TWI741294B - Control system and method for executing access device - Google Patents
Control system and method for executing access device Download PDFInfo
- Publication number
- TWI741294B TWI741294B TW108116294A TW108116294A TWI741294B TW I741294 B TWI741294 B TW I741294B TW 108116294 A TW108116294 A TW 108116294A TW 108116294 A TW108116294 A TW 108116294A TW I741294 B TWI741294 B TW I741294B
- Authority
- TW
- Taiwan
- Prior art keywords
- access device
- host
- server
- control command
- access
- Prior art date
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
本發明旨在揭露一種用於執行存取裝置之控制系統及其方法,其由一主機之一程式連線一伺服器,偵測取得與主機電性連接之至少一存取裝置的一識別碼後,再傳送至伺服器。伺服器依據識別碼查詢存取裝置之一存取權限,而對應傳送一控制指令至主機,主機依據控制指令設定存取裝置於主機之存取權限。藉此管控存取裝置於主機存、取資料之流向,以提升資訊安全。The present invention aims to disclose a control system and method for executing an access device, which connects a server with a program from a host, and detects and obtains an identification code of at least one access device electrically connected to the host Then, send it to the server. The server queries an access authority of the access device according to the identification code, and correspondingly sends a control command to the host, and the host sets the access authority of the access device to the host according to the control command. This way, the flow of data stored and retrieved by the access device on the host can be controlled to enhance information security.
Description
本發明係有關於一種控制系統,其尤指一種用於管控與主機連結之存取裝置執行存、取資料動作之系統及其方法。 The present invention relates to a control system, and particularly refers to a system and method for managing and controlling an access device connected to a host to perform operations of storing and fetching data.
一般用於存、取資料之存取裝置(如隨身碟),其運作方式茲與一具備連接埠(如USB埠)之主機(如電腦)連接,而做為一可隨插即用之裝置。一旦存取裝置與主機完成電性連接關係,即可將存取裝置所儲存之資料存入主機,或者是自主機讀取資料儲入存取裝置,具有相當之便利性。 An access device (such as a flash drive) that is generally used to store and retrieve data. Its operation mode is connected to a host (such as a computer) with a port (such as a USB port) and used as a plug-and-play device . Once the access device and the host complete the electrical connection relationship, the data stored in the access device can be stored in the host, or the data can be read from the host and stored in the access device, which has considerable convenience.
然而,鑒於有些機關單位所處理之事務隸屬於高度機密之資料,若是於管理上沒有建立完善之控管制度,容易造成任意人員都可以透過存取裝置取得敏感性資料,而有安全疑慮上之問題。 However, given that the affairs handled by some agencies are subject to highly confidential information, if a complete control system is not established in management, it is easy to cause any person to obtain sensitive information through the access device, and there are security concerns. problem.
因此,若具有一套能夠建立完整之控制系統,以針對每一資料之機密重要程度劃分不同等級,再輔以配合與資料等級相符之權限授予存取裝置存、取,即可達到有效管控資訊安全之效用。 Therefore, if there is a complete control system that can be established to classify the confidentiality and importance of each data at different levels, and supplemented with the authorization to grant access to the device in accordance with the data level, the information can be effectively controlled. The utility of safety.
職是之故,本發明人鑑於上述所衍生之問題進行改良,茲思及發明改良之意念著手研發解決方案,遂經多時之構思而有本發明之用於執行存取裝置之控制系統及其方法產生,以服務社會大眾以及促進此業之發展。 For this reason, the inventor of the present invention has made improvements in view of the above-derived problems, and started to develop solutions with the idea of inventing improvements. After many years of thinking, the present invention is used to implement the control system of the access device and The method is produced to serve the public and promote the development of this industry.
本發明之目的係提供一種用於執行存取裝置之控制系統及其方法,其透過主機、伺服器之間的電性連接關係,輔以程式、控制指 令、識別碼等資訊往來,設定存取裝置於主機之存取權限,而確實取得兩元件之間資料存取之流向,藉此提升資訊安全。 The purpose of the present invention is to provide a control system and method for executing an access device, which uses the electrical connection relationship between the host and the server, supplemented by programs and control instructions. To exchange information such as commands, identification codes, etc., to set the access authority of the access device on the host, and to obtain the flow of data access between the two components, thereby enhancing information security.
為了達成上述所指稱之各目的與功效,本發明揭露一種用於執行存取裝置之方法,其包含:一主機之一程式連線至一伺服器;當偵測到至少一存取裝置連接該主機時,取得該存取裝置之一識別碼,並經由該程式傳送至該伺服器;該伺服器依據該識別碼查詢該存取裝置之一存取權限;該伺服器對應傳送一控制指令至該主機;以及該主機依據該控制指令設定該存取裝置於該主機之該存取權限。 In order to achieve the aforementioned objectives and effects, the present invention discloses a method for executing an access device, which includes: a host and a program are connected to a server; when it is detected that at least one access device is connected to the When the host is the host, obtain an identification code of the access device and send it to the server through the program; the server queries an access authority of the access device according to the identification code; the server correspondingly sends a control command to The host; and the host sets the access authority of the access device on the host according to the control command.
另外,本發明揭露一種用於執行存取裝置之控制系統,其包含:一伺服器;一主機,設有一程式,該主機經該程式連接該伺服器;以及至少一存取裝置,電性連接該主機,該主機偵測並取得該存取裝置之一識別碼,該主機經該程式將該識別碼傳送至該伺服器;其中,該伺服器依據該識別碼查詢該存取裝置之一存取權限,並經該伺服器對應傳送一控制指令至該主機,該主機依據該控制指令設定該存取裝置於該主機之該存取權限。 In addition, the present invention discloses a control system for executing an access device, which includes: a server; a host provided with a program, the host is connected to the server via the program; and at least one access device is electrically connected The host, the host detects and obtains an identification code of the access device, and the host sends the identification code to the server through the program; wherein, the server queries one of the access devices according to the identification code. Obtain the authority, and correspondingly send a control command to the host via the server, and the host sets the access authority of the access device to the host according to the control command.
1:伺服器 1: server
10:控制指令 10: Control instructions
3:主機 3: host
30:程式 30: program
32:檔案系統 32: file system
5:存取裝置 5: Access device
50:識別碼 50: identification code
7:資料庫 7: Database
S11:步驟 S11: steps
S13:步驟 S13: steps
S132:步驟 S132: Step
S134:步驟 S134: Step
S136:步驟 S136: Step
S15:步驟 S15: steps
S152:步驟 S152: Step
S154:步驟 S154: Step
S156:步驟 S156: Step
S17:步驟 S17: steps
S19:步驟 S19: steps
第一圖:其為本發明第一實施例之流程圖;第二圖:其為本發明第一實施例之控制系統之示意圖;第三A圖:其為本發明第一實施例之偵測存取裝置之作動圖;第三B圖:其為本發明第一實施例之存取權限之作動圖;以及第四圖:其為本發明第二實施例之控制系統之示意圖。 The first figure: it is the flow chart of the first embodiment of the present invention; the second figure: it is the schematic diagram of the control system of the first embodiment of the present invention; the third figure A: it is the detection of the first embodiment of the present invention The operation diagram of the access device; the third diagram B: it is the operation diagram of the access authority of the first embodiment of the present invention; and the fourth diagram: it is the schematic diagram of the control system of the second embodiment of the present invention.
為使 貴審查委員對本發明之特徵及所達成之功效有更進一步之瞭解與認識,僅佐以實施例及配合詳細之說明,說明如後:下文中,將藉由圖式說明本發明之各種實施例,以詳細描述本發明;然而,本發明之概念可能以許多不同型式來體現,並且不應解釋為限於本文中所闡述之例式性實施例。 In order to enable your reviewer to have a further understanding and understanding of the features of the present invention and the effects achieved, only examples and detailed descriptions are provided. The embodiments are used to describe the present invention in detail; however, the concept of the present invention may be embodied in many different forms and should not be construed as being limited to the exemplary embodiments set forth herein.
在此說明本發明第一實施例之用於執行存取裝置之方法所執行之流程步驟。請參閱第一圖,其為本發明第一實施例之流程圖。如圖所示,本實施例之用於執行存取裝置之方法包含以下步驟:步驟S11:一主機之一程式連線至一伺服器;步驟S13:當偵測到至少一存取裝置連接該主機時,取得該存取裝置之一識別碼,並經由該程式傳送至該伺服器;步驟S15:該伺服器依據該識別碼查詢該存取裝置之一存取權限;步驟S17:該伺服器對應傳送一控制指令至該主機;以及步驟S19:該主機依據該控制指令設定該存取裝置於該主機之該存取權限。 Here, the flow steps executed by the method for executing the access device of the first embodiment of the present invention are described. Please refer to the first figure, which is a flowchart of the first embodiment of the present invention. As shown in the figure, the method for executing the access device of this embodiment includes the following steps: Step S11: a program of a host is connected to a server; Step S13: When it is detected that at least one access device is connected to the When the host is the host, obtain an identification code of the access device and send it to the server via the program; Step S15: The server queries an access authority of the access device according to the identification code; Step S17: The server Correspondingly, a control command is sent to the host; and step S19: the host sets the access authority of the access device to the host according to the control command.
接續說明本發明第一實施例之用於執行存取裝置之方法所需之結構組成。請參閱第二圖,其為本發明第一實施例之用於執行存取裝置之控制系統之示意圖。如圖所示,本實施例之用於執行存取裝置之控制系統包含:一伺服器1;一主機3,設有一程式30,主機3經程式30連接伺服器1;以及至少一存取裝置5,電性連接主機3,主機3偵測並取得存取裝置5之一識別碼50,主機3經程式30將識別碼50傳送至伺服器1;其中,伺服器1依據識別碼50查詢存取裝置5之一存取權限,並經伺服器1對應傳送一控制指令10至主機3,主機3依據控制指令10設定存取裝置5於主機3之存取權限。
Next, the structure and composition required by the method for executing the access device of the first embodiment of the present invention will be explained. Please refer to the second figure, which is a schematic diagram of the control system for executing the access device according to the first embodiment of the present invention. As shown in the figure, the control system for executing the access device of this embodiment includes: a
上述之主機3為一電腦(Computer),或稱電子計算機,其內建一可以取得存取裝置5之識別碼50之檔案系統32,當存取裝置5電性連接
主機3時,檔案系統32可即時取得存取裝置5之識別碼50(如通用序列匯流排控制器之常駐程式),再交由程式30傳送至伺服器1;其中,檔案系統32為電腦可執行之一作業系統(如Windows、Macintosh),或者是為作業系統下之一子系統。
The
上述之存取裝置5為一隨身碟,如USB隨身碟(USB flash drive),又稱閃存盤、U盤、快閃記憶體等;存取裝置5亦可為一行動硬碟(Portable storage device),又稱可攜式儲存裝置。
The
上述之識別碼50為一惟一識別碼(Unique Identifier,縮寫UID),每一存取裝置5皆於出廠預設時,有設置隸屬於專門辨識存取裝置5之識別碼50,即為惟一識別碼。
The above-mentioned
請一併參閱第三A圖以及第三B圖,其為本發明第一實施例之偵測存取裝置之作動圖及存取權限之作動圖。以下將說明本發明第一實施例之方法流程,首先,主機3與存取裝置5電性連接取得識別碼50之前,先執行步驟S11:一主機之一程式連線至一伺服器。如第三A圖所示,於步驟S13中,先執行步驟S132,判斷至少一存取裝置5是否有存取資料之動作,當至少一存取裝置5直接插設於主機3之連接埠(未圖示)、間接藉由傳輸線(未圖示)與主機3連結,或者是以無線傳輸方式與主機3連接等方法完成電性連接關係,檔案系統32偵測主機3有與存取裝置5連結,即可取得存取裝置5之識別碼50,再將取得之識別碼50經由程式30傳送至伺服器3(如步驟S134);倘若主機3未偵測到存取裝置5之存取資料之動作,則持續偵測是否有存取裝置5之存取資料之動作(如步驟S136)。
Please refer to Fig. 3A and Fig. 3B together, which are the action diagrams of the access detection device and the action diagrams of the access authority of the first embodiment of the present invention. The method flow of the first embodiment of the present invention will be described below. First, before the
接續上述,伺服器1取得識別碼50之後,依據識別碼50查詢存取裝置5於主機3之存取權限(如步驟S15),再傳送一控制指令10於主機3(如步驟S17),其中,如第三B圖所示,伺服器1為依據識別碼50查詢存取裝置5之存取權限,而決定是否開通存取裝置5之存取動作,當存取裝置5之存取權限為無限制時,執行步驟S154,當存取裝置5之存取
權限為鎖定時,執行步驟S156(如步驟S152),在決定存取裝置5之存取權限為無限制時,伺服器1產生對應開通存取裝置5之控制指令,以讓存取裝置5可執行存取資料之動作(如步驟S154),在決定存取裝置鎖定時,伺服器1產生對應鎖定存取裝置5之控制指令,以拒絕存取裝置5執行存取資料之動作(如步驟S156)。爾後,主機3依據控制指令10判斷可以給予存取裝置5存/取資料之權限,而決定存取裝置5於主機3存或/及取資料之執行方式(如步驟S19)。
Following the above, after the
詳言之,主機3之資料可以由使用者於主機3內部界定複數機密等級,或者是由伺服器1與主機3電性連接之後,再判斷資料之機密等級,而透過控制指令10指派權限;其中,資料之機密等級分類,例如可將第一級資料代表為普通資料,第二級資料代表為重要資料,第三級資料代表為極重要資料等方式定義而依此類推。換言之,一旦伺服器1查詢存取裝置5之識別碼50後,即根據控制指令10持續對主機3、存取裝置5之間的資料流向進行監控。
In detail, the data of the
主機3可依據控制指令10設定檔案系統32,以設定存取裝置5於主機3之存取權限;或者是主機3接收控制指令10至檔案系統32,檔案系統32依據控制指令10設定存取裝置5於主機3之存取權限。更可以是當偵測到存取裝置5時,依據設定自行判斷存取裝置5存取資料是否符合安全性,而決定存取裝置5執行/鎖定存取動作之權限。
The
反之亦然,一旦使用者於主機1接收到訊息後,判斷無法給予存取裝置5存取檔案/資料D之動作,即可於主機1操作鎖定存取裝置5,而拒絕存取裝置5執行任何存取動作。或者是當主機3接收持有行動裝置人員之拒絕指令後,鎖定存取裝置5執行存、取動作,使得存取裝置5無法如一般隨身碟之運作方式,隨時儲存、讀取檔案/資料。更可以是主機3依據控制指令10之設定判斷存取裝置5存、取資料不符合安全性,即立刻鎖定存取裝置5。
The reverse is also true. Once the user receives a message from the
另外,亦可為當偵測到動作,並且判斷存取裝置5預存取之資料為第一級,存取裝置5可以直接執行存或/及取資料動作,此時無須發出警告訊息通知,僅進行監控、偵測動作。而當判斷存取裝置5預存、取之資料D為第一級以上,即第二級之重要資料,或者是第三級之極重要資料等機密資料,方執行上述所說明之動作。因此,可以根據控制指令30設定檔案系統32,而以資料之機密程度重要性決定存取裝置5之動作。再者,伺服器1可以與複數主機3電性連接,而對應提供複數控制指令10於每一主機3,以確實管控每一主機3所連結之存取裝置5,其進行資料存、取之流向。
In addition, when an action is detected and the data pre-accessed by the
於此,任何一與主機3電性連接之存取裝置5,皆具有專屬於其本身之識別碼50,以及主機3與存取裝置5電性連接之後,對應連結之連接埠位置、路徑等資訊。經由伺服器1查詢識別碼50之後,即可透過傳送控制指令10至主機3,針對存取裝置5於主機3執行儲存、讀取檔案/資料之動作進行監控、偵測、賦予權限等動作,以確保資料流向之安全性,避免有心人士竊取重要資料,或者是惡意散播病毒,而得以有效提升資訊安全。
Here, any
在此說明本發明第二實施例之用於執行存取裝置之方法所需之結構組成。請參閱第四圖,其為本發明第二實施例之用於執行存取裝置之控制系統之示意圖。如圖所示,本發明之第二實施例與第一實施例之差異,在於更包含一資料庫7,電性連接伺服器1,接收伺服器1傳送之識別碼50進行儲存,並且提供伺服器1查閱過往識別碼50、新增識別碼50等相關紀錄;其中,資料庫7可以為一硬體架構之硬碟,或為一軟體架構之網路儲存空間。
Here, the structure and composition required by the method for executing the access device of the second embodiment of the present invention will be described. Please refer to Figure 4, which is a schematic diagram of the control system for executing the access device according to the second embodiment of the present invention. As shown in the figure, the difference between the second embodiment of the present invention and the first embodiment is that it further includes a database 7, which is electrically connected to the
本發明第二實施例與第一實施例之異同,在於步驟S15:伺服器依據該識別碼查詢該存取裝置之一存取權限之步驟中,伺服器於一資料庫判斷識別碼為第一次取得而產生控制指令;或者是伺服器於一資料庫判斷識別碼為非第一次取得而產生控制指令。當程式30傳送識別
碼50至伺服器1後,伺服器1將於資料庫7比對、判斷該識別碼50是否於先前已經有接收過,而進一步決定賦予存取裝置5之權限等級產生控制指令10。亦即透過伺服器1於資料庫7查詢識別碼50後,再進一步決定控制指令10賦予存取裝置5於主機3存、取資料之權限。如果為第一次取得之識別碼50資訊,即賦予最基本之使用權限,而若為非第一次取得之識別碼50資訊,可判別為一可信任之裝置,而給予基本使用以上之權限。
The similarities and differences between the second embodiment of the present invention and the first embodiment are that in step S15: the server queries an access authority of the access device according to the identification code, the server determines that the identification code is the first in a database The control command is generated for the second acquisition; or the server determines that the identification code is not acquired for the first time in a database and generates the control command. When
綜上所述,本發明已確實達到所預期之使用目的與功效,並且較習知技藝為之理想、實用;惟,上述實施例僅針對本發明之較佳實施例進行具體說明,並非用以限定本發明之申請專利範圍,舉凡其它未脫離本發明所揭示之技術手段下,而所完成之均等變化與修飾,均應包含於本發明所涵蓋之申請專利範圍中。 In summary, the present invention has indeed achieved the intended purpose and effect of use, and is more ideal and practical than conventional techniques; however, the above-mentioned embodiments are only detailed descriptions of the preferred embodiments of the present invention, and are not intended to To limit the scope of patent application of the present invention, all other equivalent changes and modifications completed without departing from the technical means disclosed in the present invention shall be included in the scope of patent application covered by the present invention.
S11:步驟 S11: steps
S13:步驟 S13: steps
S15:步驟 S15: steps
S17:步驟 S17: steps
S19:步驟 S19: steps
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108116294A TWI741294B (en) | 2019-05-10 | 2019-05-10 | Control system and method for executing access device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108116294A TWI741294B (en) | 2019-05-10 | 2019-05-10 | Control system and method for executing access device |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202042093A TW202042093A (en) | 2020-11-16 |
TWI741294B true TWI741294B (en) | 2021-10-01 |
Family
ID=74201526
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108116294A TWI741294B (en) | 2019-05-10 | 2019-05-10 | Control system and method for executing access device |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI741294B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100469012C (en) * | 2003-10-29 | 2009-03-11 | 林晖 | An authentication method for information storaging application and IC card authentication hardware |
TWI389006B (en) * | 2006-10-04 | 2013-03-11 | Trek 2000 Int Ltd | Method, apparatus and system for authentication of external storage devices |
TWI620087B (en) * | 2017-02-15 | 2018-04-01 | 財團法人資訊工業策進會 | Authorization server, authorization method and computer program product thereof |
TWM585369U (en) * | 2019-05-10 | 2019-10-21 | 新加坡商核智科技私人有限公司 | Control system for executing access device |
-
2019
- 2019-05-10 TW TW108116294A patent/TWI741294B/en active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100469012C (en) * | 2003-10-29 | 2009-03-11 | 林晖 | An authentication method for information storaging application and IC card authentication hardware |
TWI389006B (en) * | 2006-10-04 | 2013-03-11 | Trek 2000 Int Ltd | Method, apparatus and system for authentication of external storage devices |
TWI620087B (en) * | 2017-02-15 | 2018-04-01 | 財團法人資訊工業策進會 | Authorization server, authorization method and computer program product thereof |
TWM585369U (en) * | 2019-05-10 | 2019-10-21 | 新加坡商核智科技私人有限公司 | Control system for executing access device |
Also Published As
Publication number | Publication date |
---|---|
TW202042093A (en) | 2020-11-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9882912B2 (en) | System and method for providing authentication service for internet of things security | |
US7565685B2 (en) | Operating system independent data management | |
US9875113B2 (en) | System and method for managing BIOS setting configurations | |
US9558343B2 (en) | Methods and systems for controlling access to resources and privileges per process | |
US20180113638A1 (en) | Securing a media storage device using write restriction mechanisms | |
WO2019080429A1 (en) | Electronic apparatus, access request control method, and computer readable storage medium | |
US20070168574A1 (en) | System and method for securing access to general purpose input/output ports in a computer system | |
US20230145856A1 (en) | Securely exposing an accelerator to privileged system components | |
JP2003162452A (en) | System and method for protecting data stored in storage medium device | |
CN105049445B (en) | A kind of access control method and free-standing access controller | |
US20150235025A1 (en) | Process to prevent malicious changes to electronic files on an electronic storage device | |
US20180041543A1 (en) | Systems and methods for dynamic root of trust measurement in management controller domain | |
US11941264B2 (en) | Data storage apparatus with variable computer file system | |
TWI741294B (en) | Control system and method for executing access device | |
TWM585369U (en) | Control system for executing access device | |
CN102929802A (en) | Stored resource protection method and system | |
CN108111503A (en) | Based on the information safety protection host machine for accessing limitation | |
US20210357518A1 (en) | Control of access to hierarchical nodes | |
KR102690045B1 (en) | Access control system of enterprise resource depending on user connection status and personal equipment security status | |
US20220374534A1 (en) | File system protection apparatus and method in auxiliary storage device | |
KR102690043B1 (en) | Access control system of enterprise resource based on security scores evaluated on user device | |
KR101460297B1 (en) | Removable storage media control apparatus for preventing data leakage and method thereof | |
US20240028713A1 (en) | Trust-based workspace instantiation | |
CN109409123B (en) | Electronic equipment, control method and processing device | |
JP2008028877A (en) | Unjust connection prevention system and method thereof, user terminal, and program therefor |