九、發明說明: 【發明所屬之技術領域】 本發明有關一種儲存裝置及其控制方法,尤指與外部 糸統通訊的安全儲存装置及其控制方法。 【先前技術】 相對於其他檔案系統,檔案配置表(File A110⑽仙 T^ble’FAT)的優點為結構簡單,且為大部㈣存的個人電 腦作業系統所支棱。FAT檔案系統的特點在於具有位於磁 碟區中最頂端的真實表格,即為名符其實的檔案配置表 (ΓΑΤ)」用來記錄檔案位置、檔㈣性等㈣資料。FAT簡 單合易操作、支援度廣的特性使其成為理想的儲存裝置 ,案系統’也適合用作不同的電腦作業系統中的資料交 流,其特性相對無法防堵個人檔案資料的安全性問題。遂 有-些防止個人資料外茂方法的增益改良為人所揭示。 —如美國第7,〇62,585號專利所述(如圖υ,該專利揭露 執行主機相依行為的流程圖。請參照圖1,第-步驟如方塊 10所不,包含主機目的裝置登人過程,其中主機與目的裝 置(如磁碟陣列控制器)’彼此交換資訊並㈣通訊連接。 在登入過程期間,主機提供主機序號給目的裝置。成功登 麦允許目的裝置接收來自主機的命令,如方塊〗2所示。 有關任何預設的已接收命令, 定來判定是否執行該命令,如方二示。此協 已接收:命令和具有ο/s相關要件的命令清 方塊訊協㈣行’則不會執行 ν驟,此方法流程圖於方塊18結束。如 比對過程中發現有符合_目關命令的匹配,則會執行 15以下的步驟。 —下一步驟請參照方⑽’主要為取得定義預設⑽通訊 協疋之模式參數的值。舉例來說,此模式參數可設定為所 有HPUXif π協疋的預設值,不限於表單中所列。該表單事 先儲存於目的裝置中的非揮發性記憶體。請進—步參照方 塊30包含存取上述儲存有主機序號及與它相關的ο/g類型 的表單。此方法進一步包括方塊4〇的步驟,判定在表單中 疋否有如方塊10所述的登入過程期間取得的主機序號的匹 配倘若在表單中發現有主機序號的匹配,則覆蓋〇/s通訊 協定的預設模式參數指示,選取與匹配的主機序號有關的 Ο/S通訊協定,如圖1中的方塊所示。 如上所述’習知方法與系統藉由比對主機序號來選取 與主機相依的適當通訊協定,僅能處理異質性主機可能會 產生的相容性以及模棱的問題,卻忽略了防堵資料外洩的 重要性。因此,目前亟需一種能有效提高資料安全性的儲 存裝置及方法’以避免不肖人士恶惠竊取機窑貢料的風 1334565 *=太 (如美國第7,1〇〇,16〇號專利之 置’本發明禁止非約定之外部系統裝置任意存取私 人機役詩,大為改正先前技術的㈣並解決上 【發明内容】 =於習知技藝受制於上述之問題,本發明的目的即 =-種使用於外部系統的儲存裝置及其控制方 用邏輯控制器來控制資料存取。 為達上述目的’本發明之較廣義實施樣態為提供 二外部系統通訊的儲存裝置’包含··至少一儲存區;至少 :利用儲存區第一部分形成的邏輯分割區,用以儲存資 十二,以及邏輯控制器,設有認證設定模組,當外部系統要 邏輯分贿時,該賴設定馳設定絲模式以控 制邏輯分割區的存取。 根據本發明之構想,其中邏輯控制器進一步設 接收存取要求的主機驗證模組。 根據本發明之構想,儲存襄置進一步包含利用利用儲 子區之第二部分形成的樓案配置表,用以索引資料登錄棚。 存構想’其中邏輯分割區一統可 二二:::::其中邏_區包含約定的外部 7 1334565 根據本發明之構想 錯誤登錄攔。 根據本發明之構想 登錄欄的隱藏區域。 根據本發明之構想 分割區的裝置識別模式 根據本發明之構想 其中保密區域具有正確登錄欄和 其中保密區域包含用以儲存正確 其中存取模式包含容許存取邏輯IX. Description of the Invention: [Technical Field] The present invention relates to a storage device and a control method thereof, and more particularly to a secure storage device and a control method thereof for communicating with an external system. [Prior Art] Compared with other file systems, the file configuration table (File A110(10) 仙 T^ble'FAT) has the advantages of simple structure and the edge of the personal computer operating system stored in most (four). The FAT file system is characterized by having a real table at the top of the disk area, which is a veritable file configuration table (ΓΑΤ) for recording file location, file (four), etc. (4) data. FAT's simple operation and wide support make it an ideal storage device. The system is also suitable for data exchange in different computer operating systems. Its characteristics are relatively incapable of preventing the security of personal files.遂 There are some improvements in the gains of the method of preventing personal data from being revealed. - As described in U.S. Patent No. 7, pp. 62,585 (see, for example, the patent discloses a flow chart for performing host dependent behavior. Referring to Figure 1, the first step is as shown in block 10, including the host destination device boarding process, The host and the destination device (such as the disk array controller) exchange information with each other and (4) the communication connection. During the login process, the host provides the host serial number to the destination device. The successful device allows the destination device to receive commands from the host, such as a block. 2. For any preset received command, determine whether to execute the command, such as the two. This association has received: the command and the command with ο/s related requirements clear the block (four) line ' The method will be executed, and the method flow chart ends at block 18. If a matching match is found in the comparison process, the following steps will be performed: - The next step is to refer to the party (10)' Preset (10) The value of the mode parameter of the communication protocol. For example, this mode parameter can be set to the default value of all HPUXif π coordination, not limited to the one listed in the form. The non-volatile memory stored in the destination device. Please refer to block 30 for accessing the above-mentioned form storing the host serial number and the ο/g type associated with it. The method further includes the step of determining the block 4 In the form, there is no matching of the host serial number obtained during the login process as described in block 10. If a host serial number match is found in the form, the default mode parameter indication of the 〇/s protocol is overwritten, and the matching host is selected. The serial number related Ο/S protocol, as shown in the box in Figure 1. As described above, the conventional method and system can select the appropriate communication protocol depending on the host by comparing the host serial number, and only the heterogeneous host can be processed. The resulting compatibility and ambiguity problems neglect the importance of anti-blocking data leakage. Therefore, there is a need for a storage device and method that can effectively improve data security to avoid unscrupulous people from stealing machine kiln tribute. The wind of the material 1334565 *= too (such as the United States, the seventh, the first, the 16th patent) 'The invention prohibits the non-contracted external system device arbitrary access private campaign Poetry, greatly correcting the prior art (4) and solving the above [invention] = the prior art is subject to the above problems, the object of the present invention is that the storage device used in the external system and its control logic controller To control the access of the data. To achieve the above purpose, the storage device for providing communication between two external systems of the present invention includes at least one storage area; at least: a logical partition formed by using the first part of the storage area, The storage controller 12 and the logic controller are provided with an authentication setting module. When the external system wants to logically bribe, the setting is set to control the access of the logical partition. According to the concept of the present invention, The logic controller further includes a host verification module that receives the access request. According to the concept of the present invention, the storage device further includes a building configuration table formed by using the second portion of the storage area for indexing the data registration booth. The conception of the logical partition is unified. Two: two::::: where the logical_region contains the agreed external 7 1334565 According to the concept of the invention, the login is blocked. According to the concept of the invention, the hidden area of the login bar. Device Identification Mode for Partitioning According to the Invention According to the concept of the present invention, the security area has a correct login field and wherein the security area is included for storage correctly, wherein the access mode includes allowable access logic
其中存取模式包含禁止存取邏輯 分割區之保密區域的裝置限定模式。 根據本發明之構想,儲存裝置包含USB隨身碟、安全 數位記憶(Secure Digital,SD)卡、多媒體儲存卡(MultiThe access mode includes a device-defined mode that prohibits access to the secret area of the logical partition. According to the concept of the present invention, the storage device includes a USB flash drive, a secure digital (Secure Digital, SD) card, and a multimedia memory card (Multi
Media Card, MMC)、以及快閃隨身碟。 本發明之另一較廣義實施樣態為提供一種控制外部系 統存取儲存裝置的方法,該儲存裝置具有包含一般區域及 保密區域之邏輯分割區,其步驟如下:a)要求存取儲存於 邏輯分割區中的資料;b)判定資料是否儲存於一般區域或 保密區域;c)當要求存取的資料儲存於保密區域時,確認外 部系統是否為事先約定裝置;d)設定邏輯分割區的存取模 式;以及e)依據所設定的存取模式輸出資料。 根據本發明之構想,其中儲存裝置進一步包含利用部 分儲存區形成的檔案配置表,用以索引資料登錄欄。 根據本發明之構想,其中邏輯分割區包含外部系統可 存取的一般區域。 8 1334565 根據本發明之構想,其中邏輯分割區包含約定的外部 系統可存取的保密區域。 根據本發明之構想,其中保密區域具有正確登錄欄和 錯誤登錄欄。 根據本發明之構想,其中保密區域包含用以儲存正確 登錄攔的隱藏區域。Media Card, MMC), and flash drive. Another broad aspect of the present invention provides a method of controlling an external system access storage device having a logical partition including a general area and a secret area, the steps of which are as follows: a) requiring access to be stored in the logic The data in the partition; b) whether the data is stored in the general area or the secret area; c) when the data to be accessed is stored in the secret area, whether the external system is a pre-agreed device; d) setting the storage of the logical partition Take the mode; and e) output the data according to the set access mode. According to the concept of the present invention, the storage device further includes an archive configuration table formed by using a partial storage area for indexing the data entry field. According to the concept of the invention, the logical partition contains a general area accessible by the external system. 8 1334565 In accordance with the teachings of the present invention, wherein the logical partition contains a secured area accessible by an agreed external system. According to the concept of the invention, the secure area has a correct login field and an incorrect login field. According to the concept of the invention, the privacy zone contains a hidden area for storing the correct login bar.
根據本發明之構想,其中存取模式包含容許存取邏輯 分割區的裝置識別模式。 根據本發明之構想,其中存取模式包含禁止存取邏輯 分割區之保密區域的裝置限定模式。 根據本發明之構想,進一步包含當外部系統非約定裝 置時取得錯誤登錄欄的步驟。 根據本發明之構想,進一步包含當外部系統約定裝置 時取得正確登錄攔的步驟。 根據本發明之構想,其中儲存裝置包含USB隨身碟、 安全數位記憶(Secure Digital,SD)卡、多媒體儲存卡(Multi Media Card,MMC)、以及快閃隨身碟。 【實施方式】 體現本發明特徵與優點的一些實施例將在後段的說明 中詳細敘述。本發明能夠在不同的態樣上具有各種的變 9 1334565 化’皆不脫離本發明的範圍,且其中的說明及圖式在本質 上當作說明之用,而非用以限制本發明。 請參照圖2,揭露本發明之用於外部系統之儲存裝置的 内部結構圖。儲存裝置(最好為USB隨身碟)包括與外部系統 20通訊的邏輯控制器21、儲存請、及邏輯控制㈣中包 用來接收來自外部系統2〇之廠商命令的主機驗證模組 211 ’以及用來設定存取模式的認證設定模組212,上述元 件將於後段說明中詳細敘述。 儲存裝置除了邏輯控制器21和儲存區30以外,提供利 用儲存H3G的第-部分形成的邏輯分㈣4G,用以儲存樓 案資料,以及利㈣存㈣第:部分形成的檔案配置表 (FAT)50,用來索引檔案資訊。其中邏輯分割區齡割為一 般區域401與保密區域術。檔案配置表%由多個相同大小 的登錄攔所組成’如圖2所示,其中含有播案結構、檔案位 址、以及樓案屬性等相關資訊。每一個登錄攔的大小隨著 ^系統的版本(FAT16或_2)而不同。每一個登錄搁 對應於相同位址的區域’而該區域儲存有該登錄欄指向的 母當儲存裝置連接至外部系統料,外部裝置可任 思存取-般區域40卜然而,惟有在儲存襄置連接至 :部系統2G時,保密區域他才可為外部系統2q所存取。此 保密區域4〇2設定於特定的邏輯位址,並計笄兴所對應 1334565 檔案配置表50之登錄攔位置,將此指向其正確位址的FAT 資訊儲存於保密區域402的隱藏區域4021。指向保密區域In accordance with the teachings of the present invention, the access mode includes a device identification mode that allows access to the logical partition. In accordance with the teachings of the present invention, the access mode includes a device-defined mode that prohibits access to the secret area of the logical partition. According to the concept of the present invention, there is further included the step of obtaining an error registration field when the external system is not a contracting device. In accordance with the teachings of the present invention, there is further included the step of obtaining a correct login bar when the external system appoints the device. According to the concept of the present invention, the storage device includes a USB flash drive, a Secure Digital (SD) card, a Multi Media Card (MMC), and a flash flash drive. [Embodiment] Some embodiments embodying the features and advantages of the present invention will be described in detail in the following description. The present invention is capable of various modifications in the various aspects of the invention. Referring to Figure 2, an internal structural view of a storage device for an external system of the present invention is disclosed. The storage device (preferably a USB flash drive) includes a logic controller 21 for communicating with the external system 20, a storage request, and a logic control (4) package for receiving a host verification module 211 ' from a vendor command of the external system 2'; The authentication setting module 212 for setting the access mode will be described in detail in the following description. In addition to the logic controller 21 and the storage area 30, the storage device provides a logical sub-section (4) 4G formed by storing the first part of the H3G for storing the building data, and a file configuration table (FAT) formed by the (4) part (4) part: 50, used to index file information. The logical partition is cut into a general area 401 and a secret area. The file configuration table % consists of multiple login blocks of the same size, as shown in Figure 2, which contains information about the broadcast structure, file address, and property attributes. The size of each login bar varies with the version of the system (FAT16 or _2). Each login corresponds to an area of the same address, and the area stores the female storage device pointed to by the login column to connect to the external system material, and the external device can access the general area 40. However, only the storage device is connected. To: When the system 2G, the secret area can be accessed by the external system 2q. The security area 4〇2 is set to a specific logical address, and the FAT information of the correct address is stored in the hidden area 4021 of the security area 402. Point to the privacy zone
' 402錯誤位址的FAT資訊則存入檔案配置表5 0内原正確FAT • 資訊的登錄欄位置。同樣地,一般區域401亦設定於特定的 邏輯位址。 再者,認證設定模組212根據來自邏輯控制器21的信 號,將邏輯分割區40的保密區域402設定為裝置識別模式或 • 裝置限定模式。當邏輯控制器21的主機驗證模組211接收到 來自外部系統20無法識別的廠商命令要求存取邏輯分割區 40的保密區域402,且該外部系統20確認非約定之系統,保 密區域402即設定處於裝置限定模式,其存取要求不被容 許。在其他實施例中,外部系統20在缺少廠商命令的情況 下,該外部系統20確認非約定之系統,使得保密區域402 無法被存取。相反地,假如邏輯控制器211可辨識送自外部 • 系統20的廠商命令,可存取保密區域402的通訊協定便發 出,保密區域402即設定處於裝置識別模式。 請參照3A與3B,揭示本發明之控制存取儲存裝置的方 法流程圖。如圖3A之步驟S31所示,提供外部系統20—儲 存裝置。存取檔案配置表50以查詢每一個檔案的登錄欄於 步驟S32。其後,外部系統20進一步要求存取檔案,如圖 3A之步驟S33。下一步判定該要求存取的檔案是否儲存於 保密區域402,如步驟S34。假設要求存取的檑衆储存於一 11 1334565 般區域401,即可順利找出並輸出該要求存取的檔案,如 圖3A的步驟S35。 ' 假設要求存取的檔案系儲存於保密區域402,步驟S34 • 則會採行另一途徑,自圖3A的步驟S41開始以下步驟。外 部系統20傳送廠商命令至邏輯控制器21。在其他實施例, 廠商命令隨著外部系統而有所不同,可能的因素包含不同 的廠商/製造商、作業系統、版本等其他因素。在步驟S42 • 中,邏輯控制器21的主機驗證模組211進一步確認廠商命 令是否送自約定的外部系統。如步驟S43,倘若該廠商命令 送自非約定的外部系統,認證設定模組212即設定保密區域 402處於裝置限定模式,只能在檔案配置表中取得錯誤的登 錄欄,如步驟S44。由於錯誤登錄欄指向錯誤的檔案位址, 導致不正確的檔案輸出,如圖3A的步驟S45。此外,在缺 少廠商命令的情況下,外部系統20被視為非約定之系統, • 使得保密區域402無法被存取。另一方面,假設廠商命令確 認送自約定之外部系統,步驟S42則會被導引至另一條途 徑,從圖3A中的A接續至圖3B的步驟S51。 請參照圖3B。如步驟S51,邏輯控制器21傳送一通訊 協定,使得保密區域402切換至裝置識別模式。因此,邏 輯分割區40的保密區域402在裝置識別模式下已解除存取 限制,如步驟S52。指向要求存取的檔案正確位址的正確的 登錄欄,可自保密區域402的隱藏區域4021取得’如步驛 12 1334565 S53。成功地輸出該要求存取的檔案,完成整個存取控制的 操作流程,如圖3B的步驟S54 ' 綜上所述,本發明提供一種安全儲存裝置及其控制方 • 法,非約定的外部系統無法取得檔案資料的正確位址,大 幅地提升機密資料檔案的安全性。本發明不僅與現存的檔 案系統相容,並利用邏輯控制器與含有一連串指向檔案位 址的登錄攔之檔案配置表,達到有效控制儲存於保密區域 • 的檔案資料存取。非約定的外部系統僅可存取儲存於一般 區域的檔案資料。當非約定的外部系統試圖存取儲存於保 密區域中的檔案時,只能取得指向錯誤檔案位置的錯誤登 錄攔。用來索引檔案資料的正確登錄欄儲存於保密區域, 僅能為約定之外部系統存取。邏輯控制器的主機驗證模組 用來記錄各種不同廠商命令,以分辨哪些外部系統為非約 定。本發明可廣泛應用於USB隨身碟、SD卡、MMC,以及 • 快閃隨身碟。有別於習知技藝容許對儲存裝置進行直接資 料讀寫以及其他操作,本發明禁止不當取得儲存裝置内的 密檔案資料,不僅解決習知潛在的安全性漏洞問題,並避 免檔案資料在讀寫過程中為有心人士所竊取,使得儲存裝 置的安全機制共為完善。 縱使本發明已由上述之實施例詳細敘述而可由熟悉本 技藝之人士任施匠思而為諸般修飾,然皆不脫如附申請專 利範圍所欲保護者。 13 丄幻4565 【圖式簡單說明】 圖1為習知主機相依行為的流程示意圖; 圖2揭示本發明用於外部系統的儲存襄置結構圖;及 圖3A與圖3B揭示本發明另〜金 奸π 較佳實施例之控制儲存 裝置之流程圖。The FAT information of the '402 error address is stored in the file configuration table 50. The original correct FAT • The login position of the information. Similarly, the general area 401 is also set to a specific logical address. Further, the authentication setting module 212 sets the security area 402 of the logical division area 40 to the device identification mode or the device definition mode based on the signal from the logic controller 21. When the host verification module 211 of the logic controller 21 receives the security zone 402 from the vendor command that is not recognized by the external system 20 and requests access to the logical partition 40, and the external system 20 confirms the non-agreed system, the privacy zone 402 is set. In device-defined mode, access requirements are not allowed. In other embodiments, the external system 20 acknowledges the non-contracted system in the absence of a vendor command such that the privacy zone 402 cannot be accessed. Conversely, if the logic controller 211 can recognize the vendor command sent from the external system 20, a communication protocol to access the secure area 402 is issued, and the secure area 402 is set to be in the device identification mode. Referring to Figures 3A and 3B, a flowchart of a method of controlling access storage devices of the present invention is disclosed. As shown in step S31 of Fig. 3A, an external system 20 - a storage device is provided. The file configuration table 50 is accessed to query the login field of each file in step S32. Thereafter, the external system 20 further requests access to the file, as in step S33 of Figure 3A. Next, it is determined whether the file requested to be accessed is stored in the secure area 402, as by step S34. Assuming that the access requesting party is stored in an area 1101, the file to be accessed can be successfully found and outputted, as in step S35 of FIG. 3A. It is assumed that the file to be accessed is stored in the secure area 402, and step S34 • another way is taken, starting from step S41 of Fig. 3A. The external system 20 transmits a vendor command to the logic controller 21. In other embodiments, vendor commands vary from external system to possible factors, including different vendors/manufacturers, operating systems, versions, and the like. In step S42 •, the host verification module 211 of the logic controller 21 further confirms whether the vendor command is sent from the agreed external system. In step S43, if the vendor command is sent from the non-contracted external system, the authentication setting module 212 sets the privacy zone 402 to be in the device limited mode, and can only obtain the wrong login column in the file configuration table, as in step S44. Since the error login column points to the wrong file address, an incorrect file output is caused, as shown in step S45 of FIG. 3A. Moreover, in the absence of vendor orders, external system 20 is considered a non-contracted system, • making privacy zone 402 unaccessible. On the other hand, assuming that the vendor command confirms the delivery from the agreed external system, step S42 is directed to the other path, from A in Fig. 3A to step S51 in Fig. 3B. Please refer to FIG. 3B. In step S51, the logic controller 21 transmits a communication protocol to cause the secure area 402 to switch to the device identification mode. Therefore, the security area 402 of the logical partition 40 has been de-restricted in the device identification mode, as by step S52. The correct login field pointing to the correct address of the file requested for access may be obtained from the hidden area 4021 of the secure area 402 as in step 12 1334565 S53. Successfully outputting the file requested for access, completing the operation flow of the entire access control, as shown in step S54 of FIG. 3B. In summary, the present invention provides a secure storage device and its control method, a non-contracted external system. Unable to obtain the correct address of the archive data, greatly improving the security of the confidential data file. The present invention is not only compatible with existing file systems, but also utilizes a logical controller and a file configuration table containing a series of login blocks pointing to the file address to effectively control file data access stored in the secure area. Non-contracted external systems can only access archives stored in general areas. When a non-contracted external system attempts to access a file stored in the protected area, only the wrong login block pointing to the wrong file location can be obtained. The correct login field for indexing archives is stored in a secure area and can only be accessed by an agreed external system. The host controller verification module of the logic controller is used to record various vendor commands to distinguish which external systems are not intended. The invention can be widely applied to USB flash drives, SD cards, MMCs, and flash flash drives. Different from the prior art, the direct reading and writing of the storage device and other operations are allowed. The present invention prohibits improper access to the confidential file in the storage device, not only solves the problem of the potential security vulnerability, but also prevents the file from being read and written. In the process, it is stolen by people who are interested, so that the security mechanism of the storage device is perfect. The present invention has been described in detail by the above-described embodiments, and may be modified by those skilled in the art, without departing from the scope of the appended claims. 13 丄幻4565 BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic flow chart of a conventional host dependent behavior; FIG. 2 is a structural diagram of a storage device for an external system of the present invention; and FIG. 3A and FIG. 3B disclose another gold of the present invention. A flow chart of a control storage device of the preferred embodiment.
【主要元件符號說明】 20 外部系統 21 邏輯控制器 211 主機驗證模組 212 認證設定模組 30 儲存區 40 邏輯分割區 401 一般區域 402 保密區域 4021 隱藏區域 50 檔案配置表 S31〜S54 步驟[Main component symbol description] 20 External system 21 Logic controller 211 Host verification module 212 Authentication setting module 30 Storage area 40 Logical partition 401 General area 402 Confidential area 4021 Hidden area 50 File configuration table S31~S54