CN102347079A - Device and method using password protection memory - Google Patents
Device and method using password protection memory Download PDFInfo
- Publication number
- CN102347079A CN102347079A CN2010102431047A CN201010243104A CN102347079A CN 102347079 A CN102347079 A CN 102347079A CN 2010102431047 A CN2010102431047 A CN 2010102431047A CN 201010243104 A CN201010243104 A CN 201010243104A CN 102347079 A CN102347079 A CN 102347079A
- Authority
- CN
- China
- Prior art keywords
- password
- external interface
- user
- protection
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a device and a method using a password protection memory, and the device comprises: a password memory which is used for storing a password for protecting a data memory; an external interface which is used for receiving a user password and an operation instruction inputted externally; a protection control unit which is used for reading and storing the password from the password memory, and comparing the password with the user password inputted from the external interface; a monitoring device which is used for sending the user password inputted from the external interface to the protection control unit, and sending the operation instruction for the data memory inputted from the external interface to a data control device when the comparison result shows that the user password is valid; and a data control device which is used for operating the data memory according to the operation instruction.
Description
Technical field
The present invention relates to memory area, in particular to a kind of apparatus and method of the protected storage that accesses to your password.
Background technology
Storer is the memory device in the computer system, is used for depositing program and data.Full detail in the computing machine comprises that raw data, computer program, middle operation result and the final operation result of input all is kept in the storer.It deposits in and taking-up information according to the controller appointed positions.
The existing memory guard method all adopts the protection sign to accomplish.When corresponding protection is designated when effective, corresponding operation will be under an embargo or ignore to storer, and for example publication number discloses the method that adopts protection sign protected storage for the US7027350B2 application documents.
The method of available technology adopting protection sign protected storage has limited the dirigibility of user's operation, causes its range of application narrower.
Summary of the invention
The invention provides a kind of apparatus and method of the protected storage that accesses to your password that can overcome the above problems.
According to an aspect of the present invention, a kind of device of the protected storage that accesses to your password is provided, this device comprises: encryption memory is used for the password of memory protection data-carrier store; External interface is used to receive outside user cipher and the operational order of importing; The protection control module is used for reading password from encryption memory, and this password and the user cipher of importing through external interface are compared; Monitoring arrangement; Be used for and send to the protection control module from the user cipher of external interface input; And when comparative result shows that user cipher is legal; To be sent to recording controller through the operational order to data-carrier store of external interface input, and the operational order to encryption memory of external interface input will be sent to encryption memory; Recording controller is used for according to operational order the data storer being operated.
Preferably, in the device of the above-mentioned protected storage that accesses to your password, monitoring arrangement also be used for when comparative result be user cipher when illegal, will be sent to recording controller through the specific operating instructions to recording controller of external interface input.
Preferably, in the device of the above-mentioned protected storage that accesses to your password, data-carrier store is divided into protection zone and open zone, and monitoring arrangement comprises address comparator, is used to judge whether the address through the external interface input is the effective address that drops on the protection zone.
Preferably; In the device of the above-mentioned protected storage that accesses to your password; Data-carrier store is divided into a plurality of protection zones, and wherein monitoring arrangement comprises address comparator, is used for judging the address to data-carrier store through the external interface input is dropped in which protection zone of a plurality of protection zones; Encryption memory is used to store a plurality of passwords that correspond respectively to a plurality of protection zones.
According to another aspect of the present invention, a kind of method of the protected storage that accesses to your password is provided also, this method may further comprise the steps: read the password that prestores in the encryption memory, and the password that will prestore is kept in the protection control module; Accept the user through external interface input user cipher, and user cipher is compared with the password that prestores in the protection control module; If the two is identical, accept the operational order of user to data storer and encryption memory.
It is preferably, in the method for the above-mentioned protected storage that accesses to your password, further comprising the steps of: if the two difference is accepted the user again through external interface input user cipher.
Preferably, in the method for the above-mentioned protected storage that accesses to your password, further comprising the steps of: accepting the initialization operation instruction to encryption memory device of user through the external interface input, is initial value with the cryptographic initialization that prestores in the encryption memory.
Preferably, in the method for the above-mentioned protected storage that accesses to your password, further comprising the steps of: as to accept the password modify instruction to encryption memory of user, the password that prestores in the encryption memory is made amendment through the external interface input; Control module is protected in initialization, and the amended password that prestores is read in the protection control module.
The above embodiment of the present invention is stored in password in the encryption memory in advance; Have only when the user cipher of user's input is consistent with the password of storage in advance; Just allow the user that the data storer is operated; Improved the dirigibility of user's operation; Widen the range of application of protected data memory approach, overcome the problem that exists in the prior art.
Description of drawings
Below with reference to accompanying drawings specific embodiments of the present invention is illustrated in more detail, in the accompanying drawings:
Fig. 1 is the system chart of device of protected storage of accessing to your password according to an embodiment of the invention;
Fig. 2 is a protection control module synoptic diagram in accordance with a preferred embodiment of the present invention;
Fig. 3 is an address comparator synoptic diagram in accordance with a preferred embodiment of the present invention;
Fig. 4 is the protection control module synoptic diagram that comprises a plurality of password comparators in accordance with a preferred embodiment of the present invention;
Fig. 5 is the address comparator synoptic diagram that a plurality of Input Address are compared in accordance with a preferred embodiment of the present invention;
Fig. 6 is the method flow diagram of protected storage of accessing to your password according to an embodiment of the invention;
Fig. 7 is the process flow diagram of the method for the protected storage that accesses to your password in accordance with a preferred embodiment of the present invention;
Fig. 8 is the prestore process flow diagram of password of in accordance with a preferred embodiment of the present invention modification.
Embodiment
Fig. 1 is the system chart of device of protected storage of accessing to your password according to an embodiment of the invention.As shown in Figure 1, the access to your password device 1 of protected storage comprises encryption memory 2, protection control module 3, monitoring arrangement 4, recording controller 5, external interface 6 and data-carrier store 7.
Encryption memory 2 is a kind of non-volatile storeies, and its initial value is relevant with selected encryption memory, is complete 1 like the initial value of flash (flash memory).
After powering on, password read automatically from encryption memory 2 by protection control module 3 and to leave protection control module 3 inside in, and password is read the signal that finishes be changed to effectively; When password when to read the signal that finishes be invalid, all instructions that come from external interface 6 will be ignored by monitoring arrangement 4, otherwise monitoring arrangement 4 will begin to keep watch on the instruction of external interface 6.
In the present embodiment, password is stored in the encryption memory in advance.Have only when the user cipher of user's input is consistent with the password of storage in advance, just allow the user that the data storer is operated.Improve the dirigibility of user's operation thus, widened the range of application of protected data memory approach, overcome the problem that exists in the prior art.
Operation in the embodiment of the invention is meant read and/or write.
Fig. 2 is a protection control module synoptic diagram in accordance with a preferred embodiment of the present invention.As shown in Figure 2, the protection control module comprises password comparator and prestores the password Read Controller.The password Read Controller that prestores is used for reading the password that prestores of encryption memory, and sends to password comparator.Password comparator compares according to the user cipher of password to user's input that prestore, and whether identical indication turns back in the monitoring arrangement with comparative result.
In addition, the reading of password that prestore can also be triggered completion through user input instruction.For example, after user's change prestores password, trigger reading again of the password that prestores through input instruction.
User cipher inputs to monitoring arrangement 4 through external interface 6.When monitoring arrangement detects present instruction and is the user cipher input instruction, user cipher is sent to protection control module 3; Protection control module 3 compares the user cipher and the password that prestores after receiving user cipher, if both are identical, then notifying monitoring arrangement 4 current user ciphers is legal password.
When monitoring arrangement 4 knows that active user's password is legal password; All will directly be sent to recording controller 5 from external interface 6 to operations of recording controller 5, otherwise have only the instruction of qualification just can be sent in the data storage controller 5 (as wipe, state reading command).
After the user has accomplished the operation to data storer 7 or encryption memory 2; Can send initialization directive through external interface 6 and accomplish initialization protection control module 3; If the user wants to continue data storer 7 is operated afterwards; Must re-enter the legal users password, to prevent illegal operation.
When the user cipher of importing was identical with the password that prestores, the user can revise the password that prestores through external interface 6 input corresponding instruction; After the password that prestores is revised and accomplished, need to send instruction and trigger prestore password read operation and initialization protection control module again, so that the new password that prestores comes into force.
When the user forgets when prestoring password, can accomplish the initialization of encryption memory 2 and data-carrier store 7 through erasing instruction, encryption memory 2 all is initialized to initial value with data-carrier store 7.
According to a preferred embodiment of the present invention, can in monitoring arrangement 4, increase an address comparator, data-carrier store 7 is divided into protection zone and open zone, protect the partial data memory area.
Fig. 3 is an address comparator synoptic diagram in accordance with a preferred embodiment of the present invention.Start address and end address are solidificated in the monitoring arrangement 4, are used to indicate the address realm of protection, and Input Address is received from external interface 6 by monitoring arrangement 4.When Input Address has dropped within start address and the end address scope, then to drive the address indicator signal effective for address comparator, otherwise the address indicator signal is invalid.Data-carrier store 7 is divided into two parts, and a part is the zone that needs protection, and another part is open zone.When external device (ED) is operated through 6 pairs of data storeies 7 of external interface, need be sent to monitoring arrangement 4 to the address through external interface 6.Address comparator in the monitoring arrangement 4 receives this address and judges whether the address indicator signal is effective.If be invalid, then the operation of carrying out through 6 pairs of current addresses of external interface is all directly passed through.If the address indicator signal is effective, show that the current address is in the zone of protection, then monitoring arrangement 4 need judge whether to allow the operation to this address according to the legal indicator signal of user cipher of protecting control module 3 to send to monitoring arrangement 4.
According to a further advantageous embodiment of the invention, the data storage areas of data-carrier store 7 can also be divided into a plurality of zones, each zone adopts independent password to protect respectively.Correspondingly, the password comparator in the protection control module also is divided into many groups.A plurality of passwords that prestore are read the protection control module successively when powering on; Monitor module is sent to the protection control module according to the address that external interface is directed against user cipher with user cipher, and the user cipher and the password that prestores is compared according to the address of specifying the protection zone by the protection control module.Fig. 4 is the protection control module synoptic diagram that comprises a plurality of password comparators in accordance with a preferred embodiment of the present invention.Simultaneously, built-in address comparator can be judged the address of input in the monitoring arrangement, and provides the indication which protection zone the address of user's input drops on.Fig. 5 is the address comparator synoptic diagram that a plurality of Input Address are compared in accordance with a preferred embodiment of the present invention.
Fig. 6 is the method flow diagram of protected storage of accessing to your password according to an embodiment of the invention.This method may further comprise the steps: S102 read the password that prestores in the encryption memory, and the password that will prestore is kept in the protection control module; S104 accepts the user through external interface input user cipher, and user cipher is compared with the password that prestores in the protection control module; S106 if the two is identical, accepts the operational order of user to the data storer.
In the present embodiment, password is stored in the encryption memory in advance.Have only when the user cipher of user's input is consistent with the password of storage in advance; Just allow the user that the data storer is operated; Improve the dirigibility of user's operation, widened the range of application of protected data memory approach, overcome the problem that exists in the prior art.
Fig. 7 is the process flow diagram of the method for the protected storage that accesses to your password in accordance with a preferred embodiment of the present invention.In the method for this protected storage that accesses to your password, further comprising the steps of: as, to accept the user again through external interface input user cipher if the password of the user cipher of user's input and storage in advance is inconsistent.After the operation of data storer is accomplished, the protection control module is carried out initialization, so that accept user's input again.
Fig. 8 is the prestore process flow diagram of password of in accordance with a preferred embodiment of the present invention modification.In the method for this protected storage that accesses to your password, further comprising the steps of: as to accept the password modify instruction to encryption memory of user, the password that prestores in the encryption memory is made amendment through the external interface input; Control module is protected in initialization, and the amended password that prestores is read in the protection control module.For example, in the present embodiment, also can accept the initialization operation instruction to encryption memory device of user through the external interface input, be initial value with the cryptographic initialization that prestores in the encryption memory.
Obviously, under the prerequisite that does not depart from true spirit of the present invention and scope, the present invention described here can have many variations.Therefore, the change that all it will be apparent to those skilled in the art that all should be included within the scope that these claims contain.The present invention's scope required for protection is only limited described claims.
Claims (8)
1. the device of the protected storage that accesses to your password is characterized in that, comprising:
Encryption memory is used for the password of memory protection data-carrier store;
External interface is used to receive outside user cipher and the operational order of importing;
The protection control module is used for reading said password from said encryption memory, and said password and the user cipher of importing through external interface are compared;
Monitoring arrangement; Be used for and send to said protection control module from the user cipher of said external interface input; And when said comparative result shows that said user cipher is legal; To be sent to said recording controller through the operational order to data-carrier store of said external interface input, and will be sent to said encryption memory through the operational order to said encryption memory of said external interface input;
Said recording controller is used for according to said operational order said data-carrier store being operated.
2. device according to claim 1; It is characterized in that; Said monitoring arrangement also be used for when said comparative result be said user cipher when illegal, will be sent to said recording controller through the specific operating instructions to said recording controller of said external interface input.
3. device according to claim 1; It is characterized in that; Said data-carrier store is divided into protection zone and open zone, and said monitoring arrangement comprises address comparator, is used to judge whether the address through said external interface input is the effective address that drops on said protection zone.
4. device according to claim 1 is characterized in that said data-carrier store is divided into a plurality of protection zones, wherein
Said monitoring arrangement comprises address comparator, is used for judging the address to said data-carrier store through said external interface input is dropped in which protection zone of said a plurality of protection zones;
Said encryption memory is used to store a plurality of passwords that correspond respectively to said a plurality of protection zones.
5. the method for the protected storage that accesses to your password is characterized in that, may further comprise the steps:
Read the password that prestores in the encryption memory, and the said password that prestores is kept in the protection control module;
Receive the user cipher of user, and said user cipher is compared with the said password that prestores in said protection control module through the external interface input;
If the two is identical, allow to carry out the operational order of user to data storer and encryption memory.
6. method according to claim 5 is characterized in that, and is further comprising the steps of:
If the two difference receives the user cipher of user through said external interface input again.
7. method according to claim 5 is characterized in that, and is further comprising the steps of:
Receiving the initialization operation instruction to said encryption memory device of user through said external interface input, is initial value with the cryptographic initialization that prestores in the said encryption memory.
8. method according to claim 5 is characterized in that, and is further comprising the steps of:
Receive the password modify instruction to said encryption memory of user, the password that prestores in the said encryption memory is made amendment through said external interface input;
The said protection control module of initialization, and the amended password that prestores read in the said protection control module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102431047A CN102347079A (en) | 2010-08-02 | 2010-08-02 | Device and method using password protection memory |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102431047A CN102347079A (en) | 2010-08-02 | 2010-08-02 | Device and method using password protection memory |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102347079A true CN102347079A (en) | 2012-02-08 |
Family
ID=45545670
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102431047A Pending CN102347079A (en) | 2010-08-02 | 2010-08-02 | Device and method using password protection memory |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102347079A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104268483A (en) * | 2014-09-19 | 2015-01-07 | 福州瑞芯微电子有限公司 | Data protecting system, device and method |
| CN106657052A (en) * | 2016-12-16 | 2017-05-10 | 湖南国科微电子股份有限公司 | Access management method and system for storage data |
| CN106897635A (en) * | 2017-02-28 | 2017-06-27 | 广东虹勤通讯技术有限公司 | Movable memory equipment and its operating method |
| CN111008411A (en) * | 2019-09-30 | 2020-04-14 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Universal serial bus medium and data reading method thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7027350B2 (en) * | 2001-04-05 | 2006-04-11 | Stmicroelectronics S.A. | Device and method for partial read-protection of a non-volatile storage |
| CN101196877A (en) * | 2007-12-29 | 2008-06-11 | 大唐微电子技术有限公司 | Multiple memory cell operation isolated smart card and its implementing method |
| CN101552031A (en) * | 2008-03-31 | 2009-10-07 | 联想(北京)有限公司 | Portable memorizer and partitioned data protecting method |
-
2010
- 2010-08-02 CN CN2010102431047A patent/CN102347079A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7027350B2 (en) * | 2001-04-05 | 2006-04-11 | Stmicroelectronics S.A. | Device and method for partial read-protection of a non-volatile storage |
| CN101196877A (en) * | 2007-12-29 | 2008-06-11 | 大唐微电子技术有限公司 | Multiple memory cell operation isolated smart card and its implementing method |
| CN101552031A (en) * | 2008-03-31 | 2009-10-07 | 联想(北京)有限公司 | Portable memorizer and partitioned data protecting method |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104268483A (en) * | 2014-09-19 | 2015-01-07 | 福州瑞芯微电子有限公司 | Data protecting system, device and method |
| CN104268483B (en) * | 2014-09-19 | 2017-04-19 | 福州瑞芯微电子股份有限公司 | Data protecting system, device and method |
| CN106657052A (en) * | 2016-12-16 | 2017-05-10 | 湖南国科微电子股份有限公司 | Access management method and system for storage data |
| CN106897635A (en) * | 2017-02-28 | 2017-06-27 | 广东虹勤通讯技术有限公司 | Movable memory equipment and its operating method |
| CN111008411A (en) * | 2019-09-30 | 2020-04-14 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Universal serial bus medium and data reading method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9258111B2 (en) | Memory device which protects secure data, method of operating the memory device, and method of generating authentication information | |
| KR102176612B1 (en) | Secure subsystem | |
| US8438652B2 (en) | Restricted erase and unlock of data storage devices | |
| US7882355B2 (en) | Encryption/decryption methods and devices utilizing the same | |
| EP2161673A1 (en) | Method and system for protecting data | |
| US20110264925A1 (en) | Securing data on a self-encrypting storage device | |
| CN103778075A (en) | Security management unit, host controller interface including same, method operating host controller interface | |
| US8307181B2 (en) | Apparatus and method for password protection of secure hidden memory | |
| JP2008191873A (en) | Information processor and information processing system | |
| WO2017030623A1 (en) | Secure handling of memory caches and cached software module identities for a method to isolate software modules by means of controlled encryption key management | |
| CN102053925A (en) | Realization method of data encryption in hard disk | |
| US10505927B2 (en) | Memory device and host device | |
| KR20120123885A (en) | Storage device authentication apparatus and Storage device comprising authentication apparatus connection means | |
| EP3320476A1 (en) | Separation of software modules by controlled encryption key management | |
| CN103617127B (en) | The method of the storage device with subregion and memory partition | |
| US20020026580A1 (en) | System for access control to hidden storage area in a disk drive | |
| US20150227755A1 (en) | Encryption and decryption methods of a mobile storage on a file-by-file basis | |
| CN102347079A (en) | Device and method using password protection memory | |
| US8219824B2 (en) | Storage apparatus, memory card accessing apparatus and method of reading/writing the same | |
| KR101888382B1 (en) | Storage device providing utilizing multiple keys | |
| CN101320355B (en) | Memory device, storing card access apparatus and its read-write method | |
| US20140372653A1 (en) | Storage Device with Multiple Interfaces and Multiple Levels of Data Protection and Related Method Thereof | |
| CN108830114B (en) | Data processing method and device of nonvolatile memory and storage medium | |
| US20130117864A1 (en) | Authentication system | |
| KR102007929B1 (en) | Portable Device For Security Information Management And Operating Method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120208 |