TWI400616B - Method for data transmitting and pirate preventing of human-machine interface device by using the usb mass storage class - Google Patents

Description

Data transmission and copy protection method implemented by human-machine interface device with a large number of storage level agreements

The invention relates to a human-machine interface device, and more particularly to a data copy-proof method applied to a human-machine interface device.

The Human Machine Interface (HMI) device, or HID (Human-machine Interface Device), is an intermediary between the operator and the machine for information exchange, communication and interaction. The operator completes the input of the commands through the control buttons on the human interface device or the touch images on the window panel, so that the machines generate corresponding actions for the commands input by the operator, thereby improving the operator's operation on the machine. Convenience and practicality. Therefore, the human-machine interface device not only makes industrial automation control more convenient to implement, but has even completely replaced the traditional control panel that requires a lot of wiring.

As shown in the first figure, a human interface device 1 is mainly connected to a Programmable Logic Controller (PLC) through which a control command is issued to a plurality of external machines 3. And receiving the work materials reported by the machines 3. The human-machine interface device 1 commonly used in the market is mainly displayed on an external touch-type liquid crystal display (LCD) through its internal control software, so that the operator can use simple touch. The action is to issue an operation command to the machines 3, and according to the work performed by the machines 3, the corresponding work data is obtained. In order to cope with the development speed of industrial technology, the soft systems need to periodically download updated versions in order to maintain the optimal state of the human interface device 1. Furthermore, the work materials obtained by the human-machine interface device 1 need to be uploaded regularly for further recording and storage by the operator.

For example, as shown in the first figure, the human interface device 1 needs to be connected to an external computer 4 to download or upload data, and the connected computer 4 needs to be installed by the human interface device. 1 Drivers manufactured by the manufacturer. However, as information is rapidly evolving, the operating system (OS) is rapidly updated and the variety is quite diverse. Therefore, when the computer 4 is connected to the computer 4, the operating system of the human-machine interface device 1 is incompatible with the operating system connected to the computer 4, which causes the driver to be unsupported, so that the human-machine interface device 1 cannot be smoothly The computers 4 are connected to each other, and thus the data cannot be transmitted. In this way, the manufacturer of the human interface device 1 needs to develop a corresponding driver for various operating systems, which requires a considerable amount of cost and time.

In addition to the above-mentioned direct connection method, some human-machine interface devices on the market can support the use of an external USB flash disk (UFD) as a transmission medium for data exchange between the human-machine interface device and the computer. Information. Only nowadays, when the virus is in the right way, it is difficult to ensure that important data is infected by viruses during the transmission process, and may even be attacked by hackers, resulting in the misappropriation of data, and the resulting defects are indivisible to the industry.

In view of the above-mentioned shortcomings, there is a need in the market to provide a novel means of data transmission. In the case of data transmission, the machine interface device does not need to consider the problem of system compatibility, and more importantly, it will not be stolen by interested people. , the developers suffered great losses.

The main purpose of the present invention is to provide a data transmission and copy-protection method for a human-machine interface device implemented by a large number of storage level agreements. The human-machine interface device is connected to an external computer through a large number of storage level agreements, and thus does not need to be external. The driver of the human-machine interface device is installed on the computer, and the protection mechanism for transmitting data to each other is constructed through a large number of rules for storing the level agreement, so that the data is not sneaked and stolen by the third party.

In order to achieve the above object, the present invention connects a human-machine interface device to a computer through a large-scale storage level agreement as an external USB storage device, so that the computer does not support the operating system and the human-machine interface device. The driver must be reinstalled, and when the data is transmitted, the transmitted data is encrypted by the dynamic password, and the data is not actually written into the file configuration table.

The effect of the present invention over the prior art is that when the human-machine interface device is connected to an external computer, there is no need to worry that the operating system of the computer is not supported by the driver of the human-machine interface device, and when data transmission is performed, There is no risk of being sneaked and stolen by a third person.

DETAILED DESCRIPTION OF THE INVENTION A preferred embodiment of the present invention will be described in detail with reference to the drawings.

Referring first to the second figure, a schematic diagram of a transmission connection according to a preferred embodiment of the present invention is shown. As shown in the figure, a human-machine interface device (HID) of the present invention is connected to an external computer 4' via a universal serial bus (USB) port 51 or 52. connection. The present invention mainly defines the HID 5 by using a USB Mass Storage Class (MSC) protocol, thereby emulating the HID 5 into an external USB storage device 5' (for example, external magnetic in the third figure). Dish machine). In this way, the HID 5 has the effect of plug and play through the USB MSC protocol, so the computer 4' can be connected to the HID 5 at any time without installing the driver developed by the HID 5 manufacturer.

When the HID 5 is connected to the computer 4', the computer 4' issues an inquiry command asking for the connected device, and the HID 5 is returned to the computer 4' by the USB MSC protocol. It is well known in the art to which the present invention pertains, including the structure of a file system (F/S) of a disk drive generally using an MSC protocol, such as a master boot record (Master). Boot Record, MBR) and File Allocation Table (FAT) and other information. When the computer 4' receives the response, the HID 5 connected to the computer is considered to be a USB storage device 5' using the MSC protocol, and is configured to give the HID 5 a disk serial number, for example, "D: \" or "E:\" and so on. However, the HID 5 of the present invention is set at the time of production of the original factory, and when connected to the computer 4', only one of the data transmission software 41 installed in the computer 4' is used (mainly developed by the manufacturer). The data transmission software 41) can successfully operate when the HID 5 transmits an HID-related file (for example, an HID update file or a HID work record file). Therefore, if the software 41 is not used for data transmission with the HID 5, or when a file not associated with the HID 5 is transmitted, the HID 5 cannot be accessed.

As shown in the third figure, the computer 4' uses the HID 5 of the present invention as the external storage device 5'. The main operation of the storage device 5' is to transmit the file name of the file stored in the storage device 5' to a specific FAT 54 via a file system 53. Then, the contents of the FAT 54 are used to correspond to the physical addresses stored in the storage device 5' by the files 55, thereby enabling the computer 4' to perform operations such as adding, modifying, and deleting. Therefore, the general user can see the contents of the storage device 5' on the computer 4' through the correspondence of the FAT 54. If the files 55 are actually stored in the storage device 5', but the FAT 54 is not written with the corresponding data, the user cannot know and cannot see the computer 4'. File 55. However, the present invention protects data transmission through the characteristics used in the MSC protocol described above, and is described in detail below.

Referring to the fourth figure, a flow chart of file transmission according to a preferred embodiment of the present invention is shown. First, a data file containing a dynamic password is transmitted to the HID 5 through the data transfer software 41 installed in the computer 4', and a request command is issued to the HID 5 (step S40). After the HID 5 receives the password file, although the password file is successfully received, the corresponding data of the password file is not written into the FAT 54. Therefore, the computer 4' cannot be accessed from the storage device 5. 'The password file is seen in the content. Thereby, the third person cannot know, view or steal the password file through the computer 4', and thus the dynamic password cannot be obtained. The dynamic password can be generated by the combination of the computer 4' and the HID 5. For example, the computer 4' can obtain the serial number of the HID 5, and generate an expression by an arithmetic expression (for example, a hash function). The dynamic password; and the HID 5 itself also knows its own serial number, so the same arithmetic expression can be used to generate the same dynamic password to encrypt/decrypt the uploaded/downloaded file. This is only a preferred example and should not be limited to this. Next, the HID 5 judges the request command issued by the computer 4' (step S42), i.e., determines that the file download or file upload will be performed.

After the step S42, the computer 4' transmits the file to the HID 5 via the software 41 (step S44). If the request command is a file download request in the step S42, the HID 5 will receive a data download file sent by the computer 4', and the data download file is the dynamic password. Encrypted. The HID 5 is not written into the FAT 54 after actually receiving the data download file. Therefore, the computer 4' cannot see the data download file from the content of the storage device 5'; and if the request command is a file upload request in the step S42, the HID 5 will already have the HID already existed. The corresponding data of one of the data uploading files is written in the FAT 54, so that the computer 4' can see the data uploading file in the content of the storage device 5', and the software can be uploaded by the software 41. The file is copied to the computer 4' to complete the uploading action. The data upload file is encrypted by the dynamic password. The HID 5 deletes the data upload file from the FAT 54 immediately after the uploading operation is completed, so that the third person cannot copy the uploaded file separately. Finally, after the file transfer is completed, the HID 5 or the computer 4' can use the generated dynamic password to decrypt the downloaded or uploaded file through the calculation formula (step S46), thereby obtaining the required The information and subsequent use.

In the step S42 of determining the request command, the file name of the password file can be used to confirm the command of the request. For example, in step S40, the file name of the password file can be named "Download.dat". After receiving the HID 5, the HID 5 can immediately know that the action that the computer 4' wants to perform through the software 41 is the download of the file; and if the file name of the password file is named "Upload.dat", It is known that the action that the computer 4' wants to perform is the upload of the file. However, this is only a preferred embodiment. It is well known in the art to which the present invention pertains. The definition of an archive file name is determined by the visual programmer, and is not fixed except that certain special symbols cannot be used. The rules are set forth and should not limit the scope of the invention.

The file flow in the fourth picture can be further divided into a flow chart of file downloading and file uploading, which will be explained in more detail. As shown in the fifth figure, it is a file downloading flowchart of a preferred embodiment of the present invention. First, the computer 4 transmits a download password file containing the dynamic password to the HID 5 through the installed software 41 (step S50). After receiving the downloaded password file, the HID 5 does not write to the FAT 54. The computer 4' cannot know from the content of the storage device 5' whether the download password file is successfully transmitted, and the third party cannot obtain the download. Password file. Then, if it is determined that the dynamic password in the downloaded password file is correct, the HID 5 system needs to reply to the message that the computer 4' has received the download password file and is waiting for the file download action. That is, a password confirmation file is written in the FAT 54 (step S52), and the file name of the password confirmation file has a reply prompt effect, for example, "get.dat" or "wait.dat". The password confirmation file is displayed in the storage device 5' content on the computer 4', and the computer 4' sees the password confirmation file through the software 41, and then the download password file is successfully transmitted, so Data transfer in the next step can be performed.

After the step S52, the computer 4' transmits a data download file to the HID 5 through the software 41 (step S54). After receiving the HID 5, the HID 5 is still not in the FAT 54 to prevent the third person from stealing. Written in. The data download file is encrypted by the computer 4' with the dynamic password. As in the step S52, after the data download file is actually received, a data confirmation file is written in the FAT 54 (step S56), and the file name of the data confirmation file has a reply prompt effect, for example, "down.dat" or "ok.dat". After the computer 4' finds the data confirmation file in the content of the storage device 5', it can be determined that the data download file has been transferred. Finally, the HID 5 can use the dynamic password in the download password file, and decrypt the data download file (step S58) through the operation formula and apply it. The password confirmation file and the data confirmation file are only for replying to the computer 4', and the HID 5 has indeed received the message of the file, so the second file itself does not need to have any substantial meaning or content, so the second The file is written in FAT 54, even if it is stolen by a third person, it will not cause any harm to the transmission of the data.

Please refer to the sixth figure for a file uploading flowchart according to a preferred embodiment of the present invention. First, as in step S50 of the fifth figure, the computer 4' transmits, via the installed software 41, a content including the dynamic password upload password file to the HID 5 (step S60). Then, when the HID 5 receives the upload password file, it can confirm that the computer 4' wants to upload the file through the software 41. Therefore, after confirming that the dynamic password in the uploaded password file is correct, the HID 5 writes a file upload file of the computer 4' to be written into the FAT 54 (step S62). The data upload file is encrypted by the HID 5 with the dynamic password, and already exists in the HID 5, but is not written in the FAT 54. Therefore, the computer 4' cannot see the data upload file from the content of the storage device 5' before the step S62. When the step S62 is finished, the computer 4' can see the data upload file in the content of the storage device 5', and then copy the data upload file to the computer 4' through the software 41.

It is worth mentioning that, when copying the data upload file, the HID 5 can cooperate with the software 41 to initiate a copy protection mechanism to determine whether the copying operation of the computer 4' is correct (step S64). If it is judged that the copying operation of the computer 4' is correct, the HID 5 allows the computer 4' to copy the material upload file via the software 41 (step S66). And after the copying is completed, the material upload file is deleted from the FAT 54 (step S68). If it is determined in the step S64 that the copying operation is incorrect or not performed by the software 41, the data upload file is not allowed to be copied. The step S68 is directly performed, and the data upload file is deleted in the FAT 54 immediately. Finally, the HID 5 can use the dynamic password in the uploaded password file, and decrypt the data upload file through the operation formula (step S70) and apply it.

The above-mentioned copy protection mechanism, as shown in the seventh figure, is a schematic diagram of the copy protection mechanism of a preferred embodiment of the present invention. When the HID 5 writes the data upload file into the FAT 54 and causes the data upload file to be displayed on the storage device 5', the dynamic password and the calculation formula are used to generate a plurality of substitute files in random numbers, and The plural substitute file and the data upload file are all modified to have meaningless random file names such as "AEJAE4GHA.dat" or "1R5JGH6FB.dat" as shown in the seventh figure. After the computer 4' sees the files in the storage device 5', the same file name and the calculation formula are used to calculate the correct file name of the data upload file, and the correct file name is copied. action. Therefore, when the alternate file with the wrong file name is required to be copied, the HID 5 is deemed to have a third person attempting to capture the file, so all files are immediately deleted from the FAT 54. In this way, the third person can be prevented from stealing information. Even if it happens that the third person guessed the correct file and successfully copied it, it still needs to use the dynamic password and the calculation of the calculation formula to correctly decrypt the data upload file disguised as a meaningless file name. Therefore, it still has a high degree of copy protection.

The above is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Therefore, equivalent changes to the scope of the present invention are included in the scope of the present invention. Bright.

<知知>

1. . . Human-machine interface device

2. . . Programmable logic controller

3. . . External machine

4. . . computer

<present invention>

4’. . . External computer

41. . . Data transmission software

5. . . Human-machine interface device

5’. . . Storage device

51, 52. . . USB port埠

53. . . File system

54. . . File configuration table

55. . . file

S40~S46, S50~S58, S60~S70. . . step

The first figure is a schematic diagram of the connection of the human-machine interface device.

The second figure is a schematic diagram of the transmission connection of the human-machine interface device.

The third diagram is a schematic diagram of a storage device using a large number of storage level agreements.

The fourth figure is a flow chart of file transmission according to a preferred embodiment of the present invention.

Figure 5 is a flow chart showing the download of a preferred embodiment of the present invention.

Figure 6 is a flow chart showing the uploading of a preferred embodiment of the present invention.

Figure 7 is a schematic diagram of a copy protection mechanism of a preferred embodiment of the present invention.

S40~S46. . . step

Claims (18)

A human-machine interface device implements data transmission and copy-protection methods by a large number of storage level agreements, and the human-machine interface device is implemented by a Mass Serial Class (MSC) protocol of a Universal Serial Bus (USB). Simulating a USB storage device and transmitting data with an external computer, the method comprising: a) the human interface device receiving a password file transmitted, wherein the password file has a file name, and the content record of the password file There is a dynamic password; b) the human interface device determines the request command of the external computer through the file name of the password file; c) transmits a data file according to the request command; d) after step c, The dynamic password recorded in the password file decrypts the data file; wherein the human interface device does not write the received password file into a File Allocation Table (FAT), so as to make the external computer Unable to know the existence of the password file. For example, in the data transmission and copy protection method described in claim 1, if the request command in step b is a file download request, in step c, the external computer is received by the human interface device. One of the transmitted files is encrypted by the dynamic password. For example, in the data transmission and copy-protection method described in claim 2, the human-machine interface device does not write the file to the file configuration table after receiving the data download file, so that the external computer cannot know the data. under The existence of the file. For example, in the data transmission and copy-protection method described in claim 1, if the request command in step b is a file upload request, the step c includes: c1) the human-machine interface device has its internal One of the stored data encrypted by the dynamic password is uploaded into the file configuration table, so that the external computer knows the existence of the data upload file; c2) after step c1, when the copying action is correct, the person The machine interface device allows the data upload file to be copied; c3) After step c2, the human machine interface deletes the data upload file. For example, in the data transmission and copy-protection method described in claim 4, in the step c1, after processing through a copy-protection mechanism, the data upload file is written into the data configuration table, including: c11) According to the dynamic password recorded in the password file, a random file name of the data upload file is generated through an arithmetic formula; c12) according to the dynamic password recorded in the password file, a plurality of substitute files are generated through an operation formula. Wherein the plural substitute file has a random file name; c13) the data upload file and the plural substitute file are jointly written in the file configuration table. For example, in the data transmission and copy-protection method described in claim 5, in the step c2, when the plural substitute file is required to be copied, the copying operation is deemed to be incorrect. Such as the data transmission and copy protection mentioned in the scope of patent application The method, wherein in the step c3, after the data upload file is copied once, or when the copying action is incorrect, the data upload file is deleted from the file configuration table. For example, the data transmission and copy protection method described in claim 5, wherein the calculation formula is a hash calculation. For example, the data transmission and copy-protection method described in claim 1 wherein the simulation is a human-machine interface device of a USB storage device, which is a data transmission software developed by a manufacturer of a human-machine interface device, and transmits a human-machine interface device. In the case of the data file, the data can be transmitted smoothly with the external computer. A human-machine interface device implements data transmission and copy-protection methods by a large number of storage level agreements, and the human-machine interface device is implemented by a Mass Serial Class (MSC) protocol of a Universal Serial Bus (USB). Simulating a USB storage device and transmitting data with an external computer, the method comprising: a) the human interface device receiving a password file transmitted, wherein the password file has a file name, and the content record of the password file There is a dynamic password; b) determining the password file as a download password file or an upload password file according to the file name of the password file; c) if the password file is a download password file, the human-machine interface device confirms After the dynamic password in the downloaded password file is correct, a password confirmation file is written into a File Allocation Table (FAT); d) after the step c, the human interface device receives and transmits one of the passwords. The dynamic password encryption data download file; e) if the password file is an upload password file, the human interface device uploads a data encrypted by the dynamic password after confirming that the dynamic password in the uploaded password file is correct. The file is written in the data configuration table, so that the external computer knows the existence of the data upload file; f) after step e, when the copy operation is correct, the human interface device allows the data upload file to be copied; After the step f, the human interface device deletes the data upload file; wherein the human interface device does not write the received password file and the data download file into the file configuration table, so as to make the external computer The password file and the download file of the data cannot be known. For example, in the data transmission and copy protection method described in claim 10, the method further includes a step h) step d or step f, and decrypting the data download file or the data by using the dynamic password recorded in the password file. Upload the file. For example, in the data transmission and copy-protection method described in claim 10, the external computer sends the data download file to the human-machine interface after the password confirmation file appears in the file configuration table. Device. For example, in the data transmission and copy-protection method described in claim 12, the method further includes a step i), after the step d, the human-machine interface device writes a data confirmation file into the data configuration table, thereby replying to the external The computer has received the message to download the file. Such as the data transmission and copy protection mentioned in the scope of patent application The method, in the step e, is processed by a copy protection mechanism, and then the data upload file is written into the data configuration table, including: e1) according to the dynamic password recorded in the password file, through an arithmetic expression Generating a random file name of the data upload file; e2) generating, by an arithmetic formula, a plurality of substitute files according to the dynamic password recorded in the password file, wherein the plural substitute file has a random file name; e3) The data upload file and the plural substitute file are jointly written in the file configuration table. For example, in the data transmission and copy protection method described in claim 14, wherein the step f is regarded as the copying action is incorrect when the plural substitute file is required to be copied. For example, in the data transmission and copy-protection method described in claim 15, wherein the step g is performed after the data upload file is copied once, or when the copying operation is incorrect, the data upload file is configured from the file. Deleted in the table. For example, the data transmission and copy protection method described in claim 14 is wherein the calculation formula is a hash calculation. For example, the data transmission and copy protection method described in claim 10, wherein the simulation is a human-machine interface device of a USB storage device, which is a data transmission software developed by a manufacturer of a human-machine interface device, and transmits a human-machine interface device. In the case of the data file, the data can be transmitted smoothly with the external computer.