TWI506469B - Data security method, electronic device and external storage device - Google Patents

Data security method, electronic device and external storage device Download PDF

Info

Publication number
TWI506469B
TWI506469B TW103126253A TW103126253A TWI506469B TW I506469 B TWI506469 B TW I506469B TW 103126253 A TW103126253 A TW 103126253A TW 103126253 A TW103126253 A TW 103126253A TW I506469 B TWI506469 B TW I506469B
Authority
TW
Taiwan
Prior art keywords
password
electronic device
external storage
storage device
user
Prior art date
Application number
TW103126253A
Other languages
Chinese (zh)
Other versions
TW201604701A (en
Inventor
Chang Pan Lin
Original Assignee
Elitegroup Computer Sys Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Elitegroup Computer Sys Co Ltd filed Critical Elitegroup Computer Sys Co Ltd
Priority to TW103126253A priority Critical patent/TWI506469B/en
Application granted granted Critical
Publication of TWI506469B publication Critical patent/TWI506469B/en
Publication of TW201604701A publication Critical patent/TW201604701A/en

Links

Landscapes

  • Storage Device Security (AREA)

Description

資料保密方法、電子裝置和外部儲存裝置Data security method, electronic device and external storage device

本發明相關於一種資料保密方法、電子裝置和外部儲存裝置,尤指一種透過外部儲存裝置內存之軟硬體金鑰於電子裝置上執行安全認證之資料保密方法。The present invention relates to a data security method, an electronic device, and an external storage device, and more particularly to a data security method for performing security authentication on an electronic device through a hardware and software key of an external storage device.

隨著電腦的普及率和便利性逐漸提昇,人們常將一些具有機密性的資料儲存於電腦中。為了防範未經授權的他人非法取得這些資料,電腦多半提供安全認證機制。在先前技術中,資料保密可利用軟體認證、硬體認證,或動態一次性密碼認證來達成。As the popularity and convenience of computers increase, people often store confidential information on computers. In order to prevent unauthorized access to such information by unauthorized persons, computers generally provide a secure authentication mechanism. In the prior art, data confidentiality can be achieved using software authentication, hardware authentication, or dynamic one-time password authentication.

軟體認證方式是在電腦開機時要求使用者輸入密碼,唯有在符合系統內存之密碼時才能允許操作電腦。軟體認證方式安全性不足,簡單密碼可能會輕易地被他人破解或猜中,複雜密碼則容易忘記。The software authentication method requires the user to input a password when the computer is turned on, and the computer can be operated only when the password corresponding to the system memory is met. Software authentication is not secure enough. Simple passwords can be easily cracked or guessed by others, and complex passwords are easy to forget.

硬體認證方式是在電腦開機時要求使用者插入一外部儲存裝置,唯有在外部儲存裝置內存之密碼或金鑰符合系統內存之密碼或金鑰時才能允許操作電腦。硬體認證方式同樣安全性不足,有心人士若竊取外部儲存裝置即可非法使用電腦。The hardware authentication method requires the user to insert an external storage device when the computer is turned on, and the computer can be operated only when the password or key of the external storage device memory matches the password or key of the system memory. The hardware authentication method is also not safe enough. If someone steals an external storage device, they can use the computer illegally.

在動態一次性密碼認證方式中,使用者需申請內建智慧卡之密碼產生器,智慧卡內存金鑰對,可執行公開金鑰演算法之簽章和加解密運算, 透過時間差做為伺服器與密碼產生器的同步條件以產生使用者登錄電腦所需之一次性密碼。動態一次性密碼認證方式安全性較高,但使用者若不慎遺失密碼產生器或密碼產生器失效,需要向服務中心重新申請新的密碼產生器,短時間內將無法使用電腦。此外,動態一次性密碼認證需花大量成本來設置服務中心。In the dynamic one-time password authentication mode, the user needs to apply for a password generator of the built-in smart card, and the smart card memory key pair can perform the signature and encryption and decryption operations of the public key algorithm. The time difference is used as a synchronization condition between the server and the password generator to generate a one-time password required for the user to log in to the computer. The dynamic one-time password authentication method is more secure. However, if the user loses the password generator or the password generator fails, the user needs to re-apply for a new password generator to the service center, and the computer cannot be used in a short time. In addition, dynamic one-time password authentication requires a significant amount of cost to set up the service center.

本發明提供一種資料保密方法、電子裝置及外部儲存裝置。電子裝置包含一特定儲存區以及一安全模組。特定儲存區載有一系統軟體。安全模組接收到一啟動訊號後,判斷一電子裝置是否插入任何外部儲存裝置;當該電子裝置插入一第一外部儲存裝置時,安全模組判斷一使用者輸入之一密碼是否符合該第一外部儲存裝置內存之一第一確認密碼,以及判斷該第一外部儲存裝置內存之一第一標記是否符合該電子裝置之一獨特標記;當該使用者輸入之該密碼符合該第一確認密碼且該第一標記符合該獨特標記時,該電子裝置執行一系統軟體,並依據一更新頻率更新該密碼;該電子裝置將更新後之該密碼寫入該第一外部儲存裝置以作為該第一確認密碼;以及該電子裝置透過至少一聯絡方式將更新後之該密碼通知給該使用者。The invention provides a data security method, an electronic device and an external storage device. The electronic device includes a specific storage area and a security module. A specific storage area contains a system software. After receiving the activation signal, the security module determines whether an electronic device is inserted into any external storage device; when the electronic device is inserted into a first external storage device, the security module determines whether a password input by a user meets the first a first confirmation password of the external storage device memory, and determining whether the first mark of the first external storage device memory matches a unique identifier of the electronic device; when the password entered by the user matches the first confirmation password and When the first mark conforms to the unique mark, the electronic device executes a system software and updates the password according to an update frequency; the electronic device writes the updated password to the first external storage device as the first confirmation a password; and the electronic device notifying the user of the updated password through at least one contact.

本發明另提供一種電子裝置,具有一獨特標記,且包含載有一系統軟體之一特定儲存區及一安全模組。該安全模組用來在接收到一啟動訊號後,判斷該電子裝置是否插入任何外部儲存裝置;當該電子裝置插入內存一第一確認密碼和一第一標記之一第一外部儲存裝置時,判斷一使用者輸入之一密碼是否符合該第一確認密碼,以及判斷該第一標記是否符合該獨特標記;當該使用者輸入之該密碼符合該第一確認密碼且該第一標記符合該獨特標記時,該電子裝置執行該系統軟體,並依據一更新頻率更新該密碼;以及控制該電子裝置將更新後之該密碼寫入該第一外部儲存裝置以作為該第一確 認密碼,並透過至少一聯絡方式將更新後之該密碼通知給該使用者。The present invention further provides an electronic device having a unique mark and including a specific storage area carrying a system software and a security module. The security module is configured to determine whether the electronic device is inserted into any external storage device after receiving an activation signal; when the electronic device is inserted into the first confirmation password of the memory and the first external storage device of the first identifier, Determining whether a password input by a user meets the first confirmation password, and determining whether the first token meets the unique token; when the password entered by the user matches the first confirmation password and the first token conforms to the unique identifier When marking, the electronic device executes the system software, and updates the password according to an update frequency; and controls the electronic device to write the updated password to the first external storage device as the first authentic The password is recognized and the updated password is notified to the user via at least one contact.

本發明另提供一種外部儲存裝置,可分離地電性連接於一電子裝置。該電子裝置具有一獨特標記並載有一系統軟體。該外部儲存裝置包括一確認密碼和一標記。當該電子裝置插入該外部儲存裝置,且該電子裝置接收到一啟動訊號後,判斷一使用者輸入之一密碼是否符合該確認密碼,以及判斷該標記是否符合該獨特標記。當該使用者輸入之該密碼符合該確認密碼且該標記符合該獨特標記時,該電子裝置執行該系統軟體,並依據一更新頻率更新該密碼,再透過至少一聯絡方式將更新後之該密碼通知給該使用者。The present invention further provides an external storage device that is detachably electrically connected to an electronic device. The electronic device has a unique indicia and carries a system software. The external storage device includes a confirmation password and a tag. When the electronic device is inserted into the external storage device, and the electronic device receives an activation signal, it determines whether a password input by a user meets the confirmation password, and determines whether the tag conforms to the unique tag. When the password entered by the user meets the confirmation password and the mark conforms to the unique mark, the electronic device executes the system software, updates the password according to an update frequency, and then updates the password through at least one contact method. Notify the user.

10‧‧‧電子裝置10‧‧‧Electronic devices

12、14‧‧‧連接介面12, 14‧‧‧ Connection interface

16‧‧‧特定儲存區16‧‧‧Specific storage area

18‧‧‧安全模組18‧‧‧Security Module

20‧‧‧系統軟體20‧‧‧System Software

22、24‧‧‧外部儲存裝置22, 24‧‧‧ External storage devices

100‧‧‧資料保密系統100‧‧‧ data security system

210~260、310~390‧‧‧步驟210~260, 310~390‧‧‧ steps

第1圖為本發明實施例中一資料保密系統之功能方塊圖。FIG. 1 is a functional block diagram of a data security system according to an embodiment of the present invention.

第2圖為本發明實施例中資料保密系統在初始設置時之流程圖。FIG. 2 is a flow chart of the data security system in the initial setting according to the embodiment of the present invention.

第3圖為本發明實施例中資料保密系統在進行開機或喚醒程序時之流程圖。FIG. 3 is a flow chart of the data security system in the process of starting or waking up the program according to the embodiment of the present invention.

第1圖為本發明實施例中一資料保密系統100之功能方塊圖。資料保密系統100包含一電子裝置10和兩外部儲存裝置22、24。電子裝置10包含連接介面12和14、一特定儲存區16以及一安全模組18。FIG. 1 is a functional block diagram of a data security system 100 in accordance with an embodiment of the present invention. The data security system 100 includes an electronic device 10 and two external storage devices 22, 24. The electronic device 10 includes connection interfaces 12 and 14, a specific storage area 16, and a security module 18.

在本發明之實施例中,電子裝置10可為行動電話、個人數位助理(personal digital assistant,PDA)、掌上型(handheld)電腦、平板(tablet)電腦、迷你桌面(nettop)電腦、筆記型(laptop)電腦、伺服器或其它具備通訊功能之裝置。電子裝置10內可安裝用戶識別模組(subscriber identity module,SIM)卡及/或網路卡等通訊元件,因此可傳送簡訊給使用者的行動電話、連結至網際網路以發送電子郵件 至使用者的電子信箱,及/或透過網際網路發送簡訊給使用者的行動電話。值得注意的是,電子裝置10之種類並不限定本發明之範疇。In an embodiment of the present invention, the electronic device 10 can be a mobile phone, a personal digital assistant (PDA), a handheld computer, a tablet computer, a nettop computer, and a notebook ( Laptop) A computer, server or other device with communication capabilities. A communication component such as a subscriber identity module (SIM) card and/or a network card can be installed in the electronic device 10, so that the mobile phone can be transmitted to the user's mobile phone and connected to the Internet to send an email. Send a text message to the user's mobile phone to the user's e-mail address and/or via the Internet. It should be noted that the type of electronic device 10 does not limit the scope of the present invention.

在本發明實施例中,外部儲存裝置22和24可為萬用串列匯流排(universal serial bus,USB)隨身碟、CompactFlash(CF)記憶卡、SmartMedia(SM)記憶卡、Memory Stick(MS)記憶卡、Multi Media Card(MMC)記憶卡、光碟片,或行動硬碟等可攜式儲存媒體。連接介面12和14分別用來承接外部儲存裝置22和24,依據外部儲存裝置22和24的種類,連接介面12和14可為USB介面或CF/SM/MS/MMC插槽。外部儲存裝置22、24可做為電子裝置10之使用金鑰,其功能在說明書後續內容中將有詳細說明。值得注意的是,外部儲存裝置22、24和連接介面12、14之種類並不限定本發明之範疇。In the embodiment of the present invention, the external storage devices 22 and 24 can be a universal serial bus (USB) flash drive, a CompactFlash (CF) memory card, a SmartMedia (SM) memory card, and a Memory Stick (MS). Portable storage media such as memory cards, Multi Media Card (MMC) memory cards, optical discs, or mobile hard drives. Connection interfaces 12 and 14 are used to receive external storage devices 22 and 24, respectively. Depending on the type of external storage devices 22 and 24, connection interfaces 12 and 14 can be USB interfaces or CF/SM/MS/MMC slots. The external storage devices 22, 24 can be used as a usage key for the electronic device 10, the function of which will be described in detail in the subsequent sections of the specification. It should be noted that the types of external storage devices 22, 24 and connection interfaces 12, 14 are not intended to limit the scope of the invention.

在本發明實施例中,電子裝置10之特定儲存區16可為唯讀記憶體(read-only memory,ROM)、快閃(flash)記憶體、拭除式可程式化唯讀記憶體(erasable programmable read-only memory,EEPROM)、電性拭除式可程式化唯讀記憶體(electrically erasable programmable read-only memory,EEPROM)或硬碟等。電子裝置10可將一系統軟體20載入特定儲存區16內以進行開機程序,或是進行喚醒程序以將在睡眠(sleep)模式、休眠(hibernate)模式或待命(standby)模式等省電模式下運作之電子裝置10切換回正常模式下運作。系統軟體20可為一基本輸入/輸出系統(BIOS),用於開機或喚醒程序時執行系統各部分的自我檢測,以及提供最基本的硬體初始化和周邊控制的必要程式碼。值得注意的是,特定儲存區16和系統軟體20之種類並不限定本發明之範疇。In the embodiment of the present invention, the specific storage area 16 of the electronic device 10 can be a read-only memory (ROM), a flash memory, and an erasable programmable read-only memory (erasable). Programmable read-only memory (EEPROM), electrically erasable programmable read-only memory (EEPROM) or hard disk. The electronic device 10 can load a system software 20 into a specific storage area 16 to perform a boot process, or perform a wake-up procedure to be in a sleep mode, a hibernate mode, or a standby mode. The operating electronic device 10 is switched back to operate in the normal mode. The system software 20 can be a basic input/output system (BIOS) that performs self-testing of various parts of the system when booting or waking up the program, as well as the necessary code to provide the most basic hardware initialization and peripheral control. It should be noted that the particular storage area 16 and the type of system software 20 are not intended to limit the scope of the invention.

安全模組18可用來驗證使用者是否為電子裝置10的合法使用者,其詳細功能在後續內容中將有詳細說明。The security module 18 can be used to verify whether the user is a legitimate user of the electronic device 10, and the detailed functions thereof will be described in detail in the subsequent content.

第2圖為本發明實施例中資料保密系統100在初始設置時之流程圖,其包含下列步驟:步驟210:使用者輸入至少一組確認密碼;執行步驟220。FIG. 2 is a flow chart of the data security system 100 in an initial setting according to an embodiment of the present invention, which includes the following steps: Step 210: The user inputs at least one set of confirmation passwords; and step 220 is performed.

步驟220:使用者輸入至少一種聯絡方式;執行步驟230。Step 220: The user inputs at least one contact mode; and step 230 is performed.

步驟230:使用者設定密碼更新頻率;執行步驟240。Step 230: The user sets a password update frequency; step 240 is performed.

步驟240:將外部儲存裝置22和24插入電子裝置10;執行步驟250。Step 240: Insert the external storage devices 22 and 24 into the electronic device 10; and perform step 250.

步驟250:電子裝置10將使用者輸入之確認密碼和電子裝置的獨特標記寫入外部儲存裝置22和24;執行步驟260。Step 250: The electronic device 10 writes the confirmation password input by the user and the unique identifier of the electronic device into the external storage devices 22 and 24; step 260 is performed.

步驟260:電子裝置10依據使用者輸入之聯絡方式通知使用者最新的密碼。Step 260: The electronic device 10 notifies the user of the latest password according to the contact mode input by the user.

在步驟210中,電子裝置10可要求使用者針對外部儲存裝置22和24輸入一組密碼,或針對外部儲存裝置22和24分別輸入2組不同密碼。輸入之確認密碼可為字母、特殊符號或數字的任意組合。值得注意的是,密碼的形式、長度或數目並不限定本發明之範疇。本發明使用兩個外部儲存裝置22和24做為電子裝置10之使用金鑰以提供密碼備份,如此若其中一個外部儲存裝置不慎遺失或發生資料損毀時,使用者還是可以使用另一個外部儲存裝置來進行開機程序。第1圖至第3圖之實施例以外部儲存裝置22和24來做說明,但本發明亦可應用在單一或兩個以上的外部儲存裝置,外部儲存裝置之數目並不限定本發明之範疇。In step 210, the electronic device 10 may require the user to enter a set of passwords for the external storage devices 22 and 24, or to input two different sets of passwords for the external storage devices 22 and 24, respectively. The entered confirmation password can be any combination of letters, special symbols or numbers. It should be noted that the form, length or number of passwords does not limit the scope of the invention. The present invention uses two external storage devices 22 and 24 as keys for use of the electronic device 10 to provide a password backup so that if one of the external storage devices is inadvertently lost or data corruption occurs, the user can still use another external storage. The device is used to start the program. The embodiments of Figs. 1 to 3 are illustrated by external storage devices 22 and 24, but the present invention can also be applied to single or more than one external storage device, and the number of external storage devices does not limit the scope of the present invention. .

在步驟220中,電子裝置10可要求使用者輸入電子郵件地址及/或行動電話號碼等聯絡方式。值得注意的是,聯絡方式的種類或數目並不限定本發明之範疇。本發明可使用多種聯絡方式,如此若其中一種聯絡方式因故無效時,電子裝置10還是可以透過其它聯絡方式通知使用者。In step 220, the electronic device 10 may request the user to enter a contact information such as an email address and/or a mobile phone number. It should be noted that the type or number of contact methods does not limit the scope of the present invention. The present invention can use a variety of contact methods, so that if one of the contact methods is invalid for some reason, the electronic device 10 can notify the user through other contact means.

在步驟230中,電子裝置10可要求使用者設定密碼更新頻率,例如在每次成功開機/喚醒後皆需更新、在成功開機/喚醒特定次數後更新,或以時間為單位每日/週/月/季/年更新等。值得注意的是,更新頻率之值並不限定本發明之範疇。本發明會以使用者指定的方式更新密碼,以增加未授權之第三者破解密碼的難度,進而提高安全性。In step 230, the electronic device 10 may request the user to set a password update frequency, for example, after each successful power on/wake up, after a successful power on/wake up a certain number of times, or in daily time/week/ Month/season/year update, etc. It is to be noted that the value of the update frequency does not limit the scope of the invention. The invention updates the password in a manner specified by the user to increase the difficulty of the unauthorized third party to crack the password, thereby improving security.

在步驟240中,外部儲存裝置22和24可分別透過連接介面12和14插入電子裝置10。在第2圖所示之實施例中,資料保密系統100在初始設置時係依序執行步驟210~240。在其它實施例中,資料保密系統100在初始設置時可先執行步驟240,接著再執行步驟210~230。或者,資料保密系統100在初始設置時可在執行步驟210~230的期間內任意時間點插入執行步驟240。另一方面,資料保密系統100在初始設置時可以任意順序執行步驟210、220和230。值得注意的是,步驟210~240之執行順序並不限定本發明之範疇。In step 240, external storage devices 22 and 24 can be inserted into electronic device 10 through connection interfaces 12 and 14, respectively. In the embodiment shown in FIG. 2, the data security system 100 performs steps 210-240 in sequence during initial setup. In other embodiments, the data security system 100 may perform step 240 first in the initial setting, and then perform steps 210-230. Alternatively, the data security system 100 may insert the execution step 240 at any point in time during the initial execution of the steps 210-230. On the other hand, the data security system 100 can perform steps 210, 220, and 230 in any order during initial setup. It should be noted that the order of execution of steps 210-240 does not limit the scope of the present invention.

在步驟250中,電子裝置10可將使用者輸入之確認密碼和電子裝置10的獨特標記寫入外部儲存裝置22和24,其中寫入外部儲存裝置22和24之確認密碼可為相同組或不同組密碼。電子裝置10的獨特標記可為網路卡卡號、網際網路位址(IP address)、國際移動設備辨識(international mobile equipment identity,IMEI)、行動設備識別碼(mobile equipment identifier,MEID)、全域唯一識別碼(globally unique identifier,GUID)、SIM卡之國際行動用戶辨識(international mobile subscriber identity,IMSI)和積體電路卡識別碼(integrated circuit card identifier,ICCID),或中央處理器編號。值得注意的是,獨特標記之種類並不限定本發明之範疇。如相關領域具備通常知識者熟知,網路卡卡號、網際網路位址、IMEI、MEID和SIM卡之IMSI/ICCID為唯一 識別,而透過演算法產生的128位元長的GUID重複機率極低。因此,外部儲存裝置22和24內存之確認密碼可做為電子裝置10之軟體金鑰,而內存之獨特標記可做為電子裝置10之硬體金鑰。透過上述軟硬體金鑰的雙重保護,即使未授權之第三者從它處取得密碼,依舊無法得知獨特標記之內容;即使未授權之第三者設法破解外部儲存裝置22和24內存之密碼和獨特標記,依舊無法得知外部儲存裝置22和24適用之電子裝置10。因此,本發明能大幅提高資料保密系統100的安全性。In step 250, the electronic device 10 can write the confirmation password input by the user and the unique identifier of the electronic device 10 to the external storage devices 22 and 24, wherein the confirmation passwords written to the external storage devices 22 and 24 can be the same group or different. Group password. The unique identifier of the electronic device 10 can be a network card number, an IP address, an international mobile equipment identity (IMEI), a mobile equipment identifier (MEID), and a global unique identifier. A globally unique identifier (GUID), an international mobile subscriber identity (IMSI) of the SIM card, and an integrated circuit card identifier (ICCID), or a central processing unit number. It is to be noted that the type of unique mark does not limit the scope of the invention. As is well known to those skilled in the relevant art, the IMSI/ICCID of the network card number, internet address, IMEI, MEID and SIM card is unique. The recognition, while the 128-bit long GUID generated by the algorithm is extremely low. Therefore, the confirmation password stored in the external storage devices 22 and 24 can be used as the software key of the electronic device 10, and the unique identifier of the memory can be used as the hardware key of the electronic device 10. Through the double protection of the above software and hardware keys, even if an unauthorized third party obtains the password from it, the content of the unique mark is still unknown; even if the unauthorized third party tries to crack the external storage devices 22 and 24 With the password and the unique mark, the electronic device 10 to which the external storage devices 22 and 24 are applied is still not known. Therefore, the present invention can greatly improve the security of the data security system 100.

此外,電子裝置10可將使用者輸入之確認密碼和電子裝置10的獨特標記以特定格式寫入外部儲存裝置22和24之特定位址。此特定位址並非外部儲存裝置22和24之檔案區,而特定格式並非任何第三者可閱讀之文件格式。例如,電子裝置10可將使用者輸入之確認密碼和電子裝置10的獨特標記直接以機器碼寫入外部儲存裝置22和24之非檔案區內。如此一來,未授權之第三者即使得到外部儲存裝置22和24,也無法輕易讀取外部儲存裝置22和24內存之密碼。因此,本發明能大幅提高資料保密系統100的安全性。In addition, the electronic device 10 can write the confirmation password input by the user and the unique mark of the electronic device 10 to a specific address of the external storage devices 22 and 24 in a specific format. This particular address is not a file area of external storage devices 22 and 24, and the particular format is not a file format readable by any third party. For example, the electronic device 10 can write the confirmation password entered by the user and the unique mark of the electronic device 10 directly into the non-file area of the external storage devices 22 and 24 in machine code. As a result, the unauthorized third party cannot easily read the passwords of the external storage devices 22 and 24 even if the external storage devices 22 and 24 are obtained. Therefore, the present invention can greatly improve the security of the data security system 100.

在步驟260中,電子裝置10可依據使用者輸入之聯絡方式通知使用者最新的密碼。舉例來說,電子裝置10可透過電子郵件通知使用者最新的密碼、可透過簡訊將最新的密碼傳送至使用者的行動電話,或上述兩者皆進行。值得注意的是,電子裝置10通知使用者最新密碼之方式並不限定本發明之範疇。In step 260, the electronic device 10 can notify the user of the latest password according to the contact mode input by the user. For example, the electronic device 10 can notify the user of the latest password by email, transmit the latest password to the user's mobile phone through the short message, or both. It should be noted that the manner in which the electronic device 10 notifies the user of the latest password does not limit the scope of the present invention.

第3圖為本發明實施例中資料保密系統100在進行開機或喚醒程序時之流程圖,其包含下列步驟:FIG. 3 is a flow chart of the data security system 100 during a boot or wake-up procedure according to an embodiment of the present invention, which includes the following steps:

步驟310:在接收到啟動訊號後,判斷電子裝置10是否插入至少一外部儲存裝置;若是,執行步驟320;若否,執行步驟390。Step 310: After receiving the startup signal, determine whether the electronic device 10 is inserted into the at least one external storage device; if yes, go to step 320; if no, go to step 390.

步驟320:要求使用者輸入密碼;執行步驟330。Step 320: The user is required to input a password; and step 330 is performed.

步驟330:判斷使用者輸入之密碼是否符合目前插入外部儲存裝置內存之確認密碼;若是,執行步驟340;若否,執行步驟390。Step 330: Determine whether the password input by the user meets the confirmation password currently inserted into the memory of the external storage device; if yes, go to step 340; if no, go to step 390.

步驟340:判斷目前插入外部儲存裝置內存之標記是否符合電子裝置10之獨特標記;若是,執行步驟350;若否,執行步驟390。Step 340: Determine whether the mark currently inserted into the memory of the external storage device conforms to the unique mark of the electronic device 10; if yes, go to step 350; if no, go to step 390.

步驟350:電子裝置10執行系統軟體20;執行步驟360。Step 350: The electronic device 10 executes the system software 20; step 360 is performed.

步驟360:依據使用者在初始設置時輸入之更新頻率判斷是否需要更新確認密碼;若是,執行步驟370;若否,執行步驟380。Step 360: Determine whether it is necessary to update the confirmation password according to the update frequency input by the user at the initial setting; if yes, go to step 370; if no, go to step 380.

步驟370:電子裝置10更新確認密碼,將更新後之確認密碼寫入目前插入之外部儲存裝置,並透過使用者在初始設置時輸入之聯絡方式通知使用者更新後之確認密碼;執行步驟380。Step 370: The electronic device 10 updates the confirmation password, writes the updated confirmation password to the currently inserted external storage device, and notifies the user of the updated confirmation password through the contact mode input by the user at the initial setting; and step 380 is performed.

步驟380:執行其它運作。Step 380: Perform other operations.

步驟390:進行關機作業。Step 390: Perform a shutdown job.

在步驟310中,電子裝置10在接收到啟動訊號後會判斷是否至少插入一外部儲存裝置。若電子裝置10並未插入任何外部儲存裝置,此時會執行步驟390以執行關機作業。在本發明一實施例中,當電子裝置10正在關機狀態時,啟動訊號可在使用者按下電子裝置10之電源鍵後產生。在本發明另一實施例中,當電子裝置10正在睡眠模式、休眠模式,或待命模式下運作時,啟動訊號可在使用者按下電子裝置10之任意鍵後產生。值得注意的是,啟動訊號之產生方式並不限定本發明之範疇。In step 310, after receiving the activation signal, the electronic device 10 determines whether at least one external storage device is inserted. If the electronic device 10 is not inserted into any external storage device, step 390 is performed to perform a shutdown operation. In an embodiment of the invention, when the electronic device 10 is in the off state, the activation signal may be generated after the user presses the power button of the electronic device 10. In another embodiment of the present invention, when the electronic device 10 is operating in a sleep mode, a sleep mode, or a standby mode, the activation signal may be generated after the user presses any key of the electronic device 10. It should be noted that the manner in which the activation signal is generated does not limit the scope of the present invention.

在步驟320中,在確認電子裝置10插入至少一外部儲存裝置後,電子裝置10會要求使用者輸入密碼。例如,安全模組18在電子裝置10之螢 幕上顯示一輸入介面,以讓使用者輸入密碼。值得注意的是,使用者輸入密碼之方式並不限定本發明之範疇。In step 320, after confirming that the electronic device 10 is plugged into at least one external storage device, the electronic device 10 will ask the user to input a password. For example, the security module 18 is on the electronic device 10 An input interface is displayed on the screen to allow the user to enter a password. It should be noted that the manner in which the user enters the password does not limit the scope of the present invention.

在步驟330中,電子裝置10會讀取目前插入外部儲存裝置內存之確認密碼,再由安全模組18判斷是否符合使用者在步驟320中輸入之密碼。若密碼不符合,此時會執行步驟390以進行關機作業。In step 330, the electronic device 10 reads the confirmation password currently inserted into the memory of the external storage device, and then the security module 18 determines whether the password entered by the user in step 320 is met. If the password does not match, step 390 is performed at this time to perform the shutdown operation.

在步驟340中,在確認使用者在開機時輸入之密碼符合目前插入外部儲存裝置內存之確認密碼後,安全模組18會判斷目前插入外部儲存裝置內存之標記是否符合電子裝置10之獨特標記。若獨特標記不符合,此時會執行步驟390以執行關機作業。在確認獨特標記符合後,才會執行步驟350以允許電子裝置10執行系統軟體20。換而言之,本發明在開機或喚醒時會做密碼和獨特標記之雙重確認,進而增加安全性。In step 340, after confirming that the password entered by the user at the time of power-on conforms to the confirmation password currently inserted into the memory of the external storage device, the security module 18 determines whether the mark currently inserted into the memory of the external storage device conforms to the unique mark of the electronic device 10. If the unique tag does not match, step 390 is performed to perform the shutdown job. Step 350 is performed to allow the electronic device 10 to execute the system software 20 after confirming that the unique tag is met. In other words, the present invention double-checks the password and the unique mark when booting or waking up, thereby increasing security.

在第3圖所示之實施例中,資料保密系統100在開機或喚醒時係依序執行步驟330~340。在其它實施例中,資料保密系統100在開機或喚醒時可先執行步驟340,接著再執行步驟340。值得注意的是,步驟330和340之執行順序並不限定本發明之範疇。In the embodiment shown in FIG. 3, the data security system 100 performs steps 330-340 in sequence when powering on or waking up. In other embodiments, the data security system 100 may perform step 340 before powering on or waking up, and then perform step 340. It should be noted that the order of execution of steps 330 and 340 does not limit the scope of the invention.

如前所述,本發明可使用單一或兩個以上的外部儲存裝置來做為電子裝置10之使用金鑰以提供密碼備份,在步驟330和340中亦可判斷單一或兩個以上的外部儲存裝置是否為電子裝置10之使用金鑰。下列圖表顯示了本發明資料保密系統100針對每一外部儲存裝置執行步驟330和340之可能結果。狀況一代表外部儲存裝置內存之確認密碼符合使用者在步驟320中輸入之密碼且外部儲存裝置內存之標記符合電子裝置10之獨特標記,而狀況二至狀況四代表外部儲存裝置內存之確認密碼不符合使用者在步驟320中輸入之密碼及/或外部儲存裝置內存之標記不符合電子裝置10之獨特標記。在一 實施例中,若在接收到啟動訊號時電子裝置10僅插入單一外部儲存裝置22,此時唯有在步驟330~340中判斷外部儲存裝置22符合狀況一時,才會接著執行步驟360。在另一實施例中,若在接收到啟動訊號時電子裝置10同時插入外部儲存裝置22和24,此時只要在步驟330~340中判斷外部儲存裝置22和24其中之一符合狀況一時,就會接著執行步驟360;唯有在判斷外部儲存裝置22和24皆不符合狀況一時,才會接著執行步驟390。As described above, the present invention can use a single or more external storage device as a usage key for the electronic device 10 to provide a password backup, and in steps 330 and 340, one or more external storages can also be determined. Whether the device is the use key of the electronic device 10. The following chart shows the possible outcomes of performing data steps 330 and 340 for each external storage device by the data security system 100 of the present invention. The status 1 represents the confirmation password of the external storage device memory conforms to the password entered by the user in step 320 and the external storage device memory mark conforms to the unique identifier of the electronic device 10, and the status 2 to the status 4 represents the external storage device memory confirmation password. The indicia that conform to the password entered by the user in step 320 and/or the memory of the external storage device do not conform to the unique indicia of the electronic device 10. In a In the embodiment, if the electronic device 10 is only inserted into the single external storage device 22 when the activation signal is received, only step 360 is performed after determining that the external storage device 22 meets the condition one in steps 330-340. In another embodiment, if the electronic device 10 is simultaneously inserted into the external storage devices 22 and 24 when receiving the activation signal, at this time, as long as it is determined in steps 330-340 that one of the external storage devices 22 and 24 meets the condition, Step 360 is then performed; step 390 is only performed if it is determined that both external storage devices 22 and 24 are not in compliance with the condition one.

在步驟360中,電子裝置10依據使用者在初始設置時輸入之更新頻率來判斷是否需要更新密碼。更新頻率之細節如前步驟230,在此不另加贅述。In step 360, the electronic device 10 determines whether the password needs to be updated according to the update frequency input by the user at the initial setting. The details of the update frequency are as in the previous step 230, and are not described here.

在步驟370中,電子裝置10會更新密碼,將更新後之密碼寫入目前插入外部儲存裝置,並透過使用者在初始設置時輸入之聯絡方式通知使用者更新後之密碼。更新後之密碼可為字母、特殊符號或數字的任意組合,由電子裝置10隨機產生或以特定運算法求出。電子裝置10可將更新後之密碼以特定格式寫入目前插入外部儲存裝置之特定位址。電子裝置10可透過電子郵件通知使用者最新的密碼、可透過簡訊將最新的密碼傳送至使用者的行動電話,或上述兩者皆進行。值得注意的是,密碼的更新方式和更新後密碼的形式、長度、數目或通知方式並不限定本發明之範疇。In step 370, the electronic device 10 updates the password, writes the updated password to the current external storage device, and notifies the user of the updated password through the contact mode entered by the user at the initial setting. The updated password can be any combination of letters, special symbols, or numbers, randomly generated by the electronic device 10 or determined by a particular algorithm. The electronic device 10 can write the updated password in a specific format to a specific address currently inserted into the external storage device. The electronic device 10 can notify the user of the latest password by e-mail, transmit the latest password to the user's mobile phone via the short message, or both. It should be noted that the manner in which the password is updated and the form, length, number or notification manner of the updated password do not limit the scope of the present invention.

在系統軟體20執行完畢後,電子裝置10可在步驟380中依據使用者指令執行其它運作。After the execution of the system software 20, the electronic device 10 can perform other operations in accordance with the user instructions in step 380.

在本發明一實施例中,安全模組18可藉由韌體方式實施,例如包含在BIOS或是特殊應用積體電路(application specific integrated circuit,ASIC)內。當在步驟310中收到啟動訊號後,隨即啟動BIOS或ASIC內之安全模組18以確認電子裝置10是否至少插入一外部儲存裝置(步驟310)、使用者在開機時輸入之密碼是否符合目前插入外部儲存裝置內存之確認密碼(步驟320),以及目前插入外部儲存裝置內存之標記是否符合電子裝置10之獨特標記(步驟330)。唯有確認完成才會在步驟350中允許電子裝置10執行系統軟體20。In an embodiment of the invention, the security module 18 can be implemented by firmware, for example, in a BIOS or an application specific integrated circuit (ASIC). After receiving the activation signal in step 310, the security module 18 in the BIOS or ASIC is started to confirm whether the electronic device 10 is inserted into at least one external storage device (step 310), and whether the password input by the user at the time of power-on is consistent with the current one. A confirmation password inserted into the external storage device memory (step 320), and a flag currently inserted into the external storage device memory conforms to the unique tag of the electronic device 10 (step 330). The electronic device 10 is allowed to execute the system software 20 in step 350 only if the confirmation is completed.

在本發明另一實施例中,安全模組18可藉由軟體方式實施,例如為包含在電子裝置10作業系統之核心(kernel)內之一開機保護軟體。當在步驟310中收到啟動訊號後,隨即執行開機保護軟體以確認電子裝置10是否至少插入一外部儲存裝置(步驟310)、使用者在開機時輸入之密碼是否符合目前插入外部儲存裝置內存之確認密碼(步驟320),以及目前插入外部儲存裝置內存之標記是否符合電子裝置10之獨特標記(步驟330)。唯有確認完成才會在步驟350中允許電子裝置10執行系統軟體20。值得注意的是,安全模組18之實施方式並不限定本發明之範疇。In another embodiment of the present invention, the security module 18 can be implemented by software, for example, a boot protection software included in a kernel of the operating system of the electronic device 10. After receiving the startup signal in step 310, the boot protection software is executed to confirm whether the electronic device 10 is inserted into at least one external storage device (step 310), and whether the password input by the user at the booting time conforms to the current external storage device memory. The confirmation password (step 320), and whether the tag currently inserted into the external storage device memory conforms to the unique tag of the electronic device 10 (step 330). The electronic device 10 is allowed to execute the system software 20 in step 350 only if the confirmation is completed. It should be noted that the implementation of the security module 18 does not limit the scope of the invention.

本發明使用多個外部儲存裝置做為電子裝置10之使用金鑰以提供密碼備份,如此若其中一個外部儲存裝置不慎遺失或發生資料損毀時,使用者還是可以立即使用另一個外部儲存裝置進行開機或喚醒程序。本發明可將密碼和獨特標記以特定格式(例如機器碼)寫入外部儲存裝置之特定位址(例如非檔案區內),依據使用者指定方式更新密碼,並通知使用者最新密碼,因 此可增加他人利用破解外部儲存裝置內存資料來取得密碼和獨特標記的難度。本發明以外部儲存裝置內存之確認密碼做為軟體金鑰,並以獨特標記做為硬體金鑰,即使他人設法取得密碼,依舊無法得知獨特標記之內容或外部儲存裝置適用之電子裝置。因此,本發明能大幅提高資料保密系統100的安全性。The present invention uses a plurality of external storage devices as the use key of the electronic device 10 to provide a password backup, so that if one of the external storage devices is accidentally lost or data corruption occurs, the user can immediately use another external storage device. Boot or wake up the program. The invention can write the password and the unique mark to a specific address (for example, a non-archive area) of the external storage device in a specific format (for example, a machine code), update the password according to the manner specified by the user, and notify the user of the latest password, because This can increase the difficulty for others to use the memory of the external storage device to obtain passwords and unique tags. The invention uses the confirmation password in the memory of the external storage device as the software key, and uses the unique mark as the hardware key. Even if others try to obtain the password, the content of the unique mark or the electronic device to which the external storage device is applied cannot be known. Therefore, the present invention can greatly improve the security of the data security system 100.

以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。The above are only the preferred embodiments of the present invention, and all changes and modifications made to the scope of the present invention should be within the scope of the present invention.

310~390‧‧‧步驟310~390‧‧‧Steps

Claims (9)

一種資料保密方法,包括:在接收到一啟動訊號後,判斷一電子裝置是否插入任何外部儲存裝置;當該電子裝置插入一第一外部儲存裝置時,判斷一使用者輸入之一密碼是否符合該第一外部儲存裝置內存之一第一確認密碼,以及判斷該第一外部儲存裝置內存之一第一標記是否符合該電子裝置之一獨特標記;當該使用者輸入之該密碼符合該第一確認密碼且該第一標記符合該獨特標記時,該電子裝置執行一系統軟體,並依據一更新頻率更新該密碼;該電子裝置將更新後之該密碼寫入該第一外部儲存裝置以作為該第一確認密碼;以及該電子裝置透過至少一聯絡方式來將更新後之該密碼通知給該使用者。A data confidentiality method includes: determining whether an electronic device is inserted into any external storage device after receiving an activation signal; and determining, when the electronic device is inserted into a first external storage device, whether a password input by a user meets the a first confirmation password of the first external storage device, and determining whether the first mark of the first external storage device is in conformity with a unique identifier of the electronic device; when the password entered by the user meets the first confirmation When the password and the first mark meet the unique mark, the electronic device executes a system software and updates the password according to an update frequency; the electronic device writes the updated password to the first external storage device as the first And confirming the password; and the electronic device notifying the user of the updated password through at least one contact method. 如請求項1所述之資料保密方法,更包括:當該電子裝置並未插入任何外部儲存裝置時、當該使用者輸入之該密碼不符合該第一確認密碼時,或當該第一標記不符合該電子裝置之該獨特標記時,該電子裝置進行一關機作業。The data privacy method of claim 1, further comprising: when the electronic device is not inserted into any external storage device, when the password input by the user does not comply with the first confirmation password, or when the first token When the unique mark of the electronic device is not met, the electronic device performs a shutdown operation. 如請求項1所述之資料保密方法,更包括:在接收到該啟動訊號前,該電子裝置要求該使用者輸入一第一密碼、該至少一聯絡方式和該更新頻率;以及在接收到該啟動訊號前,該電子裝置將該第一密碼寫入該第一外部儲存裝置以作為該第一確認密碼,以及將該獨特標記寫入該第一外部儲存裝置作為該第一標記。The data privacy method of claim 1, further comprising: before receiving the activation signal, the electronic device requests the user to input a first password, the at least one contact mode, and the update frequency; and receiving the Before the signal is activated, the electronic device writes the first password to the first external storage device as the first confirmation password, and writes the unique identifier to the first external storage device as the first identifier. 如請求項1所述之資料保密方法,更包括:當該電子裝置插入一第二外部儲存裝置時,判斷該使用者輸入之該密碼是否符合該第二外部儲存裝置內存之一第二確認密碼,以及判斷該第二外部儲存裝置內存之一第二標記是否符合該電子裝置之該獨特標記;以及當該使用者輸入之該密碼符合該第二確認密碼且該第二標記符合該獨特標記時,該電子裝置執行該系統軟體。The data security method of claim 1, further comprising: when the electronic device is inserted into a second external storage device, determining whether the password input by the user meets a second confirmation password of the second external storage device memory And determining whether the second mark of one of the second external storage devices meets the unique mark of the electronic device; and when the password entered by the user matches the second confirmation password and the second mark conforms to the unique mark The electronic device executes the system software. 如請求項4所述之資料保密方法,更包括:在接收到該啟動訊號前,該電子裝置要求該使用者輸入一第一密碼、該至少一聯絡方式和該更新頻率;以及在接收到該啟動訊號前,該電子裝置將該第一密碼寫入該第一外部儲存裝置以作為該第一確認密碼、將該第一密碼寫入該第二外部儲存裝置以作為該第二確認密碼、將該獨特標記寫入該第一外部儲存裝置以作為該第一標記,以及將該獨特標記寫入該第二外部儲存裝置以作為該第二標記。The data privacy method of claim 4, further comprising: before receiving the activation signal, the electronic device requests the user to input a first password, the at least one contact mode, and the update frequency; and receiving the Before the signal is activated, the electronic device writes the first password to the first external storage device as the first confirmation password, and writes the first password to the second external storage device as the second confirmation password. The unique indicia is written to the first external storage device as the first indicia, and the unique indicia is written to the second external storage device as the second indicia. 如請求項4所述之資料保密方法,更包括:在接收到該啟動訊號前,該電子裝置要求該使用者輸入一第一密碼、一第二密碼、該至少一聯絡方式和該更新頻率;以及在接收到該啟動訊號前,該電子裝置將該第一密碼寫入該第一外部儲存裝置以作為該第一確認密碼,將該第二密碼寫入該第二外部儲存裝置以作為該第二確認密碼、將該獨特標記寫入該第一外部儲存裝置以作為該第一標記,以及將該獨特標記寫入該第二外部儲存裝置以作為該第二標記。The data security method of claim 4, further comprising: before receiving the activation signal, the electronic device requests the user to input a first password, a second password, the at least one contact method, and the update frequency; And before receiving the activation signal, the electronic device writes the first password into the first external storage device as the first confirmation password, and writes the second password into the second external storage device as the first And confirming the password, writing the unique mark to the first external storage device as the first mark, and writing the unique mark to the second external storage device as the second mark. 如請求項1所述之資料保密方法,更包括:當該電子裝置在一關機狀態時,按下該電子裝置之一電源鍵以產生該啟動訊號;或當該電子裝置在一省電模式下運作時,按下該電子裝置之任意鍵以產生該啟動訊號。The method for securing data according to claim 1, further comprising: when the electronic device is in a power off state, pressing a power button of the electronic device to generate the activation signal; or when the electronic device is in a power saving mode In operation, any key of the electronic device is pressed to generate the activation signal. 一種電子裝置,具有一獨特標記,且包含:一特定儲存區,載有一系統軟體;以及一安全模組,用來:在接收到一啟動訊號後,判斷該電子裝置是否插入任何外部儲存裝置;當該電子裝置插入內存一第一確認密碼和一第一標記之一第一外部儲存裝置時,判斷一使用者輸入之一密碼是否符合該第一確認密碼,以及判斷該第一標記是否符合該獨特標記;當該使用者輸入之該密碼符合該第一確認密碼且該第一標記符合該獨特標記時,該電子裝置執行該系統軟體,並依據一更新頻率更新該密碼;以及控制該電子裝置將更新後之該密碼寫入該第一外部儲存裝置以作為該第一確認密碼,並透過至少一聯絡方式將更新後之該密碼通知給該使用者。An electronic device having a unique mark and comprising: a specific storage area carrying a system software; and a security module configured to: after receiving an activation signal, determine whether the electronic device is inserted into any external storage device; When the electronic device inserts a first confirmation password and a first external storage device of the first identifier, determining whether a password input by a user meets the first confirmation password, and determining whether the first marker meets the a unique mark; when the password entered by the user meets the first confirmation password and the first mark conforms to the unique mark, the electronic device executes the system software, and updates the password according to an update frequency; and controls the electronic device The updated password is written to the first external storage device as the first confirmation password, and the updated password is notified to the user through at least one contact method. 一種外部儲存裝置,可分離地電性連接於一電子裝置,該電子裝置具有一獨特標記並載有一系統軟體,該外部儲存裝置包括:一確認密碼;一標記; 其中,當該電子裝置插入該外部儲存裝置,且該電子裝置接收到一啟動訊號後,判斷一使用者輸入之一密碼是否符合該確認密碼,以及判斷該標記是否符合該獨特標記;且當該使用者輸入之該密碼符合該確認密碼且該標記符合該獨特標記時,該電子裝置執行該系統軟體,並依據一更新頻率更新該密碼,再透過至少一聯絡方式將更新後之該密碼通知給該使用者。An external storage device detachably electrically connected to an electronic device, the electronic device having a unique mark and carrying a system software, the external storage device comprising: a confirmation password; a mark; When the electronic device is inserted into the external storage device, and the electronic device receives an activation signal, it determines whether a password input by a user meets the confirmation password, and determines whether the tag conforms to the unique tag; When the password input by the user meets the confirmation password and the mark conforms to the unique mark, the electronic device executes the system software, updates the password according to an update frequency, and notifies the updated password to the password through at least one contact method. The user.
TW103126253A 2014-07-31 2014-07-31 Data security method, electronic device and external storage device TWI506469B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW103126253A TWI506469B (en) 2014-07-31 2014-07-31 Data security method, electronic device and external storage device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW103126253A TWI506469B (en) 2014-07-31 2014-07-31 Data security method, electronic device and external storage device

Publications (2)

Publication Number Publication Date
TWI506469B true TWI506469B (en) 2015-11-01
TW201604701A TW201604701A (en) 2016-02-01

Family

ID=55220070

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103126253A TWI506469B (en) 2014-07-31 2014-07-31 Data security method, electronic device and external storage device

Country Status (1)

Country Link
TW (1) TWI506469B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW531708B (en) * 1999-10-02 2003-05-11 Geneticware Co Ltd Keyboard device with safety password authorization and the method thereof
US7529367B2 (en) * 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent cipher feedback mode cryptographic functions
TWM390621U (en) * 2009-12-29 2010-10-11 Univ Lunghwa Sci & Technology A portable computing architecture for the remote control of computer passwords
TW201138407A (en) * 2009-09-09 2011-11-01 Sony Corp Communication system, communication equipment and method, and computer program
US20120033804A1 (en) * 2009-01-13 2012-02-09 Viaccess Method and module for renewing the code of a cryptographic algorithm, method and module for generating a seed, security processor and recording carrier for these methods
TWI411280B (en) * 2009-02-11 2013-10-01 Digicheese Technology & Interactive Co Ltd Anti-spyware system for transmitting and authenticating a password
CN103748829A (en) * 2011-07-15 2014-04-23 虹膜技术公司 Authentication method and device using single-use password including biometric image information
US20140201540A1 (en) * 2011-12-29 2014-07-17 Jiangtao Li Secure key storage using physically unclonable functions

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW531708B (en) * 1999-10-02 2003-05-11 Geneticware Co Ltd Keyboard device with safety password authorization and the method thereof
US7529367B2 (en) * 2003-04-18 2009-05-05 Via Technologies, Inc. Apparatus and method for performing transparent cipher feedback mode cryptographic functions
US20120033804A1 (en) * 2009-01-13 2012-02-09 Viaccess Method and module for renewing the code of a cryptographic algorithm, method and module for generating a seed, security processor and recording carrier for these methods
TWI411280B (en) * 2009-02-11 2013-10-01 Digicheese Technology & Interactive Co Ltd Anti-spyware system for transmitting and authenticating a password
TW201138407A (en) * 2009-09-09 2011-11-01 Sony Corp Communication system, communication equipment and method, and computer program
TWM390621U (en) * 2009-12-29 2010-10-11 Univ Lunghwa Sci & Technology A portable computing architecture for the remote control of computer passwords
CN103748829A (en) * 2011-07-15 2014-04-23 虹膜技术公司 Authentication method and device using single-use password including biometric image information
US20140201540A1 (en) * 2011-12-29 2014-07-17 Jiangtao Li Secure key storage using physically unclonable functions

Also Published As

Publication number Publication date
TW201604701A (en) 2016-02-01

Similar Documents

Publication Publication Date Title
TWI221580B (en) Pre-boot authentication system
RU2346396C2 (en) Protection marker
JP4994903B2 (en) Encryption key recovery method, information processing apparatus, and encryption key recovery program
TWI296787B (en) Storage device and method for protecting data stored therein
CN102883324A (en) Security verification method, security verification device and mobile terminal for plugin call in mobile terminal
US8387133B2 (en) Power on certification method for personal computer and power on certification system thereof
CN103198247B (en) A kind of computer safety protective method and system
KR20150034196A (en) Hardware-enforced access protection
US20200233947A1 (en) System and method for facilitating authentication via a short-range wireless token
US10929566B2 (en) Information processing device and information processing system
TW201211759A (en) Method of clearing data in a computer and computer
WO2012035628A1 (en) Information processing device, method of controlling information processing device, information processing device control program and computer readable recording medium with information processing device control program recorded thereon
CN102982265B (en) Authentication method for storing basic input and output system (BIOS) setting
CN109582238B (en) Hard disk binding and matching method and system, electronic equipment and storage medium
JP2007094879A (en) Authentication system for basic program of operating system, computer used for the same, and computer program
JP2008160325A (en) User authentication method using removable device, and computer
JP4706646B2 (en) Data processing apparatus and data processing program
TWI506469B (en) Data security method, electronic device and external storage device
CN112966276B (en) Method, device and medium for safely starting computer
CN103020509B (en) A kind of terminal device encryption and decryption method, device and terminal device
KR102248132B1 (en) Method, apparatus and program of log-in using biometric information
CN114153280A (en) Computer mainboard
CN110781527B (en) Control register protection method and device
TWI709873B (en) Method and system for safely managing electronic devices with electronic keys
EP3915030B1 (en) Storage of network credentials

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees