TWI612440B - Information storage system with information security protection - Google Patents

Information storage system with information security protection Download PDF

Info

Publication number
TWI612440B
TWI612440B TW103122948A TW103122948A TWI612440B TW I612440 B TWI612440 B TW I612440B TW 103122948 A TW103122948 A TW 103122948A TW 103122948 A TW103122948 A TW 103122948A TW I612440 B TWI612440 B TW I612440B
Authority
TW
Taiwan
Prior art keywords
data
processing unit
data storage
activation
control processing
Prior art date
Application number
TW103122948A
Other languages
Chinese (zh)
Other versions
TW201602831A (en
Inventor
李俊昌
廖鄭雄
Original Assignee
宇瞻科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇瞻科技股份有限公司 filed Critical 宇瞻科技股份有限公司
Priority to TW103122948A priority Critical patent/TWI612440B/en
Publication of TW201602831A publication Critical patent/TW201602831A/en
Application granted granted Critical
Publication of TWI612440B publication Critical patent/TWI612440B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

一種具資訊安全防護的資料儲存系統,包含一固態儲存裝置及至少一選擇性地組接於該固態儲存裝置上的啟動裝置。其中,該固態儲存裝置具有一資料儲存單元及一資訊連接該資料儲存單元並寫入至少一以一啟動金鑰觸發啟動而決定對該資料儲存單元執行一預設任務的韌體資料的控制處理單元。該啟動裝置則具有一預先寫入有該啟動金鑰的資料處理單元,該資料處理單元具有一與該控制處理單元第一次資訊連接而擷取該裝置識別碼並作儲存的配對模式,以及一與該控制處理單元再次資訊連接而比對所儲存的該裝置識別碼向該控制處理單元輸出該啟動金鑰的致能模式。 A data storage system with information security protection includes a solid-state storage device and at least one activation device selectively connected to the solid-state storage device. Wherein, the solid-state storage device has a data storage unit and an information connection to the data storage unit and writes at least one control process of firmware data triggered by an activation key to decide to perform a predetermined task on the data storage unit unit. The activation device has a data processing unit pre-written with the activation key, and the data processing unit has a pairing mode in which the device identification code is retrieved and stored for the first information connection with the control processing unit, and An information connection with the control processing unit is performed again, and the stored device identification code is compared to output the activation mode of the activation key to the control processing unit.

Description

具資訊安全防護的資料儲存系統 Data storage system with information security protection

本發明有關一種資料儲存系統,尤指一種具資訊安全防護的資料儲存系統。 The invention relates to a data storage system, especially a data storage system with information security protection.

隨著各類資訊設備的普遍應用,越來越多的用戶將報告、文獻等重要作業資料電腦化儲存於各類的資訊設備之中,以方便作業。然而,現今各類資訊設備主要是以各式硬碟儲存裝置(Hard Disk Drive,HDD)儲存數據資料,但一般的硬碟儲存裝置並不具有任何資訊安全的防護,竊賊僅需要啟動該資訊設備即可以對該硬碟儲存裝置的數據資料任意的進行讀取、複製或寫入等動作,導致重要資料的外流。 With the widespread application of various types of information equipment, more and more users computerize and store important operational data such as reports and documents in various types of information equipment to facilitate operations. However, today's various types of information equipment mainly use various hard disk storage devices (Hard Disk Drive, HDD) to store data, but general hard disk storage devices do not have any information security protection, thieves only need to activate the information equipment That is, the data of the hard disk storage device can be read, copied, or written arbitrarily, resulting in the outflow of important data.

因此,硬碟儲存裝置的相關製造廠商無一不針對資訊防護提出改良,就如中華民國公告第I382316專利案所公開,其揭露了一種具保全功能之隨身碟串接組合結構,包含有複數資料碟以及一鑰匙碟,其中至少一該資料碟劃分有一公用區及一私密區,該私密區的使用需要透過該鑰匙碟內存的一公用程式執行於一作業系統中,才可對該私密區進行讀取。然而,上述實施方式雖然以該鑰匙碟作為讀取該私密區的條件,達成了資安防護的目的,但將該資料碟區分為該公用區及該私密區,並常態對該作業系統隱藏該私密區的實施方式,無疑是減少該資料碟所能儲存資料的容量。此外,上述專利需要透過執行於該 鑰匙碟內存的該公用程式才可讀取該私密區內的資料,使用上極不便利亦無法提供分層防護的效果,據此,本案發明人亟思另一實施方式以改善上述問題。 Therefore, all the relevant manufacturers of hard disk storage devices have proposed improvements to information protection, as disclosed in the Patent Announcement No. I382316 of the Republic of China, which discloses a flash drive serial combination structure with security functions, including plural data Disc and a key disc, at least one of the data discs is divided into a common area and a private area, and the use of the private area needs to be executed in an operating system through a utility program in the key disc memory to perform the private area Read. However, although the above embodiment uses the key disc as a condition for reading the private area to achieve the purpose of security protection, the data disc is divided into the public area and the private area, and the operating system is normally hidden from the operating system. The implementation of the private area is undoubtedly to reduce the capacity of the data disc to store data. In addition, the above patents need to be implemented through the Only the utility program in the key disk memory can read the data in the private area, which is extremely inconvenient to use and cannot provide the effect of layered protection. According to this, the inventor of the present case urgently thinks of another embodiment to improve the above problems.

本發明之主要目的,在於提供一種應用於固態硬碟裝置且無須搭配其他軟體程式實施的資料儲存系統。 The main purpose of the present invention is to provide a data storage system which is applied to a solid-state hard disk device and does not need to be implemented with other software programs.

為達上述目的,本發明提供一種具資訊安全防護的資料儲存系統,該資料儲存系統包含有一固態儲存裝置以及至少一啟動裝置,其中該固態儲存裝置具有一裝置識別碼,並包含一資料儲存單元、一資訊連接該資料儲存單元並寫入至少一以一啟動金鑰觸發啟動而決定對該資料儲存單元執行一預設任務的韌體資料的控制處理單元、一資訊連接該控制處理單元並接受來自一資訊裝置所傳輸資料的資料傳輸介面以及一資訊連接該控制處理單元的裝置連接埠。該啟動裝置則可選擇性地組接於該裝置連接埠上並包含有一預先寫入有該啟動金鑰的資料處理單元,該資料處理單元具有一經該裝置連接埠與該控制處理單元第一次資訊連接而擷取該裝置識別碼並作儲存的配對模式,以及一經該裝置連接埠與該控制處理單元再次資訊連接而比對所記錄的該裝置識別碼向該控制處理單元輸出該啟動金鑰的致能模式。 To achieve the above object, the present invention provides a data storage system with information security protection. The data storage system includes a solid-state storage device and at least one startup device, wherein the solid-state storage device has a device identification code and includes a data storage unit 1. An information connection to the data storage unit and writing at least one control processing unit that triggers activation with a start key to determine the firmware data to perform a predetermined task on the data storage unit, an information connection to the control processing unit and accept A data transmission interface from data transmitted by an information device and a device connection port for information connection to the control processing unit. The activation device can be selectively assembled on the device port and includes a data processing unit pre-written with the activation key. The data processing unit has a first time through the device port and the control processing unit Information connection to retrieve the device identification code and store it in a pairing mode, and output the activation key to the control processing unit upon information connection with the control processing unit via the device port again to compare the recorded device identification code Enable mode.

於一實施例中,該裝置連接埠以及該啟動裝置分別為一USB傳輸規格,且該啟動裝置是以一傳送/接收差動訊號端D+及D-與該控制處理單元資訊連接傳遞該啟動金鑰。 In one embodiment, the device port and the activation device are respectively a USB transmission specification, and the activation device transmits information through the transmission / reception differential signal terminals D + and D- to the control processing unit to transmit the activation money key.

於一實施例中,該固態儲存裝置更包含有一資訊連接該控制處理單元並供組接該啟動裝置以傳遞該裝置識別碼及該啟動金鑰的資料連接線。 In one embodiment, the solid-state storage device further includes a data connection line for connecting the control processing unit and connecting the activation device to transfer the device identification code and the activation key.

於一實施例中,該控制處理單元寫入有複數韌體資料,每一該韌體資料啟動所需的該啟動金鑰為相異。 In one embodiment, the control processing unit is written with a plurality of firmware data, and the activation key required for activation of each of the firmware data is different.

於一實施例中,該資料儲存單元可以是選自由一單層式儲存快閃記憶體、一多層式儲存快閃記憶體以及一三層式儲存快閃記憶體所組成群組的其中之一。 In one embodiment, the data storage unit may be selected from the group consisting of a single-layer storage flash memory, a multi-layer storage flash memory, and a triple-layer storage flash memory One.

於一實施例中,該預設任務可以是選自由一防止資料寫入任務、一刪除資料任務、一破壞資料儲存單元任務以及一加密寫入資料任務所組成群組的其中之一。 In one embodiment, the default task may be one selected from the group consisting of a data write prevention task, a data delete task, a data storage unit destruction task, and an encrypted data write task.

於一實施例中,該固態儲存裝置更包含有一承載該資料儲存單元、該控制處理單元、該資料傳輸介面以及該裝置連接埠的電路板以及一容置該電路板並具有一對應該裝置連接埠開設的組裝通孔的硬碟外殼。 In one embodiment, the solid-state storage device further includes a circuit board carrying the data storage unit, the control processing unit, the data transmission interface and the device connection port, and a circuit board accommodating the circuit board and having a corresponding device connection The hard disk case with through holes assembled in the port.

透過本發明所揭結構,相較於習用具有以下特點: Compared with the conventional structure, the structure disclosed by the present invention has the following characteristics:

1.本發明該資料儲存系統未對該固態儲存裝置進行磁區分劃以限制讀取的動作,使用戶可以完整使用該固態儲存裝置所能提供的資料儲存空間。 1. The data storage system of the present invention does not perform magnetic division on the solid-state storage device to limit the reading operation, so that users can fully use the data storage space provided by the solid-state storage device.

2.本發明該資料儲存系統於該控制處理單元內寫入有至少一執行該預設任務的韌體資料,且每一該韌體資料啟動所需的該啟動金鑰均為相異,藉此以提供分層資安防護的效果。除此之外,該韌體資料無須搭配其他軟件,僅需於確認該啟動金鑰及該裝置識別碼後,即令該控制處理單元執行該預設任務。 2. The data storage system of the present invention writes at least one piece of firmware data to perform the preset task into the control processing unit, and the activation key required for the activation of each piece of firmware data is different. This provides the effect of layered security protection. In addition, the firmware data does not need to be matched with other software, and only after confirming the activation key and the device identification code, the control processing unit is allowed to perform the preset task.

1‧‧‧資料儲存系統 1‧‧‧Data storage system

11‧‧‧固態儲存裝置 11‧‧‧Solid storage device

111‧‧‧資料儲存單元 111‧‧‧Data storage unit

112‧‧‧控制處理單元 112‧‧‧Control processing unit

113‧‧‧資料傳輸介面 113‧‧‧Data transmission interface

114‧‧‧裝置連接埠 114‧‧‧Device port

115‧‧‧電路板 115‧‧‧ circuit board

116‧‧‧硬碟外殼 116‧‧‧Hard disk case

117‧‧‧組裝通孔 117‧‧‧Assembly through hole

118‧‧‧資料連接線 118‧‧‧Data cable

12‧‧‧啟動裝置 12‧‧‧Starting device

121‧‧‧資料處理單元 121‧‧‧Data processing unit

2‧‧‧資訊設備 2‧‧‧Information equipment

21‧‧‧主機傳輸介面 21‧‧‧Host transmission interface

3‧‧‧電腦機殼 3‧‧‧Computer case

D1‧‧‧裝置識別碼 D1‧‧‧ device identification code

D2‧‧‧啟動金鑰 D2‧‧‧Activate key

D+、D-‧‧‧傳送/接收差動訊號端 D +, D-‧‧‧Transmit / receive differential signal terminal

S01、S02‧‧‧步驟 S01, S02‧‧‧Step

圖1,本發明具資訊安全防護的資料儲存系統一實施例的結構示意圖。 FIG. 1 is a schematic structural diagram of an embodiment of a data storage system with information security protection according to the present invention.

圖2,本發明具資訊安全防護的資料儲存系統一實施例的單元組成示意圖。 FIG. 2 is a schematic diagram of unit composition of an embodiment of a data storage system with information security protection according to the present invention.

圖3,本發明具資訊安全防護的資料儲存系統另一實施例啟動裝置的局部結構示意圖。 FIG. 3 is a partial structural schematic diagram of an activation device of another embodiment of a data storage system with information security protection of the present invention.

圖4,本發明具資訊安全防護的資料儲存系統一實施例的流程示意圖。 FIG. 4 is a schematic flowchart of an embodiment of a data storage system with information security protection according to the present invention.

圖5,本發明具資訊安全防護的資料儲存系統另一實施例的結構示意圖。 FIG. 5 is a schematic structural diagram of another embodiment of a data storage system with information security protection according to the present invention.

有關本發明之詳細說明及技術內容,現就配合圖式說明如下: The detailed description and technical content of the present invention are described below in conjunction with the drawings:

請參閱圖1及圖2,本發明具資訊安全防護的資料儲存系統1,應用於一資訊設備2中。該資料儲存系統1可以是由一固態儲存裝置11以及一啟動裝置12組構而成,其中,該固態儲存裝置11具有一裝置識別碼D1,該裝置識別碼D1提供該資訊設備2可以直接辨識連接的裝置,意即該裝置識別碼D1對於該資訊設備2而言,該裝置識別碼D1即代表該固態儲存裝置11。此外,每一該固態儲存裝置11所具有的該裝置識別碼D1均為相異。進一步地,該固態儲存裝置11包含有一資料儲存單元111、一資訊連接該資料儲存單元111的控制處理單元112以及分別資訊連接該控制處理單元112的一資料傳輸介面113與一裝置連接埠114。更具體說明,該資料儲存單元111主要用於儲存自該資訊設備2所接受的數據資料,又或者是提供該資訊設備2讀取該資料儲存單元111內所儲存的數據資料。該資料儲存單元111可以是選自由一單層式儲存快閃記憶體(SLC NAND Flash)、一多層式儲存快閃記憶體(MLC NAND Flash)以及一三層式儲存快閃記憶體(TLC NAND Flash)所組成群組的其中之一實施。再者,該控制處理單元112經該資料傳輸介面113接受該資訊設備2對該固態儲存裝置11下達的讀取指令或寫入指令,進而控制該資料儲存單元111讀取或寫入相應的數據資料。於本發明 中,該控制處理單元112進一步寫入有至少一以一啟動金鑰D2觸發啟動而決定對該資料儲存單元111執行一預設任務的韌體資料。更具體說明,本發明該控制處理單元112可為一積體電路,於該固態儲存裝置11製成的同時,即燒錄有至少一韌體資料,而每一該韌體資料所執行的該預設任務均不相同,且每一該韌體資料啟動所需的該啟動金鑰D2為相異。又,本發明該資料傳輸介面113主要用於與該資訊設備2的一主機傳輸介面21產生資訊連接,而該資料傳輸介面113可以是以一序列先進附件(Serial Advanced Technology Attachment,SATA)標準實施,另一方面,本發明該裝置連接埠114則可以是以USB傳輸規格實施。更具體地,本發明該固態儲存裝置11更包含有一承載該資料儲存單元111、該控制處理單元112、該資料傳輸介面113以及該裝置連接埠114的電路板115,以及一容置該電路板115的硬碟外殼116。該硬碟外殼116更具有一對應該裝置連接埠114開設的組裝通孔117,而該組裝通孔117的開設位置,則可以根據該裝置連接埠114設置於該電路板115上的位置進行對應的調整。 Please refer to FIGS. 1 and 2. The data storage system 1 with information security protection of the present invention is applied to an information device 2. The data storage system 1 may be composed of a solid-state storage device 11 and a start-up device 12, wherein the solid-state storage device 11 has a device identification code D1, which provides the information equipment 2 can be directly identified The connected device means that the device identification code D1 for the information equipment 2 represents the solid-state storage device 11. In addition, the device identification code D1 possessed by each of the solid-state storage devices 11 is different. Further, the solid-state storage device 11 includes a data storage unit 111, a control processing unit 112 for information connection to the data storage unit 111, a data transmission interface 113 and a device connection port 114 for information connection to the control processing unit 112, respectively. More specifically, the data storage unit 111 is mainly used to store data data received from the information device 2 or to provide the information device 2 to read the data data stored in the data storage unit 111. The data storage unit 111 may be selected from a single-layer storage flash memory (SLC NAND Flash), a multi-layer storage flash memory (MLC NAND Flash), and a three-layer storage flash memory (TLC NAND Flash) is implemented in one of the groups. Furthermore, the control processing unit 112 receives the read command or write command issued by the information device 2 to the solid-state storage device 11 via the data transmission interface 113, and then controls the data storage unit 111 to read or write the corresponding data data. For the present invention In this case, the control processing unit 112 further writes at least one piece of firmware data triggered by an activation key D2 to decide to perform a predetermined task on the data storage unit 111. More specifically, the control processing unit 112 of the present invention may be an integrated circuit, and at least one firmware data is burned while the solid-state storage device 11 is made, and each of the firmware data executes the The default tasks are not the same, and the activation key D2 required for each activation of the firmware data is different. In addition, the data transmission interface 113 of the present invention is mainly used to generate an information connection with a host transmission interface 21 of the information device 2, and the data transmission interface 113 may be implemented by a serial advanced technology attachment (SATA) standard On the other hand, the device port 114 of the present invention can be implemented using the USB transmission standard. More specifically, the solid-state storage device 11 of the present invention further includes a circuit board 115 carrying the data storage unit 111, the control processing unit 112, the data transmission interface 113 and the device connection port 114, and a circuit board accommodating the circuit board 115 的 硬盘 壳 116。 115 hard disk housing 116. The hard disk casing 116 further has a pair of assembly through holes 117 opened corresponding to the device connection ports 114, and the opening positions of the assembly through holes 117 can be corresponding to the positions of the device connection ports 114 disposed on the circuit board 115 Adjustment.

承上述,本發明該啟動裝置12於一實施例中,可以是以一外接式熱插拔儲存裝置的實質態樣實施,該啟動裝置12可選擇性地組接於該裝置連接埠114上。該啟動裝置12包含有一預先寫入有該啟動金鑰D2的資料處理單元121,更進一步地,該資料處理單元121具有一經該裝置連接埠114與該控制處理單元112第一次資訊連接而擷取該裝置識別碼D1並作儲存的配對模式,以及一經該裝置連接埠114與該控制處理單元112再次資訊連接而比對所儲存的該裝置識別碼D1向該控制處理單元112輸出該啟動金鑰D2的致能模式。進一步地,該資料處理單元121同樣也可以是由一積體電路實施,而該資料處理單元121預先寫入儲存的該啟動金鑰D2則於該啟動裝置12製成的同時,利用資料燒錄的方式寫 入,並限制將該啟動金鑰D2改寫或刪除。因此,本發明該啟動裝置12於製成後,僅具有單一該啟動金鑰D2,只能啟動以相同該啟動金鑰D2作為啟動條件的該韌體資料。再者,由上述可以知道,該啟動裝置12可以是由該外接式熱插拔儲存裝置的實質態樣實施,於一實施例中,該啟動裝置12與該裝置連接埠114相同,可以是以USB傳輸規格實施,如圖1及圖3所示。進一步地,該啟動裝置12可以是由USB傳輸規格中所具有的一傳送/接收差動訊號端D+及D-與該控制處理單元112資訊連接傳遞該啟動金鑰D2。更進一步地,該啟動裝置12更可為一USB3.0傳輸規格實施。 Based on the above, in one embodiment, the activation device 12 of the present invention can be implemented in a substantial form of an external hot-swap storage device. The activation device 12 can be selectively assembled on the device connection port 114. The activation device 12 includes a data processing unit 121 pre-written with the activation key D2. Furthermore, the data processing unit 121 has a first information connection via the device connection port 114 and the control processing unit 112 to retrieve The device identification code D1 is fetched and stored as a pairing mode, and once the device connection port 114 and the control processing unit 112 are connected again, the stored device identification code D1 is compared and the activation money is output to the control processing unit 112 Enable mode of key D2. Further, the data processing unit 121 can also be implemented by an integrated circuit, and the data processing unit 121 writes in advance the stored activation key D2 when the activation device 12 is made and uses data to burn Way of writing Enter and restrict the rewriting or deletion of the activation key D2. Therefore, after the activation device 12 of the present invention is manufactured, it only has a single activation key D2 and can only activate the firmware data with the same activation key D2 as the activation condition. Furthermore, as can be seen from the above, the activation device 12 can be implemented by the physical form of the external hot-swap storage device. In one embodiment, the activation device 12 is the same as the device connection port 114, which can be The USB transmission specification is implemented as shown in Figure 1 and Figure 3. Further, the activation device 12 may be a transmission / reception differential signal terminal D + and D- included in the USB transmission specification and is connected to the control processing unit 112 to transmit the activation key D2. Furthermore, the boot device 12 can be implemented as a USB3.0 transmission standard.

為能更具體說明本發明該具資訊安全防護的資料儲存系統的實施過程,現就配合圖1至圖4說明如下。本發明該具資訊安全防護的資料儲存系統1於實施的初始,該固態儲存裝置11內所包含的該控制處理單元112寫入有至少一該韌體資料,而於此實施例,舉例該控制處理單元112寫入有一第一韌體資料以及一第二韌體資料,其中,該第一韌體資料所執行的該預設任務為該防止資料寫入任務,該第二韌體資料所執行的該預設任務則為該破壞資料儲存單元任務。另一方面,該啟動裝置12於本實施例的初始已將可啟動該第一韌體資料的該啟動金鑰D2寫入於該資料處理單元121中。於該固態儲存裝置11與該啟動裝置12第一次相互組接的同時,該啟動裝置12的該資料處理單元121進入該配對模式,擷取該固態儲存裝置11的該裝置識別碼D1並將該裝置識別碼D1儲存於該資料處理單元121之中(如步驟S01)。藉此,該啟動裝置12僅能與該固態儲存裝置11配對使用,而無法實施於另一該固態儲存裝置11。此後,使用者即可該將啟動裝置12與該固態儲存裝置11分離,於欲執行該韌體資料所儲存的該預設任務時,再將該啟動裝置12與該固態儲存裝置11再次連接,而於此次連接,該資料 處理單元121首先比對自該固態儲存裝置11所取得該裝置識別碼D1是否於儲存於該資料處理單元121中的該裝置識別碼D1為相同,若為相同,該資料處理單元121即向該固態儲存裝置11的該控制處理單元112輸出該啟動金鑰D2,而該控制處理單元112接受該啟動金鑰D2後,即判斷該啟動金鑰D2所能啟動的該韌體資料。承上,假設本實施例該啟動金鑰D2是用於啟動該第一韌體資料,所以經該控制處理單元112判斷該啟動金鑰D2與該第一韌體資料啟動所需該啟動金鑰D2為相同時,該控制處理單元112即執行該防止資料寫入任務,禁止該資訊設備2對該資料儲存單元111執行資料寫入的動作(如步驟S02)。據此,若本發明實施時,該啟動裝置12可以為複數個,每一該啟動裝置12僅能啟動該控制處理單元112所儲存該些韌體資料的其中之一。 In order to more specifically explain the implementation process of the data storage system with information security protection of the present invention, the description will now be made with reference to FIGS. 1 to 4 as follows. At the initial stage of implementation of the data storage system 1 with information security protection of the present invention, the control processing unit 112 included in the solid-state storage device 11 is written with at least one firmware data, and in this embodiment, the control is exemplified The processing unit 112 writes a first firmware data and a second firmware data, wherein the default task executed by the first firmware data is the data write prevention task, and the second firmware data is executed The preset task is the task of destroying the data storage unit. On the other hand, at the beginning of the present embodiment, the activation device 12 has written the activation key D2 that can activate the first firmware data into the data processing unit 121. At the same time that the solid-state storage device 11 and the startup device 12 are assembled with each other for the first time, the data processing unit 121 of the startup device 12 enters the pairing mode to retrieve the device identification code D1 of the solid-state storage device 11 and The device identification code D1 is stored in the data processing unit 121 (step S01). In this way, the starting device 12 can only be paired with the solid-state storage device 11 and cannot be implemented on another solid-state storage device 11. After that, the user can separate the startup device 12 from the solid-state storage device 11, and then connect the startup device 12 to the solid-state storage device 11 again when the preset task to store the firmware data is to be performed, And this connection, the information The processing unit 121 first compares whether the device identification code D1 obtained from the solid-state storage device 11 is the same as the device identification code D1 stored in the data processing unit 121. If the device identification code D1 is the same, the data processing unit 121 The control processing unit 112 of the solid-state storage device 11 outputs the activation key D2, and after receiving the activation key D2, the control processing unit 112 determines the firmware data that the activation key D2 can activate. As mentioned above, it is assumed that the activation key D2 is used to activate the first firmware data in this embodiment, so the activation key D2 and the activation of the first firmware data are determined by the control processing unit 112 to determine the activation key When D2 is the same, the control processing unit 112 executes the data write prevention task, prohibiting the information device 2 from performing data write operations to the data storage unit 111 (step S02). Accordingly, if the present invention is implemented, there may be a plurality of activation devices 12, and each activation device 12 can only activate one of the firmware data stored by the control processing unit 112.

並請參閱圖5,於一實施例中,該固態儲存裝置11更包含有一資訊接該控制處理單元112並供組接該啟動裝置12以傳遞該裝置識別碼D1及該啟動金鑰D2的資料連接線118。更具體說明,該資料連接線118的一端可組接於該裝置連接埠114,另一端則可以固定於一電腦機殼3上,供使用者可以選擇性地將該啟動裝置12組接於該資料連接線118上。 Please refer to FIG. 5. In one embodiment, the solid-state storage device 11 further includes an information connection to the control processing unit 112 and is used to connect the activation device 12 to transmit the data of the device identification code D1 and the activation key D2 Connecting line 118. More specifically, one end of the data connection cable 118 can be connected to the device port 114, and the other end can be fixed to a computer case 3 for users to selectively connect the activation device 12 to the Information link 118.

綜上所述,本發明該具資訊安全防護的資料儲存系統,包含一固態儲存裝置及至少一選擇性地組接於該固態儲存裝置上的啟動裝置。其中,該固態儲存裝置具有一資料儲存單元及一資訊連接該資料儲存單元並寫入至少一以一啟動金鑰觸發啟動而決定對該資料儲存單元執行一預設任務的韌體資料的控制處理單元。該啟動裝置則具有一預先寫入有該啟動金鑰的資料處理單元,該資料處理單元具有一與該控制處理單元第一次資訊連接而擷取該裝置識別碼並作儲存的配對模式,以及一與該控制處理單元再次資訊連接而比對所儲存的 該裝置識別碼向該控制處理單元輸出該啟動金鑰的致能模式。藉此,以提供無須配合電腦軟件即可對該固態儲存裝置實施資訊安全防護的資料儲存系統。 In summary, the data storage system with information security protection of the present invention includes a solid-state storage device and at least one activation device selectively connected to the solid-state storage device. Wherein, the solid-state storage device has a data storage unit and an information connection to the data storage unit and writes at least one control process of firmware data triggered by an activation key to decide to perform a predetermined task on the data storage unit unit. The activation device has a data processing unit pre-written with the activation key, and the data processing unit has a pairing mode in which the device identification code is retrieved and stored for the first information connection with the control processing unit, and One is connected to the control processing unit again to compare the stored information The device identification code outputs the enabling mode of the activation key to the control processing unit. In this way, a data storage system that can implement information security protection for the solid-state storage device without the need for computer software is provided.

以上已將本發明做一詳細說明,惟以上所述者,僅為本發明之一較佳實施例而已,當不能限定本發明實施之範圍。即凡依本發明申請範圍所作之均等變化與修飾等,皆應仍屬本發明之專利涵蓋範圍內。 The present invention has been described in detail above, but the above is only one of the preferred embodiments of the present invention, and it should not limit the scope of the present invention. That is, all changes and modifications made within the scope of the application of the present invention shall still fall within the scope of the patent of the present invention.

1‧‧‧資料儲存系統 1‧‧‧Data storage system

11‧‧‧固態儲存裝置 11‧‧‧Solid storage device

113‧‧‧資料傳輸介面 113‧‧‧Data transmission interface

114‧‧‧裝置連接埠 114‧‧‧Device port

116‧‧‧硬碟外殼 116‧‧‧Hard disk case

117‧‧‧組裝通孔 117‧‧‧Assembly through hole

12‧‧‧啟動裝置 12‧‧‧Starting device

21‧‧‧主機傳輸介面 21‧‧‧Host transmission interface

Claims (7)

一種具資訊安全防護的資料儲存系統,包含有:一固態儲存裝置,具有不重複的一裝置識別碼,並包含一資料儲存單元、一資訊連接該資料儲存單元並寫入至少一以一啟動金鑰觸發啟動而決定對該資料儲存單元執行一預設任務的韌體資料的控制處理單元、一資訊連接該控制處理單元並接受來自一資訊裝置所傳輸資料的資料傳輸介面以及一資訊連接該控制處理單元的裝置連接埠;以及至少一啟動裝置,選擇性地組接於該裝置連接埠上並包含有一預先寫入有該啟動金鑰的資料處理單元,該資料處理單元具有一經該裝置連接埠與該控制處理單元第一次資訊連接而擷取該裝置識別碼並作儲存的配對模式,以及一經該裝置連接埠與該控制處理單元再次資訊連接而比對所儲存的該裝置識別碼向該控制處理單元輸出該啟動金鑰的致能模式;其中,儲存有該裝置識別碼的該啟動裝置係僅能與該固態儲存裝置配對使用,而無法實施於另一該固態儲存裝置。 A data storage system with information security protection includes: a solid-state storage device with a device identification code that is not repeated, and includes a data storage unit, an information connection to the data storage unit and writing at least one to a start-up fund The key trigger is activated to determine the firmware processing unit that performs a predetermined task on the data storage unit, a data transmission interface that connects to the control processing unit and accepts data transmitted from an information device, and an information connection to the control Device port of the processing unit; and at least one activation device, which is selectively assembled on the device port and includes a data processing unit pre-written with the activation key, the data processing unit having a device port The first information connection with the control processing unit to retrieve the device identification code and store it as a pairing mode, and once the device connection port is connected to the control processing unit again through information connection to compare the stored device identification code to the The control processing unit outputs the enabling mode of the activation key; wherein, the device identification is stored The start code-based device that can only be paired with the use of solid state storage device, and not to another embodiment of the solid state storage device. 如請求項1所述具資訊安全防護的資料儲存系統,其中,該裝置連接埠以及該啟動裝置分別為一USB傳輸規格,且該啟動裝置是以一傳送/接收差動訊號端D+及D-與該控制處理單元資訊連接傳遞該啟動金鑰。 The data storage system with information security protection according to claim 1, wherein the device port and the activation device are respectively a USB transmission specification, and the activation device is a transmission / reception differential signal terminal D + and D- Connect with the control processing unit to transfer the activation key. 如請求項1或2所述具資訊安全防護的資料儲存系統,其中,該固態儲存裝置更包含有一資訊連接該控制處理單元並供組接該啟動裝置以傳遞該裝置識別碼及該啟動金鑰的資料連接線。 The data storage system with information security protection according to claim 1 or 2, wherein the solid-state storage device further includes an information connection to the control processing unit and for assembling the activation device to transmit the device identification code and the activation key Data cable. 如請求項1所述具資訊安全防護的資料儲存系統,其中,該控制處理單元寫入有複數韌體資料,每一該韌體資料啟動所需的該啟動金鑰為相異。 The data storage system with information security protection according to claim 1, wherein the control processing unit is written with a plurality of firmware data, and the activation key required for each firmware data activation is different. 如請求項1所述具資訊安全防護的資料儲存系統,其中,該資料儲存單元是選自由一單層式儲存快閃記憶體、一多層式儲存快閃記憶體以及一三層式儲存快閃記憶體所組成群組的其中之一。 The data storage system with information security protection according to claim 1, wherein the data storage unit is selected from a single-layer storage flash memory, a multi-layer storage flash memory, and a three-layer storage flash One of the groups formed by flash memory. 如請求項1所述具資訊安全防護的資料儲存系統,其中,該預設任務是選自由一防止資料寫入任務、一刪除資料任務、一破壞資料儲存單元任務以及一加密寫入資料任務所組成群組的其中之一。 The data storage system with information security protection according to claim 1, wherein the preset task is selected from a data write prevention task, a data deletion task, a data storage unit destruction task, and an encrypted data writing task Form one of the groups. 如請求項1所述具資訊安全防護的資料儲存系統,其中,該固態儲存裝置更包含有一承載該資料儲存單元、該控制處理單元、該資料傳輸介面以及該裝置連接埠的電路板以及一容置該電路板並具有一對應該裝置連接埠開設的組裝通孔的硬碟外殼。 The data storage system with information security protection according to claim 1, wherein the solid-state storage device further includes a circuit board carrying the data storage unit, the control processing unit, the data transmission interface and the device port, and a capacitor The circuit board is installed and has a pair of hard disk housings with assembly through holes opened corresponding to the device connection ports.
TW103122948A 2014-07-03 2014-07-03 Information storage system with information security protection TWI612440B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW103122948A TWI612440B (en) 2014-07-03 2014-07-03 Information storage system with information security protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW103122948A TWI612440B (en) 2014-07-03 2014-07-03 Information storage system with information security protection

Publications (2)

Publication Number Publication Date
TW201602831A TW201602831A (en) 2016-01-16
TWI612440B true TWI612440B (en) 2018-01-21

Family

ID=55641606

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103122948A TWI612440B (en) 2014-07-03 2014-07-03 Information storage system with information security protection

Country Status (1)

Country Link
TW (1) TWI612440B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI723575B (en) * 2019-10-14 2021-04-01 宇瞻科技股份有限公司 Hot plug sata storage device with security protection mechanism

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI791151B (en) * 2020-05-20 2023-02-01 楊建綱 Data automatic deletion method and system thereof

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200915183A (en) * 2007-09-25 2009-04-01 Super Talent Electronics Inc Portable USB device that boots a computer as a server with security measure

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200915183A (en) * 2007-09-25 2009-04-01 Super Talent Electronics Inc Portable USB device that boots a computer as a server with security measure

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI723575B (en) * 2019-10-14 2021-04-01 宇瞻科技股份有限公司 Hot plug sata storage device with security protection mechanism

Also Published As

Publication number Publication date
TW201602831A (en) 2016-01-16

Similar Documents

Publication Publication Date Title
US9529541B2 (en) Nonvolatile storage device and operating system (OS) image program method thereof
TWI398792B (en) Method and system of digital key
KR101350981B1 (en) hybrid optical disk drive, operation method of the drive, and electronic system adopting the drive
US9032540B2 (en) Access system and method thereof
US10013172B2 (en) Electronic data storage device with multiple configurable data storage mediums
TWI612440B (en) Information storage system with information security protection
TW201227391A (en) Storage device with a hidden space and its operation method
JP6055047B1 (en) Erase system for nonvolatile memory device, nonvolatile memory device, external erase device and method
JP2008165351A (en) Data processing method and detachable drive
TWI522839B (en) Storage device with multiple interfaces and multiple levels of data protection and related method thereof
JP5163522B2 (en) USB storage device, host computer, USB storage system, and program
CN105320580B (en) Data storage system with protecting information safety
US7143248B2 (en) Systems and methods for restoring critical data to computer long-term memory device controllers
US20160063263A1 (en) Data storage system with information security protection
US20030131112A1 (en) Computer firewall system
TWM492508U (en) Data storage system with information security protection function
US20070067566A1 (en) External storage device for controlling computer and method thereof
TWI835134B (en) Card reader and controller thereof, and method for permission management
US20120047582A1 (en) Data deleting method for computer storage device
CN117076365B (en) Method and system for controlling data transmissible peripheral interface of computer
TW201327254A (en) Non-volatile storage device, access control program, and storage control method
US20160351273A1 (en) One-time programmable (otp)/ read only (ro) data storage device
CN209070509U (en) Copy device capable of making solid state disk have anti-deleting storage area
US20080244163A1 (en) Portable data access device
JP2017079040A (en) Information terminal and method of data concealment processing therefor