TWI741294B - Control system and method for executing access device - Google Patents

Control system and method for executing access device Download PDF

Info

Publication number
TWI741294B
TWI741294B TW108116294A TW108116294A TWI741294B TW I741294 B TWI741294 B TW I741294B TW 108116294 A TW108116294 A TW 108116294A TW 108116294 A TW108116294 A TW 108116294A TW I741294 B TWI741294 B TW I741294B
Authority
TW
Taiwan
Prior art keywords
access device
host
server
control command
access
Prior art date
Application number
TW108116294A
Other languages
Chinese (zh)
Other versions
TW202042093A (en
Inventor
高雅貞
Original Assignee
新加坡商核智科技私人有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 新加坡商核智科技私人有限公司 filed Critical 新加坡商核智科技私人有限公司
Priority to TW108116294A priority Critical patent/TWI741294B/en
Publication of TW202042093A publication Critical patent/TW202042093A/en
Application granted granted Critical
Publication of TWI741294B publication Critical patent/TWI741294B/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本發明旨在揭露一種用於執行存取裝置之控制系統及其方法,其由一主機之一程式連線一伺服器,偵測取得與主機電性連接之至少一存取裝置的一識別碼後,再傳送至伺服器。伺服器依據識別碼查詢存取裝置之一存取權限,而對應傳送一控制指令至主機,主機依據控制指令設定存取裝置於主機之存取權限。藉此管控存取裝置於主機存、取資料之流向,以提升資訊安全。The present invention aims to disclose a control system and method for executing an access device, which connects a server with a program from a host, and detects and obtains an identification code of at least one access device electrically connected to the host Then, send it to the server. The server queries an access authority of the access device according to the identification code, and correspondingly sends a control command to the host, and the host sets the access authority of the access device to the host according to the control command. This way, the flow of data stored and retrieved by the access device on the host can be controlled to enhance information security.

Description

用於執行存取裝置之控制系統及其方法Control system and method for executing access device

本發明係有關於一種控制系統,其尤指一種用於管控與主機連結之存取裝置執行存、取資料動作之系統及其方法。 The present invention relates to a control system, and particularly refers to a system and method for managing and controlling an access device connected to a host to perform operations of storing and fetching data.

一般用於存、取資料之存取裝置(如隨身碟),其運作方式茲與一具備連接埠(如USB埠)之主機(如電腦)連接,而做為一可隨插即用之裝置。一旦存取裝置與主機完成電性連接關係,即可將存取裝置所儲存之資料存入主機,或者是自主機讀取資料儲入存取裝置,具有相當之便利性。 An access device (such as a flash drive) that is generally used to store and retrieve data. Its operation mode is connected to a host (such as a computer) with a port (such as a USB port) and used as a plug-and-play device . Once the access device and the host complete the electrical connection relationship, the data stored in the access device can be stored in the host, or the data can be read from the host and stored in the access device, which has considerable convenience.

然而,鑒於有些機關單位所處理之事務隸屬於高度機密之資料,若是於管理上沒有建立完善之控管制度,容易造成任意人員都可以透過存取裝置取得敏感性資料,而有安全疑慮上之問題。 However, given that the affairs handled by some agencies are subject to highly confidential information, if a complete control system is not established in management, it is easy to cause any person to obtain sensitive information through the access device, and there are security concerns. problem.

因此,若具有一套能夠建立完整之控制系統,以針對每一資料之機密重要程度劃分不同等級,再輔以配合與資料等級相符之權限授予存取裝置存、取,即可達到有效管控資訊安全之效用。 Therefore, if there is a complete control system that can be established to classify the confidentiality and importance of each data at different levels, and supplemented with the authorization to grant access to the device in accordance with the data level, the information can be effectively controlled. The utility of safety.

職是之故,本發明人鑑於上述所衍生之問題進行改良,茲思及發明改良之意念著手研發解決方案,遂經多時之構思而有本發明之用於執行存取裝置之控制系統及其方法產生,以服務社會大眾以及促進此業之發展。 For this reason, the inventor of the present invention has made improvements in view of the above-derived problems, and started to develop solutions with the idea of inventing improvements. After many years of thinking, the present invention is used to implement the control system of the access device and The method is produced to serve the public and promote the development of this industry.

本發明之目的係提供一種用於執行存取裝置之控制系統及其方法,其透過主機、伺服器之間的電性連接關係,輔以程式、控制指 令、識別碼等資訊往來,設定存取裝置於主機之存取權限,而確實取得兩元件之間資料存取之流向,藉此提升資訊安全。 The purpose of the present invention is to provide a control system and method for executing an access device, which uses the electrical connection relationship between the host and the server, supplemented by programs and control instructions. To exchange information such as commands, identification codes, etc., to set the access authority of the access device on the host, and to obtain the flow of data access between the two components, thereby enhancing information security.

為了達成上述所指稱之各目的與功效,本發明揭露一種用於執行存取裝置之方法,其包含:一主機之一程式連線至一伺服器;當偵測到至少一存取裝置連接該主機時,取得該存取裝置之一識別碼,並經由該程式傳送至該伺服器;該伺服器依據該識別碼查詢該存取裝置之一存取權限;該伺服器對應傳送一控制指令至該主機;以及該主機依據該控制指令設定該存取裝置於該主機之該存取權限。 In order to achieve the aforementioned objectives and effects, the present invention discloses a method for executing an access device, which includes: a host and a program are connected to a server; when it is detected that at least one access device is connected to the When the host is the host, obtain an identification code of the access device and send it to the server through the program; the server queries an access authority of the access device according to the identification code; the server correspondingly sends a control command to The host; and the host sets the access authority of the access device on the host according to the control command.

另外,本發明揭露一種用於執行存取裝置之控制系統,其包含:一伺服器;一主機,設有一程式,該主機經該程式連接該伺服器;以及至少一存取裝置,電性連接該主機,該主機偵測並取得該存取裝置之一識別碼,該主機經該程式將該識別碼傳送至該伺服器;其中,該伺服器依據該識別碼查詢該存取裝置之一存取權限,並經該伺服器對應傳送一控制指令至該主機,該主機依據該控制指令設定該存取裝置於該主機之該存取權限。 In addition, the present invention discloses a control system for executing an access device, which includes: a server; a host provided with a program, the host is connected to the server via the program; and at least one access device is electrically connected The host, the host detects and obtains an identification code of the access device, and the host sends the identification code to the server through the program; wherein, the server queries one of the access devices according to the identification code. Obtain the authority, and correspondingly send a control command to the host via the server, and the host sets the access authority of the access device to the host according to the control command.

1:伺服器 1: server

10:控制指令 10: Control instructions

3:主機 3: host

30:程式 30: program

32:檔案系統 32: file system

5:存取裝置 5: Access device

50:識別碼 50: identification code

7:資料庫 7: Database

S11:步驟 S11: steps

S13:步驟 S13: steps

S132:步驟 S132: Step

S134:步驟 S134: Step

S136:步驟 S136: Step

S15:步驟 S15: steps

S152:步驟 S152: Step

S154:步驟 S154: Step

S156:步驟 S156: Step

S17:步驟 S17: steps

S19:步驟 S19: steps

第一圖:其為本發明第一實施例之流程圖;第二圖:其為本發明第一實施例之控制系統之示意圖;第三A圖:其為本發明第一實施例之偵測存取裝置之作動圖;第三B圖:其為本發明第一實施例之存取權限之作動圖;以及第四圖:其為本發明第二實施例之控制系統之示意圖。 The first figure: it is the flow chart of the first embodiment of the present invention; the second figure: it is the schematic diagram of the control system of the first embodiment of the present invention; the third figure A: it is the detection of the first embodiment of the present invention The operation diagram of the access device; the third diagram B: it is the operation diagram of the access authority of the first embodiment of the present invention; and the fourth diagram: it is the schematic diagram of the control system of the second embodiment of the present invention.

為使 貴審查委員對本發明之特徵及所達成之功效有更進一步之瞭解與認識,僅佐以實施例及配合詳細之說明,說明如後:下文中,將藉由圖式說明本發明之各種實施例,以詳細描述本發明;然而,本發明之概念可能以許多不同型式來體現,並且不應解釋為限於本文中所闡述之例式性實施例。 In order to enable your reviewer to have a further understanding and understanding of the features of the present invention and the effects achieved, only examples and detailed descriptions are provided. The embodiments are used to describe the present invention in detail; however, the concept of the present invention may be embodied in many different forms and should not be construed as being limited to the exemplary embodiments set forth herein.

在此說明本發明第一實施例之用於執行存取裝置之方法所執行之流程步驟。請參閱第一圖,其為本發明第一實施例之流程圖。如圖所示,本實施例之用於執行存取裝置之方法包含以下步驟:步驟S11:一主機之一程式連線至一伺服器;步驟S13:當偵測到至少一存取裝置連接該主機時,取得該存取裝置之一識別碼,並經由該程式傳送至該伺服器;步驟S15:該伺服器依據該識別碼查詢該存取裝置之一存取權限;步驟S17:該伺服器對應傳送一控制指令至該主機;以及步驟S19:該主機依據該控制指令設定該存取裝置於該主機之該存取權限。 Here, the flow steps executed by the method for executing the access device of the first embodiment of the present invention are described. Please refer to the first figure, which is a flowchart of the first embodiment of the present invention. As shown in the figure, the method for executing the access device of this embodiment includes the following steps: Step S11: a program of a host is connected to a server; Step S13: When it is detected that at least one access device is connected to the When the host is the host, obtain an identification code of the access device and send it to the server via the program; Step S15: The server queries an access authority of the access device according to the identification code; Step S17: The server Correspondingly, a control command is sent to the host; and step S19: the host sets the access authority of the access device to the host according to the control command.

接續說明本發明第一實施例之用於執行存取裝置之方法所需之結構組成。請參閱第二圖,其為本發明第一實施例之用於執行存取裝置之控制系統之示意圖。如圖所示,本實施例之用於執行存取裝置之控制系統包含:一伺服器1;一主機3,設有一程式30,主機3經程式30連接伺服器1;以及至少一存取裝置5,電性連接主機3,主機3偵測並取得存取裝置5之一識別碼50,主機3經程式30將識別碼50傳送至伺服器1;其中,伺服器1依據識別碼50查詢存取裝置5之一存取權限,並經伺服器1對應傳送一控制指令10至主機3,主機3依據控制指令10設定存取裝置5於主機3之存取權限。 Next, the structure and composition required by the method for executing the access device of the first embodiment of the present invention will be explained. Please refer to the second figure, which is a schematic diagram of the control system for executing the access device according to the first embodiment of the present invention. As shown in the figure, the control system for executing the access device of this embodiment includes: a server 1; a host 3 with a program 30, and the host 3 is connected to the server 1 via the program 30; and at least one access device 5. The host 3 is electrically connected, and the host 3 detects and obtains an identification code 50 of the access device 5. The host 3 sends the identification code 50 to the server 1 through the program 30; wherein, the server 1 queries the storage according to the identification code 50 Take one of the access rights of the device 5, and send a corresponding control command 10 to the host 3 via the server 1, and the host 3 sets the access rights of the access device 5 to the host 3 according to the control command 10.

上述之主機3為一電腦(Computer),或稱電子計算機,其內建一可以取得存取裝置5之識別碼50之檔案系統32,當存取裝置5電性連接 主機3時,檔案系統32可即時取得存取裝置5之識別碼50(如通用序列匯流排控制器之常駐程式),再交由程式30傳送至伺服器1;其中,檔案系統32為電腦可執行之一作業系統(如Windows、Macintosh),或者是為作業系統下之一子系統。 The aforementioned host 3 is a computer, or an electronic computer, which has a built-in file system 32 that can obtain the identification code 50 of the access device 5, and when the access device 5 is electrically connected When the host 3 is used, the file system 32 can obtain the identification code 50 of the access device 5 (such as the resident program of a universal serial bus controller) in real time, and then send it to the server 1 by the program 30; among them, the file system 32 can be a computer Execute an operating system (such as Windows, Macintosh), or as a subsystem of the operating system.

上述之存取裝置5為一隨身碟,如USB隨身碟(USB flash drive),又稱閃存盤、U盤、快閃記憶體等;存取裝置5亦可為一行動硬碟(Portable storage device),又稱可攜式儲存裝置。 The aforementioned access device 5 is a flash drive, such as a USB flash drive (USB flash drive), also known as flash drive, U disk, flash memory, etc.; the access device 5 can also be a mobile hard drive (Portable storage device). ), also known as a portable storage device.

上述之識別碼50為一惟一識別碼(Unique Identifier,縮寫UID),每一存取裝置5皆於出廠預設時,有設置隸屬於專門辨識存取裝置5之識別碼50,即為惟一識別碼。 The above-mentioned identification code 50 is a unique identification code (Unique Identifier, abbreviated UID). When each access device 5 is factory preset, there is an identification code 50 that belongs to the special identification access device 5, which is a unique identification. code.

請一併參閱第三A圖以及第三B圖,其為本發明第一實施例之偵測存取裝置之作動圖及存取權限之作動圖。以下將說明本發明第一實施例之方法流程,首先,主機3與存取裝置5電性連接取得識別碼50之前,先執行步驟S11:一主機之一程式連線至一伺服器。如第三A圖所示,於步驟S13中,先執行步驟S132,判斷至少一存取裝置5是否有存取資料之動作,當至少一存取裝置5直接插設於主機3之連接埠(未圖示)、間接藉由傳輸線(未圖示)與主機3連結,或者是以無線傳輸方式與主機3連接等方法完成電性連接關係,檔案系統32偵測主機3有與存取裝置5連結,即可取得存取裝置5之識別碼50,再將取得之識別碼50經由程式30傳送至伺服器3(如步驟S134);倘若主機3未偵測到存取裝置5之存取資料之動作,則持續偵測是否有存取裝置5之存取資料之動作(如步驟S136)。 Please refer to Fig. 3A and Fig. 3B together, which are the action diagrams of the access detection device and the action diagrams of the access authority of the first embodiment of the present invention. The method flow of the first embodiment of the present invention will be described below. First, before the host 3 and the access device 5 are electrically connected to obtain the identification code 50, step S11 is performed: a program of a host is connected to a server. As shown in Figure 3A, in step S13, step S132 is first performed to determine whether at least one access device 5 has access to data. When at least one access device 5 is directly plugged into the connection port of the host 3 ( Not shown), indirectly connected to the host 3 through a transmission line (not shown), or connected to the host 3 in a wireless transmission mode to complete the electrical connection relationship. The file system 32 detects that the host 3 has an access device 5 Link, you can get the identification code 50 of the access device 5, and then send the obtained identification code 50 to the server 3 via the program 30 (step S134); if the host 3 does not detect the access data of the access device 5 The operation is continuously detected whether there is an operation of accessing data of the access device 5 (such as step S136).

接續上述,伺服器1取得識別碼50之後,依據識別碼50查詢存取裝置5於主機3之存取權限(如步驟S15),再傳送一控制指令10於主機3(如步驟S17),其中,如第三B圖所示,伺服器1為依據識別碼50查詢存取裝置5之存取權限,而決定是否開通存取裝置5之存取動作,當存取裝置5之存取權限為無限制時,執行步驟S154,當存取裝置5之存取 權限為鎖定時,執行步驟S156(如步驟S152),在決定存取裝置5之存取權限為無限制時,伺服器1產生對應開通存取裝置5之控制指令,以讓存取裝置5可執行存取資料之動作(如步驟S154),在決定存取裝置鎖定時,伺服器1產生對應鎖定存取裝置5之控制指令,以拒絕存取裝置5執行存取資料之動作(如步驟S156)。爾後,主機3依據控制指令10判斷可以給予存取裝置5存/取資料之權限,而決定存取裝置5於主機3存或/及取資料之執行方式(如步驟S19)。 Following the above, after the server 1 obtains the identification code 50, it queries the access authority of the access device 5 on the host 3 according to the identification code 50 (as in step S15), and then sends a control command 10 to the host 3 (as in step S17), where As shown in Figure 3B, the server 1 queries the access authority of the access device 5 according to the identification code 50, and determines whether to activate the access action of the access device 5. When the access authority of the access device 5 is When there is no restriction, step S154 is executed. When the access of the access device 5 is When the permission is locked, step S156 (such as step S152) is executed. When it is determined that the access permission of the access device 5 is unlimited, the server 1 generates a control command corresponding to the activation of the access device 5 so that the access device 5 can Perform the operation of accessing data (such as step S154). When determining that the access device is locked, the server 1 generates a control command corresponding to the locked access device 5 to deny the access device 5 to perform the operation of accessing the data (such as step S156). ). After that, the host 3 judges that the access device 5 can be granted the permission to store/retrieve data according to the control command 10, and then determines the execution mode of the access device 5 for storing or/and fetching data in the host 3 (such as step S19).

詳言之,主機3之資料可以由使用者於主機3內部界定複數機密等級,或者是由伺服器1與主機3電性連接之後,再判斷資料之機密等級,而透過控制指令10指派權限;其中,資料之機密等級分類,例如可將第一級資料代表為普通資料,第二級資料代表為重要資料,第三級資料代表為極重要資料等方式定義而依此類推。換言之,一旦伺服器1查詢存取裝置5之識別碼50後,即根據控制指令10持續對主機3、存取裝置5之間的資料流向進行監控。 In detail, the data of the host 3 can be defined by the user with a plurality of confidential levels within the host 3, or after the server 1 is electrically connected to the host 3, the confidentiality level of the data is determined, and the authority is assigned through the control command 10; Among them, the confidentiality level classification of the data, for example, can be defined as the first-level data as ordinary data, the second-level data as the important data, and the third-level data as the extremely important data, and so on. In other words, once the server 1 queries the identification code 50 of the access device 5, it continuously monitors the data flow between the host 3 and the access device 5 according to the control command 10.

主機3可依據控制指令10設定檔案系統32,以設定存取裝置5於主機3之存取權限;或者是主機3接收控制指令10至檔案系統32,檔案系統32依據控制指令10設定存取裝置5於主機3之存取權限。更可以是當偵測到存取裝置5時,依據設定自行判斷存取裝置5存取資料是否符合安全性,而決定存取裝置5執行/鎖定存取動作之權限。 The host 3 can set the file system 32 according to the control command 10 to set the access authority of the access device 5 in the host 3; or the host 3 receives the control command 10 to the file system 32, and the file system 32 sets the access device according to the control command 10 5Access permissions on host 3. It can also be that when the access device 5 is detected, it is determined whether the access device 5 accesses the data according to the security according to the setting, and the permission of the access device 5 to execute/lock the access action is determined.

反之亦然,一旦使用者於主機1接收到訊息後,判斷無法給予存取裝置5存取檔案/資料D之動作,即可於主機1操作鎖定存取裝置5,而拒絕存取裝置5執行任何存取動作。或者是當主機3接收持有行動裝置人員之拒絕指令後,鎖定存取裝置5執行存、取動作,使得存取裝置5無法如一般隨身碟之運作方式,隨時儲存、讀取檔案/資料。更可以是主機3依據控制指令10之設定判斷存取裝置5存、取資料不符合安全性,即立刻鎖定存取裝置5。 The reverse is also true. Once the user receives a message from the host 1, and determines that the access device 5 cannot be given access to the file/data D, the host 1 can operate the lock access device 5 and refuse the access device 5 to execute Any access actions. Or when the host 3 receives the refusal command from the person holding the mobile device, the access device 5 is locked to perform the storage and retrieval operations, so that the access device 5 cannot store and read files/data at any time like a normal flash drive. It is also possible that the host 3 determines that the access device 5 stores and retrieves data according to the setting of the control command 10 that does not comply with the security, that is, the access device 5 is immediately locked.

另外,亦可為當偵測到動作,並且判斷存取裝置5預存取之資料為第一級,存取裝置5可以直接執行存或/及取資料動作,此時無須發出警告訊息通知,僅進行監控、偵測動作。而當判斷存取裝置5預存、取之資料D為第一級以上,即第二級之重要資料,或者是第三級之極重要資料等機密資料,方執行上述所說明之動作。因此,可以根據控制指令30設定檔案系統32,而以資料之機密程度重要性決定存取裝置5之動作。再者,伺服器1可以與複數主機3電性連接,而對應提供複數控制指令10於每一主機3,以確實管控每一主機3所連結之存取裝置5,其進行資料存、取之流向。 In addition, when an action is detected and the data pre-accessed by the access device 5 is judged to be the first level, the access device 5 can directly execute the data saving or/and fetching action, and there is no need to send a warning message notification at this time. Only monitor and detect actions. When it is judged that the data D pre-stored and retrieved by the access device 5 is above the first level, that is, the second level of important data, or the third level of extremely important data and other confidential data, the actions described above can be performed. Therefore, the file system 32 can be set according to the control command 30, and the operation of the access device 5 can be determined based on the importance of the confidentiality of the data. Furthermore, the server 1 can be electrically connected to a plurality of hosts 3, and correspondingly provide a plurality of control commands 10 to each host 3, so as to control the access device 5 connected to each host 3, and perform data storage and retrieval. Flow direction.

於此,任何一與主機3電性連接之存取裝置5,皆具有專屬於其本身之識別碼50,以及主機3與存取裝置5電性連接之後,對應連結之連接埠位置、路徑等資訊。經由伺服器1查詢識別碼50之後,即可透過傳送控制指令10至主機3,針對存取裝置5於主機3執行儲存、讀取檔案/資料之動作進行監控、偵測、賦予權限等動作,以確保資料流向之安全性,避免有心人士竊取重要資料,或者是惡意散播病毒,而得以有效提升資訊安全。 Here, any access device 5 that is electrically connected to the host 3 has its own identification code 50, and after the host 3 is electrically connected to the access device 5, the corresponding connection port location, path, etc. News. After querying the identification code 50 through the server 1, you can send a control command 10 to the host 3 to monitor, detect, grant permissions and other actions for the storage and read file/data actions of the access device 5 on the host 3. In order to ensure the security of the data flow, to prevent interested persons from stealing important data or maliciously spreading viruses, which can effectively improve information security.

在此說明本發明第二實施例之用於執行存取裝置之方法所需之結構組成。請參閱第四圖,其為本發明第二實施例之用於執行存取裝置之控制系統之示意圖。如圖所示,本發明之第二實施例與第一實施例之差異,在於更包含一資料庫7,電性連接伺服器1,接收伺服器1傳送之識別碼50進行儲存,並且提供伺服器1查閱過往識別碼50、新增識別碼50等相關紀錄;其中,資料庫7可以為一硬體架構之硬碟,或為一軟體架構之網路儲存空間。 Here, the structure and composition required by the method for executing the access device of the second embodiment of the present invention will be described. Please refer to Figure 4, which is a schematic diagram of the control system for executing the access device according to the second embodiment of the present invention. As shown in the figure, the difference between the second embodiment of the present invention and the first embodiment is that it further includes a database 7, which is electrically connected to the server 1, receives the identification code 50 sent by the server 1 for storage, and provides a server The device 1 consults related records such as the past identification code 50 and the newly added identification code 50; among them, the database 7 can be a hard disk with a hardware architecture, or a network storage space with a software architecture.

本發明第二實施例與第一實施例之異同,在於步驟S15:伺服器依據該識別碼查詢該存取裝置之一存取權限之步驟中,伺服器於一資料庫判斷識別碼為第一次取得而產生控制指令;或者是伺服器於一資料庫判斷識別碼為非第一次取得而產生控制指令。當程式30傳送識別 碼50至伺服器1後,伺服器1將於資料庫7比對、判斷該識別碼50是否於先前已經有接收過,而進一步決定賦予存取裝置5之權限等級產生控制指令10。亦即透過伺服器1於資料庫7查詢識別碼50後,再進一步決定控制指令10賦予存取裝置5於主機3存、取資料之權限。如果為第一次取得之識別碼50資訊,即賦予最基本之使用權限,而若為非第一次取得之識別碼50資訊,可判別為一可信任之裝置,而給予基本使用以上之權限。 The similarities and differences between the second embodiment of the present invention and the first embodiment are that in step S15: the server queries an access authority of the access device according to the identification code, the server determines that the identification code is the first in a database The control command is generated for the second acquisition; or the server determines that the identification code is not acquired for the first time in a database and generates the control command. When program 30 transmits identification After the code 50 arrives at the server 1, the server 1 compares the database 7 to determine whether the identification code 50 has been received before, and further determines the permission level assigned to the access device 5 to generate the control command 10. That is, after querying the identification code 50 in the database 7 through the server 1, it is further determined that the control command 10 grants the access device 5 the authority to store and retrieve data from the host 3. If it is the ID 50 information obtained for the first time, it is granted the most basic usage rights, and if it is the ID 50 information obtained for the first time, it can be judged as a trusted device, and the basic usage rights are granted. .

綜上所述,本發明已確實達到所預期之使用目的與功效,並且較習知技藝為之理想、實用;惟,上述實施例僅針對本發明之較佳實施例進行具體說明,並非用以限定本發明之申請專利範圍,舉凡其它未脫離本發明所揭示之技術手段下,而所完成之均等變化與修飾,均應包含於本發明所涵蓋之申請專利範圍中。 In summary, the present invention has indeed achieved the intended purpose and effect of use, and is more ideal and practical than conventional techniques; however, the above-mentioned embodiments are only detailed descriptions of the preferred embodiments of the present invention, and are not intended to To limit the scope of patent application of the present invention, all other equivalent changes and modifications completed without departing from the technical means disclosed in the present invention shall be included in the scope of patent application covered by the present invention.

S11:步驟 S11: steps

S13:步驟 S13: steps

S15:步驟 S15: steps

S17:步驟 S17: steps

S19:步驟 S19: steps

Claims (9)

一種用於執行存取裝置之方法,其包含:一主機之一程式連線至一伺服器;當偵測到至少一存取裝置連接該主機時,取得該存取裝置之一識別碼,並經由該程式傳送至該伺服器;該伺服器依據該識別碼查詢該存取裝置之一存取權限;該伺服器於一資料庫判斷該識別碼為第一次取得而產生該控制指令;該伺服器對應傳送一控制指令至該主機;以及該主機依據該控制指令設定該存取裝置於該主機之該存取權限。 A method for executing an access device, comprising: a program of a host is connected to a server; when it is detected that at least one access device is connected to the host, an identification code of the access device is obtained, and Send to the server through the program; the server queries an access authority of the access device according to the identification code; the server determines that the identification code is obtained for the first time in a database and generates the control command; the The server correspondingly sends a control command to the host; and the host sets the access authority of the access device to the host according to the control command. 如申請專利範圍第1項所述之用於執行存取裝置之方法,其中於該伺服器依據該識別碼查詢該存取裝置之一存取權限之步驟中,該伺服器於一資料庫判斷該識別碼為非第一次取得而產生該控制指令。 The method for executing an access device as described in item 1 of the scope of patent application, wherein in the step in which the server queries an access authority of the access device according to the identification code, the server determines in a database The identification code is not obtained for the first time to generate the control command. 如申請專利範圍第1項所述之用於執行存取裝置之方法,其中於該主機依據該控制指令設定該存取裝置於該主機之該存取權限之步驟中,該主機依據該控制指令設定一檔案系統,以設定該存取裝置於該主機之該存取權限。 The method for executing an access device as described in item 1 of the scope of patent application, wherein in the step of setting the access device to the access authority of the host according to the control command by the host, the host according to the control command Set up a file system to set the access authority of the access device on the host. 如申請專利範圍第1項所述之用於執行存取裝置之方法,其中於該主機依據該控制指令設定該存取裝置於該主機之該存取權限之步驟中,該主機接收該控制指令至一檔案系統,該檔案系統依據該控制指令設定該存取裝置於該主機之該存取權限。 The method for executing an access device as described in item 1 of the scope of patent application, wherein in the step of setting the access device to the access authority of the host according to the control command by the host, the host receives the control command To a file system, the file system sets the access authority of the access device on the host according to the control command. 一種用於執行存取裝置之控制系統,其包含:一伺服器;一主機,設有一程式,該主機經該程式連接該伺服器;以及至少一存取裝置,電性連接該主機,該主機偵測並取得該存取裝置之一識別碼,該主機經該程式將該識別碼傳送至該伺服器; 其中,該伺服器依據該識別碼查詢該存取裝置之一存取權限,並經該伺服器對應傳送一控制指令至該主機,該主機依據該控制指令設定該存取裝置於該主機之該存取權限。 A control system for executing an access device, comprising: a server; a host provided with a program, the host is connected to the server via the program; and at least one access device is electrically connected to the host, the host Detect and obtain an identification code of the access device, and the host sends the identification code to the server through the program; Wherein, the server queries an access authority of the access device according to the identification code, and correspondingly sends a control command to the host via the server, and the host sets the access device to the host according to the control command. Access rights. 如申請專利範圍第5項所述之用於執行存取裝置之控制系統,更包含一資料庫,連接該伺服器,該伺服器於該資料庫判斷該識別碼為第一次取得而產生該控制指令。 For example, the control system for executing the access device described in item 5 of the scope of patent application further includes a database, connected to the server, and the server determines that the identification code is obtained for the first time from the database and generates the Control instruction. 如申請專利範圍第5項所述之用於執行存取裝置之控制系統,更包含一資料庫,連接該伺服器,該伺服器依據於該資料庫判斷該識別碼為非第一次取得而產生該控制指令。 For example, the control system for executing the access device described in item 5 of the scope of patent application further includes a database, which is connected to the server, and the server determines that the identification code is not obtained for the first time based on the database. Generate the control command. 如申請專利範圍第5項所述之用於執行存取裝置之控制系統,其中該主機依據該控制指令設定一檔案系統,以設定該存取裝置於該主機之該存取權限。 For example, the control system for executing an access device as described in item 5 of the scope of patent application, wherein the host sets a file system according to the control command to set the access authority of the access device on the host. 如申請專利範圍第5項所述之用於執行存取裝置之控制系統,其中該主機接收該控制指令至一檔案系統,該檔案系統依據該控制指令設定該存取裝置於該主機之該存取權限。 For example, the control system for executing an access device as described in item 5 of the scope of patent application, wherein the host receives the control command to a file system, and the file system sets the access device to the storage of the host according to the control command. Take permissions.
TW108116294A 2019-05-10 2019-05-10 Control system and method for executing access device TWI741294B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108116294A TWI741294B (en) 2019-05-10 2019-05-10 Control system and method for executing access device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108116294A TWI741294B (en) 2019-05-10 2019-05-10 Control system and method for executing access device

Publications (2)

Publication Number Publication Date
TW202042093A TW202042093A (en) 2020-11-16
TWI741294B true TWI741294B (en) 2021-10-01

Family

ID=74201526

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108116294A TWI741294B (en) 2019-05-10 2019-05-10 Control system and method for executing access device

Country Status (1)

Country Link
TW (1) TWI741294B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100469012C (en) * 2003-10-29 2009-03-11 林晖 An authentication method for information storaging application and IC card authentication hardware
TWI389006B (en) * 2006-10-04 2013-03-11 Trek 2000 Int Ltd Method, apparatus and system for authentication of external storage devices
TWI620087B (en) * 2017-02-15 2018-04-01 財團法人資訊工業策進會 Authorization server, authorization method and computer program product thereof
TWM585369U (en) * 2019-05-10 2019-10-21 新加坡商核智科技私人有限公司 Control system for executing access device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100469012C (en) * 2003-10-29 2009-03-11 林晖 An authentication method for information storaging application and IC card authentication hardware
TWI389006B (en) * 2006-10-04 2013-03-11 Trek 2000 Int Ltd Method, apparatus and system for authentication of external storage devices
TWI620087B (en) * 2017-02-15 2018-04-01 財團法人資訊工業策進會 Authorization server, authorization method and computer program product thereof
TWM585369U (en) * 2019-05-10 2019-10-21 新加坡商核智科技私人有限公司 Control system for executing access device

Also Published As

Publication number Publication date
TW202042093A (en) 2020-11-16

Similar Documents

Publication Publication Date Title
US9882912B2 (en) System and method for providing authentication service for internet of things security
US7565685B2 (en) Operating system independent data management
US9875113B2 (en) System and method for managing BIOS setting configurations
US9558343B2 (en) Methods and systems for controlling access to resources and privileges per process
US20180113638A1 (en) Securing a media storage device using write restriction mechanisms
WO2019080429A1 (en) Electronic apparatus, access request control method, and computer readable storage medium
US20070168574A1 (en) System and method for securing access to general purpose input/output ports in a computer system
US20230145856A1 (en) Securely exposing an accelerator to privileged system components
JP2003162452A (en) System and method for protecting data stored in storage medium device
CN105049445B (en) A kind of access control method and free-standing access controller
US20150235025A1 (en) Process to prevent malicious changes to electronic files on an electronic storage device
US20180041543A1 (en) Systems and methods for dynamic root of trust measurement in management controller domain
US11941264B2 (en) Data storage apparatus with variable computer file system
TWI741294B (en) Control system and method for executing access device
TWM585369U (en) Control system for executing access device
CN102929802A (en) Stored resource protection method and system
CN108111503A (en) Based on the information safety protection host machine for accessing limitation
US20210357518A1 (en) Control of access to hierarchical nodes
KR102690045B1 (en) Access control system of enterprise resource depending on user connection status and personal equipment security status
US20220374534A1 (en) File system protection apparatus and method in auxiliary storage device
KR102690043B1 (en) Access control system of enterprise resource based on security scores evaluated on user device
KR101460297B1 (en) Removable storage media control apparatus for preventing data leakage and method thereof
US20240028713A1 (en) Trust-based workspace instantiation
CN109409123B (en) Electronic equipment, control method and processing device
JP2008028877A (en) Unjust connection prevention system and method thereof, user terminal, and program therefor