執行驗證保護階段之流程步驟。 ^ 於步驟S 3 1 1中,令該使用者辨識模組1 4 0於開機程序 中要求使用者輸入識別碼,接著進行步驟S 3 1 2。17112. ptd 588244 5. Description of the invention (6) Operating procedures. *, Don't specify I 'in this embodiment, the partition table refers to the storage table of ^ 3 0, which is a hard disk partition table, and the conventional hard disk system consists of a plurality of clusters, heads, and heads. And magnetic field (sector), and the capacity of each magnetic field is 512 bytes. Among them, the 1st magnetic field of the 0th magnetic head of the ϊ 1 zi column is defined as the partitioned magnetic field, where the magnetic head = p / · stores the master boot program ('Master Boot Program;' the back end is used to store the partition table data) The boot process of Lu 1, human β Hai personal computer 2000 is roughly as follows: It starts from the memory address 0FFFF0H of the ti120, that is, the program at (CS = FFFF, IP = 0000 0FFFF0H address: $ computer The basic input / output system is as follows: "FFFF〇: JMP " 疋 START" After jumping to START, _ (ROM BIOS) will first do "Xthis \ heart early Wu I20 basic input / input system access memory, The keyboard,:; the initial inspection work, such as checking the follow-up program, basic output A / curtain, disk drive, etc. Then it will be read into the master and continue to execute. To the ancient ',, first give control to the master After starting the program, the computer can be divided into the following steps when the computer is turned on: Unit 1 3 0 The main part of the first magnetic field is entered into the system this round, and the stored MBR is written into the random access record. Record (Master Boot Record; code. 3 'then transfer control to the master boot -2 · The main boot recorder program places the first partition on the main partition to describe the entire main disk partition table, and marks the partition at ~ (f 1 ag). 5. Description of the invention (7) is bootable Then write the code to access the memory with the code in the two partitions, and transfer the control right to the system file (such as MS —D0 ^) in the ▲ disc via the startup program SYS and MSDOS · SYS). Ι〇 · Load the loaded system file. Enter the tunnel to access the memory, and then transfer control to the above-mentioned 'party ~ #' The table data is not available; during the boot process of the computer 200, the partition cannot be known The storage unit is essential. Without the partition table data, the partition status of the system window XP or L · I NUX as the filial piety # cannot be known, such as the visual boot process. Of course, the storage location of the system cannot be completed successfully. ,; Delete means based on ... to complete the boot process, to achieve the purpose of companion = users who have no doubt about the use of stored data ^ personal computer storage unit & 凊 Refer to Figure 3 (Α), j: S1 ;; Fang; = line storage unit; 3, 7 users in the personal computer 2000乂 ". In advance, the user identification module〗 40 to the memory unit 12 / With 'An Sang should make S301 〇r, then proceed to step m step 5301 to make the user identify the module 14 疋 identification After the code is encoded and encrypted, the user sets the location *. In this embodiment, in the user: $ :, 〇Special smart unit _, the user identification module = 0 is installed to the first identification code as the identity identification For identification purposes, the identification code 彳 _; ί ί The user's setting on the horse includes any number 588244 t V. Description of the invention (8) A combination of words, words and symbols. After the user completes the identification code setting, the user identification module 140 then encrypts and backs up the identification code to a specific location in the storage unit 130, and then proceeds to step S302. In step S302, the user identification module 140 is caused to encode and divide the segment table data into a designated storage unit 130 position. In this embodiment, after the user identification module 140 executes the step of encrypting and backing up the identification code, it immediately knows that the partition table data in the partitioned magnetic disk is -encoded and encrypted, and after the encoding and encryption is completed, The encrypted data is stored in another designated location in the storage unit 130, and then step S303 is performed. In step S303, the user identification module 140 is caused to delete the segment table data. In this embodiment, after the user identification module 140 completes the steps of encrypting and storing the allocation table data, the allocation table data is then deleted from the memory unit 120. Since the data of the allocation table has been deleted from the memory unit ί 20, if the user re-opens the working power of the personal computer 200 and executes the boot process, if the correct identification code cannot be entered, then The user identification module 140 does not restore the allocation table data to the correct allocation table magnetic area, and the personal computer 200 cannot complete the normal boot process to enter the operating system. The actual operation steps are as follows: It is shown in Figure 3 (B), which shows that when the data protection setting is completed, the personal computer 2 of the program is turned on and the power is turned on again for a user to perform the verification protection phase. Process steps. ^ In step S 3 11, the user identification module 1 40 is required to ask the user to input an identification code in the booting process, and then step S 3 1 2 is performed.

17112. ptd 第12頁 588244 -^____ 五、發明說明(9) — --—-- 所輪,令該使用者辨識模組14°判斷使用者 相同^ ^否與儲存於該儲存單元1斯之識別碼 於ί ί Μη進仃步驟S313;若否則進至步驟S315。 儲存= 1中二,令Λ使用者辨識模組140將儲存於該 表資::i垃料讀*,並覆蓋至正確之分到 貝枓磁£ ’接著進行步驟S 3 1 4。 °】 於步驟S314中,令該個人電腦2 2進入作業系、统,俾供有權限使據㊉之開機程 中資料之存取。 考進仃该储存單元1 3 〇 於步驟S315中,因使用老益、、土 相對的,該儲存單元1 30中之磁區分=枓復盍之步噼, 法為該啟動程式所擷取,故盔 σΙ作業系統資科& 序,俾達到防止無權限使用;存之開機作業: 料。 ϋ亥儲存單元130中> ,,示上所述,本發明之儲存單元次 統,用以提供使用者僅透過一於“ U方法以及系 識別機制,即得防止不具有使用權、:序中執行之使 個士電腦2 0 0並進行儲存單元13〇中=之使用者任意開欵J 存單元1 30為不知道識別碼之使用貝枓之存取。即使鸪= 他的電腦裝置進行資料之存取,拆k,仍無法透场崎 目的。 “確實達到資料以 以上所述僅為本發明之儲存 _ 一 統之較佳實施例,非用以限定 貝料保護方法以 Μ明之實質技術内容J系17112. ptd Page 12 588244-^ ____ V. Description of the invention (9) — ----- This round makes the user identification module 14 ° judge that the user is the same ^ ^ is not stored in the storage unit for 1 second The identification code goes to step S313; otherwise, go to step S315. Storage = 1 2nd, so that the Λ user identification module 140 will be stored in the table: i read the material *, and overwrite it to the correct score to the magnetic file £ ′, and then proceed to step S 3 1 4. °] In step S314, the personal computer 22 is made to enter the operating system, and is provided with the authority to access the data during the boot process of the data. Entered into the storage unit 130. In step S315, because the old and the opposite are used, the magnetic division in the storage unit 130 is equal to the step of the complex, which is retrieved by the startup program. Therefore, the helmet σ1 operating system resources & procedure, to prevent unauthorized use; save the boot operation: materials. In the storage unit 130 of the Haihai, as shown above, the storage unit system of the present invention is used to provide users with only the "U method and the identification mechanism, to prevent the user from having no right to use: In the implementation, the personal computer 2000 and the storage unit 1330 are opened by the user. J storage unit 1 30 is used for access without knowing the identification code. Even if 鸪 = his computer device The access to data can not be achieved through demolition. "It is true that the data described above is only for the storage of the present invention._ A unified and preferred embodiment, not a material technology used to limit the protection of shell materials. Content J

第13頁 17112. ptd 588244 •五、發明說明(ίο) 圍,其他與個人電腦相似,如筆記型電腦、伺服器及工作 站等,且具有儲存單元者均有本發明之適用。本發明之儲 存單元資料保護方法以及系統其實質技術内容係廣義地定 義:於下述之申請專利範圍中,任何他人所完成之技術實體 或方法,若與下述之申請專利範圍所定義者完全相同,或 為等效之變更,均將被視為涵蓋於此專利範圍之中。Page 13 17112. ptd 588244 • Fifth, the invention description (ίο), other similar to personal computers, such as notebook computers, servers and workstations, etc., and have storage units are applicable to the present invention. The essential technical content of the storage unit data protection method and system of the present invention is broadly defined: In the scope of the following patent application, any technical entity or method completed by another person is completely the same as defined in the scope of the patent application below Changes that are the same or equivalent are considered to be covered by this patent.

第14頁 17112. ptd 588244 圖式簡單說明 【圖式簡單說明】 第1圖係一應用架構示意圖,用以顯示執行本發明之 儲存單元資料保護系統應用於一個人電腦上之系統架構; 第2圖係一方塊示意圖,用以顯示本發明之儲存單元 資料保護系統中單元與模組間之相互關係;以及 第3 ( A)及3 ( B)圖係流程圖,用以顯示執行本發明 之儲存單元資料保護方法之流程步驟。 1 〇 〇 儲存單元資料保護系統 110 中央處理單元 120 記憶單元 1 3 0 儲存單元 1 4 0 使用者識別模組 2 0 0 個人電腦Page 14 17112. ptd 588244 Brief description of the drawings [Simplified description of the drawings] Figure 1 is a schematic diagram of an application architecture, which is used to show the system architecture of a storage unit data protection system that implements the present invention applied to a personal computer; Figure 2 It is a block diagram showing the relationship between units and modules in the storage unit data protection system of the present invention; and Figures 3 (A) and 3 (B) are flowcharts showing the storage for implementing the present invention Process steps of the unit data protection method. 1 〇 〇 Storage unit data protection system 110 Central processing unit 120 Memory unit 1 3 0 Storage unit 1 4 0 User identification module 2 0 0 Personal computer

17112. ptd 第15頁17112.ptd Page 15

Claims (1)

588244 六、申請專利範圍 1. 一種儲存單元資料保護方法,其係應用於一具有儲存 單元之資料處理裝置上,該儲存單元資料保護方法包 '括: 令一使用者辨識模組將使用者設定之識別碼進行 編碼加密後儲存至該儲存單元之特定位置; 令該使用者辨識模組將分割表資料進行編碼加密 並儲存至一指定之儲存單元位置; 令該使用者辨識模組將儲存於記憶單元之分割表588244 6. Scope of patent application 1. A storage unit data protection method, which is applied to a data processing device having a storage unit. The storage unit data protection method includes: Instruct a user identification module to set a user The identification code is encoded and stored in a specific location of the storage unit; the user identification module is used to encode and store the partition table data in a specified storage unit location; the user identification module is stored in Memory cell partition table 2' 資料刪除;以及 令該使用者辨識模組於使用者重新開啟該資料處 理裝置電源時,判斷使用者所輸入識別碼是否正確, 若是,則將該編碼加密之分割表資料解碼還原並覆蓋 至正確的分配表位置,俾進行正常之開機作業;若否 ,則中止正常之開機作業程序。 如申請專利範圍第1項之方法,其中,該儲存單元可為 一内建式硬碟、外接式硬碟及抽取式硬碟其中任一者 3. 如申請專利範圍第1項之方法,其中,該資料處理裝置 _可為一個人電腦、筆記型電腦、平板電腦、液晶電腦 、伺服器及工作站其中任一者。 4. 如申請專利範圍第1項之方法,其中,該使用者辨識模 組係為一軟體程式,於安裝至該記憶單元後常駐於該 - 記憶單元,並於該資料處理裝置執行開機程序時進行 使用者識別工作。2 'data deletion; and making the user identification module judge whether the identification code input by the user is correct when the user turns on the data processing device again, and if so, decode and restore the encrypted encrypted table data and overwrite it Go to the correct allocation table position, and then carry out the normal booting operation; if not, suspend the normal booting procedure. For example, the method of applying for the scope of the patent, wherein the storage unit may be any one of a built-in hard disk, an external hard disk, and a removable hard disk. 3. The method of applying for the scope of the patent, wherein The data processing device can be any one of a personal computer, a notebook computer, a tablet computer, an LCD computer, a server, and a workstation. 4. For the method of applying for the first item of the patent scope, wherein the user identification module is a software program, which is resident in the-memory unit after being installed in the memory unit, and when the data processing device executes a boot process Perform user identification. 17112. ptd 第16頁 588244 六、申請專利範圍 5. 如申請專利範圍第1項之方法,其中,該記憶單元可為 一電子可抹除可程式化唯讀記憶體及快閃記憶體其中 任一者。 6. 如申請專利範圍第1項之方法,其中,該識別馬可為文 字、數字、符號、文字與數字、文字與符號、符號與 數字及文字、符號與數字其中任一者所組成之内容。 7. —種儲存單元資料保護系統,其係應用於一具有儲存 單元之資料處理裝置上,該儲存單元資料保護系統包 括 · 一中央處理單元,其係用以提供該儲存單元資料 保護系統擷取訊號、編解碼及執行指令功能; 一記憶單元,其係用以儲存該資料處理裝置之基 本輸出入系統及其他軟體程式; 該儲存單元,其係用以提供該資料處理裝置儲存 包括作業系統程式及其他程式或資料之;以及 一使用者識別模組,其係常駐於該記憶單元中用 以將使用者所設定識別碼加以編碼加密並儲存於該儲 存單元中之特定位置;此外,復得將分割表資料加以 編碼加密而儲存於該儲存單元之特定位置,且於使用 者重新開機輸入正確之識別碼時,自該儲存單元中取 出該分割表資料加以解碼還原後覆蓋至該分割表正確 位置。 8. 如申請專利範圍第7項之系統,其中,該儲存單元可為 一内建式硬碟、外接式硬碟及抽取式硬碟其中任一者17112. ptd Page 16 588244 6. Application for patent scope 5. For the method of applying for the scope of patent application item 1, the memory unit can be an electronically erasable programmable read-only memory and flash memory. One. 6. The method according to item 1 of the scope of patent application, wherein the identification mark is composed of any one of words, numbers, symbols, words and numbers, words and symbols, symbols and numbers and words, symbols and numbers . 7. A storage unit data protection system, which is applied to a data processing device with a storage unit. The storage unit data protection system includes a central processing unit that is used to provide the storage unit data protection system capture. Signal, codec, and execute command functions; a memory unit, which is used to store the basic input / output system and other software programs of the data processing device; the storage unit, which is used to provide the data processing device storage including operating system programs And other programs or data; and a user identification module, which resides in the memory unit to encode and encrypt the identification code set by the user and stores it in a specific location in the storage unit; The partition table data is encoded and encrypted and stored in a specific location of the storage unit, and when the user restarts and enters the correct identification code, the partition table data is taken out from the storage unit and decoded and restored to cover the partition table correctly. position. 8. If the system of claim 7 is applied for, the storage unit may be any one of a built-in hard disk, an external hard disk, and a removable hard disk. 17112. ptd 第17頁 588244 ,六、申請專利範圍 0 9.如申請專利範圍第7項之系統,其中,該資料處理裝置 可為一個人電腦、筆記型電腦、平板電腦、液晶電腦 、伺服器及工作站其中任一者。 1 0 .如申請專利範圍第7項之系統,其中,該使用者辨識模 ,組係為一軟體程式,於安裝至該記憶單元後常駐於該 記憶單元,並於該資料處理裝置執行開機程序時進行 ~使用者識別工作。 、1^如申請專利範圍第7項之系統,其中,該記憶單元可為 _ 一電子可抹除可程式化唯讀記憶體及快閃記憶體其中 任一者。 1 2.如申請專利範圍第7項之系統,其中,該識別馬可為文 字、數字、符號、文字與數字、文字與符號、符號與 數字及文字、符號與數字其中任一者所組成之内容。17112. ptd, page 17, 588244, VI. Patent application scope 0 9. If the system of patent application item 7 is used, the data processing device may be a personal computer, a notebook computer, a tablet computer, an LCD computer, a server and Any of the workstations. 10. The system according to item 7 of the scope of patent application, wherein the user identification module is a software program that resides in the memory unit after being installed in the memory unit and executes a boot process on the data processing device. Perform ~ user identification at any time. 1. The system according to item 7 of the scope of patent application, wherein the memory unit may be any one of an electronically erasable programmable read-only memory and a flash memory. 1 2. The system according to item 7 of the scope of patent application, wherein the identification mark is composed of any one of words, numbers, symbols, words and numbers, words and symbols, symbols and numbers and words, symbols and numbers content. 17112.ptd 第18頁17112.ptd Page 18
TW91137821A 2002-12-30 2002-12-30 Data protection method and system for storage unit TW588244B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW91137821A TW588244B (en) 2002-12-30 2002-12-30 Data protection method and system for storage unit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW91137821A TW588244B (en) 2002-12-30 2002-12-30 Data protection method and system for storage unit

Publications (2)

Publication Number Publication Date
TW588244B true TW588244B (en) 2004-05-21
TW200411392A TW200411392A (en) 2004-07-01

Family

ID=34058096

Family Applications (1)

Application Number Title Priority Date Filing Date
TW91137821A TW588244B (en) 2002-12-30 2002-12-30 Data protection method and system for storage unit

Country Status (1)

Country Link
TW (1) TW588244B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8504849B2 (en) 2004-12-21 2013-08-06 Sandisk Technologies Inc. Method for versatile content control
US8601283B2 (en) 2004-12-21 2013-12-03 Sandisk Technologies Inc. Method for versatile content control with partitioning
US8613103B2 (en) 2006-07-07 2013-12-17 Sandisk Technologies Inc. Content control method using versatile control structure
US8639939B2 (en) 2006-07-07 2014-01-28 Sandisk Technologies Inc. Control method using identity objects
US9104618B2 (en) 2008-12-18 2015-08-11 Sandisk Technologies Inc. Managing access to an address range in a storage device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8504849B2 (en) 2004-12-21 2013-08-06 Sandisk Technologies Inc. Method for versatile content control
US8601283B2 (en) 2004-12-21 2013-12-03 Sandisk Technologies Inc. Method for versatile content control with partitioning
US8613103B2 (en) 2006-07-07 2013-12-17 Sandisk Technologies Inc. Content control method using versatile control structure
US8639939B2 (en) 2006-07-07 2014-01-28 Sandisk Technologies Inc. Control method using identity objects
US9104618B2 (en) 2008-12-18 2015-08-11 Sandisk Technologies Inc. Managing access to an address range in a storage device

Also Published As

Publication number Publication date
TW200411392A (en) 2004-07-01

Similar Documents

Publication Publication Date Title
TW558903B (en) System, method, and device for playing back recorded audio, video or other content from non-volatile memory cards, compact disks or other media
JP3389186B2 (en) Semiconductor memory card and reading device
US7818567B2 (en) Method for protecting security accounts manager (SAM) files within windows operating systems
KR102139179B1 (en) Security subsystem
CN100552690C (en) Data managing method
EP2161673A1 (en) Method and system for protecting data
JP2000311114A (en) Computer system and contents protecting method
US7984296B2 (en) Content protection device and content protection method
TW201113884A (en) Authentication and securing of write-once, read-many (WORM) memory devices
JP2003233795A (en) Semiconductor memory card and reading device
TW200937197A (en) Information storage device and method capable of hiding confidential files
RU2494447C2 (en) Method to code memory stick and assembly for its realisation
CN101334827A (en) Magnetic disc encryption method and magnetic disc encryption system for implementing the method
US20050193195A1 (en) Method and system for protecting data of storage unit
TW200832181A (en) System and method of data encryption and data access of a set of storage device via a hardware key
JP2006079449A (en) Storage medium access control method
JP2002539557A (en) Copy protection of storage media by randomizing location and key for write access
CN114662164A (en) Identity authentication and access control system, method and equipment based on encrypted hard disk
TW588244B (en) Data protection method and system for storage unit
KR20090072717A (en) New data storage usb disc, computer interface usb device and method by flash memory's bad patten
JP2007133770A (en) Memory card, processor module and control method of host device
WO2010151722A1 (en) Accessing a serial number of a removable non-volatile memory device
JP2003208234A (en) Software recording part separation type information processor and software managing method
JP2003099329A (en) Information processing device and information processing method
TW200935221A (en) System for securing an access to flash memory device and method for the same

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees