TWI704574B - A security controlling method for a data strage device - Google Patents

A security controlling method for a data strage device Download PDF

Info

Publication number
TWI704574B
TWI704574B TW108134259A TW108134259A TWI704574B TW I704574 B TWI704574 B TW I704574B TW 108134259 A TW108134259 A TW 108134259A TW 108134259 A TW108134259 A TW 108134259A TW I704574 B TWI704574 B TW I704574B
Authority
TW
Taiwan
Prior art keywords
data storage
storage device
preset
match
mode
Prior art date
Application number
TW108134259A
Other languages
Chinese (zh)
Other versions
TW202113827A (en
Inventor
賴彥男
賴建庭
王裕賢
Original Assignee
英柏得科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 英柏得科技股份有限公司 filed Critical 英柏得科技股份有限公司
Priority to TW108134259A priority Critical patent/TWI704574B/en
Application granted granted Critical
Publication of TWI704574B publication Critical patent/TWI704574B/en
Publication of TW202113827A publication Critical patent/TW202113827A/en

Links

Images

Abstract

The present invention provides a security controlling method for a data storage device, comprising a step A and a step B1 or a step B2. The step A is to provide a preset allocation entry mode, and to compare an allocation entry mode in the data storage device with the preset allocation entry mode. If the comparison result is correct, a safety controlling mode of step B1 is performed. If the comparison result is not correct, a standard interface program of step B2 is performed.

Description

用於資料存儲裝置的安全控制方法 Safety control method for data storage device

本發明關於一種用於資料存儲裝置的安全控制方法,尤指一種能有效用於一般資料存儲裝置之各種軟/硬體界面、相對應主機(Host system)及其組合之安全控制方法。 The present invention relates to a security control method for data storage devices, in particular to a security control method that can be effectively used for various soft/hardware interfaces of general data storage devices, corresponding host systems and their combinations.

標準資料存儲產品基於定義大宗市場的應用介面,通常沒有定義特定應用或利基應用,因而造成各個廠商所生產之資料存儲產品各有獨立的應用界面。資料存儲產品的介面例如:SD Card、eMMC、SATA、PCIe與NVMe等。 Standard data storage products are based on the application interface that defines the bulk market, and usually do not define specific applications or niche applications. As a result, data storage products produced by various manufacturers have their own independent application interfaces. Interfaces of data storage products such as SD Card, eMMC, SATA, PCIe and NVMe, etc.

再,有些標準資料存儲產品的應用介面,有定義供應商命令集(Vendor Commands)以提供一些特定應用或是利基應用的功能使用介面。然而,如前所述,由於各個廠商所生產之資料存儲產品各有各自獨立的應用界面,此等特定應用或是利基應用的功能使用介面是無法在跨平台上有效使用;或,在跨平台上使用時會產生相容性的問題而根本無法使用。 Furthermore, the application interface of some standard data storage products has a defined vendor command set (Vendor Commands) to provide a functional interface for some specific applications or niche applications. However, as mentioned earlier, since the data storage products produced by various manufacturers have their own independent application interfaces, the functional user interfaces of these specific applications or niche applications cannot be effectively used across platforms; or, When used on the platform, it will cause compatibility problems and cannot be used at all.

再,目前業界有效控制資料存儲裝置的安全的方式有以下幾種方式:使用供應商命令集、修改驅動程式或外加專用介面。然而,如前所述,使用供應商命令集會有無法跨平台使用或有相容性之技術問題;修改驅動程式無法適用在需要外部橋接讀寫器的情況,潛在相容性不合的技 術問題;外加額外硬體介面會使整體生產成本增加,且仍然會有跨平台無法使用或有相容性之技術問題。 Furthermore, there are several ways to effectively control the security of data storage devices in the industry: using vendor command sets, modifying drivers, or adding dedicated interfaces. However, as mentioned earlier, the use of vendor command sets will have technical problems that cannot be used across platforms or have compatibility; modifying the driver cannot be applied to situations where external bridge readers are required, and potentially incompatible technologies. Technical problems; the addition of additional hardware interfaces will increase the overall production cost, and there will still be technical problems that cross-platform cannot be used or are compatible.

因此,為了克服前述問題,遂有本發明之產生。 Therefore, in order to overcome the aforementioned problems, the present invention was born.

本發明之目的在於提供一種用於資料存儲裝置的安全控制方法,而能有效解決於習知技術中因著使用供應商命令集會有無法跨平台使用或有相容性之技術問題、修改驅動程式卻無法適用在需要外部橋接讀寫器的情況之相容性問題;以及,外加額外硬體介面會使整體生產成本增加,且仍會有跨平台無法使用或有相容性之技術問題,因而達到可在標準的資料存儲裝置上,增加各種安全控制功能:包括:存取資料的隱藏與加密、特定安全控制的存取、防寫保護機制、特殊安全密鑰控管,而不會影響到該標準資料存儲裝置的原本功能且能橫跨各種平台或界面的技術效果。 The purpose of the present invention is to provide a security control method for data storage devices, which can effectively solve the technical problems that cannot be used across platforms or have compatibility due to the use of supplier command sets in the prior art, and modify the driver However, it cannot be applied to the compatibility problem when an external bridge reader/writer is required; and, the addition of an additional hardware interface will increase the overall production cost, and there will still be cross-platform unusable or compatible technical problems, so It is possible to add a variety of security control functions to standard data storage devices: including: hiding and encrypting access data, specific security control access, anti-write protection mechanism, special security key control, without affecting The original function of the standard data storage device can span the technical effects of various platforms or interfaces.

為達前述目的,本發明提供一種用於資料存儲裝置的安全控制方法,其包括一步驟A以及一步驟B1或一步驟B2。於該步驟A中,提供一預設分配入口模式,經由該預設分配入口模式以比對一資料存儲裝置中之一分配入口模式。若比對通過,則執行一步驟B1之一安全控制模式。若比對不通過,則執行一步驟B2之一標準界面程序。 To achieve the foregoing objective, the present invention provides a security control method for a data storage device, which includes a step A and a step B1 or a step B2. In step A, a preset distribution entry mode is provided, and one of the distribution entry modes in a data storage device is compared through the preset distribution entry mode. If the comparison is passed, a security control mode of step B1 is executed. If the comparison fails, perform a standard interface program of step B2.

實施時,該步驟A更包括:一步驟A1、一步驟A2與一步驟A3。於該步驟A1中,檢查該資料存儲裝置中之該分配入口模式與該預設分配入口模式是否相符;若相符,則進行下一步驟。於該步驟A2中,讀取該資料存儲裝置中之一特定標頭結構以檢查一辨識碼與一預設辨識碼是否相 符;若相符,則進行下一步驟。於該步驟A3中,檢查該特定標頭之結構是否完整,若完整,則執行該步驟B1。 When implemented, the step A further includes: a step A1, a step A2, and a step A3. In the step A1, it is checked whether the distribution entry mode in the data storage device is consistent with the preset distribution entry mode; if they match, the next step is performed. In the step A2, read a specific header structure in the data storage device to check whether an identification code is the same as a preset identification code If they match, proceed to the next step. In the step A3, check whether the structure of the specific header is complete, and if it is complete, execute the step B1.

實施時,該步驟A1之該分配入口模式與該預設分配入口模式若不相符,則以一初始資料覆寫該資料存儲裝置後,再執行該步驟B2;其中該步驟A2之該辨識碼與該預設辨識碼若不相符,則以該初始資料覆寫該資料存儲裝置後,再執行該步驟B2。 During implementation, if the allocation entry mode of step A1 does not match the preset allocation entry mode, the data storage device is overwritten with an initial data, and then step B2 is executed; wherein the identification code of step A2 is the same as If the preset identification code does not match, the data storage device is overwritten with the initial data, and then the step B2 is executed.

實施時,於該步驟A3之該特定標頭結構不完整時,重新執行該步驟A1。 During implementation, when the specific header structure of step A3 is incomplete, step A1 is executed again.

實施時,於該步驟B1之後更包括一步驟C,係檢查該資料存儲裝置中之一離開模式與一預設離開模式是否相符;若相符,則執行該離開模式;若不相符,則以一初始資料覆寫該資料存儲裝置後,再執行該步驟B2。 In implementation, after the step B1, a step C is further included, which is to check whether one of the exit modes in the data storage device is consistent with a preset exit mode; if they do, the exit mode is executed; if they do not, the exit mode is After the initial data overwrites the data storage device, step B2 is executed again.

實施時,該步驟A之前更包括下列步驟:一步驟W1與W2。於該W1步驟中,備份該初始資料,該初始資料預寫入該資料存儲裝置中。於該W2步驟中,將該分配入口模式與該離開模式預寫入該資料存儲裝置中。 During implementation, the step A further includes the following steps: a step W1 and W2. In the W1 step, the initial data is backed up, and the initial data is pre-written in the data storage device. In the W2 step, the allocation entry mode and the exit mode are pre-written into the data storage device.

實施時,該步驟W2係將一預設安全金鑰預寫入該資料存儲裝置中。 When implemented, the step W2 is to pre-write a preset security key into the data storage device.

實施時,於該步驟A3之後更包括一A4步驟,係檢查於該資料存儲裝置中之一安全金鑰與一預設安全金鑰是否相符;若相符,則執行該步驟B1;若不相符,則進行該步驟C。 In implementation, step A4 is included after step A3, which is to check whether a security key in the data storage device matches a preset security key; if they match, perform step B1; if they do not match, Then proceed to step C.

實施時,於該步驟A3之後更包括一A4步驟,係檢查於該資 料存儲裝置中之一安全金鑰與一預設安全金鑰是否相符;若相符,則執行該步驟B1;若不相符,則以該初始資料覆寫該資料存儲裝置後,再執行該步驟B2。 During implementation, a step A4 is included after step A3 to check the information Whether one of the security keys in the material storage device matches a preset security key; if they match, perform step B1; if they do not match, perform step B2 after overwriting the data storage device with the initial data .

實施時,該步驟B1中之該安全控制模式係為存取控制型資料、開啟/關閉特定程序或開啟/關閉寫入保護中之至少一者。 During implementation, the security control mode in step B1 is at least one of access control data, opening/closing a specific program, or opening/closing write protection.

為進一步瞭解本發明,以下舉較佳之實施例,配合圖式、圖號,將本發明之具體構成內容及其所達成的功效詳細說明如下。 In order to further understand the present invention, the following is a detailed description of the specific components of the present invention and the effects achieved by the preferred embodiments, in conjunction with the drawings and figure numbers.

A、A1、A2、A3、A4、B1、B2、C、W1、W2‧‧‧步驟 A, A1, A2, A3, A4, B1, B2, C, W1, W2‧‧‧Steps

第1A、1B圖係為本發明之較佳實施例之流程圖。 Figures 1A and 1B are flowcharts of a preferred embodiment of the present invention.

第2圖係為本創作之較佳實施例之立體外觀圖。 Figure 2 is a perspective view of the preferred embodiment of the creation.

第3圖係為本創作之較佳實施例之立體外觀圖。 Figure 3 is a perspective view of the preferred embodiment of the creation.

第4圖係為本創作之較佳實施例之立體外觀圖。 Figure 4 is a perspective view of the preferred embodiment of the creation.

第5圖係為本創作之較佳實施例之立體外觀圖。 Figure 5 is a perspective view of the preferred embodiment of the creation.

第6圖係為本創作之較佳實施例之立體外觀圖。 Figure 6 is a perspective view of the preferred embodiment of the creation.

第7A圖係為本創作之較佳實施例之使用狀態示意圖。 Figure 7A is a schematic diagram of the use state of the preferred embodiment of the creation.

第7B圖係為本創作之較佳實施例之使用狀態示意圖。 Figure 7B is a schematic diagram of the use state of the preferred embodiment of the creation.

本發明提供一種資料存儲裝置的安全控制方法,資料存儲裝置包括目前業界常用之格式如SD Card、eMMC、SATA、PCIe與NVMe等,而本發明的方法,如第7a與7b圖所示,可在各種資料存儲裝置中之控制器(包括界面解碼器、微控制器與快閃記憶體中之控制器)中執行,由此可 在所對應的主機系統(Host system)端或經由橋接讀寫器(Bridge Reader)的組態下執行,藉以與驅動程式(driver)、作業系統核心(OS kernel)或應用程式(Application Program)相整合而執行相應功能。當然,在另一實施例中,亦可將相關程序載入主機MCU或裝置控制器F/W中執行。請參考第1A圖,本發明之方法包括一步驟A,於該步驟A中,提供一預設分配入口模式,經由該預設分配入口模式以比對一資料存儲裝置中之一分配入口模式;若比對通過,則執行一步驟B1之一安全控制模式;若比對不通過,則執行一步驟B2之一標準界面程序。該分配入口模式是AP寫入位於該資料存儲裝置之指定區塊(block)中,作為檢查該資料存儲裝置中之該分配入口模式與該資料存儲裝置中於出廠時所預設的該預設分配入口模式是否相同之標準,若該分配入口模式與該預設分配入口模式相同而比對通過,則執行該步驟B1之該安全控制模式。在一實施例中,該安全控制模式可為存取控制型資料、開啟/關閉特定程序或開啟/關閉寫入保護中之至少一者。控制型資料可包含該資料存儲裝置的使用程度、非正常斷電次數、糾錯碼電路失效紀錄、資料位元錯誤率等;開啟/關閉特定程序則為例如:開啟對特定的區塊進行寫入或讀取、如開啟WORM(Write Once Read Many)功能等;開啟/關閉寫入保護則為例如:可將該資料存儲裝置設定為「防寫狀態」等。再,若該資料存儲裝置中之該分配入口模式與該資料存儲裝置中於出廠時所預設的該預設分配入口模式不相同,即為比對不通過,則執行一步驟B2之一標準界面程序。該標準作業程序即為一般業界常用之主機下界面的命令,而無法執行如前述於該安全控制模式下的各種特殊程序。 The present invention provides a security control method for a data storage device. The data storage device includes formats commonly used in the industry such as SD Card, eMMC, SATA, PCIe, and NVMe. The method of the present invention, as shown in Figures 7a and 7b, can Execute in the controllers in various data storage devices (including interface decoders, microcontrollers and controllers in flash memory), which can Run under the configuration of the corresponding host system (Host system) or through the bridge reader (Bridge Reader), so as to be compatible with the driver, operating system kernel (OS kernel) or application program (Application Program) Integrate and perform corresponding functions. Of course, in another embodiment, related programs can also be loaded into the host MCU or device controller F/W for execution. Please refer to Fig. 1A. The method of the present invention includes a step A, in which step A, a preset distribution entry mode is provided, and one of the distribution entry modes in a data storage device is compared through the preset distribution entry mode; If the comparison is passed, a security control mode of step B1 is executed; if the comparison is not passed, a standard interface program of step B2 is executed. The distribution entry mode is that the AP writes in a designated block of the data storage device to check the distribution entry mode in the data storage device and the default preset in the data storage device at the factory The standard of whether the distribution entry mode is the same, if the distribution entry mode is the same as the preset distribution entry mode and the comparison passes, the security control mode of step B1 is executed. In one embodiment, the security control mode can be at least one of access control data, opening/closing a specific program, or opening/closing write protection. The control data can include the usage of the data storage device, the number of abnormal power failures, the error correction code circuit failure record, the data bit error rate, etc.; opening/closing a specific program is for example: opening to write to a specific block For example, the data storage device can be set to the "write-protected state" and so on. Furthermore, if the distribution entry mode in the data storage device is different from the default distribution entry mode preset at the factory in the data storage device, that is, the comparison fails, then a standard of step B2 is executed Interface program. The standard operating procedure is the command of the interface of the host commonly used in the industry, and it is impossible to execute various special procedures under the security control mode as described above.

請參考第2圖,在本發明另一實施例中,該步驟A更包 括:一步驟A1、一步驟A2與一步驟A3。於該步驟A1中,檢查該資料存儲裝置中之該分配入口模式與該預設分配入口模式是否相符,如前所述在此不贅述。若相符,則進行下一步驟,即,該步驟A2,於該A2步驟中,讀取該資料存儲裝置中之一特定標頭結構,以檢查一辨識碼與一預設辨識碼是否相符,該辨識碼可為特定公司、特定組織、部門、特定人員等足以代表個人、特定群體的簽名。換言之,於此實施例中,本發明之資料存儲裝置被設定為只有特定的個人、特定部門或特定單位等進行使用時,才能使用安全控制模式下的前述特殊步驟。再,若該辨識碼與該預設辨識碼相符,即代表身份已經確認,則進行下一步驟,即一步驟A3。於該A3步驟中,檢查該特定標頭之結構是否完整,意即,於此步驟中所讀到的資料應為完整內容,避免因過程中受OS等其他指令干擾或超過預定的讀取時間而導致資料非完整。再,若該特定標頭之結構完整,則執行該步驟B1之前述安全控制模式。再,若於該步驟A3之該特定標頭結構不完整時,則重新執行該步驟A1,再次檢查該資料存儲裝置中之該分配入口模式與該預設分配入口模式是否相符以及讀取該資料存儲裝置中之一特定標頭結構,以檢查一辨識碼與一預設辨識碼是否相符,藉以確定於此步驟中所讀到的資料皆為完整內容。 Please refer to Figure 2. In another embodiment of the present invention, step A includes Including: a step A1, a step A2 and a step A3. In the step A1, it is checked whether the distribution entry mode in the data storage device is consistent with the preset distribution entry mode, which is not repeated here as described above. If they match, proceed to the next step, that is, step A2. In step A2, read a specific header structure in the data storage device to check whether an identification code matches a preset identification code. The identification code can be a signature sufficient to represent an individual or a specific group of a specific company, a specific organization, a department, or a specific person. In other words, in this embodiment, the data storage device of the present invention is set to use the aforementioned special steps in the security control mode only when used by a specific individual, a specific department, or a specific unit. Furthermore, if the identification code matches the preset identification code, it means that the identity has been confirmed, and proceed to the next step, namely step A3. In the A3 step, check whether the structure of the specific header is complete, which means that the data read in this step should be the complete content, so as to avoid interference from other commands such as OS or exceeding the predetermined read time during the process This leads to incomplete information. Furthermore, if the structure of the specific header is complete, the aforementioned security control mode of step B1 is executed. Furthermore, if the specific header structure in the step A3 is incomplete, re-execute the step A1 to check again whether the allocation entry mode in the data storage device matches the preset allocation entry mode and read the data A specific header structure in the storage device is used to check whether an identification code matches a preset identification code, so as to ensure that the data read in this step is complete.

請繼續參考第2圖,該步驟A1之該分配入口模式與該預設分配入口模式若不相符,則以一初始資料覆寫該資料存儲裝置後,再執行該步驟B2。意即,將前述步驟中所產生於該資料存儲裝置中之所有區塊的變動都回復成初始狀態,之後再執行前述步驟B2之標準界面程序。再,於該步驟A2之該辨識碼與該預設辨識碼若不相符,則以該初始資料覆寫該 資料存儲裝置後,再執行該步驟B2之標準界面程序。 Please continue to refer to Figure 2. If the allocation entry mode of step A1 does not match the preset allocation entry mode, the data storage device is overwritten with an initial data, and then step B2 is performed. That is, all the changes of all blocks in the data storage device generated in the foregoing steps are restored to the initial state, and then the standard interface program of the foregoing step B2 is executed. Furthermore, if the identification code in step A2 does not match the default identification code, the initial data will be used to overwrite the After the data storage device, execute the standard interface program of step B2.

請繼續參考第2至6圖之實施例,於此等實施例中,於該步驟B1之後更包括一步驟C,係檢查該資料存儲裝置中之一離開模式與一預設離開模式是否相符。該離開模式亦是AP寫入位於該資料存儲裝置之指定區塊(block)中,供檢查該資料存儲裝置中之該離開模式與該資料存儲裝置中於出廠時所預設的該預設離開模式是否相同,若該離開模式與該預設離開模式相同而比對通過,則執行該離開模式;若該離開模式與該預設離開模式不相符,則以一初始資料覆寫該資料存儲裝置後,再執行該步驟B2之標準界面程序。因此,本發明在起始與結束前皆會分別將分配入口模式和離開模式與其所對應之預設分配入口模式與預設離開模式比對,大幅增強本發明之安全性。在另一實施例中,本發明之前述預設分配入口模式與預設離開模式是可存儲於相同或相異的指定區塊中。而於本發明第2圖至第4圖之實施例中,彼此的差異在於,該B1步驟中之安全控制模式分別為存取控制型資料、開啟/關閉特定程序或開啟/關閉寫入保護,換言之,本發明之安全控制模式下之前述特殊步驟亦可獨立執行。 Please continue to refer to the embodiments in FIGS. 2-6. In these embodiments, after the step B1, a step C is further included to check whether one of the leaving modes in the data storage device matches a preset leaving mode. The exit mode is also written by the AP in a designated block of the data storage device for checking the exit mode in the data storage device and the default exit preset in the data storage device at the factory Whether the mode is the same, if the leave mode is the same as the default leave mode and the comparison passes, the leave mode is executed; if the leave mode does not match the default leave mode, the data storage device is overwritten with an initial data After that, execute the standard interface program of step B2. Therefore, the present invention compares the distribution entry mode and the exit mode with the corresponding preset distribution entry mode and the preset exit mode before the start and the end, which greatly enhances the security of the present invention. In another embodiment, the aforementioned preset allocation entry mode and preset exit mode of the present invention can be stored in the same or different designated blocks. In the embodiments of Figures 2 to 4 of the present invention, the difference is that the security control mode in step B1 is to access control data, turn on/off specific procedures, or turn on/off write protection. In other words, the aforementioned special steps in the safety control mode of the present invention can also be executed independently.

再,該步驟A之前更包括下列步驟:一步驟W1與一步驟W2。於該步驟W1中,為了使該資料存儲裝置的初始資料完整,先將該資料存儲裝置中之該初始資料進行備份,AP會至出廠時預寫入該資料存儲裝置中之初始資料位址去備份當下的初始資料,該初始資料是由製造廠商預寫入該資料存儲裝置之初始資料位址中且該初始資料會隨本發明此等步驟執行前之使用狀況而改變。再,於該步驟W2中,將該分配入口模式與該離開模式分別預寫入該資料存儲裝置中,藉以作為前述實施例中之前述 步驟中比對之根據。 Furthermore, the step A further includes the following steps: a step W1 and a step W2. In this step W1, in order to make the initial data of the data storage device complete, first back up the initial data in the data storage device, and the AP will pre-write the initial data address in the data storage device before leaving the factory. The current initial data is backed up. The initial data is pre-written into the initial data address of the data storage device by the manufacturer, and the initial data will change according to the usage conditions of the present invention before the execution of these steps. Furthermore, in the step W2, the allocation entry mode and the exit mode are respectively pre-written in the data storage device, so as to serve as the foregoing in the foregoing embodiment The basis for the comparison in the steps.

在另一實施例中,該步驟W2中,更包括將一預設安全金鑰預寫入該資料存儲裝置中,此實施例是與第5至6圖之實施例有關。請參考本發明第5圖之本發明之另一實施例,與第1至4圖之實施例的差別在,於該步驟A3之後更包括一A4步驟,係檢查於該資料存儲裝置中之AP內設定之一安全金鑰與於該步驟W2中所預寫入、從該資料存儲裝置中讀出之該預設安全金鑰是否相符,意即,除了前述實施例中之步驟A1至A3外,於本實施例中更增加了安全金鑰驗證的A4步驟,此安全金鑰可為習知各種數字、字母之組合等,藉以多增加一層之安全驗證步驟。在另一實施例中,本發明之該安全金鑰也可儲存於主機系統端等習知的任何配置,不限於儲存在該資料存儲裝置中。若該安全金鑰與該預設安全金鑰相符,則執行該步驟B1之安全控制模式,例如:前述存取控制型資料、開啟/關閉特定程序或開啟/關閉寫入保護以及其他高階的安全功能中之至少一者。若該安全金鑰與該預設安全金鑰不相符,則進行該步驟C之係檢查該資料存儲裝置中之一離開模式與一預設離開模式是否相符;若相符,則所有步驟結束;若不相符,則以該初始資料覆寫該資料存儲裝置後進行該步驟B2之標準界面程序。 In another embodiment, the step W2 further includes pre-writing a preset security key into the data storage device. This embodiment is related to the embodiment in FIGS. 5-6. Please refer to another embodiment of the present invention in Figure 5 of the present invention. The difference from the embodiment in Figures 1 to 4 is that after step A3, a step A4 is included to check the AP in the data storage device. Whether a security key set inside matches the preset security key pre-written in step W2 and read from the data storage device, that is, except for steps A1 to A3 in the foregoing embodiment In this embodiment, a step A4 of the security key verification is added. The security key can be a combination of various numbers and letters, etc., so as to add another layer of security verification steps. In another embodiment, the security key of the present invention can also be stored in any conventional configuration such as the host system, and is not limited to being stored in the data storage device. If the security key matches the default security key, execute the security control mode of step B1, such as: the aforementioned access control data, turn on/off specific procedures or turn on/off write protection, and other high-level security At least one of the functions. If the security key does not match the default security key, perform step C to check whether one of the exit modes in the data storage device is consistent with a default exit mode; if they match, all steps are ended; if If they do not match, the data storage device is overwritten with the initial data and then the standard interface procedure of step B2 is performed.

請參考第6圖,於本發明第5圖之實施例相比,於該步驟A中同樣包括該步驟A4,係檢查於該資料存儲裝置中之一安全金鑰與一預設安全金鑰是否相符,若相符,則執行該步驟B1,在此不贅述。第6圖之實施例與第5圖之實施例之差別在於,若於該資料存儲裝置中之該安全金鑰與該預設安全金鑰不相符,則直接以該初始資料覆寫該資料存儲裝置 後,再執行該步驟B2之標準界面程序。而後續步驟則與於本發明第5圖之實施例相同。再,本發明之第5圖與第6圖之實施例於實際應用時,可用於確認該資料存儲裝置是否為特定用途之資料存儲裝置,例如:警方、軍方或企業界之特定資料存儲裝置,藉以防止讓某些被保護的資料如警方資料、軍方機密文件或企業機密文件被存取。 Please refer to Figure 6, compared with the embodiment of Figure 5 of the present invention, step A also includes step A4, which is to check whether a security key in the data storage device and a preset security key are If they match, perform step B1, which will not be repeated here. The difference between the embodiment in FIG. 6 and the embodiment in FIG. 5 is that if the security key in the data storage device does not match the default security key, the data storage is directly overwritten with the initial data Device After that, execute the standard interface program of step B2. The subsequent steps are the same as the embodiment shown in Figure 5 of the present invention. Furthermore, the embodiment of Fig. 5 and Fig. 6 of the present invention can be used to confirm whether the data storage device is a data storage device for a specific purpose, such as a specific data storage device for the police, the military, or the corporate world. , In order to prevent certain protected information such as police information, military confidential documents or corporate confidential documents from being accessed.

因此,本發明具有以下之優點: Therefore, the present invention has the following advantages:

1.利用本發明之方法,可以在一般資料存儲裝置上,增加許多外加的安全控制功能,而不會影響到一般資料存儲裝置的原本功能。外加的安全控制功能,例如:針對存取資料的隱藏與加密,特定安全控制的存取,防寫保護機制,特殊安全密鑰控管等,具有許多的實施例變化,讓整體的安全性大幅增加。 1. Using the method of the present invention, it is possible to add many additional security control functions to the general data storage device without affecting the original functions of the general data storage device. Additional security control functions, such as: hiding and encrypting access data, accessing specific security controls, anti-write protection mechanism, special security key control, etc., have many implementation changes, which greatly enhance the overall security increase.

2.本發明的安全控制機制與方法的啟動與終止,僅需以標準協定中的標準命令輔以安全認證標籤來執行,不需要額外定義特殊命令集,故能提供於現今業界所生產之各種界面之極佳的相容性。 2. The startup and termination of the safety control mechanism and method of the present invention only need to be executed with the standard commands in the standard agreement supplemented by the safety certification label, and there is no need to define additional special command sets, so it can provide various kinds of products produced in the industry Excellent compatibility of the interface.

3.本發明只有在安全控制模式下操作資料之保密或特殊的安全步驟,在本發明的安全控制模式未啟動時,即,於標準界面程序時,資料存儲裝置與一般市面上的資料存儲裝置的功能完全相同,使有心人士(如商業間諜等)無法察覺隱藏在其中之安全控制相關程序。 3. The present invention only operates the confidentiality or special security steps of the data in the security control mode. When the security control mode of the present invention is not activated, that is, when in the standard interface program, the data storage device and the general data storage device on the market The functions are exactly the same, so that interested persons (such as commercial espionage, etc.) cannot detect the hidden security control related programs.

4.透過本發明之安全控制模式,將資料存儲裝置設定為「防寫狀態」,如此的防寫保護機制具有極高的安全性,並透過本發明之安全控制模式,在保密的資料傳遞下,有效進行於分配入口模 式、個人/企業/部門辨識碼、金鑰方面的高階安全控管。 4. Through the security control mode of the present invention, the data storage device is set to the "anti-write state". This anti-write protection mechanism has extremely high security, and through the security control mode of the present invention, under confidential data transmission , Effectively carried out in the distribution entry mode High-level security control in terms of format, personal/enterprise/department identification code, and key.

以上所述乃是本發明之具體實施例及所運用之技術手段,根據本文的揭露或教導可衍生推導出許多的變更與修正,仍可視為本發明之構想所作之等效改變,其所產生之作用仍未超出說明書及圖式所涵蓋之實質精神,均應視為在本發明之技術範疇之內,合先陳明。 The above are the specific embodiments of the present invention and the technical means used. Many changes and corrections can be derived based on the disclosure or teaching of this article, which can still be regarded as equivalent changes made to the concept of the present invention, and the resulting The effect of the invention does not exceed the essential spirit covered by the specification and the drawings, and should be regarded as within the technical scope of the present invention, and shall be explained first.

綜上所述,依上文所揭示之內容,本發明確可達到發明之預期目的,提供一種用於資料存儲裝置的安全控制方法,在一般資料存儲裝置上,增加許多外加的安全控制功能,而不會影響到一般資料存儲裝置的原本功能且具有極高的安全性,極具產業上利用之價植,爰依法提出發明專利申請。 In summary, based on the content disclosed above, the present invention can clearly achieve the intended purpose of the invention, providing a security control method for data storage devices, adding many additional security control functions to general data storage devices, It will not affect the original functions of general data storage devices and has extremely high security, which is extremely valuable for industrial use. Yan filed an invention patent application in accordance with the law.

B1、B2‧‧‧步驟A B1, B2‧‧‧Step A

Claims (9)

一種用於資料存儲裝置的安全控制方法,其包括:A:提供一預設分配入口模式,經由該預設分配入口模式以比對一資料存儲裝置中之一分配入口模式;若比對通過,則執行一步驟B1之一安全控制模式;若比對不通過,則執行一步驟B2之一標準界面程序;其中該步驟A更包括:A1:檢查該資料存儲裝置中之該分配入口模式與該預設分配入口模式是否相符;若相符,則進行下一步驟;A2:讀取該資料存儲裝置中之一特定標頭結構以檢查一辨識碼與一預設辨識碼是否相符;若相符,則進行下一步驟;A3:檢查該特定標頭之結構是否完整,若完整,則執行該步驟B1。 A security control method for a data storage device, comprising: A: providing a preset distribution entry mode, through which one of the distribution entry modes of a data storage device is compared; if the comparison passes, Then execute a security control mode of step B1; if the comparison fails, execute a standard interface program of step B2; wherein step A further includes: A1: check the distribution entry mode and the data storage device in the data storage device Whether the preset distribution entry modes match; if they match, proceed to the next step; A2: read a specific header structure in the data storage device to check whether an identification code matches a preset identification code; if they match, then Proceed to the next step; A3: Check whether the structure of the specific header is complete, if it is complete, perform step B1. 如申請專利範圍第1項所述之用於資料存儲裝置的安全控制方法,其中該步驟A1之該分配入口模式與該預設分配入口模式若不相符,則以一初始資料覆寫該資料存儲裝置後,再執行該步驟B2;其中該步驟A2之該辨識碼與該預設辨識碼若不相符,則以該初始資料覆寫該資料存儲裝置後,再執行該步驟B2。 For example, the security control method for a data storage device described in item 1 of the scope of patent application, wherein if the allocation entry mode of step A1 does not match the preset allocation entry mode, the data storage is overwritten with an initial data After the device is installed, perform the step B2; wherein if the identification code of the step A2 does not match the preset identification code, the data storage device is overwritten with the initial data, and then the step B2 is executed. 如申請專利範圍第1項所述之用於資料存儲裝置的安全控制方法,其中於該步驟A3之該特定標頭結構不完整時,重新執行該步驟A1。 The security control method for a data storage device as described in item 1 of the scope of patent application, wherein when the specific header structure of the step A3 is incomplete, the step A1 is executed again. 如申請專利範圍第1、2或3項所述之用於資料存儲裝置的安全控制方法,其中於該步驟B1之後更包括一步驟C,係檢查該資料存儲裝置中之一離開模式與一預設離開模式是否相符;若相符,則執行該離開模式;若不相符,則以該初始資料覆寫該資料存儲裝置後,再執行該步驟B2。 The security control method for a data storage device as described in item 1, 2 or 3 of the scope of patent application, which further includes a step C after the step B1, which is to check one of the exit modes and a preset of the data storage device Set whether the exit mode matches; if it does, execute the exit mode; if it does not match, overwrite the data storage device with the initial data, and then execute the step B2. 如申請專利範圍第4項所述之用於資料存儲裝置的安全控制方法,其中,該步驟A之前更包括下列步驟:W1:備份該初始資料,該初始資料預寫入該資料存儲裝置中;W2:將該預設分配入口模式與該預設離開模式預寫入該資料存儲裝置中。 As described in item 4 of the scope of patent application, the security control method for a data storage device further includes the following steps before step A: W1: backup the initial data, which is pre-written into the data storage device; W2: Pre-write the preset allocation entry mode and the preset exit mode into the data storage device. 如申請專利範圍第5項所述之用於資料存儲裝置的安全控制方法,其中,該步驟W2係將一預設安全金鑰預寫入該資料存儲裝置中。 The security control method for a data storage device as described in item 5 of the scope of patent application, wherein the step W2 is to pre-write a preset security key into the data storage device. 如申請專利範圍第6項所述之用於資料存儲裝置的安全控制方法,其中於該步驟A3之後更包括一A4步驟,係檢查於該資料存儲裝置中之一安全金鑰與該預設安全金鑰是否相符;若相符,則執行該步驟B1;若不相符,則進行該步驟C。 The security control method for a data storage device as described in item 6 of the scope of patent application, which further includes a step A4 after step A3, which is to check a security key in the data storage device and the preset security Whether the keys match; if they match, perform step B1; if they do not match, proceed to step C. 如申請專利範圍第6項所述之用於資料存儲裝置的安全控制方法,其中於該步驟A3之後更包括一A4步驟,係檢查於該資料存儲裝置中之一安全金鑰與一預設安全金鑰是否相符;若相符,則執行該步驟B1;若不相符,則以該初始資料覆寫該資料存儲裝置後,再執行該步驟B2。 The security control method for a data storage device as described in item 6 of the scope of patent application, which further includes a step A4 after step A3, which is to check a security key and a preset security in the data storage device Whether the key matches; if they match, perform step B1; if they do not match, then perform step B2 after overwriting the data storage device with the initial data. 如申請專利範圍第1項所述之用於資料存儲裝置的安全控制方法,其中該步驟B1中之該安全控制模式係為存取控制型資料、開啟/關閉特定程序或開啟/關閉寫入保護中之至少一者。 The security control method for a data storage device as described in item 1 of the scope of patent application, wherein the security control mode in step B1 is to access control data, turn on/off specific procedures, or turn on/off write protection At least one of them.
TW108134259A 2019-09-23 2019-09-23 A security controlling method for a data strage device TWI704574B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108134259A TWI704574B (en) 2019-09-23 2019-09-23 A security controlling method for a data strage device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108134259A TWI704574B (en) 2019-09-23 2019-09-23 A security controlling method for a data strage device

Publications (2)

Publication Number Publication Date
TWI704574B true TWI704574B (en) 2020-09-11
TW202113827A TW202113827A (en) 2021-04-01

Family

ID=73643951

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108134259A TWI704574B (en) 2019-09-23 2019-09-23 A security controlling method for a data strage device

Country Status (1)

Country Link
TW (1) TWI704574B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW504709B (en) * 2000-04-21 2002-10-01 Sharp Kk Semiconductor storage device, control device, and electronic apparatus
TW200513986A (en) * 2003-10-01 2005-04-16 Microsoft Corp Systems and methods for deterring theft of electronic devices
TW200945212A (en) * 2008-03-06 2009-11-01 Samsung Electronics Co Ltd Data storage device and data management method thereof
TW201244462A (en) * 2011-04-18 2012-11-01 Skyviia Corp Digital broadcasting signal displaying system and signal processing method thereof
TW201349008A (en) * 2012-02-16 2013-12-01 Samsung Electronics Co Ltd Method and apparatus for protecting digital content using device authentication
TWM516184U (en) * 2015-07-22 2016-01-21 Embestor Technology Inc Solid-state hard disk controller with expandable function of insertion card
US20190004895A1 (en) * 2017-07-03 2019-01-03 SK Hynix Inc. Memory system and operating method thereof
TW201916062A (en) * 2017-10-13 2019-04-16 瑞賦科技股份有限公司 Medical information conversion device and method thereof which facilitates transfer, reading, and storage of the data conveniently

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW504709B (en) * 2000-04-21 2002-10-01 Sharp Kk Semiconductor storage device, control device, and electronic apparatus
TW200513986A (en) * 2003-10-01 2005-04-16 Microsoft Corp Systems and methods for deterring theft of electronic devices
TW200945212A (en) * 2008-03-06 2009-11-01 Samsung Electronics Co Ltd Data storage device and data management method thereof
TW201244462A (en) * 2011-04-18 2012-11-01 Skyviia Corp Digital broadcasting signal displaying system and signal processing method thereof
TW201349008A (en) * 2012-02-16 2013-12-01 Samsung Electronics Co Ltd Method and apparatus for protecting digital content using device authentication
TWM516184U (en) * 2015-07-22 2016-01-21 Embestor Technology Inc Solid-state hard disk controller with expandable function of insertion card
US20190004895A1 (en) * 2017-07-03 2019-01-03 SK Hynix Inc. Memory system and operating method thereof
TW201916062A (en) * 2017-10-13 2019-04-16 瑞賦科技股份有限公司 Medical information conversion device and method thereof which facilitates transfer, reading, and storage of the data conveniently

Also Published As

Publication number Publication date
TW202113827A (en) 2021-04-01

Similar Documents

Publication Publication Date Title
US6976136B2 (en) Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller
US5357573A (en) Memory card
JP4868614B2 (en) Apparatus, system, and computer program for data protection by storage device
US20090024784A1 (en) Method for writing data into storage on chip and system thereof
US20130124845A1 (en) Embedded device and control method thereof
US11157181B2 (en) Card activation device and methods for authenticating and activating a data storage device by using a card activation device
TWI606362B (en) Accessing system and method thereof
US6173057B1 (en) Method of making secure and controlling access to information from a computer platform having a microcomputer
CN114793159A (en) Random encryption method applied to automobile ECU controller
US20140365710A1 (en) Data storage apparatus and management method thereof
US20050193195A1 (en) Method and system for protecting data of storage unit
CN114662164A (en) Identity authentication and access control system, method and equipment based on encrypted hard disk
TWI704574B (en) A security controlling method for a data strage device
KR20180066601A (en) Method of driving memory system
JP3028055B2 (en) PC card system and program rewriting method
TWI749523B (en) Electronic devices, methods, and computer readable mediums for activating mass production software tool
CN108595939A (en) A kind of method and system authorizing external equipment permission
US20070033648A1 (en) Method for Executing Commands to Control a Portable Storage Device
TWI446351B (en) Data writing method and computer system
CN111124462B (en) Method, device, server and storage medium for updating embedded multimedia card
US20110173458A1 (en) Secure portable data storage device
US20110173377A1 (en) Secure portable data storage device
CN116795741B (en) Method and system for preventing memory data from being deleted and tampered
CN103186480A (en) Non-volatile storage device, recording medium, and storage control method
EP3961451B1 (en) Storage device