WO2023090297A1 - Dispositif de stockage et programme - Google Patents
Dispositif de stockage et programme Download PDFInfo
- Publication number
- WO2023090297A1 WO2023090297A1 PCT/JP2022/042268 JP2022042268W WO2023090297A1 WO 2023090297 A1 WO2023090297 A1 WO 2023090297A1 JP 2022042268 W JP2022042268 W JP 2022042268W WO 2023090297 A1 WO2023090297 A1 WO 2023090297A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- storage device
- command
- data
- predetermined
- area
- Prior art date
Links
- 230000015654 memory Effects 0.000 claims abstract description 77
- 238000000034 method Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 12
- 230000000694 effects Effects 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 4
- 230000005764 inhibitory process Effects 0.000 claims 1
- 230000006870 function Effects 0.000 description 21
- 238000012790 confirmation Methods 0.000 description 10
- 230000002159 abnormal effect Effects 0.000 description 6
- 238000012217 deletion Methods 0.000 description 4
- 230000037430 deletion Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000005192 partition Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 230000008447 perception Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000001771 impaired effect Effects 0.000 description 1
- 230000002250 progressing effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 208000008918 voyeurism Diseases 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/08—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers from or to individual record carriers, e.g. punched card, memory card, integrated circuit [IC] card or smart card
Definitions
- the present invention relates to storage devices.
- SSDs Solid State Drives
- USB Universal Serial Bus
- storage devices are equipped with memory controllers for controlling data writing to and reading from the memory chips.
- rewritable storage media such as SSDs that are used by general users to take countermeasures against peeping and falsification of data by third parties.
- authentication information such as a password each time the storage medium is connected to the computer.
- it is troublesome to enter the password and there is a risk that if the password is forgotten, all data will be inaccessible. That is, convenience is sacrificed for data protection.
- the purpose of the present invention is to protect data without impairing convenience.
- a storage device comprises a computer that accepts file operations from a user, a connection interface for exchanging information with a computer, and a storage area, as well as the following memory controller.
- the memory controller instructs the computer to transfer the data stored in the storage area to the storage area so as to prohibit at least overwriting of data stored in the storage area. manages the reading and writing of data in
- the memory controller prohibits rewriting until receiving the predetermined command, and permits rewriting from receiving the predetermined command until receiving a predetermined second command.
- the memory controller when the memory controller does not receive the predetermined command, the memory controller prohibits new writing of the file stored in the storage area, but permits reading of the file. This allows the storage device to function as a ROM (Read Only Memory) until a predetermined command is received.
- ROM Read Only Memory
- the memory controller permits recording of a new file in the storage area when the predetermined command is not received. Thereby, overwriting (rewriting) of the data stored in the storage area can be prohibited until the predetermined command is received.
- the storage area includes a data area in which files specified by the user are stored, and a management area for storing access history to the data area. Then, the memory controller stores a log in the management area at least when the rewriting process is executed. This makes it possible to record at least that the rewriting process has been executed.
- the memory controller in response to a request from the computer, generates an illegal disconnection indicating that the connection with the computer has been terminated after receiving the predetermined command and before receiving the predetermined second command.
- Information is stored in the management area. As a result, it is possible to record that the connection with the computer has been illegally disconnected before the predetermined second command is received.
- a pattern data string that is not recorded by the OS is stored in a predetermined area within the management area of the storage device.
- the OS Operating System
- boot sector By using the MBR (Master Boot Record) or boot sector as the predetermined area, it is possible to detect a change in the partition assigned to the data area or a reformatting of the data area.
- the program receives a specification of data to be written from a user after outputting the predetermined command; and outputting to the computer.
- the user can turn off the protection of the storage area of the storage device using the predetermined command and then turn the protection on with the predetermined second command.
- the program determines whether or not setting information about data rewrite prohibition is recorded in the storage device, indicates that rewriting of data is permitted, storing prohibition information to the effect that writing to the storage device is prohibited in a management area of the storage device; and storing the prohibition information in the management region. If so, causing the computer to further execute a step of rejecting a write request from a user to the storage device.
- the program determines whether or not a data string of a predetermined pattern is stored in a predetermined area in the management area of the storage device when the acquired identification information is registered in advance. and rejecting the user's write request to the storage device if the data string is not stored.
- the program when connected to the storage device, stores information indicating that the connection with the computer has been terminated after receiving the predetermined command and before receiving the predetermined second command, When obtained from the storage device, the second predetermined command is output to the storage device.
- FIG. 1 is a diagram showing a configuration example of a computer system 1 including a storage device 10 and a personal computer 20 having a dedicated application program AP installed according to an embodiment of the present invention
- FIG. 4 is a flow chart showing the flow of release processing executed by the personal computer 20 according to the dedicated application program AP.
- 4 is a flow chart showing the flow of write processing executed by the personal computer 20 according to the dedicated application program AP. It is a figure for demonstrating the operation
- FIG. 1 is a diagram showing a configuration example of a computer system 1 including a storage device 10 and a personal computer 20 having a dedicated application program AP installed according to an embodiment of the present invention.
- personal computer is written as "PC”, and the same applies hereinafter in this specification.
- the storage device 10 is an SSD having a function of protecting stored data, and is detachably attached to the PC 20 .
- the storage device 10 is shipped with protection enabled. That is, when the user uses the storage device 10 for the first time after purchasing it, the protection is always effective. When the protection is valid, reading data from the storage device 10 is permitted, but writing data to the storage device 10 is prohibited. Writing data to the storage device 10 in general means rewriting data already stored in the storage device 10 , renaming data already stored in the storage device 10 , and writing new data to the storage device 10 . Data can be read from the storage device 10 even when the protection is valid. In other words, the storage device 10 with protection enabled functions as a ROM (Read Only Memory).
- ROM Read Only Memory
- a dedicated application program AP paired with the storage device 10 is pre-installed in the PC 20 .
- the dedicated application program AP is sold together with the storage device 10, for example.
- This dedicated application program AP is a program for allowing the user to control ON (protection enabled)/OFF (protection released) of protection (that is, data writing) of the storage device 10 .
- Identification information for uniquely identifying the storage device 10 is registered in the dedicated application program AP in advance, and this identification information is also stored in the storage device 10 in advance. Specific examples of this identification information include the device ID and serial number of the storage device 10 .
- the dedicated application program AP may be executed as a resident application and kept in a running state at all times.
- a command indicating that it is from the dedicated application program AP may be issued to the storage device 10.
- a unique command different from the command issued from the OS may be used as the command issued from the dedicated application program AP.
- FIG. 2 is a flowchart showing the flow of cancellation processing. As shown in FIG. 2, the release process in this embodiment includes a confirmation step SA110 and a protection OFF step SA120.
- the PC 20 acquires identification information from the storage device 10 connected to itself.
- PC 20 first determines whether or not the identification information acquired in confirmation step SA110 is registered in advance.
- the PC 20 determines that the identification information acquired in the confirmation step SA110 is registered in advance, the PC 20 outputs to the storage device 10 a protect OFF command, which is a command instructing release of protection. do.
- a protect OFF command is an example of a predetermined command in the present invention. If the PC 20 determines that the identification information acquired in the confirmation step SA110 is not pre-registered, it may handle the storage device 10 as a ROM without outputting the protect OFF command. An error message may be output to notify the user of the discrepancy in the identification information.
- the PC 20 When the protection of the storage device 10 is released by executing the release processing, the PC 20 writes data to the storage device 10 by executing the write processing shown in FIG. As shown in FIG. 3, the write process includes acceptance step SB110 and protect ON step SB120.
- the PC 20 receives from the user the designation of data to be written.
- data to be written for example, file management such as a file manager that is standardly installed in the OS, or a file manager that is independently constructed by a dedicated application program separately from the file manager that is standardly installed in the OS.
- a file operation such as drag-and-drop of a file to the storage device 10 on the user interface screen of the application is exemplified.
- PC 20 writes data to storage device 10 in accordance with the specification of the data to be written received in receiving step SB110.
- the PC 20 When the data writing to the storage device 10 is completed, the PC 20 outputs to the storage device 10 a command for prohibiting data writing to the storage device 10 , that is, a protect ON command for enabling protection of the storage device 10 .
- a protect ON command is an example of a second predetermined command in the present invention.
- the storage device 10 includes a connection interface (I/F) 110, a memory chip 120, and a memory controller .
- connection I/F 110 is, for example, a USB interface, for detachably attaching the storage device 10 to other electronic equipment such as the PC 20.
- the connection I/F 110 exchanges various types of information with a connected electronic device.
- the memory chip 120 serves as a storage area 122 for storing various data such as files.
- the storage area 122 is divided into a data area 122a and a management area 122b.
- Various data such as files are stored in the data area 122a.
- the history (log) of accesses to the data area 122a is stored in the management area 122b.
- the user can grasp how the data area 122a was accessed. Note that the log may be recorded only when the data already stored in the data area 122a is overwritten or the name is changed (that is, the process of rewriting the stored data).
- the memory controller 130 receives various commands from the connected electronic device via the connection I/F 110 .
- commands received by the memory controller 130 from the connected electronic device via the connection I/F 110 include new writing of data to the memory chip 120, overwriting of already stored data, renaming of already stored data, Alternatively, a command for instructing reading of data, the aforementioned protect OFF command, and the aforementioned protect ON command can be used.
- the memory controller 130 permits reading of the data stored in the storage area 122.
- it manages the reading and writing of data to the storage area 122 so as to prohibit writing to the storage area 122 in general. This is because the storage device 10 functions as a ROM until a protection OFF command is received from the connected electronic device.
- the memory controller 130 When the memory controller 130 receives the protect OFF command, it cancels the protection of the storage device 10 . As a result, in addition to reading data from the storage area 122, general writing to the storage area 122 is permitted from the time the protect OFF command is received until the protection is enabled again.
- the memory controller 130 stores a history in the management area 122b when new data is written to the storage area 122, stored data is rewritten, or stored data is renamed.
- the memory controller 130 Upon receipt of the protect ON command, the memory controller 130 activates the protection of the storage device 10 (that is, restores the protect ON state).
- FIG. 4 is a sequence diagram showing an operation example of the storage device 10 and the PC 20.
- the storage device 10 is attached to the PC 20 at time t0. At this point, protection is ON.
- the PC 20 executes the cancellation process described above.
- the PC 20 acquires the identification information from the storage device 10 by executing the confirmation step SA110 described above (FIG. 4: S001).
- the PC 20 executes the protect OFF step SA120 described above.
- the PC 20 determines whether or not the identification information obtained in confirmation step SA110 has been registered.
- the identification information of the storage device 10 has already been registered in the dedicated application program AP of the PC 20, so the determination result of this determination is "Yes". Therefore, the PC 20 transmits a protect OFF command to the storage device 10 (FIG. 4: S002).
- the protection of the storage device 10 is canceled.
- the protect state of the storage device 10 is switched from ON to OFF at time t1.
- the specification of the file is accepted at the acceptance step SB110 described above, and the file is written to the storage area 122 at the protection ON step SB120 ( FIG. 4 : S003).
- the writing of this file is completed at time t3 (t2 ⁇ t3).
- the protection ON command is output from the PC 20 to the storage device 10 (FIG. 4: S004).
- the memory controller 130 of the storage device 10 receives the protection ON command via the connection I/F 110, the protection of the storage device 10 is returned to ON.
- S001 to S004 are executed. In this case, since the PC 20 has already acquired the identifier of the storage device 10, if it detects that the connection state of the storage device 10 is maintained, the process of S001 may be omitted.
- the user can control ON/OFF of the protection of the storage device 10 by causing the PC 20 to output the protection OFF command and the protection ON command according to the dedicated application program AP. .
- the storage device 10 is shipped, protection is ON, and writing to the memory chip 120 is prohibited until a protection OFF command is received. Also, when an operation such as writing to or reading from a certain file is completed, the protection ON state is always restored.
- the storage device 10 when the storage device 10 is attached to a computer device in which the dedicated application program AP is not installed, protection is always on and a protect OFF command is never received from this computer device.
- the state in which the protection of the storage device 10 is maintained is guaranteed. Therefore, for example, if ransomware is installed in the PC 20 and the ransomware accesses the memory controller 130 to write or alter data in the memory chip 120, the memory controller 130 does not accept writing to the memory chip 120. Since it is in this state, there is no fear that the data stored in the memory chip 120 will be altered or that virus software or the like will be written.
- the dedicated application program AP is installed in the PC 20, it is sufficient to perform file operations in the same way as normal file operations using a file manager or the like, and authentication work is performed each time the storage device 10 is connected. Also, the user's convenience is not impaired.
- a dedicated application program AP checks a file recorded in the storage device 10 prior to writing data to the storage device 10, and confirms that the file has already been recorded. If it is, writing may be omitted.
- the dedicated application program may not accept file operations such as drag-and-drop and deletion by file managers other than the file manager independently constructed by the dedicated application program.
- the PC 20 may further confirm the current protection status of the storage device 10 in confirmation step SA110. Specifically, when the PC 20 recognizes the storage device 10, the PC 20 notifies the memory controller 130 of the current protection state of the storage device 10 (ON state (state in which the protection ON command was last received from the PC 20)). or OFF state (the last received command from the PC 20 was a read command or a write command)). Information indicating the protection state may be stored as flag information in the memory controller 130 itself, or may be stored in the management area 122b and read by the memory controller 130 .
- the protection should be ON except when the file is being operated. is.
- an abnormal operation may be performed during communication between the storage device 10 and the PC 20, such as a malicious person pulling out the storage device 10 from the PC 20 during a file operation, or accidentally pulling it out without malice.
- the memory controller 130 is not connected to the PC 20 in which the dedicated application program AP is installed, the protection ON signal will not be supplied to the memory controller 130, so there is a possibility that the protection will be canceled (that is, the security will not be guaranteed). state) will persist forever.
- the PC 20 when the PC 20 detects that the storage device 10 connected to the PC 20 is in the protect OFF state, the PC 20 supplies a protect ON command to the memory controller 130 to at least inhibit subsequent data writing. , forcibly restores the storage device 10 to the protection ON state.
- the PC 20 preferably warns the user by displaying a message to the effect that the protection was turned off at the time of connection and to the effect that subsequent writing is prohibited.
- the dedicated application program AP accesses the history information stored in the management area 122b and reads out that information indicating the occurrence of an abnormal operation is stored, the dedicated application program AP reads, "This storage device is unprotected. The previous connection may have terminated abnormally.Forcibly protected.” is displayed.
- the PC 20 may supply a predetermined command to the memory controller 130 to deny all external access requests including reading in addition to writing in general. In this way, even if an unauthorized program (executable file) such as malware is stored in the storage device 10 while the above protection has been canceled, such a program cannot be removed from the storage device 10 by another person. There is no risk of spreading to other computers.
- the memory controller 130 stores that effect in the management area 122b.
- the dedicated application program AP stores the information indicating that the protection has been forcibly returned to the ON state in the past, as long as the user of the PC 20 does not perform a predetermined operation, the dedicated application program AP cannot be transferred to the storage device 10.
- You may choose not to receive any access from The predetermined operation is, for example, inputting an administrator password.
- the dedicated application program AP deletes the information stored in the management area 122b indicating that the protection has been forcibly turned ON. As a result, the same processing as before the abnormal disconnection, including the processing of writing new data, can be performed on the storage device 10 thereafter.
- any operation from the user on the PC 20, or at least an operation relating to an access request to the storage device 10, is not accepted.
- the dedicated application program AP receives a write request for a certain file and starts the protection OFF state, it minimizes the operation screen (window) until the write processing ends and the protection ON state is reached. or make the operation screen invisible, or even if the operation screen can be seen, the operation is not accepted as much as possible, or is not accepted at all. Rejecting as much as possible means, for example, not accepting in principle, but controlling to accept operations only when a predetermined condition is met, or controlling to accept only some of a plurality of operations.
- the specification of the storage device 10 can be applied to any case.
- the storage device 10 has a function of forcibly turning the protection ON state when the power supply is interrupted.
- the memory controller of the storage device 10 is provided with a function to detect whether or not power is being supplied to the storage device 10. , and has a function of forcibly writing information indicating that the protection is ON in the storage device 10 when the detection is made.
- the protection ON state is checked when connected to the PC 20, so security is doubled.
- the storage device 10 may be forced into the protection ON state when power is supplied from a state in which no power is supplied.
- the protect state in the above embodiment is a state in which writing to the storage area 122 is prohibited in general, and the protect OFF command is a command to release the prohibition of writing to the storage area 122 in general.
- the protect OFF command although the prohibition of rewriting of stored data is maintained, the first command to release the prohibition of writing new data and the second command to release the prohibition of writing to the storage area in general.
- Two types may be provided, and the memory controller 130 may determine whether the received protect OFF command is the first command or the second command. In this case, the user can select which of the first command and the second command to output in the dedicated application program AP.
- the memory controller 130 when the memory controller 130 receives the second command, it permits general writing of data to the storage area 122 until it receives the protect ON command as in the above-described embodiment. permits the reading of data stored in the storage area 122 and the writing of new data to the storage area, but prohibits rewriting of the data already stored in the storage area 122 and returns an error to the command issuing source. good.
- the dedicated application program AP in a mode in which the prohibition of rewriting of stored data is maintained even in the protection OFF state, the dedicated application program AP may be caused to execute a process of outputting an error message when the rewriting process is instructed by the user. .
- the protected state is a state in which writing to the storage area is prohibited in general, but writing of new data is permitted, and rewriting of existing data (change of file name, modification of data contents, etc.) is prohibited. It may be in a prohibited state.
- the memory controller 130 does not receive the protect OFF command, the memory controller 130 permits the recording of new data in the storage area 122 and the reading of the data stored in the storage area 122. Data reading and writing to the storage area 122 may be managed so as to prohibit rewrite processing. This is because if the rewriting process of the stored data is prohibited, the data stored in the storage device 10 can be prevented from being altered.
- a write-once medium is a recording medium in which new data can be written but written data cannot be rewritten.
- the memory controller 130 stores illegal disconnection information indicating illegal disconnection in the management area 122b. may be stored in If the storage device 10 is removed from the connected electronic device before the protection ON command is received, such as during the writing process, the protection of the storage device 10 remains canceled and the data recorded in the storage device 10 is altered. This is because there is a risk of being equalized.
- the memory controller 130 stores status information indicating "accessing" at the time when the protection is canceled in the management area 122b.
- the status information may be rewritten from "accessing" to "normally terminated” when processing such as writing to the target data is completed and the protection ON state is restored.
- information indicating that an abnormal termination has occurred should be stored in the management area 122b.
- the evidence is recorded in the management area 122b of the storage device 10. If AP is used, it is possible to check the evidence and take countermeasures such as prohibiting subsequent writing.
- the dedicated application program AP determines whether or not the setting information regarding prohibition of data rewriting is recorded in the storage device 10. and, if the setting information indicates that rewriting of data is permitted, storing prohibition information for prohibiting writing to the storage device 10 in the management area 122b of the storage device 10; If prohibition information is stored in the area 122b, a step of rejecting a write request to the storage device 10 from the user may be further executed by the computer device at the installation destination.
- a pattern data string that is not recorded by the OS may be written in a predetermined area in the management area 122b.
- a specific example of this specific area is an MBR (Master Boot Record) or a boot sector.
- the MBR is an area indicated by the top address of the logical addresses in the storage device 10 .
- a boot sector is the leading sector of a partition provided in the storage area 122 of the storage device 10 .
- the memory capacity of each of the MBR and boot sector may vary depending on the type of OS, but for example it is 512 bytes.
- the storage area 122 in the storage device 10 is formatted by the OS
- the stored contents of the boot sector are updated according to the OS. Therefore, by writing a pattern data string that the OS does not record in the MBR or boot sector when the storage device 10 is shipped, whether or not the partition has been changed or reformatted can be detected from the stored contents of the MBR or boot sector. it becomes possible to
- the dedicated application program AP in this aspect stores a data string of a predetermined pattern in a predetermined area in the management area of the storage device when the identification information acquired in the confirmation step SA110 is registered in advance. and, if the data string is not stored, rejecting the user's write request to the storage device.
- a dedicated application program AP that conspicuously characterizes the present invention was pre-installed in the PC 20 .
- the dedicated application program AP may be distributed by downloading via an electric communication line, or may be distributed in a form written on a computer-readable recording medium.
- the storage device 10 is shipped with a dedicated application program AP paired with the storage device 10 written in the data area 122a of the storage device 10, and the storage device 10 is first installed in the electronic device after shipment.
- a step of acquiring identification information of a storage device connected to the computer A step of outputting a command for releasing the prohibition of
- the storage device 10 may additionally have functions other than storage.
- the storage device 10 may be provided with an interface for connecting to a network such as a LAN, and function as a shared storage (NAS (Network Attached Storage)) accessed by a plurality of PCs. That is, the storage device 10 may be provided with a function for realizing the function of a general personal computer.
- NAS Network Attached Storage
- the storage device 10A shown in FIG. Functions may be incorporated in the control unit 140 in advance.
- the storage device 10A may be housed in the same housing as the hardware for realizing the functions of a general personal computer.
- Input/output devices such as a keyboard and a display may be connected via, for example, the connection I/F 110, or may be connected via a communication interface for connecting to a network such as a LAN. .
- the operation when the storage device 10A is connected to another PC 20 via the connection I/F 110 is the same as the operation described using FIGS. That is, when there is a request from the other PC 20 to access the data stored in the storage device 10A, the memory controller 130 does not receive at least a write request unless it receives a protect OFF command generated by the dedicated application program AP. refuse. This prevents the data stored in the storage device 10A from being unintentionally rewritten or unintended data from being written.
- Another method of restricting write requests is to have the OS recognize the storage device 10 as a ROM device that cannot normally be written to, so that only when the dedicated application program AP performs a write operation, the dedicated application program AP can be read. changes the OS's perception of storage device 10 from a ROM device to a writable recordable device, and after the write operation is completed, changes the OS's perception of storage device 10 back from a writable device to a ROM device. This makes it possible to reject write requests from other than the dedicated application program AP.
- Commands related to writing information may not be transmitted to memory controller 130 until received.
- the storage device 10B receives the protect OFF command
- the memory controller 130 will not receive at least a write-related command, so that information will not be written to the storage area 122 .
- the protect OFF command for the control unit 140 of the bridge board 150 used here may be the same command as the protect OFF command for the memory controller 130, but from the viewpoint of making it difficult to be hacked from the outside, the protect OFF command for the memory controller 130 is used. It is preferable to use a command different from the OFF command.
- the control unit 140 of the bridge board 150 does not receive the write command or No commands, including read commands, may be transmitted to memory controller 130 .
- the bridge board 150 has a memory (not shown) in which the password is stored. This prevents the data in the storage device 10B from being rewritten or read by a user who does not know the password.
- This password may be set in advance when the storage device 10B is shipped from the factory or the like, and may be known only to the purchaser of the storage device 10B. may be used to set the storage device 10B after the fact. Also, multiple passwords may be set for each type of command (read command, write command, etc.) that the memory controller 130 can recognize, or only one password that is common to all commands may be set.
- a log file for managing the write history is stored in advance in the management area 122b, and by referring to this log file, It may be checked whether the data stored in the storage device 10 has been tampered with.
- This log file may be created by the memory controller 130 when writing to the storage device 10 for the first time, or may be stored in the management area 122b when the storage device is shipped. It may be created in response to a log file creation command received from the PC 20 when it is first connected.
- this log file contains the timing (date and time) of writing, the file name of the file to be written, and the contents of the file, using a predetermined hash function. The hash value obtained is associated and described. This means that each write adds a new record to the log file.
- the file name the information of the storage area (path) is omitted in the figure for convenience of explanation, but the file name may include the information of the path.
- the hash value may be generated by the memory controller 130, or by the PC 20 or the control unit 140 in which the dedicated application program AP is installed. In the latter case, an instruction to update the log file including the hash value is supplied to the memory controller 130 together with the instruction to write the target file.
- the PC 20 determines whether the data stored in the storage device 10 or the like has been tampered with by referring to this log file at a predetermined timing according to instructions from the memory controller 130 or the dedicated application program AP.
- the execution timing of this determination may be based on a schedule predetermined by the memory controller 130, or may be triggered by receiving a command for executing a predetermined tampering check from the connected PC 20. . In the latter case, the user may set the execution timing of the falsification check in the dedicated application program AP.
- a specific timing setting for example, every time the storage device 10 or the like is connected, arbitrary timing designated by the user and a certain cycle (every month, etc.) can be considered.
- Memory controller 130 first generates a hash value for each of all files currently stored in data area 122a using a predetermined hash function such as MD5 or SHA256. For example, the generated set of hash values and the set of hash values described in the log file read from the management area 122b are compared to determine whether they are the same. If they are the same (perfect match), it is determined that no falsification has occurred. If they are not the same, it is determined that falsification is suspected. In this case, the following processing may be subsequently performed.
- a predetermined hash function such as MD5 or SHA256.
- the PC 20 which operates according to commands from the memory controller 130 or the dedicated application program AP, stores the file names of all files described in the log file and all file names currently stored in the data area 122a. Check consistency with
- the PC 20 According to instructions from the memory controller 130 or the dedicated application program AP, the PC 20 writes the result of the above determination (at least information indicating the possibility of falsification) to the management area 122b. Information indicating the result of determination is provided to the PC 20 as necessary.
- the memory controller 130 receives commands for editing or deleting the content or file name of the log file from other than the dedicated application, or updates commands for the log file supplied independently of general file write commands. is suspected of unauthorized access to log files and should preferably not be accepted.
- the log file and/or the information indicating the tampering judgment result is always output to an external device having a file lock function, or when the log file is protected, it is stored in an external device such as the storage device 10. You can remember.
- the log file and/or the falsification determination result are stored only when the memory controller 130 receives a predetermined command generated by the dedicated application program AP described above (when connected to the PC 20 on which the AP is running). , to the PC 20 .
- the log file and/or the information indicating the falsification judgment result be given an attribute that the dedicated application program AP can only read and cannot rewrite.
- the log file may be recorded in a recording device having a function of receiving the protect ON/OFF command described above.
- a storage device has at least a control section that supplies a command received from a computer to the memory controller when a predetermined password is received from the computer.
- the function of updating the log file at the time of writing and the falsification determination process described above can be provided to, for example, a dedicated application program AP. That is, the execution commands for updating the log file and judging falsification described above are performed based on commands supplied from the PC 20 connected to this general storage device and executing the dedicated application program AP. That is, each time the dedicated application program AP in this aspect writes one file, it also writes the contents of the log file having the file name predetermined in association with the identification ID of the storage device to the write target. The log file is updated based on the file, and the updated log file is stored in a predetermined area in the storage device. Then, at a predetermined timing while this storage device is connected, the aforementioned falsification determination is performed.
- the hash value described in the log file stored in this storage device and all file names currently stored in this storage device are read, and the hash value is calculated based on the read file names.
- tampering determination is performed by comparing both, and detailed contents of tampering (file deletion/addition, file name change, etc.) are further specified as necessary. If the user who manages data tampering and the user who records the data are different, the user who monitors data tampering should save a log file and use that log file to check whether the data has been tampered with. can be
- target files for tampering determination are not the entire storage device (that is, all files stored in the storage device), but a preset partial storage area or folder (aggregate of files). good too.
- a program causes a computer connected to a storage device to store, in the storage device, a hash value generated based on the file to be written when the file is written; comparing the hash value stored in the storage device with a hash value calculated based on the file stored in the storage device; and outputting information indicating the possibility of falsification based on the result of the comparison. and causing to be performed.
- file is not dependent on a specific OS, other computer systems, or data contents, but refers to a data structure of the minimum unit when writing, reading, or other user operations are performed.
- Reference Signs List 1A, 1B ... computer system, 10, 10A, 10B... storage device, 20... PC, 110... connection I/F, 120... memory chip, 122... storage area, 122a... data area, 122b... management area, 130 ... Memory controller, AP ... Dedicated application program
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Software Systems (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
[Problème] Protéger des données sans nuire à la commodité. [Solution] L'invention porte sur un dispositif de stockage 10 comprenant une interface de connexion 110, une puce de mémoire 120 et un contrôleur de mémoire 130. L'interface de connexion 110 donne et reçoit des informations à destination et en provenance d'un dispositif électronique qui accepte une opération de fichier provenant d'un utilisateur. La puce de mémoire 120 comprend une zone de stockage 122 qui stocke des données. Le contrôleur de mémoire 130 gère, lorsqu'une commande reçue en provenance du dispositif électronique en tant que destination de connexion est une commande autre qu'une commande d'arrêt de protection, la lecture et l'écriture de données dans la zone de stockage 122 de manière à interdire, pour le dispositif électronique en tant que destination de connexion, au moins l'écrasement des données stockées dans la zone de stockage 122.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2023561586A JPWO2023090297A1 (fr) | 2021-11-22 | 2022-11-14 |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2021189683 | 2021-11-22 | ||
JP2021-189683 | 2021-11-22 | ||
JP2022-016543 | 2022-02-04 | ||
JP2022016543 | 2022-02-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023090297A1 true WO2023090297A1 (fr) | 2023-05-25 |
Family
ID=86396996
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2022/042268 WO2023090297A1 (fr) | 2021-11-22 | 2022-11-14 | Dispositif de stockage et programme |
Country Status (2)
Country | Link |
---|---|
JP (1) | JPWO2023090297A1 (fr) |
WO (1) | WO2023090297A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116795741A (zh) * | 2023-08-28 | 2023-09-22 | 凡澈科技(武汉)有限公司 | 存储器数据防删除篡改方法及系统 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009182670A (ja) * | 2008-01-30 | 2009-08-13 | Oki Data Corp | 画像処理装置及び画像処理システム |
US20090259796A1 (en) * | 2008-04-10 | 2009-10-15 | Phison Electronics Corp. | Data writing method for non-volatile memory and storage system and controller using the same |
JP2013025519A (ja) * | 2011-07-20 | 2013-02-04 | Nec Biglobe Ltd | 記憶装置共用システム、管理装置、アクセス制御装置、その方法およびプログラム |
US20200310926A1 (en) * | 2019-03-27 | 2020-10-01 | SK Hynix Inc. | Apparatus and method for reducing cell disturb in an open block of a memory system during a receovery procedure |
-
2022
- 2022-11-14 JP JP2023561586A patent/JPWO2023090297A1/ja active Pending
- 2022-11-14 WO PCT/JP2022/042268 patent/WO2023090297A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009182670A (ja) * | 2008-01-30 | 2009-08-13 | Oki Data Corp | 画像処理装置及び画像処理システム |
US20090259796A1 (en) * | 2008-04-10 | 2009-10-15 | Phison Electronics Corp. | Data writing method for non-volatile memory and storage system and controller using the same |
JP2013025519A (ja) * | 2011-07-20 | 2013-02-04 | Nec Biglobe Ltd | 記憶装置共用システム、管理装置、アクセス制御装置、その方法およびプログラム |
US20200310926A1 (en) * | 2019-03-27 | 2020-10-01 | SK Hynix Inc. | Apparatus and method for reducing cell disturb in an open block of a memory system during a receovery procedure |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116795741A (zh) * | 2023-08-28 | 2023-09-22 | 凡澈科技(武汉)有限公司 | 存储器数据防删除篡改方法及系统 |
CN116795741B (zh) * | 2023-08-28 | 2023-11-10 | 凡澈科技(武汉)有限公司 | 存储器数据防删除篡改方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2023090297A1 (fr) | 2023-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4690310B2 (ja) | セキュリティシステム及びその方法 | |
TWI799224B (zh) | 控制儲存裝置之方法 | |
JP4520755B2 (ja) | データ移行方法およびデータ移行装置 | |
US7370166B1 (en) | Secure portable storage device | |
US8474021B2 (en) | Security system and method for computers | |
US20080046997A1 (en) | Data safe box enforced by a storage device controller on a per-region basis for improved computer security | |
US20070028292A1 (en) | Bus bridge security system and method for computers | |
US20030221115A1 (en) | Data protection system | |
JP2013506910A (ja) | ライトワンスリードメニー(worm)メモリデバイスの認証およびセキュアリング | |
JP5184041B2 (ja) | ファイルシステム管理装置およびファイルシステム管理プログラム | |
JP4521865B2 (ja) | ストレージシステム、計算機システムまたは記憶領域の属性設定方法 | |
JP2007280096A (ja) | ログ保全方法、プログラムおよびシステム | |
US20040003265A1 (en) | Secure method for BIOS flash data update | |
JP5457427B2 (ja) | 記憶装置、端末装置およびコンピュータプログラム | |
JP2020520518A (ja) | 独立した復元領域を有する補助記憶装置およびこれを適用した機器 | |
WO2023090297A1 (fr) | Dispositif de stockage et programme | |
JP2014071887A (ja) | 安全なリムーバブル大容量記憶装置 | |
CN110096459B (zh) | 数据存储装置、数据处理系统、运用系统及数据处理方法 | |
US20040107357A1 (en) | Apparatus and method for protecting data on computer hard disk and computer readable recording medium having computer readable programs stored therein | |
TWI414958B (zh) | Read - only protection of removable media | |
US20220374534A1 (en) | File system protection apparatus and method in auxiliary storage device | |
US11720677B2 (en) | Attached storage device for enhanced data and program protection | |
JP5397617B2 (ja) | 管理システム、情報処理装置、管理装置、管理方法、及びプログラム | |
JP2019159766A (ja) | データ保護装置、データ保護方法、およびデータ保護用プログラム | |
JPWO2005010761A1 (ja) | 書込制御方法及びコンピュータシステム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22895578 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2023561586 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |