TWI234074B - Device and method for protecting data records in recording media - Google Patents

Device and method for protecting data records in recording media Download PDF

Info

Publication number
TWI234074B
TWI234074B TW90110603A TW90110603A TWI234074B TW I234074 B TWI234074 B TW I234074B TW 90110603 A TW90110603 A TW 90110603A TW 90110603 A TW90110603 A TW 90110603A TW I234074 B TWI234074 B TW I234074B
Authority
TW
Taiwan
Prior art keywords
data
data storage
storage area
virtual
protection
Prior art date
Application number
TW90110603A
Other languages
Chinese (zh)
Inventor
Kwok-Yan Leung
Original Assignee
Kwok-Yan Leung
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kwok-Yan Leung filed Critical Kwok-Yan Leung
Priority to TW90110603A priority Critical patent/TWI234074B/en
Application granted granted Critical
Publication of TWI234074B publication Critical patent/TWI234074B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention discloses a data record protection control device for protecting data record in recording media. In a system configuration mode, a single physical data storage device is divided into a protected data storage area, a virtual data storage area and an unprotected data storage area. Then, the protected data storage area and the unprotected data storage area are simulated as two independent physical data storage device and the virtual data storage area is hidden. The two data storage devices provide equal storage spaces for the protected data storage area and the unprotected data storage area respectively. A set of protected data containing software and data are loaded in the protected data storage area in the first place. In regular operating procedures, data to be stored in the data storage area are transmitted to the data record protection control device and only loaded in the virtual data storage area. Data can be read from the virtual data storage area or the protected data storage area and the accessed location depends on if the virtual data storage area stores the specified data to be accessed. In a preferred embodiment, when a computer system at which a processor is located starts a new operation, the data in the virtual data storage area will be deleted. In another preferred embodiment, data in the virtual data storage area are deleted only when the data record protection control device instructs to do so, and the virtual data can be stored by duplicating the virtual data to the protected data storage area. The protected and the virtual data storage areas can be located at different data storage device. The data record protection control device can also receive the access command of the unprotected data to permanently store the data without involvement of the protected and the virtual data storage areas.

Description

1234074 案號 90110603 五、發明說明(1) 發明領域1234074 Case number 90110603 V. Description of the invention (1) Field of invention

記錄的方法,用以保護 使传該資料s己錄不致遭 本發明係有關於一種保護資料 儲存於該儲存媒體中的資料記錄, 到不當的修改、刪除或損壞。 發明背景 目二幾:所有的電腦和電子機器都是利用 置來n,-般常見的資料記錄包含作 =、 應用軟體和各種資訊等,在本發明案中,*以資料=來 涵蓋這些不同種類的資料記錄。用電子方式來記最 常見的問題在於資料記錄遭到不當修改或刪除。這此資科 記錄的更動,有時候是使用者有意的作為,例如更=軟贌 程式的設定或是存入新的資料内容等。 在這種情況下,使用者即使不是出於惡意,也常造成 意料之外的不良後果’而必須要恢復在資料記錄更動前的 原始設定狀態。以電子方式來記憶的這些資料,更可I遭 人惡意破壞,資料記錄可能因為電腦病毒或是未經授權使 用音加以竄改或刪除,而造成嚴重的損失。 電腦系統若經未授權的更改,可能造成個人或企業用 戶在生產力、營收以及利潤上的損失。企業内多人共用的 電腦系統中’各電腦機器有相同的設定較利於維護和使 用。若是各電腦使用者任意地更改各使用端的設定,將會The recording method is used to protect the transmitted data from being recorded. The present invention relates to a data record for protecting data stored in the storage medium to improper modification, deletion or damage. Background of the Invention Item 2: All computers and electronic machines use data sets, which are common data records, including ==, application software, and various information. In the present invention, * == Kind of data records. The most common problem with electronic recording is the improper modification or deletion of records. These changes in the records of the asset department are sometimes intentional by the user, such as changing the settings of soft programs or storing new data. In this case, even if it is not malicious, the user often causes unexpected undesired consequences' and must restore the original setting state before the data record is changed. These data memorized electronically can be maliciously damaged by others. Data records may be altered or deleted due to computer viruses or unauthorized use of audio, resulting in serious losses. Unauthorized changes to computer systems may cause loss of productivity, revenue and profits for individual or business users. In the computer system shared by many people in the enterprise, each computer has the same settings, which is more conducive to maintenance and use. If each computer user arbitrarily changes the settings of each end, it will

第6頁Page 6

1234074 __ 案號 90110603 五、發明說明(2) 導致:各系統内的各使用端之間不相容、不同使用端人 介面的不一致以及電腦運作的不穩定等問題,不但加重= 統維護人員的工作負擔,更可能損及企業或個人生產力糸 雖然資料記錄的不當更動可能會造成電腦使用者的 失,但是允許合法使用者更新資料仍是必須的。因此, /了兼顧電腦系統的安定性和資料的可變動性,電腦系統必 須能提供每一個使用者最新的正確資料以及電腦系統預設 值,並允許合法使用者依各自的需要來更新資料内容,= 時在資料被不當更動時,能夠恢復被更動前的正確紀錄狀 態。 目前,市面上已有許多用以防止硬碟上的資料記錄被 不當更改的工具,這些資料記錄保護的工具中,有些是以 軟體為手段,有些則結合了軟硬體。 上 讀取或 當使用 憶空間 資料記 特定記 或重開 資料紀 手段很 入侵程 使得惡 可以讀 述保護資料記 寫入硬碟中的 者下達寫入資 中,而不會被 錄内容。當使 憶空間中讀取 機時,儲存於 錄,都會消失 容易被破解, 式。由於這類 意入侵程式可 寫該記憶空間 錄的軟體 資料,來 料指令時 寫入硬碟 用者欲讀 ,而不由 前述特定 。而且, 所以並不 軟體無法 能只要利 中的資料 ,大多數 達到保護 ’資料被 内,因此 取該筆寫 硬碟中讀 資料空間 這些軟體 能防範電 將前述特 用低階的 ,並且進 是藉由 資料記 載入到 不會更 入資料 取。當 而沒有 所提供 腦病毒 定記憶 輸入輪 一步修 阻止使用者 錄的目的。 一特定的記 動硬碟中的 時,是由該 使用者關機 载入硬碟的 的資料保護 之類的惡意 空間隱藏’ 出指令,就 改硬碟裡的1234074 __ Case No. 90110603 V. Description of the invention (2) Causes: Incompatibility between users on various systems, inconsistent user interface between users, and instability of computer operation, etc., not only aggravated = The work load is more likely to damage the productivity of the business or the individual. Although improper changes in data records may cause computer users to lose, it is still necessary to allow legitimate users to update the data. Therefore, considering the stability of the computer system and the variability of the data, the computer system must be able to provide each user with the latest correct data and the computer system default values, and allow legitimate users to update the data content according to their needs , = When the data is improperly changed, the correct record state before the change can be restored. At present, there are many tools on the market to prevent the data records on the hard disk from being altered improperly. Some of these data record protection tools are software, and some combine software and hardware. Reading or when using memory space data records, specific records or reopening data records are very intrusive, making it possible to read protected data records. Those who write to hard disks issue write-in data without being recorded. When the reader is in the memory space, it will disappear when stored in the record, and it is easy to be cracked. Because this kind of intrusive program can write the software data recorded in the memory space, it will be written into the hard disk when the incoming command. The user wants to read it, not the specific one mentioned above. Moreover, it is not that the software cannot protect the data as long as the data is beneficial. Therefore, this software can be used to read the data space in the hard disk. These software can prevent the use of the aforementioned special low-level and further Entering by data records will not take more data. Then there is no provided encephalovirus fixed memory input wheel for further repair to prevent user recording purpose. When a specific recording of the hard disk is performed, the user shuts down, mounts the hard disk, protects the data, and other malicious spaces are hidden.

1IIIH 第7頁 1234074 五發明說明(3) f料記錄。此 定平台上運作 問題。 結合軟硬 〜卡式元件, 插槽將該卡式 式元件,攔截 處理器作處理 中使用的記憶 &式探知並加 因此本發 發明之產生, 作業系統或處 的人員或軟體 规10隨 修正1IIIH Page 7 1234074 Fifth invention description (3) f material records. There are operational issues on this platform. Combining hardware and software ~ card-type components, the slot intercepts the card-type component, intercepts the memory used by the processor for processing & type detection and adds to this, the invention of the present invention. Amend

外,保 ,所以 體的資 利用周 元件和 資料存 °這種 區塊, 以破解 明人有 以提供 理器的 所破解 護資料記錄的軟體,通常是設計在特 易產生與作業糸統和處理器的相容性 料保護手段,通常包含一軟體程式和 邊f件連接介面(PCI )或其他延伸 電腦連結。該軟體部分係用以設定卡 取指令,並將之傳送到卡式元件中的 資料保護手段,亦無法其在隱藏硬碟 因此如同上述的軟體手段,易被惡意 〇 鑑=此’經過不斷研究測試後始有本 一貢料記錄保護裝置,使得能夠不受 相谷性限制,同時不容易被惡意入侵 發明概要 於一 存裝 存區 料保 區域 本發 電腦 置中 域, 護控 的空 首先 明之係 系統之 製作並 並對該 制裝置 間當作 ,該電 提供一資料記錄保護控制裝 一處理器與一儲存裝置之間 維護一防護資料儲存區域及 處理器隱藏該虛擬資料儲存 ^乍用下,該處理ϋ會將該 疋該儲存裝置的所有可用处 ^系統的管理者^其他柃= 置 ,其 用以 虛擬 域, 護資 係連結 在該儲 資料儲 在該資 料儲存 用者執行該In addition, security, so the use of weekly components and data are stored in this block, in order to crack the software that the people have to provide the processor to protect the data records, usually designed to easily generate and operate the system and The compatibility protection means of the processor usually includes a software program and a side-piece connection interface (PCI) or other extended computer links. This software part is used to set the data acquisition method of the card fetching instruction and transfer it to the card component. It can not hide the hard disk. Therefore, it is easy to be malicious as it is the software method described above. After the test, there is a record protection device for this material, so that it can not be restricted by the valley, and it is not easy to be maliciously invaded. Summary of the invention is in a storage area. The system of the Ming Dynasty is made and treated as a device. The power supply provides a data record protection control device. A processor and a storage device maintain a protective data storage area and the processor hides the virtual data storage. Next, the processing will set all available places of the storage device ^ system administrators ^ other 柃 =, which is used for virtual domains, and the protection of funds is linked to the stored data stored in the data storage user to perform the

1234074 -------9011 ORn^ 一修正 五、發明說明(4) 方法提供的系統配置桓^ ^ 料載入防護資料儲存區系統載入模式,將欲保護的資 統軟體、應用軟體或e 1 ^三其中,該資料可以為作業系 護資料儲存區域中的^般貧料等。其中,該筆資料在防 表内。 子位址,係記錄於一防護資料儲存 其後’該資料保護 係用以使得該防護資^裝置進入一資料保護模式,其 讀取,而不能被改寫。出/區域中所記錄的資料,僅能被 料,以及欲寫入防護資粗護資料儲存區域中讀取的資 虛擬資料儲存區域内。在令存區域的資料,均會被載入該 有的資料存取動作,均是;運作段落内,所 虛擬資料記錄係可以被使儲存區域進行,該 開始一新的運作段落時 項取或改寫。當該電腦系統 防護資料儲存表:::載:!::==置會將; 記錄==先= 除,使得二的;擬資料將被移 動不致造成不良影響。式對於貧料記錄的不當更 落蛑在f二實施態樣中,當該電腦系統開始-新的運作段 虛擬資料I合a # ^ 中载入該虛擬貧料儲存區域的 f擬貝枓不會被移除。該資料記錄保 :料:存區域中的資料記錄位址存於一虛擬資料擬 2j於每一新運作段落開始時,讀取該虛擬資料儲存表 。該資料保護控制裝置可以俊指令刪除其内部資料 該虛擬資料内容’僅讀y防護資料儲左, 1111 邮咖时 ___________ —-------- 第9頁 索號 90110603_ 1234074 修正 日 五、發明說明(5) 的資料記錄。 在另一實施態樣中,該資祖位 將载入該虛擬資料儲存區域中的崖擬f :以依指令 儲存區域内,使得該虛擬資料得以保存,。衣到防護資料 該資料保護控制裝置亦可以保留一盔防考次 域,使得電腦使用者可以存取盔 ",、^濩貝料儲存區 :防護資料記錄可以在不同隻m,且該 虛擬資料-樣被刪除。在此一實:::保奋’而不會與 區域和無防護資料儲存區域汐θ=7 ,防護資料儲存 置内,都將被該資料保護控制裝 j只體儲存裝 存裝置。 視為獨立的兩個資料儲 ^本發明中的資料保護控制裝 容錯方法相容,提供承、隹 ’、,、類似如RAID等資料 合杈供更進一步的資料保護。 π貝杆 發明詳細說明 一圖顯示一電腦系統22,J:姓人4. ^ 保護控制裝置20。其中兮ς二,一依據本發明 資料儲存裝置26。^ k a恥系統22包含—處 腦系統2 2係可以為任何需 硬碟 置的裝置。例如電腦“mf資料儲存 為控制該電腦之微處電腦, 機或其他儲存f置。貝枓儲存裝置26可 系統22可以為_ 第10頁 號 901 infirm 五、發明說明(6) 1234074 修正 控制操作台,而虚採哭9」 哭,資祖控六壯 為24為運作該控制操作台的微處理 護控資料匯流排30與資料記錄保 的資料讀取指“;2八8連結’使得處理器24發出 排3 〇傳送到資料纪錚^ 曰令能夠經由處理器資科匯流 含一抑劍梦署入β亲保濩控制裝置20。資料儲存裝置26包 二,其係用以經由-館存裝置資料匯流 連姓:、:心呆濩控制裝置20上的資料儲存裝置介面32 的ΐ料A =保護控制裝置2〇能依據處理器24發出 定存1 t ^ :-曰7 ,經由儲存裝置資料匯流排36,將指 疋存取資料自資料儲存裝置26中存取。 晶 3“日Ϊ 一較f想的情況下’處理器介面28和控制裝置介面 同,使得資料記錄保護控制^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ 和貧料儲存裝置26之間。 乂置於處理器241234074 ------- 9011 ORn ^ One amendment V. Description of the invention (4) System configuration provided by the method ^ ^ Material loading protection data storage system loading mode, the system software and application software to be protected Or e 1 ^ 3, where the data may be ^ -like poor materials in the operating system data storage area. Among them, the information is in the watch. The sub address is recorded in a protected data storage. The data protection is used to put the protective data device into a data protection mode, which can be read and cannot be rewritten. The data recorded in the output / area can only be the data, and the virtual data storage area to be read in the data storage area of the protection data rough protection data storage area. The data in the order storage area will be loaded with some data access actions, both are; in the operation section, the virtual data recording can be performed by the storage area, and when the new operation section is started, it is selected or rewrite. When the computer system protection data storage table ::::: :: == Setting will; record == first = division, making the second; the proposed data will be moved without causing adverse effects. The improper recording of the lean material is even worse in the second implementation mode. When the computer system starts-a new operation section of the virtual data Ia a # ^ is loaded into the virtual lean material storage area. Will be removed. The data record protection: data: the address of the data record in the storage area is stored in a virtual data plan 2j at the beginning of each new operating paragraph, the virtual data storage table is read. The data protection control device can instruct the deletion of its internal data, the contents of the virtual data, 'read only the protection data, and the storage of the left, 1111 postal coffee ___________ —-------- page 9 call number 90110603_ 1234074 correction day five Records of invention description (5). In another implementation aspect, the ancestral position will be loaded into the virtual data storage area in order to save the virtual data in the storage area according to the instruction. The data protection control device can also reserve a helmet-proof test zone, so that computer users can access the helmet's storage area: the protection data records can be stored in different locations, and the virtual Data-like is deleted. In this fact ::: Baofen ’, but not with the area and unprotected data storage area, θ = 7, the protective data storage device will be controlled and protected by the data protection device. The two data stores considered as independent ^ The data protection control device in the present invention is compatible with the fault tolerance method, and provides support for data integration such as RAID for further data protection. π 贝 杆 Detailed description of the invention A picture shows a computer system 22, J: surname 4. ^ 保护 控制 装置 20. Among them, two, one is a data storage device 26 according to the present invention. ^ k a system 22 includes-brain system 2 2 series can be any device that requires a hard disk. For example, the computer “mf data storage is a microcomputer, computer or other storage device that controls the computer. The storage device 26 can be 22 and the system 22 can be _ Page 10 No. 901 infirm V. Description of the invention (6) 1234074 Correct control operation I ’m crying, but I ’m crying at 9 ”, Zou Zuo Liu Zhuang is 24 for the micro-processing of the control console to protect the control data bus 30 and the data record protection of the data reading means“; 2 8 8 link ”makes processing The device 24 sends out a row 3 and transmits it to the data record ^. The command can be transmitted through the processor resource department to include a sword-suppressing agent into the β-pro-protection control device 20. The data storage device 26 packs two, which are used to pass through the library Storage device data confluence of surnames:,: Data storage device interface 32 on the heart-smelling control device 20, data A = protection control device 20, can be fixed according to the processor 24, 1 t ^:-7, via storage The device data bus 36 will refer to the access data from the data storage device 26. Crystal 3 "Sun" In a more fancy situation, the processor interface 28 and the control device interface are the same, so that the data record protection control ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ And lean storage Between 26.乂 Place on processor 24

趨if 5儲存裝置26包含一資料儲存區域38,其係分判A ;;個::儲存區塊39。其中該複數個資料儲存區塊;J = = ; = : =存,、虛擬資料儲存i 為三個資料儲資;區; 2存區域42及一無防護資料儲存區域43。其中防$ : 广=域40包括複數個防護資料儲存區塊44 ’虛擬資二儲 J區域42包括複數個虛擬資料儲存區塊铛,無 子區域43包括複數個無防護資料儲存區塊。—二〆= 年:防護資料儲存區塊44和上擬資料儲存== 第11頁 1S_90U0603 1234074The if 5 storage device 26 includes a data storage area 38, which is sub-determined A; :: storage block 39. The plurality of data storage blocks; J = =; =: = storage, and the virtual data storage i is three data storage funds; area; 2 storage area 42 and an unprotected data storage area 43. Among them, the defense $: wide = domain 40 includes a plurality of protected data storage blocks 44 ′ virtual data storage two areas J area 42 includes a plurality of virtual data storage blocks, and the sub-region 43 includes a plurality of unprotected data storage blocks. --Two years = Year: Protected data storage block 44 and the above-mentioned data storage == Page 11 1S_90U0603 1234074

五、發明說明(7) ___ 塊數目相同,且每一個防護資料儲存匕 資料儲存區塊46相對應。 免44此與一個虛擬 用以存區域40包含一防護資料儲存表5〇,1係 用以记錄關於母一個防護資料儲存區 糸 括:防護資料儲存區塊是否存有資料使7j = ’包 區塊中資料記錄的内容、一防護資料儲;‘盘二料,存 相關資料的區塊的關聯等。儲存於 存有 的資料稱之為「防護資料」。 曼貝枓儲存區域40中 虛擬資料儲存區域42包含一虛擬資料儲 :::護:料儲存表5。類似。此外 :巴域乍 (f…)存有有效資料的虛擬資考 擬貝料儲存區塊46中資料記錄之有效性:母虛 使用表52中係以一位元記錄表示 匕貧料區塊 於虛擬資料記錄二貝:二存严塊不含有有效資料。儲存 無防護資貝:稱之為「虛擬資料」。 貝科儲存Q域43包含一 Ap*· 士雈次,丨 其作用與前述防謹資料蚀户本=二防濩貝料儲存表53, 似。館存於I防護f _ ^及虛擬資料儲存表51類 護資料」。"貝枓健存區域43中的資料稱之為「無防 48,置2°包含一防護資料區域使用表 制裝置内保有運作時,在該控 區域使用表 第12頁 五、發明說明(8) 4 9,其係用以在資料記錄保 制袈置内保有一份和虛擬資運作時,在該控 用表52内容相同的紀錄。在恭义及虛擬貝料區塊使 記錄保護控制裝置20並不紀錄:的最佳實施例中,資料 中的資料位址,但在本發明於無防護資料儲存區域 置20亦可以將儲存於無防^ 貧料記錄保護控制裝 以記錄。 μ丨方遵貝枓儲存區域中的資料位址加 資料記錄保護控制裝晋ρ ^ 4 係用以在資料自防護資。端記憶區域54,其 域42中存取時,作為該/,域40或是虛擬資料儲存區 容量至少要與-資料儲存區塊相等, 右此夠等备:複數個資料儲存區塊的容量更好 佔有複數個貧料儲存區塊之槽案的傳輸能夠更有了 ::敘述電腦系統22之一實際實施例 -可用於-般辦公室環境的電腦系統,其係使用】U Microsoft Windows ™ 的从專,^ 24 Λ - ^ ^ 、乍業糸、、充。該電腦系統的處理器 24為一微處理器,其係用以執行軟體及控制周邊 電腦系統的資料儲存裝置26為一個⑽型的硬碟機,其係亥 =一連結於该硬碟機與該處理器之間的IDE控制器所控’、 在此實施例中,資料記錄保護控制裝置2〇係連結於 IDE控制器和該硬碟機之間,且該資料記錄保護控制裝置/ 對該IDE控制為透通的(transparent),該IDE控 和該硬碟機之間的資料流通狀況,如同兩者直接連結,w 無該資料^錄保護控制裝置存在一樣。然而在實際上,該 1234074 修正 "— -----案號90110603 年 月月日: 五、發明說明(9) 貧科記錄保護控制裝置2〇會將至少一部份的該硬碟機對該 DE控制器隱藏,並且將該單一硬碟機模擬成兩個獨立 體硬碟機,呈現給該IDE控制器。 所述實施例中的電腦系統中,僅包含單一個IDE硬碟 機1在此須注意的是,一電腦系統可能包含由單一 ide控 制器所控制的複數個IDE硬碟機,其中,每一個磁碟^ j其被指定之「磁碟序號」(drive number)為區/分,’該 碟序號通常以〇為始。若一電腦系統僅具有單一個硬碟^ ,,則該硬碟機的磁碟序號為〇。一 IDE控制器可以經由單 排線(ribbon cable)與其所控制的兩個IDE硬碟機 中該排線包含複數個控制線,其係用以在資料存取 依據該兩個硬碟機的磁碟序號,分別對其作存取 、—一 IDE硬碟機中的資料儲存區域38實際上位於一個 稷數個磁碟表面,其中一磁碟表面可區分為 - 為資::存區域38可分割為複數個資料儲心 分割相對::為塊: 複數:邏輯分割’其係分別被指定以不同的英文 =母,使得該處理器可以分別操作該複數個輯八 碟機未經過邏輯分割,則被視為僅且-: 碟邏輯分割,其亦被指定一字母作為其代號。-磁 域4。、- 護 第14頁 1234074 ) 修正 —-_9〇ιι〇βη?ί 9‘ 五、發明說明(10) 43。該IDE磁碟機中夂 其中包含於防護資料^刀刼包含複數個邏輯區塊39, 塊44 ;包含於虛擬資料广:;二40中者,為防護資料儲存區 ==7。前述三個資料儲丄:42巧 位於硬碟機中的資料儲存區 =43,可以 交錯。如上所述,防護 在工間配置上可能互相 塊46的數目最好相同,亦即兮= f擬資料儲存區 對一的對應關係。 ^兩種貝科區塊間最好具有一 一 ΙΙ}β硬碟機包含一檔案配 table,FAT),其係用 ^ 置表(flle allocation 被各邏輯區塊39的使'用;μ,硬碟機中各磁碟邏輯分割 該檔案配置表更進一步記鸯U該邏輯區塊存有資料,則 以及同屬該檔案的其他資 f該資料區塊的檔案名稱, 中,在防護資料儲存區域4 關資訊。在本實施例 儲存表50,在虛擬資料的槽案配置表稱為防護資料 虛擬資料儲存表51,、在=342中^標案配置表稱之為 置表稱之為無防護資;儲:以儲存區域43中的物^ = ; = = Γ制裝置2°的運作方式。 = ϊ 更改或刪除。每-筆防護資料的儲 系統管理者載入防護資料2=0。通常防護資料是由- 之使用者應、用。載^防:iC内,提供該電腦系統 100和200所示。 農貝枓的方法容後再敘,如圖式中 1234074 一修正 --MM 9011080^ 五、發明說明(11) ^ 腦系統22新開始每一個運作段落時,資料节鍈你 濩控制裝置20均將虛擬資料儲存區域“視 估^ °己、亲1 〇,表示兮Λ f/Λ人貝料區塊42的有效值設定為 衣^不鑌虛擬貧料區塊不含有有效資料。 η 當一防護資料儲存區塊44中的、 將該防護資料區塊44的内容複製時,會 與該防護資料區塊44相對應之虛擬資料儲f區域42中 時將該虛擬資料儲存區塊46在虛擬資料儲内,同 值S己錄為1,以表示該虛擬資 的有效 為有效。 寸碎存區塊46中的資料内容 當處理器24傳達一資料寫入命 料區域40中的資料記錄時,該 或修改防護資 防護資料儲存區域40内,而會载入不會記錄在該 ”防護資料儲存區塊“相對= =區域4" 中,並更新虛擬資料儲存表52的紀擬^儲存區塊46 區塊46的資料記錄為有效。 、’、;字〜虛擬資料儲存 亦即當處理器24下達對某一防罐次l 時,資料記錄保護控制裝置2〇 ^貝料檔案的讀取命令 區塊44中讀取該防護資料,並傳送二Jf:防護資料儲存 貧料記錄保護控制裝置2〇將該指 ^,里器24。同時, 儲存區域42中的虛擬資料儲存區塊^:貧科载入虛擬資料 儲存表52的紀錄,將該虛擬資料 i並更新虛擬資料 有效。 區塊46的資料記錄為 被更改過的資料記錄將會次 ^20 ’並儲存於資料儲存裝置26中了 f料記錄保護控制裝 B瞧丨耽瞧l刪綱戀隨二~1— ---二+胃更改過的資料 第16頁 1234074V. Description of the Invention (7) ___ The number of blocks is the same, and each of the protection data storage blocks corresponds to the data storage block 46. 44 and a virtual storage area 40 includes a protection data storage table 50, 1 is used to record a protection data storage area about the parent, including: whether the protection data storage block has data such that 7j = 'package The content of the data records in the block, a protective data store; 'disc two materials, the association of the block where the relevant data is stored, etc. The data stored in it is called "protected data". The virtual data storage area 42 in the Mamba storage area 40 includes a virtual data storage ::: Protection: material storage table 5. similar. In addition: The validity of the data records in the virtual material storage block 46 of the virtual data with valid data stored in Ba Yucha (f ...): The virtual use table 52 uses a single-bit record to indicate that Virtual data record Erbei: Ercun Yan block does not contain valid data. Storage Unprotected data: Call it "virtual data." The Beco storage Q field 43 contains one Ap *. This function is similar to that of the aforementioned precautionary data erosion table = the second anti-corrosive material storage table 53, which is similar to the above. The library is stored in I protection f_ ^ and virtual data storage table 51. " The data in the Beijian health storage area 43 is called "No defense 48, set to 2 °, including a protective data area. When using the watchmaking device to keep the operation, use the control area in the control area on page 12 V. Description of the invention ( 8) 49, which is used to keep a record with the same content in the control table 52 when the data record protection system is set up and the operation of virtual assets. The record protection is controlled in the Gongyi and virtual shell materials blocks. The device 20 does not record: in the preferred embodiment, the data address in the data, but in the present invention, the 20 can be stored in the unprotected data storage area and stored in the unprotected ^ lean material record protection control device for recording. Μ丨 Fang Zunbei's data address in the storage area plus data record protection control device ^ ^ 4 is used to protect the data self-protection data. The end memory area 54, when it is accessed in the domain 42, as the /, domain 40 or The capacity of the virtual data storage area must be at least equal to the -data storage block. The right is enough to prepare: the capacity of multiple data storage blocks is better to occupy the slot of multiple lean storage blocks. Describe one practical embodiment of the computer system 22- A computer system that can be used in an office-like environment. It is used by U Microsoft Windows ™, ^ 24 Λ-^ ^, industry, and charger. The processor 24 of the computer system is a microprocessor. The data storage device 26, which is used to execute software and control the surrounding computer system, is a type of hard disk drive, which is controlled by an IDE controller connected between the hard disk drive and the processor. In this embodiment, the data record protection control device 20 is connected between the IDE controller and the hard disk drive, and the data record protection control device / transparent to the IDE control, the IDE control and The data circulation status between the hard disk drives is as if the two are directly connected, and w does not have the data. The protection control device exists. However, in practice, the 1234074 amendment " — ----- case number 90110603 month Month: 5. Description of the invention (9) Poor record protection control device 20 will hide at least a part of the hard drive from the DE controller, and simulate the single hard drive as two independent hard drives Player, presented to the IDE controller. The computer system in the embodiment includes only a single IDE hard disk drive 1 It should be noted here that a computer system may include a plurality of IDE hard disk drives controlled by a single IDE controller, wherein each disk ^ j The designated "drive number" is zone / minute, 'the disc number usually starts with 0. If a computer system has only a single hard disk ^, the hard disk drive's disk serial number is 0. An IDE controller can be controlled by a single ribbon cable and two IDE hard disk drives controlled by the IDE cable. The ribbon cable includes a plurality of control lines, which are used for data access based on the magnetic properties of the two hard disk drives. The serial number of the disc is accessed separately. The data storage area 38 in an IDE hard disk drive is actually located on the surface of one or more disks. One of the disk surfaces can be divided into: Divided into a plurality of data, the memory is divided into relative :: is a block: plural: logical division, which is respectively designated with different English = parent, so that the processor can operate the plural compilation discs without logical division, It is regarded as only and-: the disc is logically divided, and it is also assigned a letter as its code. -Magnetic domain 4. 、-Care page 14 1234074) Amendment —-_ 9〇ιι〇βη? Ί 9 ’V. Description of the invention (10) 43. In the IDE disk drive, which contains the protection data ^ knife 刼 contains a plurality of logical blocks 39, 44; included in the virtual data wide :; the second of 40 is the protection data storage area == 7. The aforementioned three data stores: 42 are located in the data storage area of the hard disk drive = 43, which can be interleaved. As mentioned above, the number of blocks 46 may be the same as each other in the configuration of the workplace, that is, the correspondence relationship between f = data storage area to one. ^ It is best to have one 11} beta hard disk drive between the two Beco blocks, including a file allocation table (FAT), which is used ^ allocation table is used by each logical block 39; μ, Each disk in the hard disk drive logically divides the file configuration table to further record that the logical block contains data, and other file names of the data block that belong to the file. In the protection data storage, Area 4 related information. In the storage table 50 of this embodiment, the slot configuration table in the virtual data is called the protection data virtual data storage table 51, and in = 342 ^ Protection data; storage: use the contents in storage area 43 ^ =; = = Γ control device 2 ° operation mode. = Ϊ change or delete. Each protection data storage system administrator loads protection data 2 = 0. Usually the protection information is used and used by the user. It is provided in the iC, and the computer systems 100 and 200 are provided. The method of the farmer's method will be described later, as shown in the figure 1234074. A correction --MM 9011080 ^ V. Description of the Invention (11) ^ When the brain system 22 starts every new operating paragraph, the data section will 鍈The control devices 20 all set the virtual data storage area to "evaluate ^ ° and pro 10", indicating that the effective value of the Λ f / Λ human shell material block 42 is set to ^ 镔 The virtual lean material block does not contain valid data Η When the content of the protective data block 44 is copied in a protective data storage block 44, the virtual data storage area corresponding to the protective data block 44 is stored in the f data area 42. Block 46 is stored in the virtual data store, and the same value S has been recorded as 1, to indicate that the virtual data is valid. The data content in the fragment storage block 46 is written into the data area 40 when the processor 24 transmits a data. When the data is recorded, the protective data storage area 40 is modified or modified, and will not be recorded in the "protected data storage block" relative == area 4 ", and the virtual data storage table 52 is updated. The data record of block 46 is valid. The data record of block 46 is valid. "," ,; word ~ virtual data storage, that is, when the processor 24 issues a certain anti-tank time l, the data record protection control device 2 ^^ Read the protection data in the file read command block 44 Jf: Protected data storage, poor material record protection control device 20, the finger ^ 24. At the same time, the virtual data storage block ^ in the storage area 42 ^: the poor section loads the virtual data storage table 52 The record of the virtual data i and the update of the virtual data are valid. The data record of block 46 is the changed data record and will be stored in the data storage device 26 in the data storage device 26.丨 Langu l delete Gang Lian Sui 2 ~ 1---- 2 + stomach changed information page 1623474

案號 90110603 五、發明說明(12) 記錄被當作虛擬資料,記載於虛擬資料儲存區域乜中。 由於電腦系統22在每一個運作段落開始時,會 資料儲f區域42視為空置未用,因此在該運作段^開ς = 所有的育料更改内容’都不會被保留。在防護資料儲‘ 域40内的原始資料記錄,則被視為是最新的資料 - 容。 對於針對無防護資料儲存區域43的資料存取 料記錄保護控制裝置2G僅將該指令轉送到f料 貝 26:在讀取無防護資料,f料記縣護裝置 定言買取的資料,並將之傳送到處理器24。亦即 存取,資料記錄保護控制裝置20僅作為該資;4 取資料的緩衝區。在此假設該資= Ϊ 一,IDE硬碟機’能夠自行完成資料存取指 二:貝儲存裝置26不能獨立完成資料存取指令 料圮錄保護控制裝置20亦可以鈞:Case No. 90110603 V. Description of Invention (12) The record is treated as virtual data and recorded in the virtual data storage area 乜. Since the computer system 22 treats the data storage area 42 as vacant and unused at the beginning of each operation section, it will not be retained in this operation section ^ Kai wai = all breeding changes'. The original data record in the protected data store ‘domain 40’ is considered to be the latest data-content. For the data access data record protection control device 2G for the unprotected data storage area 43, the command is only forwarded to f material 26: When reading the unprotected data, f material records the county security device's purchase data, and Of it is transmitted to the processor 24. That is, access, the data record protection control device 20 is only used as the data; 4 the buffer area for fetching data. It is assumed here that the data = Ϊ one, the IDE hard disk drive 'can complete the data access instructions by itself 2: the storage device 26 cannot complete the data access instructions independently The data record protection control device 20 can also:

=控制該資料儲存裝置的存取動作;:::述=二J 置2°的運作方式,如圖式中方續所:錄保 Ϊ = 本發明一設定資料儲存裝置26系統配置的 方法1 0 0 ’使得能夠方咨粗μ 士 的 1〇〇係由-系統管理者所=存】域38中存取資料。方法 置後,提供使用者Λ實〜’使得電腦系統22經適當配 ^ ^ ^ £2° ^ ^ ^ 用資料記錄保護控制穿置20所:徂该系統官理者通常係利 令該資料記錄保護一系統配置軟體,命 —,……一---」 w i置20進入系統配置模式,而且,= Control the access operation of the data storage device; ::: == J = 2 ° operation mode, continued as shown in the figure: Recording security = = A method of setting the data storage device 26 system configuration of the present invention 1 0 0 'enables access to the data in the domain 38, which is stored by the system administrator. After the method is set, the user is provided with a computer to make the computer system 22 properly configured. ^ ^ ^ £ 2 ° ^ ^ ^ Use data records to protect and control 20 places: 官 The official of the system usually orders the data. To protect a system configuration software, order —, ... a —-— “wi 20 to enter system configuration mode, and,

第17頁 1234074 ^M^mm〇3 } ,ψ m 五、發明說明(13) ...........:IL. -- 下進行。'd充有配步署驟私最好都是在該系統配置軟體的控制 記錄保護控最:提供一密碼機制,使得資料 下,會讓該在使用者輸入正確密碼的情況 己錄保護控制裝置 =、、先配置杈式。 接著進入:才能夠進入系統配置模式。 元數來表示其資科儲疒厂乂7]〇4。任何儲存裝置26皆以位 104係為將資料貝儲抖//I區域38中的最大儲存空間。步驟 虛擬資料儲存區域子42^】8:割為防:資料儲存區域40、 資料記錄保護控“H:43的步驟。 統管理者設定無防護資料區=方塊’讓該系 錄保護控制裝置2〇進一 姑的儲存二間大小,資料記 38中指定-儲存區域作為;在資料儲存區域 資料:π存區域38中尚未指定的儲存 二虛擬資料儲存區域“ 為防護 小最好相#,且其中的防,貝科儲存區域42的大 存區塊46能以一對一的、/ =存區塊44和虛擬資料儲 制裝置20最好能將資料儲‘』=1由所以資料記錄保護控 域4,的健存空間平分以屬於無防護資料區 存區域42,使得防護資/掩子區域40和虛擬資料儲 46能有相等的數目。 儲存&塊44和虛擬資料儲存區塊 在此實施例中,步驟i 〇 上述三,#存區域。 、’儲存區域38分割為如 第18頁 1234074 1234074 案號 9011〇fin^ 五、發明說明(14) 修正 'Μ Λ 電r ί =〇/單的步驟106係為資料記錄保護控制事置20將 電恥糸統22的早一資料儲存裝 更孜制裝置20將 儲存裝置,呈現給處理器24, 杈擬為,個獨立的資料 之為「虛擬資料儲存裝置。:該兩,資料儲存裝置稱 擬分割性質並未傳達給處‘器該==資料儲,裝置的虛 置的儲存空間和防護資料儲存區4〇 :貝,儲存裝 裝置的儲存空間則和無防譆資极妙+相4,另一賢料儲存 錄保護控制裝置20並未將虛擬$料:”43相等。資料記 輸出協定,資料記錄保;用的資料輪入 儲存裝置的某些特定資料傳送:2° ^頁將亡述兩個資料 儲存裝置各自包含的磁軌數、:磁兩:資料 錄保護控制裝置能夠依據該兩個虛擬資。資料記 空間(亦即防冑資料儲存區域蔓 2 i的儲存 計算出該兩個虛擬資料儲存裝置的:關蔓儲存區域)’ 器24。所有這4b資訊泊π 4人的相關貝訊,傳送給處理 部分。資料紀錄保護控制J:: J 儲f區域42的 關資訊,唯一必須提供的資訊是 資提供上述相 防護資料儲存區域43的儲存空間大^、。、枓儲存區域40和無 資料記錄保護控制裝置20所模 裝置係可以分別與資料儲存裝置26中==虛\擬-貝料儲存 =胸糸統22所使用的肓料輸入輸出協定, 同的參數值來設定不同的虛擬資料 ° 可1 :中的電腦系統22中,該兩個虛擬資料置:本實施 序號和字母來表示。資料纪;置係以不同 -----貝才什η己錄保€控制裝置20接收 第19頁 1234074 ------- 虎 五、發明說明(15) Μ 修正 二號儲存裝置的資料存取命令,並將該指定 ^的轉換為1 DE硬碟中相對應的磁碟分割。 資料器Μ視虛擬資料儲存區域42為不存在,所以 儲存办^ /卜】中的有效儲存空間量為該儲存裝置中所有 AUh ^ /、有10Mb王間,且防護資料儲存區域40為 ::二護資料儲存區域40和虛擬資料儲存區域42各含 處理器Π而剩Λ的2Mb屬於無防護資料儲存區域43。斜 護資料儲存二門;二,虛擬資料儲存區域42為不存在,防 100至此無防護資料儲存空間有廳。方法 兩個ί: i1 實00體完資成理^ 施例中,電電硬子:機器來,運作。在本實 磁碟代號。S 一 π奴、 科刀口J刀別被指疋以 此處理^24不ΐ則被設定為對處理器24隱藏,因 U4不此對該隱藏磁碟邏輯分割直接因 方法100可以重複實施以更改防護 ”資料儲存區域42及無防護資、二存區域4。、 =空ST首:在-已載有資料的硬 域40或無防護資料儲存區域43,若儲蔓貧料儲存區 ,載入其他儲存媒體上。當方法⑽在^間不足則可以將 J ’而防護資料儲存區域4〇和無 二上再次實 整3:: 第20頁 1234074 五、發明說明(16) \^ …"……. 於該防護資料儲存區域4 0或是該無防護資料儲存區域4 3 内,則該資料記錄可能會有部分流失,或者被複製到不 的儲存位置。 第二A圖顯示一方法1 1 〇,其係用以將防護資料儲存區 域40和無防護資料儲存區域43格式化,使得資料能儲存 該兩個資料健存區域中。方法110係由一系統管者储存在 施,使得電腦系統22經適當配置後,提供使用者使用。 統管ϊ ΐϋ〇入的入步驟U2係為資料記錄保護控制裝置20依系 係利用資料^ :進人'系統格式化模式。該'系、统管理者通常 體,命入護控制裝置20所提供的-系統格式化軟 ^。^該貝枓記錄保護控制裝置20進入系統格式化模 存區二的二驟乂4 ’其係用已將防護資料儲 22的特性作調整式化需依據其所屬電腦系統 、防護資料儲存驟產生了防護資料儲存表 護資料儲存區塊47 、無防護資料儲存表53以及無防 可包含Page 17 1234074 ^ M ^ mm〇3}, ψ m 5. Description of the invention (13) ...........: IL. It's best to configure the control records in the system with software. It's best to configure the software's control records to protect the control: Provide a password mechanism so that under the data, the user should enter the correct password to record the protection control device. = 、、 Configure the fork type first. Then enter: to enter the system configuration mode. Yuan to indicate its asset storage plant 7] 04. Any storage device 26 uses bit 104 as the maximum storage space in the data storage / I area 38. Steps of the virtual data storage area: 42 ^] 8: Cut off: Data storage area 40, steps of data record protection control "H: 43. The system administrator sets the unprotected data area = box 'to let the system protect the control device 2 〇Into the size of the two storage rooms, the data storage area is designated as the storage area; in the data storage area data: π storage area 38, the virtual storage area of the virtual data that has not been specified in the storage area 38 is the best protection, and The large storage block 46 of the Beco storage area 42 can be stored in a one-to-one, / = storage block 44 and the virtual data storage device 20, and it is best to store the data. The health storage space of domain 4 is evenly divided to belong to the unprotected data area storage area 42, so that the protection data / coverage sub-area 40 and the virtual data storage 46 can have an equal number. Storage & Block 44 and Virtual Data Storage Block In this embodiment, step i 〇 above three, # storage area. The 'storage area 38 is divided into pages 18, 1234074, 1234074, and case number 9011〇fin ^ V. Description of the invention (14) Step' 106 of amending 'Μ Λ Electric r ί = 〇 / single is for data record protection and control. The earlier data storage device 22 of the electric system 22 presents the storage device to the processor 24. The independent data is to be referred to as a "virtual data storage device." The two data storage devices are called The nature of the quasi-segmentation is not communicated to the server's device == data storage, the device's virtual storage space and protective data storage area 40: shells, and the storage space of the storage device is the same as the non-anti-skid asset + phase 4 , The other storage protection control device 20 does not set the virtual data: "43 equal. Data record output agreement, data record protection; some of the specific data transmission of the data rotation storage device used: 2 ° ^ page will be described the number of tracks each of the two data storage devices contains: magnetic two: data record protection control The device can rely on the two virtual assets. The data record space (that is, the storage of the data storage area to prevent spreading 2 i) is calculated for the two virtual data storage devices: Guan Man storage area) 'device 24. All this 4b information is sent to the processing part. The data record protection control J :: J stores the relevant information in area 42. The only information that must be provided is to provide a large storage space for the above-mentioned protected data storage area 43. The data storage device 40, the data storage device 40, and the dataless record protection control device 20 can be used separately from the data storage device 26 == virtual / pseudo-shell material storage = the material input / output protocol used by the chest system 22, the same The parameter values are used to set different virtual data. In the computer system 22 in 1: 1, the two virtual data are set by the serial number and letters of this implementation. Data discipline; the system is different —---- Because has been recorded. The control device 20 receives page 1234074 on page 19 ------- Tiger V. Description of the invention (15) Μ Correction of the second storage device Data access command, and convert the specified ^ to the corresponding partition on the 1 DE hard disk. The data processor M regards the virtual data storage area 42 as non-existent, so the effective storage space in the storage office ^ / bu] is all AUh ^ / in the storage device, there is a 10Mb king, and the protection data storage area 40 is: The secondary protection data storage area 40 and the virtual data storage area 42 each include a processor Π, and the remaining 2Mb belongs to the unprotected data storage area 43. There are two doors for oblique protection of data storage. Second, the virtual data storage area 42 is non-existent, and there is a hall for data storage without protection. Method Two ί: i1 real 00 body is complete ^ In the embodiment, the electric and electronic hardware: the machine comes and operates. In this real disk code. S π slave, branch knife J knife is not accused of this treatment ^ 24 is not set to be hidden from the processor 24, because U4 is not the logical partition of the hidden disk directly because the method 100 can be repeatedly implemented to change "Protected" data storage area 42 and unprotected data, second storage area 4., = empty ST head: in-the hard domain 40 that already contains data or the unprotected data storage area 43, if the poor material storage area is stored, load On other storage media. When the method 不足 is insufficient, you can change J 'and protect the data storage area 40 and Wuji again 3: Page 20 1234474 5. Description of the invention (16) \ ^… " ……. In the protected data storage area 40 or the unprotected data storage area 43, the data record may be partially lost or copied to a non-storage location. Figure 2A shows a method 1 10, which is used to format the protected data storage area 40 and the unprotected data storage area 43 so that data can be stored in the two data storage areas. Method 110 is stored by a system administrator in the computer so that the computer The system 22 is properly configured to provide the user with The U2 step of the system management system is the data record protection control device 20, which uses the data according to the system ^: Enter the system format mode of the system. The system administrator is usually assigned to the 20 control system. Provided-system formatting software ^. ^ The second step of the record protection control device 20 entering the system formatting mode storage area 4 'It is based on the adjustment of the characteristics of the protection data storage 22 according to its The own computer system and the protection data storage step generate a protection data storage table, a protection data storage block 47, an unprotected data storage table 53, and a non-defense may include

Format工具程式可用以方1,、私式。Wlndows中的Fdisk和 儲存區塊44、無防護資^二方^料儲存表5〇、防護資料 塊4 7。 存表5 3以及無防護資料儲存區 方法11 0至此結束。 方法200 第三圖顯示依據本發明 1234074 ΜΜ 9〇ιι〇βη^ 修正 五、發明說明(17) :存裝置26中防護資料 由-系統管理者所實施。存£域40中載入貢料,其通常係 管理者圖的三Λ步驟202係為資料記錄保護控制裝置2… 用資料記錄保護控制裝I。所:供::統管理者通常係利 載入軟體最二蒦?進:系統載入模式。該“ 置2〇僅有在使用者輸二m記:保護控制裳 錄保護控制襄置20進入系==況:’會讓該資料記 裝置20最好僅有在電腦李、絲=式。貝料s己錄保護控制 軟體時:才能= =狀況下啟動該系統載入 ^ Λ till 121L4 5 ^α ^^f 11 # 也Tt戰入防覆貝枓儲存區域4〇内。例如,系統 j:控制處理器或系統其他部分的作業系統軟體、 “Τί 類的應用軟體、遊戲軟體、通訊軟體或資料 S /、。見際載入防護資料儲存區域4〇的資料内容,則依電 質和用途而定。當系統管理者在增刪或修改 防4貝料儲存區域40内的資料記錄時,資料儲存裝置26會 Ik牯更新防護資料儲存表5〇的内容,使得表5〇能夠有儲存 區域40内所有資料紀錄位址等相關資訊。 步驟204中,系統管理者並未將任何資料載入虛擬資 料儲存區域42中。 在本實施例的電腦系統中,步驟2〇4可能涉及作業系 統軟體如Microsoft Windows、應用軟體如Micro soft Word、其他軟體或是資料在ide硬碟上的安裝或記錄。處The Format utility can be used in 1, or private mode. Fdisk and storage block 44 in Wlndows, unprotected data ^ two parties ^ data storage table 50, protection data block 47. Save Table 5 3 and the unprotected data storage area Method 110 ends here. Method 200 The third figure shows 1234074 MM 9〇ιιββ ^ correction according to the present invention. 5. Description of the invention (17): The protection data in the storage device 26 is implemented by the system administrator. The storage material is loaded into the storage area 40, which is usually the step 3 of the manager's diagram 202, which is the data record protection control device 2 ... The data record protection control device I is used. So: For :: The system manager is usually profitable. What is the best way to load software? Progress: system loading mode. The "setting 20" is only entered when the user loses two notes: protection control, protection recording, protection control, and setting 20 into the system == condition: 'The data recording device 20 is preferably only used in computer mode. When the material is recorded and protected by the control software: the ability can only be activated when the system is loaded ^ Λ till 121L4 5 ^ α ^^ f 11 # Also Tt enters the anti-overlap storage area 40. For example, system j : Operating system software that controls the processor or other parts of the system, "Τί application software, game software, communication software, or data S / ,. The content of the data stored in the protective data storage area 40, depends on the power and use. When the system administrator adds, deletes, or modifies the data records in the anti-4 material storage area 40, the data storage device 26 will update the contents of the protection data storage table 50, so that the table 50 can have all the data in the storage area 40. Record relevant information, such as addresses. In step 204, the system manager does not load any data into the virtual data storage area 42. In the computer system of this embodiment, step 204 may involve installation or recording of operating system software such as Microsoft Windows, application software such as Micro soft Word, other software, or data on an ide hard disk. Place

第22頁 1234074 !|: 日 一修正 “說明(,^3—— 理器24將該磁碟分割命名為c或1他 對該磁碟分割保有一FAT表,豆& =嬈,且IDE硬碟將針 所載入所有資料的位置及由系統管磁碟分割中 名稱。 者所指定的資料檔案 田系、、充答理者完成資料載入 作時,方法200即告結束。此H儲存區域4〇的動 記錄的=料,即稱之為防護資料蔓貝料健存區域40内 後,;ΐ in:,j資料載入防護資料儲存區域4〇 供給-般使用者使用。系統管:者在此時會提 2 〇 〇,用以更改防螬眘祖、 重複施行方法 防護資料儲存區域40的資子區一域40中的資料内容。每當 或是資料記錄保護控動^資料健存裝置26 5。的内容。系統管理者;f將新:護資料儲存表 入虛擬資料儲存區域42 ^將任何需要水久保護的資料載 指令中妙竹叙吊運作的方式。由處理器24所發出的 取者,稱資料儲存裝置26的資料記錄加以讀 取資料;欲將;心:者而定讀 的稱之為指定寫入資料。%之為寫入和7 ,而该寫入標 資料保ί:式之步當驟電3 ::資料記錄保護控制裝置2 °進入 非資料記錄保護控制梦ί 2開始一新的運作段落時,除 法100)或李’絲恭工入抬、置20被命令進入系統配置模式(方 ;--^ΐΔ、、先載入模式(方法?ηη ^ ,否則資料記錄保護 第23頁 1234074Page 22 1234074! |: "One day correction" (Description (, ^ 3-the processor 24 named the disk partition as c or 1) he maintains a FAT table for this disk partition, beans & = 娆, and IDE The hard disk loads the location of all the data loaded by the needle and the name in the system management disk partition. When the data file field specified by the person and the responder finish loading the data, the method 200 ends. This H storage The data recorded in the area 40 is equal to the material, which is referred to as the protection data in the storage area 40. After the data is loaded into the protection data storage area 40, it is used by ordinary users. System management : At this time, the person will mention 2000 to change the content of the data in the Zizi area a field 40 of the data storage area 40. The data content is protected by data protection. The contents of the health storage device 26 5. The system manager; f will be new: protect the data storage table into the virtual data storage area 42 ^ will be any data loading instructions that require long-term protection of the operation method. The recipient issued by 24 said that the data record of the data storage device 26 was added The data to be read; the one who wants to read it; the one who reads it is called the designated write data. %% is the write and 7 and the written target data is protected: step by step when the electric shock 3 :: data record protection The control device 2 ° enters the non-data record protection control dream 2 When a new operation paragraph is started, division 100) or Li 'Si Gong enters the lift, sets 20 and is ordered to enter the system configuration mode (square;-^ ΐΔ ,, Load the mode first (method? Ηη ^, otherwise the data record protection is on page 23123274

案號901106⑽ 五、發明說明(19) 控制裝置20會自動進人咨M彳里嗜# > 段落,、畜」、,: 蔓輪式。電腦系統的新運作 通吊疋以電腦開機或重開機為開始。 方法300接著進入步驟3〇3,其係為資料記錄保 裝置20將虛擬資料儲存區域42初始化。資料記錄^噌二! ,置20將虛擬資料區塊使用表以的每一位元記:二〜控制 二::有虛擬貧料儲存區塊46都不含有有效資料:資料纪 3 =裝置2〇亦將虛擬資料儲存表51中二二 不所有的虛擬貧料儲存區塊46都處於未使用的狀離 過程耗費:Γ二的ί擬資料:都加以去除。為避免起始 ί;ί=:ί=?儲存區塊46内的資料 表52中資料ΐϊί疋不必要的。由於在虛擬資料使用 表51顯示每二“ =3均不為有㉗,且虛擬資料儲存 裝置2〇會對該未f用,所以資料記錄保護控制 見。 β 洛開始刖已存有的虛擬資料視而不 26存取;::工二2處理器24可以藉由指引資料儲存裝置 輸入輪出中的特定位置,來傳達一低階資料 取一特定:二列如,一處理器24可以指引一IDE硬碟讀 置,合為到半、中處里15 24所能指引存取的磁執和磁區位 護資二」二驟1〇6所指定的防護資料儲存區域40和無防 貝=儲存區域43的限制。 試圖以低階輸入輸出指令來存取虛擬資料Case No. 901106⑽ V. Description of the invention (19) The control device 20 will automatically enter the person's guide # > The new operation of the computer system is started by restarting or restarting the computer. The method 300 then proceeds to step 303, which initializes the virtual data storage area 42 for the data record protection device 20. Data record ^ 噌 二!, Set 20 to record each bit of the virtual data block usage table: 2 ~ Control 2 :: There is a virtual lean storage block 46 that does not contain valid data: data record 3 = device 2 〇 All virtual lean storage blocks 46 in the virtual data storage table 51 are also in an unused state. The cost of the separation process is as follows: all of the dummy data are removed. To avoid starting ί; ί =: ί =? Store the data in Block 46. The data in Table 52 is not necessary. As shown in Table 51 in the use of virtual data, every two "= 3 is not valid, and the virtual data storage device 20 will not be used for this purpose, so see the data record protection control. Β Luo began to save the existing virtual data Regardless of 26 access; :: Worker 2 2 processor 24 can convey a low-level data by directing a specific position in the input rotation of the data storage device to take a specific: two rows, for example, a processor 24 can guide One IDE hard disk read, combined to half, middle and 15 24 can be accessed by the magnetic drive and magnetic zone protection funds "" in step 10 of the designated protection data storage area 40 and no protection = Limitation of storage area 43. Attempts to access virtual data with low-level I / O commands

第24頁 1234074 曰 修正 _______案说 90110603 五、發明說明(20) 儲存區域42的資料時,連結於處理器2 間的資料記錄保護控㈤裝置2〇將接收該存^旨=存^置之 令指定存取的標的位於標示為未使用 。若該指 存區塊中時’資料記錄保護控制農置2〇u:::儲 令。所以,即使某惡意使用者知悉該資料記曰 置20和該虛擬資料儲存區域42的存在,、非控制裳 的是在該運作段落内•入虛擬資料儲存 。1二標 能被存取。 匕明的,否則不 方法300接著進入步驟3G4,其係為資料記錄保護 裝置20將防遵貝料儲存表50的内容載入其内部防護資 域使用表48中。資料記錄保護控制裝置2〇將其内部的縣 資料區域使用表49初始化,以使其如同虛擬資料儲存=51 和虚擬資料區塊使用表52 —樣,將每個虛擬資料儲存區塊 46標示為不有效且未使用。 防護資料區域使用表48係用以在方法300實施的過程 中,使防護資料儲存表50的内容能夠更快速地被讀取。虛 擬資料區域使用表49係用以在方法3〇〇實施的過程中,使 虛擬資料區塊使用表5 2的内容能夠更快速地被讀取。由於 防護資料區域使用表48和虛擬資料區域使用表49内所記錄 的資料,都能夠由其基本表(亦即表5 〇和表5 2 )中獲得, 所以表48和表49的使用是有選擇性的。 方法300接著回到步驟3〇6,等候處理器下達的下一個 指令。 方法300接著進行步驟3〇8,若於步驟306中接收資料 讀取指令’則進行步驟310,否則進行步驟340。Page 24, 1234774, said amendment _______ case said 90110603 V. Description of the invention (20) When the data in storage area 42 is connected, the data record protection control device 2 connected to the processor 2 will receive the storage ^ Mission = storage ^ Set the target of the designated access to the location marked as unused. If the storage block is in place, the data record protection controls the farmer's 20u ::: storage order. Therefore, even if a malicious user is aware of the existence of the data record 20 and the virtual data storage area 42, what is not controlled is to enter the virtual data storage in the operation section. 1 two standard can be accessed. If it is not clear, otherwise the method 300 then proceeds to step 3G4, which is that the data record protection device 20 loads the contents of the anti-compliance material storage table 50 into its internal protection resource use table 48. The data record protection control device 20 initializes the internal county data area using table 49 so that it looks like virtual data storage = 51 and virtual data block usage table 52. Each virtual data storage block 46 is marked as Not valid and not used. The guard data area use table 48 is used to enable the contents of the guard data storage table 50 to be read more quickly during the implementation of the method 300. The virtual data area use table 49 is used to enable the contents of the virtual data block use table 52 to be read more quickly during the implementation of method 300. Since the data recorded in the protection data area use table 48 and the virtual data area use table 49 can be obtained from their basic tables (that is, tables 50 and 52), the use of tables 48 and 49 is Selective. The method 300 then returns to step 306, waiting for the next instruction from the processor. The method 300 then proceeds to step 308. If a data read instruction is received in step 306, then step 310 is performed, otherwise step 340 is performed.

第25頁 1234074 一修正 __ 案號 90110603 五、發明說明(21) 步驟3 10係為審視所接收的該資料讀$ 取標的位於無防護資料儲存區域43中 牛、^定讀 否則進行步驟312。 、進订乂驟33〇, 使用LT12 料記錄保護控制裝置2°檢查虛擬資料 使用表49 ’以確定處理器24指定讀取 擬貝抖 =储存請2中,若是料行㈣32Q',擬 使用ίΓ14係^資料記錄㈣控制裝置20檢查防護資料 使用表48,以確定儲存該指定讀取資 隻貝枓 塊4 4,讀取兮指宗眘斗立并y由、、 、 沒貝料餘存區 ^ . μ 、埒並傳送到近端記憶區域54中。茈牛 驟中所讀取的資料係為在步驟204中,由系 此步 防護資料儲存區域40中。 者載入 其係將步驟314中由防護 傳送到處理器24。 其係將步驟314中由防護 載入虛擬資料儲存區域4 2 方法300接著進行步驟316 >料儲存區域40中讀取的資料 方法300接著進行步驟318 >料儲存區域40中讀取的資料 、 :。資料記錄保護控制裝置20依據步驟31: ,τ 了 了: 儲存區塊44,確定與之對應的虛擬= 4°β ^。=1 指定讀取資料複製到該虛擬資料儲存區塊 /貝料儲存裝置26並隨之更新虛擬資料儲存表51,將 =虛擬資料儲存區塊46標示為已使用’並記錄 5内ί;Γ記錄保護控制裝置2〇亦更新虛擬區塊使用i 將該虛擬資料儲存區塊46標示為含有有效資料。 f料記錄保護控制裝置2〇係隨著虛擬資料儲存表51和 _^擬貝料區塊使用表52的内容更新來更新虛擬資料區域使 III fU»VllLJ ·_ · · · ^-------- 第26頁 1234074Page 25 1234074 A amendment __ Case No. 90110603 V. Description of the invention (21) Step 3 10 is to review the received data. $ The target is located in the unprotected data storage area 43. Read the order. Otherwise, go to step 312. . Step 33: Use the LT12 material record protection control device 2 ° to check the virtual data. Use Table 49 'to confirm that the processor 24 specifies to read the pseudo-jitter = store please 2. If it is the material line 32Q', use Γ14. The data record control device 20 checks the protection data using table 48 to determine the storage of the specified read data block 4 4 and reads the information carefully and sets up the remaining area of the material. ^. μ, 埒 and transfer to the near-end memory area 54. The data read in the yak step is in step 204, and in this step, the data storage area 40 is protected. The loader transfers the protection from the guard to the processor 24 in step 314. It loads the virtual data storage area 4 2 by the protection in step 314. The method 300 proceeds to step 316 > the data read in the material storage area 40. The method 300 proceeds to step 318 > the data read in the material storage area 40. ,:. The data record protection control device 20 according to step 31:, τ has been stored in the storage block 44 to determine the virtual value corresponding to it = 4 ° β ^. = 1 specifies that the read data is copied to the virtual data storage block / shell material storage device 26 and the virtual data storage table 51 is updated accordingly, and the = virtual data storage block 46 is marked as used 'and recorded within 5; Γ The record protection control device 20 also updates the virtual block using i to mark the virtual data storage block 46 as containing valid data. The f data record protection control device 20 is used to update the virtual data area with the contents of the virtual data storage table 51 and _ ^ pseudo shell material table 52 to update III fU »VllLJ · _ · · · ^ ---- ---- Page 26 1234074

案號 90110603 五、發明說明(22) 用表49的内容。 指令方法3G0接著回到步驟306,等候處理器下達的下一個 人步驟32〇係為資料記錄保護控制裝置2〇處理一許 々,其指定讀取標的係為一已存於g^ 、 的杳极七从 ^ 廿y、虛擬貝枓儲存區域42中 …貝枓s己錄,其可能於下列步驟中存入:(〇步 攸防護資料儲存區域40中讀取指定資 驟 中 料儲存區域42的資料;(li)下= 複製到虛擬資 24所傳達的資料寫入指令,將指^寫 ’依據處理—器 儲存區域42中。 貝料寫入虛擬資料 擬資資二錄Λ護控制裝置2〇確定指定讀取資料所在的虛 將之讀取並傳送到處理器。 = 300接者回到步驟3〇6’等候處理器下達的下一個指 步驟330係為資料記錄保護控制# 々,其係指定讀取標的係為一 、 一碩取指 43中的資料記錄。資料 2於無防濩貝料儲存區域 讀取指令直接轉送认次^ = = 3控制裝置20將接收到的該 得迭給貝枓儲存裝置26。 方法300接著進入步 袭置20接收來自胃料儲存 6 ^為資^記錄保護控制 的無防護資料,並將Μ二之“、、防護資料儲存區域43 方法30 0接著回到步 μ 器24。 令。 ^驟306,等候處理器下達的下一個指 步驟3 4 0係為杳姐^Case No. 90110603 V. Description of Invention (22) Use the contents of Table 49. The instruction method 3G0 then returns to step 306 and waits for the next person issued by the processor. Step 32 is to process a data record for the data record protection control device 20, and it specifies that the read target is an electrode that has been stored in g ^,. Seven from ^ 廿 y, the virtual storage area 42 ... 枓 己 has been recorded, which may be stored in the following steps: (0 step to read the specified information in the storage area 42 of the designated data storage area 40 Data; (li) = Copy to the data writing instruction conveyed by the virtual asset 24, and write the instruction ^ according to the processor storage area 42. The material is written into the virtual data. 〇Identify the virtual where the specified data is located and read it and send it to the processor. = 300 Receiver returns to step 306 'and waits for the next instruction issued by the processor. Step 330 is the data record protection control # 々, which The designated reading target is the data record in the first and the first fetching index 43. The data 2 is directly transmitted to the read command in the storage area without anti-scratch material ^ = = 3 The control device 20 will receive the result. To Behr storage device 26. Method 300 then proceeds Infantry device 20 receives the unprotected data from the gastric material storage 6 and records the protection protection records, and stores the protective data storage area 43, method 30 0, and then returns to step 24. Order. ^ Step 306, waiting for the next pointing step issued by the processor 3 4 0 is the sister ^

入指令,若該寫入指令§錄保2蔓控制裝置2〇處理處理一寫 “為一無防護資料,則進 1234074 j號9011抓似 五、發明說明(23) 入步驟350,否則該指定寫入料將 域42中,並進入步 驟342。、’ :載入虛擬資料儲存區 〃步驟342係為資料記錄保護控 貝枓應載入的虛擬資料儲存區塊4 6。、確疋指定讀取 關於一先前由防護資料儲存區域40中疋寫入資料係 將該指定寫入資料載入與該二取之防護資料,則 虛擬資料儲存區塊46中。二^己錄區塊44相對應之 使用者新製之資,料,則資料:二::A貧料為該電腦系統 二欠μ μ 士 * r 貝抖5己錄保蠖控制裝置2 0將;μ 貝枓儲存表52和虛擬資料區 G =虛擬 的區塊中,選擇一戎〜從用衣49铩不為「未使用」 貝料記錄保護控制裝置2〇亦 ^貝科。 容,將哕耷入次粗从占力文新虛擬貝枓儲存表52的内 塊。以,貝’、亚擬儲存區塊46標示為有效的資料區 卢擬ΐϊϊϊϊ護控制裝置20係隨著虛擬資料儲存表51和 ^ ^ 2 4使用表52的内容更新來更新虛擬資料區域使 用表49的内容。 若一先前載有虛擬資料的某一虛擬資料儲存區塊46, s該貧料檔案被刪減而使得該區塊46為空置時,資料儲存 裝置26會將虛擬資料儲存表51更新以標示該區塊46為未使 ^的狀恶’而虛擬資料區塊使用表52將該區塊標示為有效 區$ °如此一來’一曾經載有虛擬資料的虛擬資料區塊4 6 在f料刪除後’能夠被視為空置區塊,用來記錄其他的虛 擬=料。虛擬資料儲存表51中的已使用/未使用標示和虛 擬資料區塊使用表5 2中的有效/非有效標示的總和意義歸 納如下表: 第28頁 1234074 9〇ηηβ〇3 五、發明說明(24) 在電腦系統之一運作段落當中,一虛擬 效:ί ί ? ΐ資料區塊使用表52中被標示為有效::】衫 二i X會Τ直維持到該運作段落結束,即在步驟3〇Λ肩 斤有虛擬貧料儲存區塊46皆被標示為非有效之時中’ 次粗ί ΐ實施例的電腦系統中,1D Ε硬碟會分別針對防禮 ='4儲存區域40及虛擬資料儲存區域42 在執行資料寫入指令時,伴捭兮雨矣肉FAT表,並 驟3〇4中,虛擬資料儲存上持二兩/:/:'確。由於步 護控制裝置20之資料儲Λ。 未載入資料記錄保 II BMVJ D'J; MilM l^PU II. ...» .. ,.. MJPlIfA·»!. -------- #表48,故此時防護資料儲存表48 in mm a*/ NiiM j^.pu I*....».. ,., .... ---------- 五、發明說明U5) 和虚擬資料儲存表5 1的内容互相獨立 方法3 0 〇接著回到步驟3 〇 6,等候處理器下達的下一個 指令。 步驟350係為資料記錄保護控制裝理一 令,其ί定寫入標的係為一欲儲存於無防護資料區域43之 無防f資料记錄。資料記錄保護控制裝置2 〇將接收到的該 寫入指1直接轉送給資料儲存裝置26。若資料儲存裝置26 傳回私:凡成訊息或指令為成功執行的錯誤訊息,則資 料a己錄保濩控制裝置20將接收到的訊息直接轉送給處理器 24 ° 方法300接著回到步驟3〇6 ,等候處理器下達的下一個 指令。 在方法300之貧料保護模式下,資料記錄保護控制裝 置ΐ二將任何育料寫入防護資料儲存區域4 〇中。因此, 防羞資料儲存區域4 〇在方法2 〇 〇結束或最後一次更新其内 Ϊί二ί 一直保有同樣的資料内容。在電腦系統22之-運 ^洛,使用者欲對防護資料進行的任何存取或修改, 驟I42中,以虛擬資料的形式載入虛擬資料儲存 ^共人。就處理器24而言,其係可以傳達一般之資料存 ,且該指令亦可以以一般方式完成。不過,當電腦 新開始一運作段落時,藉由步驟303之進行,在資 枓保遵模式下所做的所有資料更動都將不存在。Enter the instruction, if the write instruction § Recording security 2 Man control device 20 processes a write "is an unprotected data, enter 1234074 j No. 9011. Fifth, the description of the invention (23) Enter step 350, otherwise the designation Write the data into the domain 42 and proceed to step 342., ': Load the virtual data storage area. Step 342 is the virtual data storage block 4 6 that should be loaded for data record protection and control. 6. Specify the read Retrieving data previously written in the protected data storage area 40 loads the specified written data with the second fetched protective data, and then stores the virtual data in the block 46. The second corresponding to the recorded block 44 The user's new system of materials, data, then the data: Two: A poor material is the computer system owed μ μ person * r tremble 5 has recorded security control device 2 0 will; 枓 a storage table 52 and In the virtual data area G = virtual block, select Yirong ~ from the clothing 49 铩 is not "unused". The material recording protection control device 20 is also Beco. The content will be stored in the internal block of the table 52 in the new virtual frame. Therefore, the data area marked as valid by the 'Bai' and Asia's pseudo-storage block 46. The Lu-shou protection control device 20 updates the virtual data region usage table with the contents of the virtual data storage tables 51 and ^ ^ 2 4 using the update of the table 52. 49 content. If a virtual data storage block 46 which previously contained virtual data, s, the lean data file is deleted so that the block 46 is vacant, the data storage device 26 will update the virtual data storage table 51 to indicate the Block 46 is the “evil evil” and the virtual data block uses Table 52 to mark the block as a valid area. So, a 'virtual data block that once contained virtual data 4 6 is deleted in f After 'can be regarded as a vacant block, used to record other virtual materials. The sum of the meanings of the used / unused marks in the virtual data storage table 51 and the used / unused marks in the virtual data block use table 52 are summarized in the following table: Page 28 1234074 9〇ηηβ〇3 5. Description of the invention ( 24) In one of the operating sections of the computer system, a virtual effect: ί ί ΐ Data block usage table 52 is marked as valid ::] shirt two i X will be maintained until the end of the operating section, that is, in the step In the computer system of the embodiment, the 1D Ε hard disk will be targeted for anti-ceremony = '4 storage area 40 and The virtual data storage area 42 executes the data writing instruction, and then accompanies the FAT table with the rain. In step 304, the virtual data storage area holds two or two /: /: 'Yes. Since the data of the step control device 20 is stored Λ. Data record protection II BMVJ D'J; MilM l ^ PU II. ... ».., .. MJPlIfA ·» !. -------- # 表 48, so the protection data storage table 48 in mm a * / NiiM j ^ .pu I * .... »..,., .... ---------- V. Description of the invention U5) and virtual data storage table 5 1 The contents of the method are independent from each other and then return to step 3 06, waiting for the next instruction from the processor. Step 350 is an order for data record protection control, and the target of writing is an unprotected data record to be stored in the unprotected data area 43. The data record protection control device 20 directly transfers the received write finger 1 to the data storage device 26. If the data storage device 26 returns a private message: If the message or instruction is an error message that was successfully executed, the data a is recorded. The security control device 20 directly forwards the received message to the processor 24 ° Method 300 then returns to step 3 〇6, Waiting for the next instruction from the processor. In the lean material protection mode of the method 300, the data record protection control device 2 writes any breeding material into the protected data storage area 40. Therefore, the anti-shy data storage area 40 has the same data content at the end of the method 2000 or the last update. In the computer system 22-operation, any user wants to access or modify the protection data, in step I42, load the virtual data storage in the form of virtual data. As far as the processor 24 is concerned, it can convey general data storage, and the instruction can also be completed in a general manner. However, when the computer starts a new operation, all the data changes made in the asset compliance mode will not exist through step 303.

第30頁 f步驟318中,,資料記錄保護控制裝㈣應一資料讀 的=ί要求,百次讀取—防護資料時,會將該指定讀取 ^5貝^複1到虛^^^區域42中。由於該資料載In step 318 on page 30, the data record protection control device should read one data = ί request, and when it is read hundreds times-to protect the data, it will read the specified reading ^ 5 shell ^ 1 to virtual ^^^ Area 42. As the information contained

1234074 ---案號 9Q110603 五、發明說明(26) 入虛擬資料儲存區域42中,使得資料記錄保護控制裝置2 〇 能由步驟312進行到步驟320,進一步使得資料記錄保護护^ 制裝置2 0稍後能夠更快速地讀取該資料。此複製步驟能^ 立一包含防護資料複本的虛擬資料儲存區域42,並逐步使 其包含更多的防護資料内容及在該運作段落内所為的任何 資料存取、修改等更動内容。在電腦系統22 —較長的運作 段落内,會有越來越多的資料讀取指令能藉由虛擬資料區 域42的讀取來完成,而無須讀取防護資料區域4〇。 步驟318可選擇性進行,所有資料讀取指令亦可以藉 由直接讀取防護資料區域來完成。此時虛擬資料儲存區域 42中的虛擬資料,僅包含防護資料有進行增刪修改的部3 由 腦 電 使 腦 體 更 資 要20 更 上述本發明之一 一系統管理者藉由 該電腦 此實施 利用該 使用者操作 腦系統中。 用者主要係 的操作。 一般使用 作永久的更 動,或者將 料能永久存 藉由電腦系 重設,就能 動消除。同 者無法 動,僅 資料存 在,亦 統關機 將使用 樣的, ^〜心网、S Μ ’V、 包_示所,其係 方法100及方法200預作設定,使得電 系統所需的所有資料都已事先載入該 恶樣常見於一般辦公室的電腦系統, 電腦系統中既有的應用工具來進行電 護資料儲存區域4〇中的資料及軟 由虛擬資料儲存區域達成暫時的 防護資料儲存區域内,以使得該 歷經不同運作段落仍能存在。= 新啟動使資料記錄保護控制裝置 該電腦系統防護資料所做的種種 防護資料料保護模式下 對防 能藉 入無 即能 或重 者對 由於1234074 --- Case No. 9Q110603 V. Description of the invention (26) Enter the virtual data storage area 42 so that the data record protection control device 2 can proceed from step 312 to step 320, further making the data record protection and protection device 2 0 This information can be read later more quickly. This copying step can create a virtual data storage area 42 containing a copy of the protection data, and gradually make it contain more protection data content and any data access, modification and other changes made during the operation paragraph. In the longer operation section of computer system 22, more and more data reading instructions can be completed by reading the virtual data area 42 without reading the protective data area 40. Step 318 is optional, and all data reading instructions can also be completed by directly reading the protected data area. At this time, the virtual data in the virtual data storage area 42 only includes the protection data with additions, deletions, and modifications. 3 The brain body is made more powerful by the EEG. 20 One of the inventions described above. The user operates in the brain system. The user is mainly responsible for the operation. Generally, it can be permanently changed, or the material can be permanently stored and reset by the computer system. The same ca n’t be moved, only the data exists, and the system will be shut down when using the system. ^ ~ Heart net, SM ′ V, package_indication, which is preset in method 100 and method 200, so that all the electrical system needs The data has been loaded in advance. This common pattern is commonly used in general office computer systems. The existing application tools in the computer system are used to protect the data in the data storage area 40. The virtual data storage area is used to achieve temporary protection data storage. Area, so that the passage through different operating paragraphs can still exist. = Newly activated the data record protection control device. The computer system protects all kinds of data. The data protection mode under the protection data protection mode can be borrowed without protection.

第31頁 1234074 -- 案號901〗〇fi^ 曰 修正 五、發明說明(27) 遭到更改,所以任何竟顧 為,都將無效。在一般辦公室二二貝?的病毒或惡意行 裝置20的運用可以使系統管理“二::記錄保護控制 量和複雜度大為降低。 j使用者求助要求的數 在本實施例的電腦系統中 100設定了兩個虛擬資料儲 t 而吕,方法 碟C和磁碟D。在方法2G{)中,例中分別為磁 中。在方法300中,對磁雄Γ么欲保濩的貧料載入磁碟C 運作段落結束時消失,而對^料所做的種種更動將在該 在該運作段落結以仍:::碟7擬做= 見。 進仃的種種運作,則完全隱藏不 資料記錄保護控制裝置20為防護資料儲存 防護資料提供一強有力&仅嗜 ,貝抖儲存&域40中的 記錄保護控制裝體:;料;;!;式中,資料 =何軟體程式來保護防因:== ;,iJdn料存取指令的_呼叫是否被阻 來仔知貝枓圮錄保護控制裝置20的存在。 =錄保護控制裝置20除了將資料儲擬資 部分對處理器隱藏之外,完全 ^和負枓儲存裝置的運作。 由於資料記錄保護控制裝置20對處理器為完全透通 = ransparent),所以其使用和電腦系統採用的作業系统 :關:而且凡是具有同樣控制器介面34且採用同樣協定的 器或其他硬體,都可以使用同樣的資料記錄保護控制 II II· ________ ---- 第32頁 五、發明說明(28) 1234074 Θ 修正 …一 ..,一.·-」. 裝置20。目前畔炙丁门丄人兩 介面,使得上4、μ同的電子機器使用標準的記憶裝置和 電子機器、可上網丰嫵芬甘从兩υ如電子迤戲機、手持 資料儲存裝置和協定 電子機器都可以共用同樣的 置26 錄保護控制裝置20會主動控制資料儲存裝 置6中的貝枓存取動作,所以該控 和使用適當輪入舲山功—从一 彳衣iZU被α又疋馬了以 供盥嗲協日π ^出協疋的貧料儲存裝置互通訊息,並提 保興落協疋相配合的控制命 +丄& 系統甲,資料圮釺# 1 ^ : Κ唬。在本實施例的電腦 =二硬碟控制器的能力,以控二:碟某= 控制器二==又^^ !2:;以和,硬碟機整:二體 個獨立的實體儲存裝置。 題’算是成本較低的一種方法。相較 何一種硬碟或其他資料儲存裝置都有相者大的 料儲存梦署:i 購置一個具有4_的資 料儲存裝置是可行的’而且在其中配置一虛 = 保濩等量的防護資料也頗為合理。 &域來 本發明能提供多種實施態樣,茲舉例如下: 第:圖顯示包含本發明一實施態樣42〇的 、、、吉構不意圖,JL中盥圖一舶ρη斗4L — 僻:裔4 Ζ Ζ —---~ ”圖㈣或相等當的兀件,其標號後 圍 J侧职Μ她⑽ -----*------— 第33頁 1234074 I督 ms 修正 ---案號 9011 fifing ,一 一匕 五、發明說明(29) 兩位相同,僅在圖五之 電腦系統422包含兩個W戒雨越以百位數4。 儲存裝置426含有一資料蚀二科儲存裝置426和460。資料 料儲存區域440、一防譜次=區域438,其係包含一防護資 存區域443、-無防護資二表450、-無防護資料儲 方式,均與圖式―中蔓相貝^儲/子表⑸,且上述元件的運作 資料儲存裝置::包:—I元件相同。 ΓΞΤ Α η λ ^ ^ 控制器介面462及一資祖+ 。域464。資料儲存裝置4 巧貝枓儲存 436與控制裝置42〇逵社 9由儲存裝置—貝料匯流排 t #„# #^# ^442 ^ ^ ^ 域442和虛擬資料儲存丄 426中相等當的元件相同。 乍方式與貧料儲存裝置 貧料記錄保護控制裝置42〇 裝置426和460。資料9了以刼作資料儲存 健六厂^ 貝科5己錄保濩控制裝置420維護虛擬資粗 =區ί442的資料記錄,其方式係與前述電子機器22中 1 :::資料儲存裝置460中全部的資料儲存區域464係 料身料儲存區域442,所以控制裝置420係將整個資 m Λ Λ41〇 S 11424 ^ ^ ^ ^ 4420 ^ H ' 域=現:個實體館存裝置,其一對應於防護資料儲存區 資料儲存裝一置 無防護貧料儲存區域443,兩者均位於 電腦系統422的優點在於:資料儲存區域438中沒有作 為f擬資料儲存區域442的部分,因之處理器424可以對整 個資料儲存區域438作存取等動作。 a土發明實施於一既有的電子裝三時,本實施態樣可 CU!i(kL2aUtlllUM.i|Piun«aiL>u>j » kihu . m —IIIBUΑΒΙ,ι丨丨 ι«」ι·, _ 第34頁 1234074 If ~----90110RQ3 丨电 五、發明卿⑽ " 月。日J-fe- 以使^理器424能使用的儲存空間不會 由於貧料儲存區域438 或 存區域443,所以資料儲存H伤作為無防護資料儲 “。相等大小即可。因:存;與資料儲存區域 能比資料儲存裝置426小。若料60的儲存容量可 裝置426的儲存容旦相π 儲存裝置46〇和資料儲存 ^ ^ ^ ^460 t ^ ! 存區域不會被隱藏,而以二^ = j =第一無防護資料錯 儲存裝置的型態,呈現給處理諸4。的4二貧料 20在示,電腦系統22及資料記錄保護控制裝置 將使用者對防護資料作的種種改變ΐί j擬貧料儲存區域42中,並在新開 ; 由虛擬資料儲存表51和虛擬區塊 時,糟 -i? ^ -. 瓜災用表5 2的初始化,將前 到= ::!’使用者對防護資料所做的改變消除,:以 運作段落中保胃,同時能依 ::::,在不同 屮日μ jm而罟紊除該資料更動。欲達到 ==在步驟304進行時’讀取虛擬資料儲存表51 塊使用表52,並將該兩表的内容載入控制裝 虛擬資料區域使用表49内即可,同時讀取防護資 1=内容。此時’控制裝置20提供-「刪除虛擬 、/"*域」工具,使得系統官理者可以將控制裝置20重 控制裝置20内的資料儲存表刪除,冑由資料儲存裝 工具最好存於一不同 置Μ ^讀取防護資料儲存表50❶該「刪除虛擬資料區域」 於資料儲存裝置26的儲存裝置上,該Page 31 1234074-Case No. 901〗 〇fi ^ Revision 5. The description of the invention (27) has been changed, so any consideration will be invalid. In the general office? The use of a virus or malicious device 20 can make the system management "two: the amount and complexity of record protection control is greatly reduced. J The number of user requests for help 100 sets two virtual data in the computer system of this embodiment Chu t and Lu, method disk C and disk D. In the method 2G {), the examples are respectively magnetic. In method 300, the lean material for the magnetic male Γ is to be loaded into the disk C operation section. It disappears at the end, and the changes made to the material will end in this operating paragraph ::: Disc 7 is intended to = see. The various operations that are carried out completely hide the data record protection control device 20 for Protected data storage Protected data provides a powerful & only addiction, tremble storage & record protection control body in domain 40 :; data;;!; Where data = what software program to protect against: == ;, Whether the call of iJdn data access instruction is blocked to know the existence of the recording protection control device 20. = The recording protection control device 20 completely hides the planned data storage part from the processor, and Operation of negative storage devices. Due to data record protection The control device 20 is completely transparent to the processor (ransparent), so its use is the same as the operating system used by the computer system: Off: and any device or other hardware with the same controller interface 34 and the same protocol can use the same Data record protection control II II ________ ---- page 32 V. Description of the invention (28) 1234074 Θ Correction ... I .., I ..--- "Device 20. At present, the two interfaces of Dingmen and Dingmen have made it possible for the same electronic devices to use standard memory devices and electronic devices, and to access the Internet, such as electronic game machines, handheld data storage devices and protocol electronics. The machines can all share the same device. The recording protection control device 20 will actively control the storage access in the data storage device 6. Therefore, the control and the use of the appropriate rotation into the Sheshan Gong—from the iZU to the α and the horse. In order to communicate with each other, the lean storage device of the cooperative association will be able to communicate with each other, and the coordinated control command of the cooperative association will be provided. + System A, data # 1 ^: Κ 唬. In this embodiment, the computer = the capacity of two hard disk controllers to control two: a disk = controller two == again ^^! 2 :; and, the hard disk drive is integrated: two independent physical storage devices . Question 'is considered a lower cost method. Compared with any kind of hard disk or other data storage devices, they have the same data storage dream department: i It is feasible to purchase a data storage device with 4_ ', and configure a dummy = protect the same amount of protection data in it Quite reasonable. The present invention can provide a variety of implementation modes, examples are as follows: Figure: The figure shows an embodiment of the present invention, which is not intended to be used in the JL, a picture of a JL in the picture, a boat, 4L — secluded : 4 4 ZO —--- ~ "Picture ㈣ or equivalent elements, whose labeling is on the back side J side J ⑽ ----- * ------—— Page 33 1234074 I msms Amendment --- Case No. 9011 fifing, one by one, five, invention description (29) The two digits are the same, only in the computer system 422 of FIG. Eclipse II storage devices 426 and 460. Data storage area 440, one defense spectrum time = area 438, which includes a protection data storage area 443,-unprotected data table 450,-unprotected data storage method, all with the Schematic diagram—Medium vinegar storage / sub-table, and the operation data storage device of the above components :: package: —I components are the same. ΓΞΤ Α η λ ^ ^ Controller interface 462 and an asset +. Domain 464. Data storage device 4 Qiaobei storage 436 and control device 42〇 逵 9 9 storage device-shell material bus t # „# # ^ # ^ 442 ^ ^ ^ domain 442 and virtual data storage Equivalent components in storage 426 are the same. Method and Lean Material Storage Device Lean material record protection control device 42 and devices 426 and 460. Data 9 is used for data storage. Jianliu Factory ^ Beco 5 has recorded the security control device 420 to maintain the data record of the virtual asset = area 442, in a manner similar to 1 of the aforementioned electronic machine 22 ::: data storage device 460 All of the data storage area 464 is the body storage area 442, so the control device 420 stores the entire data m Λ Λ41〇S 11424 ^ ^ ^ ^ 4420 ^ H 'domain = present: a physical library storage device, one of which corresponds to An unprotected lean material storage area 443 is installed in the data storage area of the protected data storage area. Both are located in the computer system 422. The advantage is that the data storage area 438 is not part of the f data storage area 442, so the processor 424 Access to the entire data storage area 438 can be performed. aEarth invention is implemented in an existing electronic device. This embodiment can be implemented in CU! i (kL2aUtlllUM.i | Piun «aiL > u > j» kihu .m —IIIBUΑΒΙ, ι 丨 丨 ι «" ι ·, _ Page 34 1234074 If ~ ---- 90110RQ3 丨 Electric V. Invention Secretary " Month. Day J-fe- so that the storage space that can be used by the processor 424 will not be due to lean storage area 438 or storage area 443, so the data storage H injury as an unprotected data storage ". Equal size can be. Because: storage; and the data storage area can be smaller than the data storage device 426. If the storage capacity of the material 60 can be compared with the storage capacity of the device 426 Storage device 46〇 and data storage ^ ^ ^ ^ 460 t ^! The storage area will not be hidden, but the two ^ = j = the first unprotected data error storage device type will be presented to the 4 of the processing 4 The poor material 20 is shown, the computer system 22 and the data record protection control device make various changes to the protection data by the user, and the newly opened poor material storage area 42 is newly opened; when the virtual data storage table 51 and the virtual block , Oh -i? ^-. The initialization of Table 5 2 with melon disaster will go to = ::! ' The changes made are eliminated: to protect the stomach in the operation paragraph, and at the same time, the data can be changed according to the μ jm at different days. To achieve == 'read virtual data storage during step 304 Table 51 uses table 52, and loads the contents of the two tables into the control device virtual data area. Use table 49 at the same time, and read the protection data 1 = content. At this time, the control device 20 provides-"Delete virtual, / " * domain "tool, so that the system administrator can delete the data storage table in the control device 20 and the control device 20, and the data storage installation tool is preferably stored in a different location. ^ Read the protection data storage table 50. The "delete virtual data area" is on the storage device of the data storage device 26, and

第35頁 1234074 案號 90110603 五、發明說明(31) ^置應:以於資料保護模式中使用,且該工具之啟動最好 八備一岔碼保護機制,以免病毒等惡意程式或其他使用 使用該工具造成虛擬資料儲存區域42中資料記錄的損毁。 資料區域」工具最好僅在-電腦系統開始-=運作犮洛%使用。此一實施態樣在教學場合尤其有用, 〃中某-學生在-學習期間内使用某台電腦 間結束後’可以將該電腦重設以便其他人員使用:… 記錄於虛擬資料儲存區域42中的資料内容,可能合兩 方護資料儲存區域40内,而使其能永久心: 料铋::3 ’其係用以將虛擬資料複製到防護資 = 複製工具使得系統管理者可以將虛擬資 對庳工;域中的#料記錄’ #製到防護資料儲存區域中相 使用編^ ΐ f 4儲存表5G和防護資料區域 =表48的内谷。該工具應具備一密碼保護機帝卜以免其 裝置2=:^下被f動。必要的話,還可以在該控制 二i °又只體鑰咗,以確保一未經授權的使用者不 月b k成不當的永久資料更改。 結合上述(1 )保留虛擬資料儲存區 二虛,資料工具;(iil)_複製虛擬資料=的(運。 —電:系統的配置設定可能更改的狀況下是非常有用 :因: 系統設定值的更改,因導致系統不穩或其他 須去除時,可藉由刪除虛擬資料儲存區域η的資 留時、目丨之去除。右一電腦系統設定值的更改需要永久保 時企則可以將之複製到防護資料儲存區域4〇。 ,系統22包含-無防護資料儲存區域43。當電腦裝 第36頁 1234074 修正Page 35 1234074 Case No. 90110603 V. Description of the invention (31) ^ Application should be used in data protection mode, and the startup of the tool is best prepared with a fork code protection mechanism to prevent malicious programs such as viruses or other uses This tool causes damage to data records in the virtual data storage area 42. The "data area" tool is best used only at-computer system start-up = operating%. This implementation is particularly useful in teaching settings. After a middle school student-during the study period-after using a computer, the computer can be reset for other people to use:… recorded in the virtual data storage area 42 The content of the data may be combined with the two parties to protect the data storage area 40, so that it can be permanent: bismuth :: 3 'It is used to copy the virtual data to the protection data = The copy tool allows the system administrator to copy the virtual data ; 工; # 料 录 'in the domain is used to edit the protection data storage area ^ ΐ f 4 Storage table 5G and protection data area = Table 48. The tool should be equipped with a password-protected dib to prevent its device 2 =: ^ from being moved. If necessary, you can also control the key in this control, to ensure that an unauthorized user does not make improper permanent data changes. In combination with the above (1) retain two virtual data storage areas, data tools; (iil) _copy virtual data = (op.) —Electricity: The configuration settings of the system may be changed in a situation that is very useful: because: the system settings If the system is unstable or needs to be removed due to changes, it can be removed by deleting the retention time and purpose of the virtual data storage area η. The settings on the right-hand side of the computer system need to be permanently protected, which can be copied to Protected data storage area 40. System 22 contains-Unprotected data storage area 43. When the computer is installed Page 36 1234074 Correction

案號 90110603 五、發明說明(32) 置是在獨立狀況下使料,這種設計不但恰“ 的。假設電腦系統22是在一網路環境中使用,則該網路中 :網電,的:用者可能被要求將資料儲存在一網路伺服器 &合ΐ Ϊ广貧:Ϊ ί裝置26中的無防護資料儲存區域43可 資料儲存區域43。 服……區域作為無防護 上述實施態樣係針對一IDE硬碟機。本發明亦可以盘 八他儲存裝置配合使用,例如ISA、ΑΤΑ、Ει 及、 :種=碟機二此外,本發明亦適用於其他資料儲存J,、 ρ。卡J。.固悲圮fe裝置如磁性記憶裝置、快閃記憶卡、 本發明亦可與其他資料保護工 錯(Raid,redundant array 〇f 二配口 f 用,如磁碟容 統中’類似如控制裝置2。或42。的-資 控:以至於RAID控制器與-或複數個備 方呆護控制裝置與其連結的該硬碟 補強RAID提供的備用控制:以ί發明的資料保護技術來 護一磁碟中的 ^ ▲而庄思Raid技術並不保證能保 佟彳I ^ 4仪、,n 、亲,僅能確保藉由備用磁碟資料,來 修復貧料記錄的錯誤。若一主 ^ 木 統,則該病主脾姑截 病毋钕入一具有RAID機制的系 益提供銘W毋主被載入所有的備用硬碟機中。RAID技術並 無挺供移除病毒的機制。 议彳TT卫 用以限定ί i明已以數個較佳實施例揭露如上,然其並非Case No. 90110603 V. Description of the invention (32) The device is made in an independent state. This design is not only ". Assuming that the computer system 22 is used in a network environment, the network: network power, : The user may be required to store data on a web server & ΐ Wide poverty: Ϊ Unprotected data storage area 43 and data storage area 43 in the device 26. The service ... are implemented as unprotected as described above The aspect is directed to an IDE hard disk drive. The present invention can also be used in conjunction with other storage devices, such as ISA, ΑΑΑ, Ει, and:: type = disk drive 2 In addition, the present invention is also applicable to other data storage J ,, ρ The card J .. solid sad 圮 fe devices such as magnetic memory devices, flash memory cards, the invention can also be used with other data protection errors (Raid, redundant array 〇f two distribution port f, such as in the disk capacity system ' Similar to the control device 2 or 42.-Data control: so that the RAID controller and-or multiple standby side control devices connected to the hard disk to reinforce the RAID provided by the standby control: the data protection technology invented Let's protect the ^ ▲ in the magnetic disk The Raid technology does not guarantee the protection of the I ^ 4 instrument, the n, the pro, but only ensures that the error of the poor material record is repaired by using the spare disk data. If there is a master ^ wood system, the disease spleen It is not necessary to enter the system with a RAID mechanism to provide the inscription. The master is not loaded into all the spare hard drives. RAID technology does not have a mechanism for removing viruses. It is recommended by TT Guard to limit the i Ming has disclosed the above with several preferred embodiments, but it is not

HHII 精神和範圍内,當可作二者在不脫離本發明之 ~-----虽」作各種之更動與潤飾,因此本發明之Within the spirit and scope of HHII, it is possible to make both without departing from the present invention ~ ----- Although various changes and modifications are made, so the present invention

1234074 案號 90110603 年: 月日 修正 五、發明說明(33) 保護範圍當視後附之申請專利範圍所界定者為準1234074 Case No. 90110603: Month Day Amendment V. Description of Invention (33) The scope of protection shall be determined by the scope of the attached patent application

IBM 第38頁IBM Page 38

1234074 ---^號 圖式簡單說明 圖式簡單說明 =^ =依據本發明的具有f料記錄保護 電子機%結構示意圖。 <忒置的— 據本發明的資料記錄保護控制裝置的系統配 ::1圖:二依程據圖本發明的資料記錄保護控制裝置的系統 式流i ^不依據本發明的資料記錄保護裝置的系統載入模 第四A圖及第四B圖顯示依據本 保護控制裝置的資料保 ^明第一實施例的資料記錄 第五圖顯示依據本發明第二3程圖 制裝置的-電子機器結構;意二例的具有資料記錄保護控 主要元件編號 2 0資料圮錄保護控制 22電腦系統 、i 24處理器 26負料储存裝置 1234074 y _案號90110603_年月曰 修正_ 圖式簡單說明 2 8 處理器介面 3 0 處理器資料匯流排 32資料儲存裝置介面 34 資料記錄保護控制裝置介面 3 6資料儲存匯流排 3 8 貧料儲存區域 39資料儲存區塊 40 防護資料儲存區域 4 2虛擬貢料儲存區域No. 1234074 --- ^ Simple illustration of the diagram Simple illustration of the diagram = ^ = According to the present invention, the structure of the electronic device with f material record protection is%. < Equipment-System configuration of the data record protection control device according to the present invention :: 1 Figure: Two systems according to the present invention The system stream of the data record protection control device of the present invention ^ Data record protection not according to the present invention Figure 4A and 4B of the system loading mode of the device show the data protection of the protection control device according to the first embodiment. The fifth figure shows the -electronic of the device according to the second 3rd process of the present invention. Machine structure; the second example has the data record protection control main component number 2 0 data record protection control 22 computer system, i 24 processor 26 negative material storage device 1234074 y _ case number 90110603_ year month revision _ simple diagram Description 2 8 processor interface 3 0 processor data bus 32 data storage device interface 34 data record protection control device interface 3 6 data storage bus 3 8 lean storage area 39 data storage block 40 protected data storage area 4 2 virtual Tribute storage area

4 3 無防護貧料儲存區域 44 防護資料儲存區塊 46虛擬貢料儲存區塊 4 7無防護資料儲存區塊 48 防護資料區域使用表 49虛擬資料區域使用表 5 0防護資料儲存表 51虛擬資料儲存表4 3 Unprotected lean material storage area 44 Protected data storage block 46 Virtual material storage block 4 7 Unprotected data storage block 48 Protected data area use table 49 Virtual data area use table 5 0 Protected data storage table 51 Virtual data Storage table

5 2虛擬貧料區塊使用表 5 3無防護資料儲存表 5 4 近端記憶體 1 0 0系統配置模式流程 1 0 2資料記錄保護控制裝置進入系統配置模式的步驟 1 0 4資料記錄保護控制裝置將資料儲存區分割成不同區域 的步驟5 2 Virtual lean block use table 5 3 Unprotected data storage table 5 4 Near-end memory 1 0 0 System configuration mode flow 1 0 2 Data record protection control device steps to enter system configuration mode 1 0 4 Data record protection control Steps for the device to divide the data store into different areas

第40頁 1234074 --Ά^90110603 圖式簡單說明 ' —^I、日__修正— I 0 6資料記錄你$ α果傳逆^ _保蠖控制褽置將步驟]04完成的儲在η 九果傳廷給處理器的步騾 取们储存區分割 II 0 ^統格式化模式流程 112貪料記錄保護控制裝置進入系统柊 Π 4格式化防護㈣料和、’ ^ ^的步驟 驟 …万邊貝科儲存區域的步 2 0 0系統载入模式流程 202資料記錄保護控制裝置進入 2。4資料記錄保護控制裝置在防以步驟 記錄的步驟 °貝枓儲存區域更動資料 30 0資料保護模式流程 302資料記錄保護控制裝置進入資料保 =資料記錄保護控制裝置將虛蝴 始化防護資料區域使用表及 30 6接收資料讀取或資料寫入指令的步驟 3 0 8判斷接收指令的種類的步驟 :判::料讀取指令中指定資料的防護類型的步驟Page 1234074 --Ά ^ 90110603 Simple explanation of the diagram '-^ I, date __correction-I 0 6 data records you $ α 果 传 逆 ^ _ 蠖 蠖 蠖 蠖 褽 褽 步骤 步骤 步骤 步骤 完成 完成 完成 完成 completed completed in η Steps of Nine Fruits to the processor Steps to take the storage area partition II 0 ^ System format mode flow 112 Corruption record protection control device enters the system 格式化 4 Steps to format the protection data and '^ ^ ... Step 2 0 0 in the Bembe storage area System loading mode process 202 The data record protection control device enters 2.4 Steps to prevent the data record protection control device from recording in steps ° Beam storage area changes data 30 0 Data protection mode flow 302 Data record protection control device enters data protection = The data record protection control device uses the virtualized protective data area use table and 30 6 steps to receive data read or data write instructions 3 0 8 steps to determine the type of received instructions: Judgment: Steps of specifying the protection type of data in the material reading instruction

二ί Γ貝料讀取指令中指定之資料是否儲存於虛擬資料 儲存區域的步驟 IP 314將欲讀取的防護資料載入近端記憶區内的步驟 將欲讀取的資料從近端記憶區内傳送至處理器的步驟 318將指定讀取的資料載入虛擬資料儲存區塊的步驟 1234074 〆 讀 _案號90110603 &年 :月 μ 修正_ 圖式簡單說明 .................」— 320從虛擬資料儲存區塊中將欲讀取資料載入處理器的步 驟 330資料記錄保護控制裝置接收讀取無防護資料指令的步 驟 3 3 2貧料記錄保護控制裝置讀取指定之無防護貧料並傳送 至處理器的步驟 34 0資料記錄保護控制裝置判斷寫入資料指令涉及資料的 防護種類的步驟 342將指定寫入資料載入虛擬資料儲存區塊的步驟 35 0將指定寫入資料載入無防護資料儲存區塊的步驟 42 0資料記錄保護控制裝置 422 電腦系統 424 處理器 426資料儲存裝置 436資料儲存匯流排 438資料儲存區域 440防護資料儲存區域 4 4 2虛擬資料儲存區域 443 無防護貢料儲存區域 45 0防護資料儲存表 4 5 1虛擬貧料儲存表 45 3無防護資料儲存表 46 0資料儲存裝置 4 6 2資料記錄保護控制介面Step 2: Whether the data specified in the material reading instruction is stored in the virtual data storage area. IP 314 Load the protection data to be read into the near-end memory area. Step to load the data to be read from the near-memory area. Step 318, which is transmitted to the processor, loads the designated read data into the virtual data storage block. Step 1234074 〆Read _ Case No. 90110603 & Year: Month μ Amendment _ Schematic description ... ......... ”— 320 Step of loading the data to be read from the virtual data storage block into the processor 330 Step of the data record protection control device receiving the instruction of reading the unprotected data 3 3 2 Step 34 of the record protection control device reading the specified unprotected lean material and transmitting it to the processor. Step 34 The data record protection control device determines the type of data protection involved in the write data instruction. Step 342 loads the specified write data into the virtual data storage area. Step 35 of the block 0 Load the specified write data into the unprotected data storage block 42 0 Data record protection control device 422 Computer system 424 Processor 426 Data storage device 436 Data storage bus 438 Data Storage area 440 Protected data storage area 4 4 2 Virtual data storage area 443 Unprotected material storage area 45 0 Protected data storage table 4 5 1 Virtual lean material storage table 45 3 Unprotected data storage table 46 0 Data storage device 4 6 2 Data record protection control interface

第42頁 1234074Page 12 1234074

圖式簡單說明 4 6 4 貧料儲存區域 iBii 第43頁Simple illustration 4 6 4 Lean material storage area iBii Page 43

Claims (1)

1234074 SS_9〇ll〇603 六、申請專利範圍1234074 SS_9〇ll〇603 Six, patent application scope 1 · 種在儲存媒體上彳苯.二^ 驟: 、 、姜貧料記錄的方法,包括下列牛 (A )在系統配置模式下 防護資料儲存區域、一卢夺一 μ體儲存裝置分割成一 儲存區域; 貝料儲存區域及一無防護資料 (Β )在糸統載入模式下· (i)將該防護資料儲户 ,擬為兩個獨立的實體儲存:二及該無防義貝料儲存區域 。γ)將該虛擬資料儲存區域隱藏; ; 濩的_貝料儲存於該防護資料儲存區 (C )在資料保護模式下: 卜 (1 )將該虛擬資料儲;& ^ ^ ^ ^ 月模擬為兩個獨立的實體域及該無防護資料儲存區域 / ..、 兩仔褒置, | ")戈該防護資料儲存區域隱藏; 爲列步=理處理器傳達的資料讀取指令,並執行 料,則從該虛資:存區域内存有該指定讀取資 傳送至該處理器;存區域内讀取該資料,並將該資料 資料,貝存區域内不存有該指定讀取 該處理器。 儲存處讀取之,並將該資料傳送至 ιΗ煩 請 委 域中 、Ή:1 · A method for recording benzene on a storage medium:, 贫, 贫, and a method of recording, including the following cattle (A) in the system configuration mode to protect the data storage area, a robber and a μ-body storage device divided into a storage Area; shellfish storage area and one unprotected material (B) under the system loading mode. (I) The protected data store is intended to be stored as two separate entities: two and the unprotected shell material storage. region. γ) hide the virtual data storage area; 濩 _ shell material is stored in the protected data storage area (C) in data protection mode: (1) the virtual data storage; & ^ ^ ^ ^ month simulation Set up two independent physical domains and the unprotected data storage area / .., two, | ") to hide the protected data storage area; Execution data, from the virtual capital: the designated reading data in the storage area is transmitted to the processor; the data is read in the storage area, and the data is not stored in the storage area. processor. Read it from the storage and send the data to ιΗ 第44頁Page 44 正 1234074 六、申請种〗範® t」—二^斗―修正 2. 如申請專利範圍第1JS所述之方法, 〜 含在該虛擬資料儲存區域中載定、中Y驟j c) (i i)包 步驟。 扣疋讀取資料複製本的 3. 如申請專利範圍第丨項所述的 步驟:在該資料保護模式下, ’更進-步包括下述 料寫:指令時,則將該指定:為資 區域中。 竹馬入該虛擬資料儲存 4. 一種在儲存媒體上保護資料 -資料記錄保護控制裝置,其 法:、藉由 及一儲存裝置之間有雷#Α Μ β電腦系統之一處理器 少一防護資料儲存/一實體儲存裝置分割成至 m Λ储存域 虛擬資料儲存區域; 在系統載入模式下,將欲加 該防護資料儲存區域中; 乂保濩的貝枓儲存於 被匕)人在資Λ保護模式下’接收由該處理器傳達的資料 ”貝取扣广,並執行下列步驟處理該指令·· (Ο若該虛擬資料儲存區域内存有該指定 !ϊ;ί;資料儲存區域内讀取該資料,並將該資丄 (i丨)若該虛擬資料儲存區域内不存有該指定讀取資 =,則從該防護資料儲存區域讀取,並將該資料傳送至該 處理器。 5·如申明專利範圍第4項所述的方法,其中步驟([)(丨丨)包 含在該虛擬資料儲存區域中載入該指定讀取資料複製的步 第45頁 1234074 % sZheng 1234474 VI. Application Types Fan® t "-two ^ Dou-Amendment 2. As described in the scope of the patent application No. 1JS, ~ included in the virtual data storage area, the middle step jc) (ii) Package steps. 3. Read the copy of the data 3. Steps as described in item 丨 of the scope of patent application: In this data protection mode, 'further-steps include the following materials: When instructed, specify the: Area. Zhuma into the virtual data storage 4. A device for protecting data on a storage medium-a data record protection control device, which: There is a thunder between the storage device and a storage device # Α Μ β One of the computer system processors has one less protection data Storage / A physical storage device is divided into the virtual data storage area of the m Λ storage domain; in the system loading mode, the protection data storage area to be added is stored; the shellfish to be protected is stored in the victim's capital Λ In the protection mode, 'receive the data transmitted by the processor', take the buckle and perform the following steps to process the instruction ... (0 if the virtual data storage area has the designation in it! Ϊ; ί; read the data in the data storage area) Data, and if the designated read data does not exist in the virtual data storage area, the data is read from the protected data storage area and the data is transmitted to the processor. 5 · The method as described in claim 4 of the patent scope, wherein step ([) (丨 丨) includes a step of loading the designated read data copy in the virtual data storage area on page 45 1234074% s _案號 六、申請專利範圍 驟。 i申請專=範圍第1 2 3 4項所述的方法,更進一步包含下列 二宜.在该貢料保護模式下,當該處理器傳達的指 =指令時,則將該指定寫入資料寫入該虛擬資料= ϋι:請專利範圍第4項所述的方法,其中該資料記錄保 J控制裝置與該處理器相連結中在步驟⑻和(C,中、 ϋ料記錄保護控制器將該虛擬資料儲存區域對該處理器 ^,申請專利範圍第4項所述的方法,其中該防護資料 包含複數個防護資料儲存區塊…該虛擬資料 1=二域中包含複數個虛擬資料儲存區塊,且該複數個防 ^二料儲存區塊中每一個區塊皆能夠與該複數個虛擬資料 爾存區塊中的一特定區塊相對應。 9中如申晴專利範圍第8項所述的方法,其中在步驟(c )(丨i ) ,私定讀取資料係可以由一或複數個防護資料儲存區 ^次Γ取’且該步驟進一步將該指定讀取資料複製到該虛 貧料儲存區域中相對應之虚擬資料儲存區塊中。 11· 種資料記錄保護方法,包括下列步驟_ Case No. 6. Scope of patent application. The application method described in the item 1 of the range 1 2 3 4 further includes the following two. In the protection mode, when the instruction = instruction transmitted by the processor, the specified write data is written. Enter the virtual data = ϋι: Please refer to the method described in item 4 of the patent scope, wherein the data record protection J control device is connected to the processor in steps ⑻ and (C, 中, ϋ, 记录 料 record protection controller will The virtual data storage area is the method described in item 4 of the patent application scope, wherein the protection data includes a plurality of protection data storage blocks ... The virtual data 1 = the second domain includes a plurality of virtual data storage blocks And each of the plurality of anti-secondary storage blocks can correspond to a specific one of the plurality of virtual data storage blocks. As described in item 9 of the patent scope of Shen Qing Method, wherein in step (c) (丨 i), the private read data can be fetched from one or more protected data storage areas ^ times', and this step further copies the specified read data to the virtual poverty Corresponding virtual data in the material storage area Storage block. · 11 kinds of data protection recording method, comprising the steps of 第46頁 1 〇 ·>如申凊專利範圍第4項所述的方法,其中該資料記錄 2 $善控制震置包含一虛擬資料使用表,其用以記錄前述複 3 &個虛擬資料儲存區塊中每一個區塊的讀寫記錄,使得 4 能夠辨別該複數個虛擬資料儲存區塊中所記錄資料的有效 性。Page 46 1 〇 > The method as described in item 4 of the scope of the patent application, wherein the data record 2 $ Control Control Set includes a virtual data use table for recording the aforementioned 3 & virtual data The read and write records of each block in the storage block enable 4 to distinguish the validity of the data recorded in the plurality of virtual data storage blocks. P:i 1234074 -------- 9〇ηπκπ^ 修正 申請專利範圍 把(A )提供一防護資料儲存區域,J:办 料儲存區塊; / 〃中包含複數個防護資 (B )提供一虛擬眘粗紗—r-,、 料儲存區塊,且該複數.二品=,其中包含複數個虛擬資 個防護資料儲存區塊對應=擬貝料儲存區塊分別與該複數 (C)儲存欲保護之資料 數個防護資料儲存區^亥防瘦—貝料儲存區貞中一或複 ⑴辨識該虛擬資料儲存 擬資料儲存區塊; 禾存有有效貝枓的虛 (E )接收該處理器傳達 *— π 驟處理該指令: 貝卄喝取私令,並進仃下列步 區塊;1確…一或複數個存有欲讀取資料的防護資料儲存 的卢確涊一或複數個對應於前述防護資料儲存區塊 的虛擬貧料儲存區塊; 尼 (111)確認前述虛擬資料儲存區塊中儲存資料之 性,若該資料有效則進行步驟(iv),若該資料不具有效 性,則進行步驟(v); (iv) 從該虛擬資料儲存區域中讀取該指定讀取資 料,並將該指定讀取資料傳送至該處理器; (v) 從防護資料儲存區域中讀取該指定讀取資料,並 將該指定讀取資料傳送至該處理器; (F)收該處理器傳達的資料寫入指令,並進行下列步 處理該指令:P: i 1234074 -------- 9〇ηπκπ ^ Amend the scope of patent application for (A) to provide a protective data storage area, J: material storage block; / 包含 contains multiple protective funds (B) Provide a virtual caution roving-r-, material storage block, and the plural number. Two products =, which contains a plurality of virtual data protection data storage block correspondences = quasi-shell material storage block and the plural number (C) Stores the data to be protected. Several protected data storage areas. ^ Hai anti-thin-bei material storage area Zhen Zhongyi or re-identify the virtual data storage intended data storage block; the virtual (E) with valid shellfish receives the The processor communicates * — π to process the instruction in a snap: Beware of the private order, and enter the following steps; 1 Make sure ... one or more Lu Que holds one or more protective data stores containing the data to be read Corresponds to the virtual lean storage block corresponding to the aforementioned protected data storage block; Nepal (111) confirms the nature of the data stored in the aforementioned virtual data storage block, and if the data is valid, proceeds to step (iv), if the data is not valid , Then proceed to step (v); (iv) from the virtual Read the designated read data from the intended data storage area and transmit the designated read data to the processor; (v) read the designated read data from the protected data storage area and send the designated read data Send to the processor; (F) receive the data writing instruction transmitted by the processor, and perform the following steps to process the instruction: 第47頁 1234074 ^ 〆 分P. 47 1234074 ^ 〆 points __案號 90110603 : ‘ 中請專利範圍 U)選取一或複數個虛擬資竹 存區將㈣定寫入資料寫入前述選定之虛擬資 效“i⑴將該被寫入的虛擬資料餘存區塊標示為存有有 如申請專利範圍第u項所述的方 儲存區域及該卢龆杳— u 防4負料 所ϋ 虛擬貝㈣存區域係由-實體資料儲存裝置 H申Λ專利範圍第11項所述的方法,其中該防護資料 -子區域及該虛擬貧料儲存區域係由一磁碟機所提供。 蚀如申清專利範圍第13項所述的方法,其中該防護資料 储存區域及該虛擬資料儲存區域係存在於一磁碟機中之不 同分割磁碟内。 1 5 ·如申請專利範圍第丨3項所述的方法,其中該磁碟機係 屬於IDE型的硬碟機。__Case No. 90110603: 'The scope of the patent in the U.S.C. selects one or more virtual asset storage areas and writes the written data into the selected virtual asset effect "i⑴ the written virtual data remaining area The block is marked as having the square storage area as described in item u of the scope of the patent application and the anti-slip material. The virtual storage area is owned by the entity data storage device. The method described in item 1, wherein the protection data-sub-area and the virtual lean material storage area are provided by a magnetic disk drive. The method described in claim 13 of the patent scope, wherein the protection data storage area and The virtual data storage area exists in different partitioned disks in a magnetic disk drive. 1 5 · The method as described in item 丨 3 of the patent application scope, wherein the magnetic disk drive is an IDE-type hard disk drive.
TW90110603A 2001-05-03 2001-05-03 Device and method for protecting data records in recording media TWI234074B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW90110603A TWI234074B (en) 2001-05-03 2001-05-03 Device and method for protecting data records in recording media

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW90110603A TWI234074B (en) 2001-05-03 2001-05-03 Device and method for protecting data records in recording media

Publications (1)

Publication Number Publication Date
TWI234074B true TWI234074B (en) 2005-06-11

Family

ID=36592706

Family Applications (1)

Application Number Title Priority Date Filing Date
TW90110603A TWI234074B (en) 2001-05-03 2001-05-03 Device and method for protecting data records in recording media

Country Status (1)

Country Link
TW (1) TWI234074B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI426444B (en) * 2006-05-10 2014-02-11 Marvell World Trade Ltd Adaptive storage system including hard disk drive with flash interface

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI426444B (en) * 2006-05-10 2014-02-11 Marvell World Trade Ltd Adaptive storage system including hard disk drive with flash interface

Similar Documents

Publication Publication Date Title
ES2600914T3 (en) Replicated virtual storage management in recovery sites
CN103064927B (en) The data access method of distributed file system and device
CN100533330C (en) External locking mechanism for personal computer memory locations
CN101361047B (en) Method and system for data protection in storage systems
JP4837378B2 (en) Storage device to prevent data tampering
CN1954297A (en) Isolated multiplexed multi-dimensional processing in a virtual processing space having virus, spyware, and hacker protection features
CN101243413A (en) System and method for virtualizing backup images
JP2005031716A (en) Method and device for data backup
CN107615255A (en) Utilize the computing device and method of long-time memory
JP2006293864A (en) Storage system, data movement management system, and data movement management method
US7370165B2 (en) Apparatus and method for protecting data recording on a storage medium
CN104937576A (en) Coordinating replication of data stored in a non-volatile memory-based system
Winter SSD vs HDD–data recovery and destruction
CN100514305C (en) System and method for implementing safety control of operation system
TWI234074B (en) Device and method for protecting data records in recording media
TW200839568A (en) Incremental transparent file updating
US20090055683A1 (en) Method of restoring previous computer configuration
CN115885283A (en) Data management device, data sharing system and method, and data management program
US6675317B2 (en) Method and system for determining erase procedures run on a hard drive
CN112783436A (en) Synchronized object placement for information lifecycle management
TW200825743A (en) Method for protecting data in a hard disk
TWI237180B (en) Data record access controller and method of computer system for the double memory device
CN1387192A (en) Device and method for protection of data record on storage medium
CA2454107C (en) Apparatus and method for protecting data recorded on a storage medium
JP2007219844A (en) Organization configuration management system

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees