CN101398764A - Portable usb device that boots a computer as a server with security measure - Google Patents
Portable usb device that boots a computer as a server with security measure Download PDFInfo
- Publication number
- CN101398764A CN101398764A CNA2008100080354A CN200810008035A CN101398764A CN 101398764 A CN101398764 A CN 101398764A CN A2008100080354 A CNA2008100080354 A CN A2008100080354A CN 200810008035 A CN200810008035 A CN 200810008035A CN 101398764 A CN101398764 A CN 101398764A
- Authority
- CN
- China
- Prior art keywords
- memory device
- principal computer
- portable memory
- computer
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
Techniques for booting a host computer from a portable storage device with customized settings with secure measure are described herein. According to one embodiment, in response to detecting a portable storage device inserted into a first host computer, the portable storage device is authenticated using a private key stored within the portable storage device against a public key stored in a second host computer over a network. In response to a successful authentication, data representing a personal working environment associated with a user of the portable storage device is downloaded from the second host computer over the network. After reboot, the first host computer is configured using the obtained settings of the personal working environment, such that the user of the portable storage device can operate the second host computer in view of the personal working environment. Other methods and apparatuses are also described.
Description
[technical field]
The present invention system particularly activates computing machine about a kind of by the operating system that is stored in portable apparatus again about a kind of computer system.
[background technology]
The personal computer system has become an instrument of popularizing in modernized society.Portable computer system light computing machine for example on knee (laptop) or mobile computer, more and more general because of their convenience taken.The user can carry a portable computer to a So Far Away of being separated by, and can not lose the individualized operating environment that the user is familiar with.Therefore, most user under any circumstance likes using themselves computing machine, and is reluctant to sacrifice their personalized operating environment or personalized setting, for example operating system, Email client, word processing system etc.
Yet under some environment, it is still inconvenient for example to carry mobile computer for example in one stroke, because it still is considered to too heavy.Another inconvenient reason is that the user worries that mobile computer is caused archives loss, stealing or deletion by hacker attacks.At So Far Away, in for example external restaurant, may offer the guest of restaurant remote computer and use; Yet the operating environment of remote computer may be inequality with computing machine in the user family, for example different work environment, different mother tongue or different application programs etc.Therefore, if when the user wanted to use long-range or strange computing machine, the user was restricted to use available characteristic or setting in the long-range or strange computing machine.In addition, some secure content can't be by strange computer access, unless the user remembers his checking voucher.Person more, when using a strange computing machine, the user may worry to stay individual or confidential information on strange computing machine.
In view of this, the present invention satisfies the disappearance at above-mentioned known techniques, proposes a kind of Portable USB device of computing machine as server that activate under safety practice, effectively to overcome these above-mentioned problems.
[summary of the invention]
The present invention is that description is a kind of becomes the technology with customized settings by portable memory device active host under safety practice.According to a specific embodiment, insert the portable memory device of first main frame in order to respond detecting one, portable apparatus is to utilize the individual golden key (private key) that is stored in the portable memory device to see through network to verify that comparison is stored in the public key (public key) in second principal computer.Respond the checking of a success, represent the personal work environmental data relevant to see through network and be downloaded by second principal computer with the portable memory device user.Through activating again, the personal work environment set that the first principal computer utilization is obtained carries out framework, so the user of portable memory device can see operation second principal computer under the personal work environment.
The present invention's further feature will be by presenting in the additional graphic and following concrete detailed description.
Under illustrate in detail by specific embodiment, when the purpose that is easier to understand the present invention, technology contents, characteristics and the effect reached thereof.
[description of drawings]
The step of the operating environment of setting up a computer system is described by 1A-1B figure system according to the present invention's specific embodiment.
The 2nd figure is the block schematic diagram according to the portable memory device example of one of the present invention specific embodiment.
The 3rd figure is the calcspar according to the portable memory device with several dividing sector of one of the present invention specific embodiment.
The 4th figure is the block schematic diagram according to the personal work environmental images of one of the present invention specific embodiment.
The 5th figure is the block schematic diagram according to user's dividing sector of one of the present invention specific embodiment.
The 6th figure is the schematic flow sheet of setting up the principal computer operating environment according to one of the present invention specific embodiment.
The 7th figure is the work group configuration example block schematic diagram according to one of the present invention specific embodiment.
The 8th figure is a block schematic diagram of describing one of one of the present invention specific embodiment system configuration example.
The 9th figure is another specific embodiment of describing the present invention, sets up the process flow diagram of a principal computer operating environment step.
10A and 10B figure system install according to the account number and the multimedia player of one of the present invention specific embodiment, and multimedia file is downloaded and secure digital copyright management mechanism (DRM) system of broadcast.
The 11st figure is the calcspar according to the specific embodiment of the present invention's principal computer.
The 12nd figure is the specific embodiment calcspar according to the present invention's portable memory device.
Among the figure:
101 checking vouchers
102 data or content
103 networks
104 local computers
105 first working environments
106 operating system images
The random snapshot of 107 first working environments
108 USB storage devices
109 computing machines
110 second operating environments
111 checking vouchers
200 portable memory devices
201 OS images
202 personal work environmental images
203 Region control programs
204 bus interface logics
205 bus interface
206 inner connections
207 checking vouchers
300 portable memory devices
301 dividing sector
302 dividing sector
303 user's dividing sector
The 304 segmented disk districts that reserve
305 images
306 images
307 random personal work environmental images
308 random personal work environmental images
309 user's data files
310 user's configurations
311 start configurations
312 automatically perform
313 checking vouchers
314 user's application programs
400 personal work environment
401 personal informations and desktop are set
402 email clients and setting
403 people's contacts
404 web browser bookmarks
405 web browsers are got soon
406 website log information
407 sweep-drug/SPAM application program or settings
408 people like application program
409 personal communications set
500 user's dividing sector
501 user's configurations
502 user's data files
503 Office series of programs
504 Viruses
505 firewall programs
600 processes
601 squares
602 squares
603 squares
604 squares
605 squares
606 squares
607 squares
700 configurations
701 webservers
702 computer networks
703 strange main frames 1
704 strange main frames 2
705 devices
706 devices
707 vouchers
708 vouchers
709 checking vouchers
710 work group account numbers
801 servers
803 strange principal computers
804 portable memory devices
805 regional host computers
900 steps
901 squares
902 squares
903 squares
904 squares
905 squares
906 squares
907 squares
1001 license server
1002 principal computers
1003 multimedia players
1004 multimedia player ID
1005 account numbers
1007 personal identity numbers
1,008 second decryption engines
The inquiry of 1009 account numbers
1010 device ID checkings
1011 content of multimedia forms
1012 users select content of multimedia
1013 prepare to download
1051 ciphering multimedia contents
1052 encrypted title gold keys
1053 have encrypted duplicate
1054 have deciphered duplicate
1055 copy rules
1056 encrypted title gold keys
1057 encrypted song
1058 demultipliers
1059 encrypted title gold keys
1060 encrypted song
1061?PC?ID
1063 deciphers
1064 deciphers
1066 Computer I D
1100 control main systems
1101 computer interface units
1102 CPU (central processing unit)
1,103 first door bolts
1104 hard disks
1105 main Ports
1,106 first crypto engines
1,107 first decryption engines
1108 registrations
The inquiry of 1109 account numbers
1110 main systems
1200 electronic bits of data flash storage cards
1203 Ports
1204 mess code generators
1,205 second door bolts
1206 PBA translaters
1207 comparers
1208 decoding engines
1209 storing medias
1210 buses
1,212 first mess codes are compiled engine
1,214 second mess codes are compiled engine
1216 upset engine
[embodiment]
Described herein is to become the technology with customized settings about a kind of by portable apparatus active host under safety practice.In following description, a lot of details are suggested, with the enough explanations of the specific embodiment that the present invention is provided.Yet, apparently and easy to know be, be familiar with the specific embodiment that this skill person can implement the present invention, and need not these specific details.In other embodiments, the well known structure that is presented in calcspar is not to present in detailed mode with device, is the emphasis place for fear of fuzzy the present invention's specific embodiment.
A so-called specific embodiment is to describe special feature, structure or a characteristic relevant with specific embodiment in detailed description, and it all is contained among at least one embodiment of the present invention.Several local words and phrases that occurred in detailed description " in one embodiment " specific embodiment with similar is relevant completely.
According to specific embodiment, a portable apparatus such as USB (universal serial bus) can be in order to store any individual's configuration or the operating environment relevant with user's personal computer.Therefore, the user can carry storage device travelling to a So Far Away and utilize a strange computing machine with different work environment or setting to carry out this storage device.The individualized configuration of the operating environment relevant with the user can be used to the strange computing machine of configuration becomes individualized operating environment, and it is similar to the usability on the own computing machine of user.
The original configuration of strange computing machine will no longer be restricted.The substitute is strange computing machine and be by being stored in operating system (OS) in the portable apparatus and activate and utilize the individualized configuration file of a user's personal set that has captured, with configuration operating environment on strange computing machine.Therefore, the user will operate any strange computing machine under themselves personalized operating environment, as the computing machine of operation in the own home oneself.
According to a specific embodiment, portable memory device includes some checking authority (authentication credentials), for example user's name, password (password) and people's gold key (private key).Before portable memory device inserts strange principal computer, activates strange main frame again again, utilize the checking authority relevant to verify this portable memory device with a remote host computer or server.As long as portable memory device is successfully authenticated, strange principal computer will be activated again by an OS image that is stored in the portable memory device.Person more; but include some recording medium content protecting (CPRM in the portable memory device; Content ProtectionRecordable Media) or prerecording media content protection (CPPM; content protectionpre-recorded media) authentication mechanism is to verify or to check the CPRM/CPPM content that some is stored in this locality or is downloaded by remote equipment.Therefore, use can use a portable memory device to see through network access one remote equipment as a security password or verification tool.
What need emphasize is that to utilize a storage device with USB interface described in the application's case be a kind of example of portable memory device, therefore, for instance, IEEE-1394 (being also referred to as Firewire) or PCMCIA (Personal Computer Memory Card International Association), SATA, SD/MMC or other storage device also can use.
The step of the operating environment of setting up a computer system is described by 1A-1B figure system according to the present invention's specific embodiment.See also 1A figure, originally, USB storage device 108 is to insert local computer 104, and it ties up to 105 times runnings of one first working environment.First working environment 105 can utilize user's portable memory device 108 to carry out the individual and turn to and have that the user likes or best the setting or application program.For instance, first working environment 105 can include user personal desktop setting, email client, multimedia player, word processor or sweep-drug/SPAM to be set or the like, shown in 4-5 figure.
Can be captured and be stored in the USB storage device 108 when USB storage device 108 inserts first computing machine, 104, the first working environments 105, as customized settings archives 107 (personalconfiguration file).In addition, some checking voucher 101 of user also can be copied to portable memory device 108, with as verifying voucher 111.Therefore verify that voucher 111 can be used for remote access main frame 104, for instance, data subsequently or content 102.For instance, checking voucher 101 can include the user title relevant with the user, password, and public key.Similarly, credential verification 111 can include the user title relevant with the user, password, and private key.
According to a specific embodiment, after above-mentioned detecting was with the principal computer of USB device insertion as principal computer 104, principal computer 104 responses were also checked on the USB storage device 108 " can activate " or " can carry out " dividing sector.Cause at principal computer 109 like this " can utilize application program " " execution " and " user's menu " result from the computer screen.It presents various selection forms and gives the purpose user, organizes special parameter, client software to select or to obtain all application systems, OS configuration, working environment, for example Email, webpage configuration, the Multimedia Program liked.Utilize a button to click or an activation, principal computer 109 begins to gather all relevant configurations, parameter setting and encirclement (wrap around), to produce a main calculator working environment " shop drawing picture (Workimage) ", it is to be stored in external USB storage device " user specifies dividing sector ".In another example, in Microsoft, Redmond, Washington, under the Windows operating environment that can utilize, spendable application program can " pass (walk through) " some zone of window registry, go down to obtain to install configuration info with some application program in Windows operating system.This information can be compressed to quite undersized configuration file 107 subsequently and be stored in USB storage device 108.Configuration file 107 can utilize several security tools to be translated into password, so configuration file 107 can include some personal-machine confidential information.In addition, USB storage device 108 more can include an operating system image 106 (a for example server OS image), and it can be used to activate an outer computer becomes server, and need not use the OS of outer computer inside.Otherwise above-mentioned data can utilize main frame 104 to collect and be stored in the follow-up download of main frame.
Continue, shown in 1B figure, user's portability USB device 108 inserts a long-range or strange computing machine 109, and computing machine 109 is to operate in second operating environment 110.Second operating environment 110 may with the identical or different operating system of computing machine 104 under operate.Yet, inequality in the individual configuration of operating environment (also can be working environment herein) and the computing machine 104.When USB storage device 108 inserted second computing machine 109 via one of computing machine 109 USB interface, USB storage device 108 was detected and is discerned, for example via the plug and play characteristic of an operating system in this execution.USB storage device 108 is operated system's (as archives economy) subsequently and sets up and be mass storage (mass storage).
Afterwards, start process can be by the user manually or automatically perform initialization.According to a specific embodiment, response is the request of start again, and USB storage device 108 can see through network 103 checking main frames 104, and network 103 can be Wide Area Network (WAN), world-wide web for example, and perhaps LAN is as the world-wide web of entity or company.USB device 108 also can utilize checking voucher 111 to identify, the checking voucher 101 of contrast principal computer 104.After having only successfully evaluation, principal computer 109 is just activated again by the OS image 106 of USB device 108; Otherwise principal computer 109 is that self operating system with regular use activates again.
In addition, after the relation of good authentication USB device 108 and principal computer 104, represent the data of first working environment 105 to be downloaded to USB device 108 (for example, the part of the snapshots of web pages of working environment 107) by principal computer 104.This data that is downloaded can be translated into password via the public key of principal computer 104 and utilize the private golden key that public key is relevant therewith to decipher by USB device 108.
Public key cryptography (Public key cryptography), being also referred to as is non-symmetric cryptography, is a kind of cryptography pattern, it is that the user has a pair of password gold key-a public key and a private key.Private key is to remain on secret state, and public key can be dispersed widely.This golden key is relevant with mathematics, but private key in fact can not be by public key.The message that is translated into password by public key only can utilize relevant private key to be decrypted.On the contrary, private key cryptography (secret key cryptography), being also referred to as is symmetric cryptography, is to be only to use single password gold key at encrypt and decrypt.
Cryptographic two the main branches of public key are: 1) public key encrypt-utilize a recipient the signal that public key compiled can't be by anyone decoding, unless accept the main identical private key that have; 2) but digital signature-signature has the signal of the person's private key of posting the part to be had access person's public key person checking of posting the part by any, the proof person that posts the part signs it and signal can't be altered by this.The technology that also can utilize other is digital signature for example.The attention of value be the operation of above-mentioned checking and encrypt/decrypt can utilize various algorithms with or agreement for example PGP (pretty good privacy) or RAS verification algorithm carry out.
During starting shooting again, heat start or cold boot, the BIOS coding is captured, to carry out some initial operation (for example POST or the self-side-looking of starting shooting).Behind the USB storage device that the BIOS detecting is inserted, BIOS can further detect the start section that is positioned at the USB storage device.For instance, BIOS can open the Region control program (not shown) in the USB storage device, and it confirms and carry out the start section of USB device in regular turn, activates computing machine 109 to utilize OS image 106.Therefore, replace and utilize the original OS of computing machine 109 to activate computing machine 109, BIOS can carry out the Region control program in the USB storage device, opens sequence control to take over.As a result, computing machine 109 is to utilize 106 starts of OS image.
In case, computing machine 109 utilizes OS image 106 to open and sets up an operating environment (utilizing desktop environment), can will be captured by the previous described individualized configuration file of being downloaded through the principal computer 104 of good authentication 107, be included the operating environment of some user's customized settings with framework.As a result, the operating environment of computing machine 109 can have the working environment similar to one of computing machine 104, and this working environment person of being to use quite is familiar with.Additional data or content, for example content 102 also can be downloaded by principal computer 104.Such content is secure content also, and for example CPRM/CPPM assentment content and such content can be verified or authorize, for example the checking voucher 111 of ISB device 108.Person more, the user of USB device 108 is access one remote server safely, and the server that allows of CPRM/CPPM for example is with the CPRM/CPPM content of downloading or proof is additional, to use in principal computer 109.For instance, user's BUS device 108 can (for example be bought additional CPRM/CPPM media content by a server, movie news/cd audio properties CD), utilize the multimedia player that is stored in certain CPRM/CPPM voucher of USB device and utilizes CPRM/CPPM to allow to play the media content that this has downloaded.
In case the user has finished to use distant place computing machine 109 (for example leaving restaurant or client), the user can pull out portable memory device 108 by principal computer 109, and is ready to go home or moves to other at a distance.According to a specific embodiment, response portable memory device 108 removes from principal computer 109, some " refuse collection (garbage collection) " and operation will on principal computer 109, carry out.For instance, some temporary file (for example get archives (cached files) soon or by downloading the temporary file that gets off on the webpage) that is stored in principal computer 109 storage areas will be erased.Under such situation, any possible individual confidential data relevant with the user will be by removing in the remote computer 109.
Person more, according to specific embodiment, when operation principal computer 109, if any setting in user's modification environment (for example change of address/phone portion or website binding/bookmark etc.), before removing portable memory device 108 by principal computer 109, the modification environment set of at least one part can be stored back in (synchronously) portable memory device 108.Therefore, when the user carried portable memory device 108 and gets back to user's oneself computing machine (for example computing machine in this locality or the family), this amended working environment can be returned to the computing machine that is stored to user oneself (for example computing machine 104) by portable memory device 108.
The 2nd figure is the block schematic diagram according to the portable memory device example of one of the present invention specific embodiment.For instance, portable memory device 200 can be the some of portable memory device 108 among the 1st figure.See also the 2nd figure, portable memory device 200 includes, but be not limited thereto, an OS image 201, a personal work environmental images 202, local control program or via a bus or inner connect 206 programs that are bonded to other, with a checking voucher 207 (for example user's title, password or private key).Portable memory device 200 more includes a bus interface logic (bus interface logic) 204 and one bus interface 205, and it is the interface that is connected to external device (ED) (as external host computers) as portable memory device 200 via suitable bus communication agreement (for example USB communications protocol).OS image 201 can be that the some and the personal work environmental images 202 of OS image 106 among the 1st figure can be the some of working environment image 107 among the 1st figure.
As mentioned above, when portable memory device 200 insertions one external host computers, OS image 201 will be used to start via local control program 203, and external host computers will not used the original OS of external host computers.In case principal computer is activated and through checking, individualized working environment image 202 will be captured and in order to the operating environment of framework principal computer, to have the default working environment relevant with the user of portable memory device 200.Be noted that individualized working environment image 202 can be come by a remote computer download by checking as previous description.
In addition, portable memory device 200 can randomly include other steering logic.In one embodiment, other steering logic is managed by local control program 203.Person more; portable memory device 200 can include several connector (not shown), as initialization connector (initialization connector), shut down connector (shut-down connector), power control linkage head (power control connector), state LED connector (status LEDconnector), DC power LED connector (DC power LED connector) with/or LCD display be connected first-class.Yet in other specific embodiment, other steering logic can include other assembly.Connector can be bonded to the LEDs (not shown) and the LCD display (not shown) is integrated in portable memory device 200.Moreover the details of more operations about these assemblies can be known in the related application of above-mentioned merging.
According to some specific embodiment, portable memory device can be carried out in single dividing sector or several dividing sector.The 3rd figure is the calcspar according to the portable memory device with several dividing sector of one of the present invention specific embodiment.For instance, portable memory device 300 can be performed the part as the portable memory device 200 of the 2nd figure.Please consult the 3rd figure, in an instantiation, portable memory device 300 includes several dividing sector that store a plurality of different OS images, for example the Linux dividing sector 301 of Linux OS associated profiles and the Windows dividing sector 302 of Windows OS associated profiles.Each of the dividing sector that this OS is relevant includes one becomes the OS image (for example image 305-306) and an individualized working environment image (for example image 307-308) in order to customized or individualized corresponding OS environment of the OS environment of institute's correspondence in order to activate principal computer, and it can be by the remote equipment download once good authentication.Portable memory device 300 can more include user's dividing sector 303, it has user's data file 309, user's configuration 310 (for example fire wall/gas defence is set) and user's application program 314, for example antivirus software, firewall application or multimedia player (for example multimedia player of CPRM/CPPM assentment).Person more, portable memory device 300 includes a default segmented disk district 304, and it has a start configuration 311, active program 312 and checking voucher 313 (for example user's title/password/private key) automatically.
Particularly, please consult the 3rd figure, Linux dividing sector 301 stores Linux OS image 305, and it includes OS routine (OS routines), definition, module and driver, and it is only to load on the main internal memory of computing machine before driving Linux.User's program and data also can be stored in Linux dividing sector 301 under the Linux basis, for example can and remove Linux sweep-drug program viral and other Malware (malware) in order to scanning.
Microsoft Windows separates sector 302 and includes Microsoft Windows OS image 306, its include OS routine (OS routines) but, routine interface (API) interpreter and the driver of definition, module, application program, it is only to load computer primary memory before driving Microsoft Windows.User's program under the Microsoft Windows basis and related data can be stored in Microsoft Windows and separate sector 40, for example Microsoft window application.
When each OS has one can open the corresponding driver of archives of specific archives kenel the time, user's dividing sector 303 stores can be by user's data file 309 of any operating system access.User's configuration 310 can include configuration data, and it is specific for any operating system or may includes general configuration info.
The dividing sector of reserving 304 is dividing sector of flash memory in the USB device, and it stores a control program and related data, and it is captured by USB device itself.The USB device informs that subsequently the present principal computer device that activates of wanting to start shooting goes to automatically perform an application program.Principal computer subsequently conversion and control to the active device of starting shooting to carry out.Include the configuration data that is stored in dividing sector in the flash memory of USB device in the start active device 311, for example move to principal computer with when each button is driven as previous described certain button that utilizes in conjunction with dividing sector 301-302, which dividing sector data biography, which kind of effect or program need be carried out.
Automatically perform (Auto-launcher) the 312nd, a kind of program, it helps the document copying that dividing sector 301-302 is arbitrary to the principal computer that is activated by start, the OS identification of inserting principal computers and being carried out in principal computer when portable memory device 300.Automatically performing 312 can be Launch Pad application program, and forms or menu that it can be checked data type and propose an application software can click for terminal user (end users), to activate the application software that they like, for further behavior.For instance,, automatically perform 312 subsequently and propose multimedia player forms or code translator software, click or select for terminal user if data is the MP3 kenel.Other configuration also can exist.Person more automatically performs 312 and can more include to be triggered by a remote equipment and download content and use checking voucher 313 to verify and will download content to decipher.
The 4th figure is the block schematic diagram according to the personal work environmental images of one of the present invention specific embodiment.For instance, personal work environment 400 can be the some of the working environment image 307-308 of the 3rd figure, and it also can successfully be downloaded by the remote equipment of checking by one.Please consult the 4th figure again, in this example, personal work environment 400 includes the information that presents several people or order setting certainly, includes personal information and desktop setting 401, email client and setting 402 and individual's contact 403, for example mail address book and telephone directory.Personal work environment 400 also more includes certain web browser to be set, and for example, web browser bookmark 404, web browser are got (Webbrowser cache) 405, website log information 406 etc. soon.Personal work environment 400 more includes other application program, for example sweep-drug/SPAM application program or set 407, the individual likes application program 408, for example multimedia player and personal communication set 409, for example VoIP or real-time communication (instant messaging) setting etc.Other individual event also can be included.
The 5th figure is the block schematic diagram according to user's dividing sector of one of the present invention specific embodiment.For instance, user's dividing sector 500 can be the some of user's dividing sector 303 among the 3rd figure.Please consult the 5th figure again, user's dividing sector 500 stores can be by user's data file 502 of access in one or two operating systems, and this access system decision is that application program could be used in this operating system.Office series of programs 503 can include Microsoft Windows officesoftware such as word processing (word processing), spread-sheet program (spreadsheet), contact (contact) and routing software (scheduling software), perhaps the Office groupware that can carry out under Linux or other operating system.Virus 504 can be carried out detecting and remove virus in linux system.Firewall program 505 protection users' computing machine prevents outside attack, when connecting the computer network of going up as world-wide web.User's configuration 501 can include the configuration data of the various type of user, for one or both operating systems.Be stored in user's profile (user profiles) in user's configuration 52 or workspace (workspaces) and can include parameter, email client image, webpage cookies, binding and uniform resource locator (URL ' s), web browser Add-on program, address book, multimedia forms and setting, icon and other user's particular profile.Other assembly also can be involved.
The 6th figure is the schematic flow sheet of setting up the principal computer operating environment according to one of the present invention specific embodiment.Be noted that process 600 can utilize processing logic (processing logic) to carry out, processing logic includes software, hardware or their combination.For instance, process 600 can be carried out by the system shown in 1A-1B and the 2nd figure.Please consult the 6th figure, response portable memory device (for example USB flash memory device) inserts first principal computer, at square 601, processing logic stores the checking voucher (for example user title/password and private key) relevant with the user to a portable memory device (for example USB flash memory device), has first principal computer of first working environment with remote access.At square 602, response portable memory device insertion one has second principal computer of second working environment, and the installing portable memory device is a storage drive machine (storage drive) of second principal computer.
At square 603, response activates the request of second principal computer again, and the processing logic utilization is stored in the checking voucher of this portable memory device and verifies this portable memory device through network by first computing machine.Respond successful checking, square 604 utilizes an operating system image that is stored in this portable memory device to activate second principal computer again.At square 605, processing logic is downloaded data represent the first principal computer environment by first principal computer, and configuration second principal computer becomes and has first working environment, and operates second principal computer under one first working environment, shown in square 606.
In case the user finishes to use second computing machine (for example leaving restaurant or client), the user can be pulled out portable memory device and has been to be ready to go home or to go to another long-range place by second principal computer.Respond this portable memory device and removed by second principal computer, at square 607, processing logic will be carried out some on second principal computer " refuse collection (garbage collection) " operation.For instance, some temporary file (for example get archives soon or by downloading the temporary file that gets off on the webpage) that is stored in the second principal computer storage area will be erased.
Person more, according to one of the present invention specific embodiment, if any setting of user's modification environment before removing portable memory device by second principal computer (for example changing address/telephone directory or webpage binding/bookmark), the working environment setting of revising to small part can be stored back in (synchronously) portable memory device.Therefore, when the user carried portable memory device and gets back to user's oneself computing machine (for example computing machine in this locality or the family), this amended working environment can be returned to the computing machine that is stored to user oneself by portable memory device.Other operation also can be performed.
Be noted that the described technology of above-mentioned specific embodiment according to the present invention can be applied to various data storage devices, for example Serial ATA FLASH hard drive, IDE FLASH harddrive, SCSI FLASH hard drive and Ethernet FLASH hard drive.In addition, also be applied to flash card, for example Express Card, Mini PCI ExpressCard, Secure Digital Card, Multi Media Card, Memory Stick Card and Compact FLASH card according to quickflashing controller of the present invention.At last, contrast in the present invention's system and also can be applicable to other serial bus, for example PCI Express bus, Serial ATA bus, IEEE 1394 bus and Ethernet bus.Therefore, be familiar with this skill person when spirit and the appended claims category that know that in this technology many modifications can't escape the present invention.
According to the present invention's a certain specific embodiment, previous described technology also can be applicable to the work group configuration.The 7th figure is a work group configuration example block schematic diagram according to the present invention's specific embodiment.See also shown in the 7th figure, configuration 700 comprises several work group member, its each have a portable memory device, it has a checking voucher separately, by this successfully by checking back access work group server.In this example, the webserver 701 includes content relevant with work group 710 and work group member's checking voucher 709, for example user's title/password and public key etc.Each member of work group carries a portable memory device (for example installing 705~706), its each have its checking voucher (for example voucher 707~708) and other data separately, for example OS image and previous described individualized working environment.When the user inserts a strange principal computer (for example principal computer 703~704) with his portable memory device, strange principal computer can utilize an OS image that is stored in this portable memory device to start shooting again by portable memory device, and the individualized working environment of configuration one (downloaded by portable memory device or captured) is as before described.
In addition, but user's access server 701 and the relative checking voucher that utilizes 701 pairs of servers to be stored in the portable memory device are obtained checking.In case the user is verified success, but user's access work group content 710.As a result, work group member can use a portable memory device to be open to the custom as a checking, with at its content host of remote equipment access.The portable memory device that the user can carry it is worked to the different strange principal computers or is carried out business and meet in a remote partition office.Otherwise, portable memory device as described herein also can be used as the individualized secure access on the webserver, seeing through any principal computer uses the checking voucher that is stored in this to insert a principal computer and secure access through being stored in voucher in the portable memory device when being approved when portable memory device, terminal user obtains remote server access (for example webserver or apps server or document entry website) to download data or file, for example content of multimedia, video streaming, application software or user's data.In addition, the user also can be disclosed in some file (as web page server) on the server.
Person more, previous described technology also can be applicable to utilizes checking voucher keyholed back plate CPRM/CPPM file, just as the CPRM/CPPM data storage in a portable memory device, the user can be in this locality or at remote access CPRM/CPPM file like this.The 8th figure is a block schematic diagram of describing one of one of the present invention specific embodiment system configuration example, and it can be applicable in the application of CPRM/CPPM.See also the 8th figure, one user relevant with regional host computer 805 (for example home computer) duplicates the data of some CPRM assentment, and for example CPRM licence/golden key and CPRM file (for example CPRM content of multimedia) are to a portable memory device 804 (for example USB flash memory device).In addition, portable memory device 804 is to be equipped with CPRM software and hardware.When portable memory device 804 is to insert strange principal computer 803, CPRM software and hardware can be connected to a CPRM server 801 through the CPRM software of strange principal computer 803, are stored in the CPRM file in the portable memory device 804 to confirm some.As a result, the user of portable memory device 804 can access be stored in the CPRM file in the local portable memory device 804 or utilizes by a remote location such as server 801 or its regional principal computer 805 and carry out remote download CPRM file.
The 9th figure is another specific embodiment of describing the present invention, sets up the process flow diagram of a principal computer operating environment step.Be noted that step 900 can utilize processing logic to carry out, processing logic can include software, hardware or its combination.For instance, step 900 can be utilized in the system shown in the 7th~8 figure and carry out.See also the 9th figure, at square 901, processing logic stores checking voucher (for example user's title/password, private key or digital certificate or the like), it is with relevant a portable memory device (for example USB flash memory device) user, with remote access one first principal computer (for example webserver or Web portal).This portable memory device to one second principal computer (for example remote host computer) is inserted in response, and at square 902, portable memory device is that installing is storage drive.Response activates the requirement of second principal computer again, and at square 903, processing logic comes portable memory device is verified through the checking voucher that the computer network utilization is stored in this portable memory device by first principal computer.Success is by after verifying, the operating system image that is stored in the portable memory device in block 904, the second principal computer utilizations activates again.At square 905, some secure file (for example file of CPRM assentment) can see through computer network by first principal computer and be downloaded and utilize the private key that is stored in the portable memory device to decipher, subsequently at square 906, second principal computer is operated by the file (for example using a multimedia player to play the CPRM content of multimedia, as song and video streaming) of decoding.When portable memory device was pulled out by second principal computer, at square 907, the information or the data that are temporarily stored in second principal computer were removed in operation second principal computer.
10A and 10B figure present according to the account number of one of the present invention specific embodiment and multimedia player and install, and multimedia file is downloaded and secure digital copyright management mechanism (DRM) system of broadcast.For instance, multimedia player 1003 can fitted to be the some of portable memory device 804, and it has built-in multimedia player.Principal computer 1002 can fitted to be the part of strange principal computer 803.License server (License server) 1001 can fitted to be the some of the license server 801 of the 8th figure.In this specific embodiment, portable memory device includes the duplicating of legal licence power that a safety golden key or has legal user's account number or PIN (PIN (Personal Identification Number)).Describe as previous, when portable memory device was inserted into a principal computer, the user secured permission access remote web server or multimedia entry file, to watch content of multimedia (as music, image short-movie or film or the like) forms.The user can be bought any multimedia file and be utilized a multimedia player to play the content of multimedia of this purchase by remote server.
See also 10A figure, the manufacturer of multimedia player 1003 loads a unique multimedia player ID1004 in advance or is loading this unique multimedia player ID1004 on the software of principal computer 1002 in advance to multimedia player 1003 in device.The user is linked to principal computer 1002 with multimedia player 1003, for instance, sees through USB interface, the application specific software of activation on principal computer 1002, and it reads the specific multimedia player ID1004 that comes from multimedia player 1003.The user utilizes the software on principal computer 1002 to be connected to license server 1001 and by transmitting a unique multimedia player ID1004 to license server 1001, to set up an account number 1005.User ID, account number cipher, e-mail address and a Payment Information can be provided by the user.Personal identity number (Personalidentifier number, PIN) 1007 or other confirm that number is to be sent to principal computer 1002 by 1001 generations of license server and Email mailing or alternate manner.Personal identity number 1007 is also by be open to the custom password or identifying code (validation code) that the user produced.
When the user wants to download content of multimedia, login to license server 1001.Login 1008 utilizes account number inquiry 1009 to find user's account number to make response by license server 1001, and device ID checking 1010 is read unique multimedia player ID1004 by multimedia player 1003 and it is compared with the unique multimedia player ID that is stored in the account number data in the license server 1001.The user is prevented from duplicating song to different device, unless this device is also registered and its special multimedia player ID1004 is approved.Therefore, it is forbidden duplicating song to many different multimedia player devices.The multimedia file that can be downloaded be with forms be row give user 1011 and user select one or more the more media file download 1012.Selecteed song is prepared by license server 1001, for downloading 1013.
See also 10B figure, song ciphering unit 1051 utilizes to be encrypted by the license server 1001 selected multimedia file of title key pair user that produces.Title gold key is to utilize golden key encryption equipment 1052 itself to encrypt own, utilizes special multimedia player ID to encrypt golden key as one.Special multimedia player ID1004 is obtained and is stored in the license server 1001 by multimedia player 1003 during the account number shown in the 10A figure is set.Be allowed to duplicate number or other copy rule is to utilize copying encrypted device 1053 to encrypt, it also uses special multimedia player ID as encrypting golden key.The song of having encrypted, title gold key and copy rule are to be sent to principal computer 1002 by license server 1001.Principal computer 1002 stores encrypted song 1057 with encrypted title gold key 1056 and do not need they are decrypted.Yet the copy rule of having encrypted is to utilize regular decipher 1054 to use special multimedia player ID1004 to read multimedia player 1003 to be decrypted, as the golden key of deciphering.The number that duplicate regains is to be stored for copy rule 1055 and by demultiplier (decrementor) 1058 to successively decrease, for each duplicate that is manufactured by the principal computer 1002 of encrypted song 1057.
When the number of duplicate is remaining when arriving at 0, produced by principal computer 1002 that to duplicate the song 1057 that is defective and has encrypted be to be copied to multimedia player 1003.Otherwise the song 1057 of having encrypted, the title of having encrypted gold key 1056 and Computer I D1066 are copied to multimedia player 1003 and save as encrypted song 1060, encrypted title gold key 1059 and PC ID 1061 in the flash memories of multimedia player 1003.PC ID 1066 can be that the special CPU ID, the mess code that are come by the processor of principal computer 1002 are compiled ID or some other values, and it discerns main PC 1002.This PC ID can be loaded into multimedia player 1003 in advance and be stored on the multimedia player 1003 by main PC 1002.PC ID 1066 can be sent to license server 1001, for example in the account number login.
When PC ID1061 do not match in multimedia player 1003 load in advance PC ID the time, coupling 1062 is decrypted encrypted title gold key 1059 by preventing, to stop recording playback.Otherwise when PC ID mates, encrypted title gold key 1059 is to be decrypted by decipher 1063, has obtained title gold key, its utilize song decipher 1064 encrypted song 1060 open.Multimedia code translator 1065 can be given the user by the recording playback content of multimedia.More the person can be known in the Application No. 11/668316 of institute on the 29th co-applications January in 2007 about the particulars of foregoing description technology, and it has been amortized merges into its pertinent literature to the commonly-assigned us of this application case and at this.
The 11st figure is the calcspar according to the specific embodiment of the present invention's principal computer.The 12nd figure is the specific embodiment calcspar according to the present invention's portable memory device.Principal computer 1100 among the 11st figure and the portable memory device 1200 among the 12nd figure can be previous described any principal computer and portable memory device.See also the 11st figure and the 12nd figure, provide the system of electronic bits of data flash storage card security protection to include a main system, generally be set at 1100 and one electronic bits of data flash storage card, it generally is defined as 1200 and can be bonded to main system 1100.Main system 100 includes a CPU (central processing unit) (CPU) 1102, and it is bonded to a bus 1110 (being commonly referred to as signal line).CPU1102 can operate, with data stream and the control encrypt and decrypt engine of controlling 1200 on main system 1100 and electronic bits of data flash storage card, as further describe herein.Computer interface unit 1101 is bonded to bus 1110 and provides the instrument that enters a unencryption user password under CPU control.In one embodiment, computer interface unit 1101 includes keyboard, scanner or fingerprint/eye shape figure reader.Hard disk 1104 is bonded to bus 1110 and provides this locality as cpu command to store, and stores data, to be read/to write to electronic bits of data flash storage card 1200.
First door bolt (latch) the 1103rd, the mess code that is bonded to bus 1110 and provides temporary transient storage to be produced by electronic bits of data flash storage card mess code generator 204, under the control of electronic bits of data flash storage card microprocessor (not shown), as further describe herein.First crypto engine 1106 is to be bonded to bus 1110 and to utilize the mess code that is tied down that the encryption of non-encrypted logical block addresses (LBA), non-encrypted password and non-encrypted data is provided.One second tame ciphertext engine 1109 is to be bonded to bus 1110 and to utilize predetermined (it is a special install) golden key to produce one and encrypt mess code and come the mess code that quilt is fastened is encrypted.This set golden key be by CPU1102 utilize one set algorithm to be produced and set the evaluation value be to belong to electronic bits of data flash storage card 1200 (for example product ID or device sequence code or legal user define password).
In one embodiment, specific electron data flash storage card set the some that golden key is the device serial number set, its when activating (for example when electronic bits of data flash storage card 1200 be insertion main system 1100 provided USB female plug mouth the time) transfer to main system 1100 by electronic bits of data flash storage card 1200.By the gold of the setting key that produces and duplicate each electronic bits of data flash storage card 1200, under this method, main system 1100 does not need to store the relevant gold of the setting key of electronic bits of data flash storage card 1200 that may be bonded to main system 1100 with each, reduce the use of storage area by this and avoid carrying out the demand of initial procedure, before using each electronic bits of data flash storage card 1200.In addition, this method provides unified the consistent method of the principal series that drops on zones of different of doing, decide this setting that is dispensed to big quantity electronic bits of data flash storage card 1200 gold key, allow each main system to obtain the encrypted data that writes by other main system once more by this.
First decryption engine 1107 is to be bonded to bus 1110 and when reading operation, utilizes the mess code that provided by second decryption engine 1108 to provide deciphering for the encrypted data of electronic bits of data flash storage card 1200.Second decryption engine 1108 is to be bonded to bus 1110 and also to utilize when reading operation to have set golden key and produce mess code and provide and change first decryption engine 1107 the encryption mess code that is received by electronic bits of data flash storage card 200 is deciphered.
Main connectivity port 1105 is to be bonded to bus 1110 and can to include an interface, for example a USB interface, a sequence connectivity port interface, an Ethernet port interface and a radio port interface.Main connectivity port 1105 is suitably to be connected media (interface bus) and to set up one and link in order to see through one with the connectivity port (input/output interface loop) 1203 of electronic bits of data flash storage card 1200.
In one embodiment, in the previously described method, electronic bits of data flash storage card 1200 includes a microprocessor (not shown) and and is installed in the redundant mesh of card body and sees through a bus inner connection of 1210 formation.Especially, mess code generator 1204 is to be bonded to bus 1210 and mess code is provided, and it is to be temporary in second door bolt 1205, and it also is bonded to bus 1210.Mess code generator 1204 may be virtual mess code generator or use thermonoise as true random source.Storing media 1209 is to be bonded to bus 1210 and to include one or more than one flash memory device in one embodiment.The password that mess code, ciphered data, the mess code that storing media 1209 stores encryption compiled, as further describe and the data of electronic bits of data flash storage card serial number or other evaluation herein, it is unique to electronic bits of data flash storage card 1200.Writing data or reading of data by storing media 1209 is to utilize physical address (Physical BlockAddress PBA) carries out, and physical address system is produced by a PBA translater 1206 that is bonded to bus 1210.Storing media 1209 can more include open and safety zone.
Decryption engine 1208 is to be bonded to bus 1210, decryption engine 1208 provide Crypted password with by the received decoding of encrypting LBA of main system 1100.One first mess code that is bonded to bus 1210 is compiled engine 1212 provides one to compile password by the mess code of deciphering password and being produced, and it is received by decoding engine 1208 that this has deciphered password system.It is to be stored in the storing media 1209 that mess code is compiled password.Second mess code that also is bonded to bus 1210 is compiled engine 1214 provides a random sequence code in one embodiment, and it is produced by the device serial number, and for electronic bits of data flash storage card 1200, that is the reserved part that is stored in storing media 1209.One mixing that also is bonded to bus 1210 is stirred engine 1216 and is produced an index and random sequence code by unencrypted LBA.PBA translater 1206 translation index become the address of PBA as access storing media 1209.The comparer 1207 that also is bonded to bus 1210 relatively one mess code compile password and compile password with the previous mess code that stores.Can be about the 1200 more detailed descriptions of main system 1100 and portable memory device in the U.S. patent application case 11/685143 of co-applications, its applying date is on March 12nd, 2007, and this application case has been amortized merges into its pertinent literature to the commonly-assigned us of this application case and at this.
Therefore, be to describe by a portable memory device to activate main calculator under the safety practice and have having here from the technology of ordering setting.Previous some part of describing in detail presents with the symbol representative that data bits drilling in algorithm and the calculator memory is done.The description of these algorithms and performance are the employed methods of acquaint with data treatment technology skill person, give other skill person in this skill with the operation material that shifts them most effectively.The general algorithm here is that framework is the coherent sequence of operation, to reach default result.This operation is those object runnings that need physics to measure.Frequently, though not necessarily, this tittle presents with electronics or magnetic signal kenel, with can be stored, change, in conjunction with, relatively and other running.It has been proved to be is easily sometimes, and most of common reason of using is these signals such as position, sound, element, symbol, characteristic, project, numeral or other resemblance.
Yet, need remember, these all or similar project be relevant and only be to indicate easily to be applied to these values with suitable physical quantity.Unless specially point out, otherwise just as what before explained, should know from experience in the description utilize as " processings " or " computing " or " calculatings " or " decision " or " demonstration " or other similar professional term discuss be and the processing of computing machine and the computing electronics relevant or that other is similar of taking action, its operation and change computer system login or internal memory in the data that presented of physics (electronics) value form become other equally with in computer system memory or login or other data storage, the data that the magnitude of physical quantity of conveyer or display device is represented.
The present invention's specific embodiment is also relevant with equipment, to carry out the operation here.These equipment may be for these demand purposes specially by construction, perhaps it may include that general purpose computing machine optionally activates or be ressembled by a computer program that is stored in the computing machine.Such computer program can be stored in the storing media of an embodied on computer readable, for example, but be not limited thereto, any type of disk, it includes floppy diskette, optical disc, CD-ROMs and magneto-optical disk, ROM (read-only memory) (ROMs), random access memory (RAMs), EPROM (EPROMs), electronic type EPROM (EEPROMs), magnetic or optical card or can supply any kenel media apparatus of stored electrons instruction, and each is bonded to computer system bus.
Shown herein algorithm is not certain relevant with any certain computer or miscellaneous equipment with demonstration.Several general purpose systems can utilize here the program of institute's teaching to use, and perhaps its provable framework goes out more convenient and equipment distinguishingly, carries out the running of required method.These required structures of various system will show in following description.In addition, the present invention's specific embodiment is not described about any specific program language, is to present various program languages all to can be used to carry out technology in the present invention's specific embodiment described herein.
The medium of one embodied on computer readable can include any storage or converting data becomes the mechanism that machinery (for example computing machine) can read form.For instance, the media of embodied on computer readable includes ROM (read-only memory) (" ROM "); Random access memory (RAMs); Magnetic disk Storage Media; Optical storage media; Flash memory device; The transmission signal (propagated signals) (for example carrier wave, infrared signal, digital signal etc.) of electronics, optics, acoustics (acoustical) or other form; Deng.
In above-mentioned description, the present invention's specific embodiment has been accompanied by related data and has been described, with clear and definite demonstration specific embodiment.Apparent and easy to know is the spirit and the category of the broad sense that various modifications can't escape the present invention, as the following right that proposes.Describe in detail with graphic be only to be considered as explanation and unrestricted.
Only the above person only is the present invention's preferred embodiment, is not the scope that is used for limiting the invention process.Event is all according to the present patent application scope described impartial for it variation of feature and spirit institute or modification, all should be included in the present invention's the claim.
Claims (10)
1. one kind in order to set up the computer implemented method of computer operation environment, and it is characterized in that: this method includes:
Response detecting one portable memory device inserts one first principal computer, it has by one and is installed in first operating environment that one first operating system (OS) in this first principal computer is provided, and installs the archives economy of this portable memory device to this first principal computer;
Response activates the request of this first principal computer again, utilizes a private key that is stored in this portable memory device to verify this portable memory device, sees through computer network contrast one public key that is stored in one second principal computer;
This portable memory device of response good authentication sees through computer network, downloads the data of representing an individualized working environment by this second principal computer, and it is relevant with the user of this portable memory device;
Again activate this first principal computer, utilize the 2nd an OS image that is stored in this portable memory device to become one second operating environment; And
Utilize this acquired personal work environment set, second operating environment of coming configuration first principal computer, therefore, the user of this portable memory device can operate this second principal computer under this individualized working environment.
2. the method according to claim 1 is characterized in that: wherein this portable memory device is that the compatible storage device of a USB (universal serial bus) and this portable memory device are USB interface of inserting this first principal computer.
3. the method according to claim 2 is characterized in that: more include:
During activating this first principal computer again, a BIOS (basic input/output) of this first principal computer regulation and control are stored in the control program in this portable memory device, taking over the start process of this first principal computer,
Wherein when regulating and control this BIOS of this first principal computer, this control program of this portable memory device is to be set at from this portable memory device to take out this second operating system image and utilize this first principal computer of this second operating system activation, and does not have the information of using this first principal computer to activate the sector.
4. the method according to claim 3, it is characterized in that: it more includes:
Before this portable memory device is inserted this first principal computer, this portable memory device is inserted this second principal computer;
Produce the disclosure gold key and this private key;
This private key that duplicates by this second principal computer and come is to this portable memory device;
Can choose the acquisition customized settings relevant wantonly with this second working environment of this second principal computer; And
Can choose wantonly and download this customized settings that has captured to this portable memory device, as this individualized configuration file, it can be in order to this second operating environment of this first principal computer of framework, utilize the 2nd OS image in this portable memory device to activate this first principal computer again again after.
5. the method according to claim 4, it is characterized in that: wherein this second principal computer is a local computer, its user with this portable memory device is relevant, and this first principal computer is a remote computer, and its user with this portable memory device is relevant.
6. the method according to claim 5, it is characterized in that: wherein this second principal computer is a Website server, after via this private key good authentication, this user can this Website server file of access and is disclosed in file on this Website server.
7. the method according to claim 6; it is characterized in that: but wherein this Website server is the compliant server of a recording medium content protecting (CPRM); it has the content of CPRM assentment; for download; wherein this portable memory device includes the CPRM verifying data, and this CPRM verifying data system is in order to verify this CPRM assentment content of being downloaded by this Website server and to decipher.
8. a portable memory device, it is characterized in that: it includes:
One first storage area, it is in order to store an operating system (OS) image;
One second storage area, it is in order to store a private key; And
One bus interface logic, it is coupled to this first storage area and this second storage area;
Wherein when this portable memory device be to insert one when having first principal computer of first operating environment, this portable memory device will utilize this private key to see through a computer network to compare with a public key that is stored in one second principal computer automatically;
Wherein when being proved to be successful, this first principal computer will be activated again; This bus interface logic causes this OS image start by this first storage area of this portable memory device of this first principal computer, with have one with this first operating environment second operating environment inequality; And representing the individualized working environment data relevant with this portable memory device user is to see through this computer network to be downloaded by this second principal computer; And
Wherein after activating again, this second operating environment of this first principal computer is to utilize to represent this data of this individualized working environment to carry out framework, can operate under the customized settings of this second principal computer for this second operating environment of this first principal computer.
9. computer-executed method is characterized in that: it is in order to setting up the operating environment of computing machine, and this method includes the following step:
Response detects a portable memory device and inserts one first principal computer, one first operating environment that is provided by one first operating system (OS) that is installed in this first principal computer is provided for it, and utilizing an OS image that is stored in this portable memory device to activate this first principal computer again becomes one second operating environment;
See through a computer network by one second principal computer and verify this portable memory device, utilize a private key that is stored in this portable memory device and a public key that is stored in this second principal computer to compare;
Respond successful checking, see through this computer network and download secure file to this first principal computer by this second principal computer;
To having downloaded the secure file deciphering at this of this first principal computer, but it includes and utilizes the CPRM verifying data that is stored in this Portable removal apparatus to come that the compatible content of recording medium content protecting (CPRM) is carried out the content protection to crack; And
Under this second operating environment access this downloaded and decryption content, include and utilize the multimedia player of CPRM assentment to play the content of multimedia of CPRM assentment, the multimedia player system of this CPRM assentment is by carrying out in this portable memory device.
10. the method according to claim 9 is characterized in that: wherein this portable memory device is the compatible storage device of a USB (universal serial bus), and this portable memory device is a USB interface of inserting this first principal computer.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/861,133 | 2007-09-25 | ||
| US11/861,133 US20080082813A1 (en) | 2000-01-06 | 2007-09-25 | Portable usb device that boots a computer as a server with security measure |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101398764A true CN101398764A (en) | 2009-04-01 |
Family
ID=40548467
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008100080354A Pending CN101398764A (en) | 2007-09-25 | 2008-03-04 | Portable usb device that boots a computer as a server with security measure |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101398764A (en) |
| TW (1) | TW200915183A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012111018A1 (en) | 2011-02-17 | 2012-08-23 | Thozhuvanoor Vellat Lakshmi | Secure tamper proof usb device and the computer implemented method of its operation |
| CN103136463A (en) * | 2011-12-01 | 2013-06-05 | 宏达国际电子股份有限公司 | System and method for temporary secure boot process of an electronic device |
| CN103534979A (en) * | 2011-05-27 | 2014-01-22 | Abb技术有限公司 | Joining a computer to a process control system |
| TWI685770B (en) * | 2018-09-28 | 2020-02-21 | 樹德科技大學 | A storage system with chaotic system authentication |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI612440B (en) * | 2014-07-03 | 2018-01-21 | 宇瞻科技股份有限公司 | Information storage system with information security protection |
| CN105320580B (en) * | 2014-07-11 | 2018-01-30 | 宇瞻科技股份有限公司 | Data storage system with protecting information safety |
| TWI728377B (en) * | 2019-06-06 | 2021-05-21 | 旺宏電子股份有限公司 | Secure boot system, method and apparatus |
| US11657157B2 (en) | 2019-06-06 | 2023-05-23 | Macronix International Co., Ltd. | Secure boot system, method and apparatus |
-
2008
- 2008-02-04 TW TW97104230A patent/TW200915183A/en unknown
- 2008-03-04 CN CNA2008100080354A patent/CN101398764A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012111018A1 (en) | 2011-02-17 | 2012-08-23 | Thozhuvanoor Vellat Lakshmi | Secure tamper proof usb device and the computer implemented method of its operation |
| CN103534979A (en) * | 2011-05-27 | 2014-01-22 | Abb技术有限公司 | Joining a computer to a process control system |
| US9819539B2 (en) | 2011-05-27 | 2017-11-14 | Abb Schweiz Ag | Joining a computer to a process control system |
| CN103136463A (en) * | 2011-12-01 | 2013-06-05 | 宏达国际电子股份有限公司 | System and method for temporary secure boot process of an electronic device |
| US9054874B2 (en) | 2011-12-01 | 2015-06-09 | Htc Corporation | System and method for data authentication among processors |
| US9240889B2 (en) | 2011-12-01 | 2016-01-19 | Htc Corporation | Method and system for secure data access among two devices |
| US9270466B2 (en) | 2011-12-01 | 2016-02-23 | Htc Corporation | System and method for temporary secure boot of an electronic device |
| CN103136463B (en) * | 2011-12-01 | 2016-08-31 | 宏达国际电子股份有限公司 | System and method for for the temporary transient safety opening terminal flow process of electronic installation |
| TWI685770B (en) * | 2018-09-28 | 2020-02-21 | 樹德科技大學 | A storage system with chaotic system authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| TW200915183A (en) | 2009-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20080082813A1 (en) | Portable usb device that boots a computer as a server with security measure | |
| JP4249181B2 (en) | Storage piracy prevention key encryption (SAKE) device method and apparatus for controlling data access to a network | |
| JP5270694B2 (en) | Client computer, server computer thereof, method and computer program for protecting confidential file | |
| CN101398764A (en) | Portable usb device that boots a computer as a server with security measure | |
| TWI410106B (en) | Electronic file transfer method | |
| US20040039932A1 (en) | Apparatus, system and method for securing digital documents in a digital appliance | |
| CN101529366A (en) | Identification and visualization of trusted user interface objects | |
| CN103109510A (en) | Resource safety access method and device | |
| JP2011507414A (en) | System and method for protecting data safety | |
| JP2009518702A (en) | Devices that use virtual interfaces to provide a safe working environment | |
| JP2008047085A (en) | Data security system, apparatus and method using usb device | |
| KR20030084798A (en) | Document security system | |
| EP1542135B1 (en) | A method which is able to centralize the administration of the user registered information across networks | |
| US7694154B2 (en) | Method and apparatus for securely executing a background process | |
| JP2005346120A (en) | Network multi-access method and electronic device having biological information authentication function for network multi-access | |
| TW201738802A (en) | A removable security device and a method to prevent unauthorized exploitation and control access to files | |
| JP2005063399A (en) | File/key/data management system | |
| KR101042218B1 (en) | A data security system for computer and security method | |
| KR100656676B1 (en) | Method and apparatus for collecting/restoring user environment infomation of application program using portable storage media, and portable storage media therefor | |
| JP5840180B2 (en) | Electronic file transmission method | |
| KR20030087874A (en) | Multi-level Security Method for Data on Computing Device based on security levels assigned to data or applications | |
| JP2006092081A (en) | Safe start/use method for personal computer to be used by unspecified person or multiple person and recording medium for realizing such use | |
| KR100520398B1 (en) | Apparatus for protecting an individual document | |
| US11968202B2 (en) | Secure authentication in adverse environments | |
| CN111562916B (en) | Method and device for sharing algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090401 |