M346062 八、新型說明: 【新型所屬之技術領域】 本創作係有關於-種資料防拷儲存裝置,特 於一種文件的資料防拷儲存裝置。 、 有關 [先前技術] 隨著人類科技的進步和電腦的問世 :卷宗方式存檔的資料現在都改以電腦儲存:: 優點是具備了快速、方便以及極高的此 料儲存的 稍稍複製便可以輕易地與他人分只要將權案 件而士 3 ^士沾皮 予’這對具有機密性的文 件而…艮大的威脅’尤其是現今 -丨扪又 會’企業往往擁有著許多不可 ° 4展的商業化社 訊,若是這些資訊可藉由電腦輕易地傳業機密和資 業本身μ將妓減的傷害。❹’那麼對企 密性成為很重要的課題。 ,如何保護資料的機 【新型内容】 基於以上的考量,靈 置,以避免資料的外洩。 "防止拷貝的資料儲存裝 有鑑於此,本創作提供一 一資料傳輸介面耦接至—太 /、方拷儲存裝置,透過 一資料伺服器,資料他器提供透過-網路連接至 内容之-資料。此資料防拷儲存J置::密訊息和-資料 控制器單元。儲存單元 ^括-儲存單元和— 括了一弟1存區域以及—第 M346062 於第二二2 = “和資料内容分別儲存 了-網路卡、一解密訊息讀二:和:::器單元又包括 路卡用以連接控制器單元至網路、、,身分遇證模組。網 資料。解密訊息讀取模組用播就,資料伺服器下載 第一儲存區域讀取解宓:解抢訊息要求信號從 發送-認證信號給器衫認證模組於下载資料前 資料傳輸介資料防拷儲存裝置,透過-服器,資料伺服器提供: :第:單防拷儲r, 存資料内容於單:存存單元_ ;广器單元用以將資料内; :區=!存單元。此控_:以= 密訊=:::::據並;!資,下心二 認 單元讀取解密J :據一解密訊息要求信號從第二彳 證信號給資料伺^ 模組於下栽㈣前發送’ 【實施方式】 料防來描述’特別是, 料-_置二:=:=::=: M346062 創作的製作和使用的方彳 .Jb m 第並非用以限制本創作的範圍。 弟㈣為用叫取根據本 本也電腦200Α、一網路3〇〇、一資 祠服态400和一資粗嫂认 貝抖 1ΠΠΔ 貝枓傳輸介面5〇〇。資料防拷儲存裝置 包括了-儲存單元應、—控制器單元m 源管理衫丨30,其中儲存單元UG = 域111以及一第二蝕六广丄 乐傾存£ 啫存區域112,而控制器單元12〇 括-網路卡121、-解密訊息讀取模組⑵ 欲 ^=23。本地電腦包括-資料執行軟體和;= 置 2KJ 〇 資料防拷儲存褒置職透過資料傳輸介面500轉接至 本地電腦200Α。資料防拷儲存裝置應Α之儲存單元ιι〇Α 可以是反及閘快閃記憶體(NANDflash),資料傳輸介面 500可以是串列先進技術附件(Serial ^職―⑽恥㈣丫 Attachment ’ S AT A )、並列先進技術附件(parallel Technology Attachment,PATA )或通用串列匯流排 (Universal Serial Bus,USB),並且可提供電源給儲存單 元110A、控制态單元120和電源管理單元13〇。舉例來說, 若資料傳輪介面500為USB時,可提供高達5〇〇mA的電 流給儲存單元110A、控制器單元12〇和電源管理單元13〇。 網路卡121整合於控制器單元12〇之上,使得控制器 單元120可直接透過網路3〇〇與資料伺服器4〇〇溝通。控 制器單元120與網路300連接的方式可藉著從控制器單元 M346062 - 12()的印刷電路板上拉出網路卡121通訊所需的腳位(圖 未顯示),然後將這些腳位透過一連接器(圖未顯示)連 接到網路300。網路卡121通訊所需的腳位數目可以是四, 而此連接器可以是一 RJ45連接器。此外,當資料傳輸介面 500是串列先進技術附件或並列先進技術附件時,亦可藉 著在資料傳輸介面500的接口中預留網路卡121通訊所需 * 的腳位(圖未顯示),並透過這些腳位連接到網路300, 進而達到連接控制器單元120與網路300的目的。網路3〇〇 • 可以是任何形式的網路,舉例來說,可以是有線的乙太網 路(Ethernet)或整合服務數位網路(Integrated Service Digital Network,ISDN)等等,也可以是無線的無線區域 網路(Wireless Local Area Network,WLAN )或藍牙網路 (Bluetooth Network)等等。 當資料防拷儲存裝置100A電源開啟的時候,控制器單 元120首先檢查網路3〇〇是否為連接狀態。如果網路3〇〇 為非連接狀態,則顯示無網路連線的訊息於本地電腦2〇〇A 修-的顯示裝置21〇之上。如果網路300為連接狀態,控制器 單元120會檢查資料伺服器400上是否有更新的資料,如 果資料伺服器400上沒有更新的資料,則顯示無更新資料 的訊息於本地電腦200A的顯示裝置210之上,並且結束 動作。如果資料伺服器400上有更新的資料,則控制器單 元120發送一資料更新請求訊號si給資料伺服器4〇〇以要 求下載此更新的資料,隨後控制器單元12〇内的身分認證 模組123發送一認證信號S2給資料伺服器400,並等待資 9 M346062 料伺服器400的認證結果。資料伺服器400收到認證信號 S2後首先確認控制器單元120是否為合法的用戶,如果控 制裔單元120為非法的用戶,則顯示無法下載此更新資料 的訊息於本地電腦200A的顯示裝置210之上,並且結束 動作。如果控制器單元120為合法的用戶,則資料伺服器 400產生解密訊息,其中解密訊息可根據資料内容而產 生。接著控制器單元120透過網路卡121下載此更新的資 料,並判斷是否成功下載此更新的資料,其中此更新的資 料包括了解密訊息和資料内容的部分。如果未成功下載此 更新的資料,則顯示未成功下載更新資料的訊息於本地電 =200A的顯讀置21G之上,並結束動作。如果成功下 命此更新的H則顯示成功下載更新資料的訊息於本地 =腦細A的顯示裳置21()之上,並結束動作。完成資料 八下载之後’控制器單元12G分別將解密訊息和資料内容 复別,存於第—儲存區域和第二儲存區域112之内。 2第-儲存區域⑴可設為隱藏,在此情況下,儲存於 儲存區域111内的解密訊息係為使用者不可複製。至 ^整個資料下载及儲存的步驟,接著敘述此資料 仃步,和彳目_安域倾機制。 時,二^電細200A内的資料執行軟體欲執行資料内容 讀取'解㈣奸置雜中的第触區域⑴ 息要求信“給控過=是„資料執行軟體,首先發送一解密訊 單亓工制态早元120以取得解密訊息,控制器 的解费矾息讀取模組122根據解密訊息要求信 M346062M346062 VIII. New description: [New technical field] This creation department is about a kind of data copy protection storage device, which is special for a file data copy protection device. Related [Prior Art] With the advancement of human technology and the advent of computers: the archived files are now converted to computer storage: The advantage is that it is fast, convenient and extremely high. The land and others are divided into the right case and the 3 士 沾 ' ' 这 这 这 ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' Commercialization News, if this information can be easily transmitted through the computer, the secrets of the industry and the capital itself will be reduced. ❹’ So it’s a very important issue for confidentiality. , how to protect the data machine [new content] Based on the above considerations, in order to avoid the leakage of data. "Preventing copying data storage device In view of this, the creation provides a data transmission interface coupled to the -Tai, Fang Fang storage device, through a data server, the data provider provides a through-network connection to the content -data. This data copy protection store J:: secret message and - data controller unit. The storage unit includes a storage unit and - a brother 1 storage area and - M346062 in the second two 2 = "and the data content is stored separately - network card, a decryption message read two: and ::: unit In addition, the road card is used to connect the controller unit to the network, and the ID card module. The decryption message reading module is broadcasted, and the data server downloads the first storage area to read the solution: The message request signal is sent from the send-authentication signal to the device authentication module before the data is downloaded. The data transmission device provides the copy-protection device through the server, and the data server provides: : the first: copy protection r, save the data content Single: storage unit _; the unit is used to put the data; : area =! save unit. This control _: to = 密 = =::::: according to; and the capital, the second heart unit to read and decrypt J: According to a decryption message, the signal is sent from the second certificate signal to the data server module before sending (4). [Embodiment] The material defense is described as 'specially, material-_set two:=:=:: =: M346062 The creation and use of the creation of the book. Jb m is not intended to limit the scope of this creation. Brother (four) for the use of roots The notebook is also 200 Α, one network 3 〇〇, one 祠 祠 祠 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 400 The unit m source manages the shirt 30, wherein the storage unit UG = field 111 and a second eclipse deposits the buffer area 112, and the controller unit 12 includes - the network card 121, - decrypts the message read Module (2) For ^=23. The local computer includes - data execution software and; = 2KJ 〇 data copy protection storage, and is transferred to the local computer through the data transmission interface 500. The data copy storage device should be stored in the storage unit. ιι〇Α can be reverse flash memory (NANDflash), data transmission interface 500 can be a series of advanced technology accessories (Serial) - (10) shame (four) 丫 Attachment ' S AT A ), parallel advanced technology accessories (parallel Technology Attachment, PATA) or Universal Serial Bus (USB), and can provide power to the storage unit 110A, the control unit 120, and the power management unit 13. For example, if the data transfer interface 500 is USB A current of up to 5 mA can be supplied to the storage unit 110A, the controller unit 12A, and the power management unit 13. The network card 121 is integrated on the controller unit 12A so that the controller unit 120 can directly pass through the network. The router 3 communicates with the data server 4. The controller unit 120 is connected to the network 300 by means of pulling the network card 121 from the printed circuit board of the controller unit M346062-12 (). The pins (not shown) are then connected to the network 300 through a connector (not shown). The number of pins required for communication by the network card 121 can be four, and the connector can be an RJ45 connector. In addition, when the data transmission interface 500 is a serial advanced technology accessory or a parallel advanced technology accessory, the pin required for communication of the network card 121 can be reserved in the interface of the data transmission interface 500 (not shown). And connecting to the network 300 through these pins, thereby achieving the purpose of connecting the controller unit 120 and the network 300. Network 3〇〇• Can be any form of network, for example, wired Ethernet or Integrated Service Digital Network (ISDN), etc. Wireless Local Area Network (WLAN) or Bluetooth Network, and so on. When the data copy protection storage device 100A is powered on, the controller unit 120 first checks if the network 3 is connected. If the network 3 is not connected, the message indicating that there is no network connection is displayed on the display device 21 of the local computer. If the network 300 is in the connected state, the controller unit 120 checks whether there is updated data on the data server 400. If there is no updated data on the data server 400, the message indicating no update information is displayed on the display device of the local computer 200A. Above 210, and the action ends. If there is updated data on the data server 400, the controller unit 120 sends a data update request signal si to the data server 4 to request to download the updated data, and then the identity authentication module in the controller unit 12 123 sends an authentication signal S2 to the data server 400 and waits for the authentication result of the 9 M346062 material server 400. After receiving the authentication signal S2, the data server 400 first confirms whether the controller unit 120 is a legitimate user. If the control unit 120 is an illegal user, the message indicating that the updated data cannot be downloaded is displayed on the display device 210 of the local computer 200A. Go up and end the action. If the controller unit 120 is a legitimate user, the profile server 400 generates a decrypted message, wherein the decrypted message can be generated based on the content of the material. The controller unit 120 then downloads the updated information through the network card 121 and determines whether the updated data is successfully downloaded. The updated information includes the decrypted message and the content of the data content. If the updated data is not successfully downloaded, the message that the update data has not been successfully downloaded is displayed above the local power = 200A reading 21G, and the action ends. If the H of the update is successfully selected, the message that the update data is successfully downloaded is displayed on the local = brain thin A display set 21 (), and the action is ended. After the completion of the data downloading, the controller unit 12G separates the decrypted message and the data content, respectively, and stores them in the first storage area and the second storage area 112. 2 The first storage area (1) can be set to be hidden. In this case, the decrypted message stored in the storage area 111 is not copyable by the user. To ^ the entire data download and storage steps, followed by a description of this data, and the project. At the time, the data execution software in the 2^ electric detail 200A is to perform the reading of the data content. 'The four-touch area of the solution (1) The information request letter "Give control = Yes" Data execution software, first send a decryption message Completion of the early format 120 to obtain the decrypted message, the controller's solution fee reading module 122 according to the decryption message request letter M346062
號S3至第一儲存區域111讀取解密訊息,如果解密訊_读 取模組122成功讀取到解密訊息,控制器單元12〇發送貝 解逸、訊息f買取成功信號S4給資料執行軟體,資料執行幸^ 即可根據解密訊息讀取成功信號S4執行資料内容。如果次 料執行軟體無法成功取得解密訊息,則表示資料防拷儲2 裝置100A可能未與本地電腦200A連接,資料執行敕體= 無法執行資料内容依此來做到保護資料内容的目的。, 值得一提的是,根據本創作的實施例,解密訊氣可p 疋無法被使用者人為複製的,實施的方式可以是將解密% 息所儲存的位址隱藏起來,進而使使用者無法存取。若 用,將貧料複製到其他的儲存裝置,只能複製資料的資料 内容部分。因此,即使使用者將資料複製到其他電腦的儲 ίϊ置之上’在㈣防拷儲存裝置1GGA未與該電腦連接 、/況下,該電腦也無法讀取到該資料的解密訊息,自然 也就無法執行該資料,依此來做到保護資料内容的目的= ^外’該資料的解密訊息可以同時存放於第_儲存區域 内多處的位址,以防當其中一個位址的資料損 成無法讀取解密訊息的情況。 Λ卜準例矹明上述實施例,以使習知此技藝之人 本創作的内容。舉例來說’資料防拷儲存裝置100Α ‘自USB隨身碟’資财為—文件,敎件包括 文件内容(資料内容)之部分,而資料執行』; 劉覽的湖覽器。在此情況下,當劉覽器欲 文件内各(亦即執行文件内容)時,會先梅取解密訊 11 M346062 息’瀏覽器首先發送解密訊息要求信號S3給控制器單元 120’控制器單元12〇内的解密訊息讀取模組122根據解密 訊息要求信號S3至第一儲存區域111讀取解密訊息,如果 解密訊息讀取模組122成功讀取到解密訊息,控制器單元 120發送一解密訊息讀取成功信號S4給資料執行軟體,資 料執行軟體即可根據解密訊息讀取成功信號瀏覽文件 • 内容(執行資料内容)。如果解密訊息讀取模組無法成功 讀取到解密訊息,則表示USB隨身碟可能未與本地電腦 I 200A連接,解密訊息讀取模組122在無法讀取到解密訊息 的情況下,瀏覽器就無法瀏覽文件内容,依此來做到保護 資料内容的目的。 苐2圖係顯示用以存取根據本創作另一實施例所述之 資料防拷儲存裝置100B之架構圖。與第一實施例不同的 地方僅在於,此架構的資料防拷儲存裝置1〇〇B僅包括了 -第-儲存單元11GB,其包括了一用來儲存資料内容的儲 存區域111B。而本地電腦2〇〇B除了包括一資料執行軟體 -和-顯=裝置21〇夕卜,更包括了一用來儲存解密訊息之第 ' 儲存單元。第一儲存單元220可以是電子可抹除可 程式化唯讀記憶體(Electrically E_ble program·The number S3 to the first storage area 111 reads the decrypted message. If the decryption message-reading module 122 successfully reads the decrypted message, the controller unit 12 sends a message to the data execution software, and the message f purchase success signal S4. The data execution is successful, and the data content can be executed according to the decryption message read success signal S4. If the software execution software cannot successfully obtain the decryption message, it means that the data copy protection 2 device 100A may not be connected to the local computer 200A, and the data execution body = the data content cannot be executed to protect the data content. It is worth mentioning that, according to the embodiment of the present invention, the decryption message may not be copied by the user, and the implementation may be to hide the address stored in the decrypted % information, thereby preventing the user from being able to access. If you use it, copy the poor material to other storage devices and copy only the data content of the data. Therefore, even if the user copies the data to the storage device of the other computer, the computer cannot read the decryption message of the data when the (4) copy-protecting storage device 1GGA is not connected to the computer. It is impossible to execute the data, and the purpose of protecting the content of the data is as follows: ^External' The decrypted message of the data can be stored in multiple addresses in the _storage area at the same time, in case the data of one of the addresses is damaged. The situation where the decrypted message cannot be read. The above embodiments are exemplified to make the contents of the human creation of the art. For example, the data copy protection device 100 ‘ 'from the USB flash drive' is a document, the file includes the part of the file content (data content), and the data is executed 』; In this case, when the browser wants each file (that is, the content of the file), it will first retrieve the decryption message. 11 M346062 The browser first sends the decryption message request signal S3 to the controller unit 120' controller unit. The decryption message reading module 122 reads the decrypted message according to the decrypted message request signal S3 to the first storage area 111. If the decrypted message reading module 122 successfully reads the decrypted message, the controller unit 120 sends a decryption message. The message read success signal S4 is sent to the data execution software, and the data execution software can browse the file according to the decrypted message read success message • Content (execution data content). If the decrypted message reading module cannot successfully read the decrypted message, it indicates that the USB flash drive may not be connected to the local computer I 200A, and the decrypted message reading module 122 cannot read the decrypted message, and the browser Unable to browse the contents of the file, in order to protect the content of the data. The Fig. 2 diagram shows an architectural diagram for accessing the data copy protection storage device 100B according to another embodiment of the present creation. The only difference from the first embodiment is that the data copy protection storage device 1B of this architecture includes only the - storage unit 11GB, which includes a storage area 111B for storing material contents. The local computer 2〇〇B includes a data execution software-and-display device 21, and includes a storage unit for storing decrypted messages. The first storage unit 220 can be an electronically erasable and programmable read-only memory (Electrically E_ble program·
Read⑽y Memory,EEpR〇M)。本實施例的目的主要是 解決第-實施射的儲存單元丨若其為反及閘快閃記 ^體時,由於反及閘㈣記憶體發生:#料存取錯誤的機率 、、、、十萬刀之,為了防止當反及閘快閃記憶 產生資料存取錯誤,導致無法讀取第一儲存區域= 12 M346062 解密訊息而無法執行資料内容的後果,本實施例將解密訊 息存放於唯讀記憶體中以避免此類問題發生。 至於此實施例中資料防拷儲存裝置100B的原理,與 第一實施例完全相同,故於此不再重複介紹以精簡說明。 本創作雖以較佳實施例揭露如上,然其並非用以限定 本創作的範圍,任何熟習此項技藝者,在不脫離本創作之 . 精神和範圍内,當可做些許的更動與潤飾,因此本創作之 保護範圍當視後附之申請專利範圍所界定者為準。 13 M346062 【圖式簡單說明】 科 第1圖顯Μ以存取根據本 防拷储存褒置100Α之架構圖;以及乍—實施例所述 第2圖顯Μ以存取根據 資 料防拷儲存裝置1_之架_。另—實施例戶斤 【主要元件符號說明】 資料防拷儲存裝薏 11〇Β^ 111B 〜 120 122 130 210> 30(l· 100Α、100Β 110Α〜儲存單元 111〜第一儲存區域 112〜第二儲存區域 121〜網路卡 123〜身分認證模組 200Α、200Β〜本地電腦 220〜第二儲存單元 400〜資料伺服器 〜第一儲存單元 〜儲存區域 控制器單元 解密訊息讀取模組 電源管理單元 顯示裝置 網路 500〜資料傳輪介面 S1〜資料更新請求訊號 S2〜認證信號 S3〜解密訊息要求信號 S4〜解密訊息讀取成功信號Read(10)y Memory, EEpR〇M). The purpose of this embodiment is mainly to solve the problem that the storage unit of the first implementation is a reverse flash gate, and the memory of the gate (four) memory occurs: #料 access error probability, ,, 100,000 In order to prevent the data storage access error caused by the reverse flash memory, it is impossible to read the first storage area = 12 M346062 decryption message and the data content cannot be executed. In this embodiment, the decrypted message is stored in the read only memory. Body to avoid such problems. The principle of the data copy protection storage device 100B in this embodiment is completely the same as that of the first embodiment, and therefore the description will not be repeated here to simplify the description. The present invention is disclosed in the above preferred embodiments, and is not intended to limit the scope of the present invention. Anyone skilled in the art can make some changes and refinements without departing from the spirit and scope of the present invention. Therefore, the scope of protection of this creation is subject to the definition of the scope of the patent application attached. 13 M346062 [Simple diagram of the diagram] Section 1 shows the architecture diagram for accessing 100 copies according to the copy protection storage device; and 第-the second diagram shown in the embodiment shows access to the data copy protection storage device 1_ frame _. 。 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施Storage area 121~network card 123~identification module 200Α,200Β~local computer 220~second storage unit400~data server~first storage unit~storage area controller unit decryption message reading module power management unit Display device network 500 to data transfer interface S1 to data update request signal S2 to authentication signal S3 to decryption message request signal S4 to decryption message read success signal