TW200921450A - Data protection device, system and method - Google Patents

Data protection device, system and method Download PDF

Info

Publication number
TW200921450A
TW200921450A TW96142630A TW96142630A TW200921450A TW 200921450 A TW200921450 A TW 200921450A TW 96142630 A TW96142630 A TW 96142630A TW 96142630 A TW96142630 A TW 96142630A TW 200921450 A TW200921450 A TW 200921450A
Authority
TW
Taiwan
Prior art keywords
data
encrypted
identification code
data protection
user
Prior art date
Application number
TW96142630A
Other languages
Chinese (zh)
Inventor
Teng-Wang Chang
Original Assignee
Foquest Advanced Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Foquest Advanced Inc filed Critical Foquest Advanced Inc
Priority to TW96142630A priority Critical patent/TW200921450A/en
Publication of TW200921450A publication Critical patent/TW200921450A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a data protection device, system and method. When a detection module is used to detect the storage of non-encrypted data in an external-connection storage equipment electrically connected with an electronic device, a user interface module first generates a specific identification code related to non-encrypted-data-to-be-took-out according to a specific machine signal on the electronic device, and then an encryption/decryption module is driven to carry out an encryption procedure to the non-encrypted data. Afterward, the external-connection storage equipment stores the encrypted data. Further, when the electronic device is to open the encrypted data from the external-connection storage equipment, the identification code must match with the original one to then complete the decryption procedure. Thereby, the invention can effectively prevent people with malicious intention to directly open and read the stolen data through an external-connection storage equipment.

Description

200921450 九、發明說明: 【發明所屬之技術領域】 本發明係有關於一種資料保護裝置、系統及方法,更 詳而言之,係關於一種用以保護未加密資料外流之資料保 護裝置、系統及方法。 /' 【先前技術】 隨著資訊處理及通訊傳輸技術的成熟普及,使得資1 間的交流傳遞日趨快速容易,而廣泛地運用在各個領域5 士讓資訊處理裝置的所提供的功能越來越多元化,例如文 子、圖片甚至聲音及影像等資料格式的處理。 企業中所使用之分散式系統,大多透過企 ............π古μ區例 網路(intranet )予以連結,該内部區域網路主要係由一 =:二:個使用者端所構成,因此彼此間相互傳輸 的貝科相U人,所以常造成管理上的困難,且近 2免内部資料透過網際網路外流,有業者提供一些資訊 ΐ全,,(例如:防火牆'防毒程式等)’以避免骇 :入广或是企業員工藉由網際網路讓公司内部: =然而’此種資料安全防護系統對於儲 備(例如膽隨身碟)仍無法有效防範。又 針對上述問題,業界有人採用如指紋辨Μ 4 + 機制來封鎖I/O蟑,以胸且士 /文辨4技術的加密 到避免非^ 〃、有唯一性的辨識功能,達 兄非技振者侵入竊取資料之 權限者僅隼中為+ t ' ,由於具有開啟 谁I ^者(Keype『s〇n) ’因此备欲 進仃存取工作時,雲g U此田机 而通知上述官理者逐_開啟權限,如此 110624 5 200921450 將造·成“人員在資料交換上 眾多的企業體,將推伽+ …、u投尤對於人數 控管内部資料、外部資料的讀取與交流。…"去有效 士我國專利公告號第34 「 ^ 流狀況之資訊保全系統及方法」—宰貧讯外 不同保全| > ,、要目的係按照 一” 丁不同的資料保護方法,惟,去内邻資 =外進行傳送時,欲對外傳送該内部資料的 ,員與飼服器端聯絡,以取得授 ’使用者知 方式將會對企孝内邻 仃但处過廷種 ―度,因::響:=成很大的負荷’甚至降低 竊取=:::二預2藉由外接式錯存設備 亦減少内部區域網路因次钮^_π >貝旳―且私序,同時 口、, 因貝枓存取認證所產生的#荇,总失 目雨此產業界4待解決之問題。 ^的負何’貝為 【發明内容】 U 鑒於上述習知技術之缺點,本發明之 一種可依據所安裝電子事 、在衣提供 疋辨哉馬之保棱處理裝置、系統及方法 士 心者直接藉由外接式μ错乂有效預防有 地被開啟閱讀。存S又備稱取貧料,以避免資料輕易 本發明之另一目的在於提 於特定群組内被開啟閱讀之資 加❹料 而無需經由網路伺服器進行繁項的二置岸糸洗及方法, 内部區域網路因資料存取二、一4序’同時亦減少 U貝科存取認證所產生的負荷。 110624 6 200921450 μ明之又—目的在於提供—種資料保護裝置、系統 精由點對點管理的模式,達到有效控管資料對外 得达的據點。 為達上述目的及其他目的,本發明提供一種資料保護 衣置、系統及方法。該資料保護裝置係應用於一具有一^ 二::介面以及一記憶單元之電子裝置,其中該第-傳輸 =用以電性插置-外接式儲存設備,該資料保護装置至 ^括〗測核組,係與該第一傳輸介面電性連接,用以 =測該外接式儲存設備是否自記憶單^存取未加密資 产二力=解密模組,係分別與該第一傳輸介面以及該記 性連接,用以對自記憶單元取出之未加密資料進 :二及—使用者介面模組,係分別與該偵測模 、、^ 解密模組以及該記憶單元電性連接,用以% :卜:式儲存設備對應插置於該第一傳輸介面;模 ::測;外接式儲存設備欲自該記憶單元儲存未加密資 =產t者介面模㈣繼電子裝置上特定的機器 傳輸至哕λ契未加密資料相關聯的特定辨識碼,且據以 槿:/二口解㈣組並儲存至該記憶單元,令該加/解密 1、、、出㈣定辨識碼對該未加密資料進行加密程序 加密後的資料,㈣㈣ 已加密資料時…,備欲自該第-傳輸介面開啟 與已加密㈣尋是否有 角…-序以開啟該已加密資料,若否,則保持該 】]0624 200921450 已力σ·密資料的加密狀態。 本發明之資料保護系統,係應用一伺服器端與至少一 使用者端,該資料保護系統至少包括:設置於使用者端上 -之第一傳輸介面,用以電性插置一外接式儲存設備;分別 .設置於使用者端及伺服器端上之記憶單元,用以儲:資 料,其中,該伺服器端之記憶單元儲存複數筆特定辨識 碼;分別設置於使用者端及伺服器端上之第二傳輸介面, ί =第二傳輸介面分別與使用者端及餘器端本端的記 電性連接’且該使用者端藉由本端的第二傳輸介面 ==端的第二傳輸介面連接’以使該伺服器端藉由 =料"I面將該㈣器端之記憶單元所儲存的至少一 的:::識碼傳送至與該飼服器端之第二傳輸介面連接 置::該特定辨識碼儲存於該使用者端的記憶 端…測模組’並與該第-傳輸 1,.. 元存取未加密資料備疋否自記憶單 係分別盥哕第者端上之加/解密模組, …亥弟-傳輸介面以及使用者 連接,用以對自使用者端之記憶單元 生 行力,程序;以及設置於使用者端上關進 係分別與該偵測模組、該力"解用,面模組, 憶單元電性遠姑m、、, 在衩組以及使用者端之記 第-傳輪介面7當该外接式儲存設備對應插置於該 該記憶單元Μ ^ ㈣測料接式料設備欲自 至該使用者tv該加/解密模組依據赌存 4早兀中的特定辨識碼對該未加密資 110624 8 200921450 ㈣行如密程序後,由該外接式儲存設備儲存該加密後的 貧料,而當該偵測模則貞㈣外接式料設備欲自— 傳輸介面開啟已加密資料時,該加/解密模組於使椒 :記憶、單元搜尋是否有與已加密資料相吻合之 : :資;疋:二據該特定辨識碼進行解密程序以開啟該已加 山貝科右否,則保持該已加密資料的加密狀態。 本發明之資料保護方法係應用於—具有 …及-記憶單元之電子裝置,其 :: 以電性插置-外接式儲存設備,該資料保護方用 步驟.至少—電子裝置與舰器端建立網路 下 服器端依據該電子褒置之機器 =伺 夏得至I玄機錢號對應的電子裝置中/ T馬儲存於該電子裝置本端的記憶單元 ;辨 v 碼用以設定電子裝置本端透過第-傳輸介面進特:辨識 取的榷限;由該電子裝置判斷第一傳輸介面:丁貝枓存 料儲存事件或㈣讀取事件;若該電子裝置收到資 介面接收到儲存事件,該電子* W弟一傳輸 於記憶單W特㈣識碼進行加密處以儲存 =儲存於與該第-傳輪介面電性連接的外接里的 備中,並結束該資料保護方法 :接式储存設 ::斷第-傳輸介面接收到讀取事件,該電子ΓΓ子展置 :憶單元的特定辨識碼對該第一傳輪介二t存於 ::丁解密處理,且由該電子裝置判斷是否成功二的資料 密則於該電子裝置開啟該成功解密的資料:= Π0624 200921450 資料·保護方法的 示有關於無法開=’、r順利解密則於該電子裝置顯 訊息,並結束今次4'傳輪介面所欲讀取的資料之 束忒貢料保護方法的步驟。 '因此’本發明之資料保護裝置 .係依據不同電子粟晋 ..... '/、主要 未加密資料相二器:號產生-與欲取出 進行加密程序後,再Μ碼,亚據以對該未加密資料 使該電子裝置欲 接式儲存设備完成取出動作, 時,須以原定特定辨^ 存叹備開啟该已加密資料 於習知技術而3=相吻合才能完成解密程序,相較 編輯的未加密;料(===使用者端加密所 =備流出,並讓企業内:式儲 ,員(如:企業内部)使用,:二4;二:部 卜〜而受到損害’且由 二:貝讯 * 認證程序,同時亦減少内部订繁璃的 生的負荷。 u 3、同路因貝科存取認證所產 【實施方式】 以下係藉由特定的具與 式,熟悉此技蓺之人士貝" 發明之實施方 目奋鉉士 & " 可由本說明書所揭示之内容 奢解本發明之其他優點與功效。本發 1易地 的具體實例加以施行或應用,本說明奎中::其他不同 f於不同觀點與應用,在不棒離本發;;::::可 修飾與變更。 $下進仃各種 以下之實施例係進一步詳細說明本發明之觀點,但並 110624 10 200921450 非以‘任街觀點限制本發明之範脅,且 係應用於一可攜式電子科 —思的疋,本發明 式說明本發明之A本盖4:以下圖式僅以簡化之示意圖 .之構件而非按” 式中僅例不與本發明有關 製,因此在f py ^ #件數目、形狀及尺寸繪 . 貝1^ Λ %時,各構件之细能、奴旦„ 以圖式為限,可依實心數I及比例並非 夫閱笛二要作變化,合先敘明。 ,閲弟1圖’係用以說 f 之一基本架構方塊示意圖。如5一月之貢料保護裝置2〇 裝置20係應用於一具有一二’本發明之資料保護 -,0 1寻翰介面11以;5 __ —? , (奋ss 几12之電子裝置1〇, δ己憶早 τ °亥弟一傳輸介面11俜用以+ 性插置-外接式儲存設備30。 11係用以电 置10係可為個人電腦、筆記心本貝知例中’該電子裝 一傳鈐八品】彳〆 1^腦、工業電腦者,該第 傳輸介面11係可為泛用串200921450 IX. Description of the Invention: [Technical Field] The present invention relates to a data protection device, system and method, and more particularly to a data protection device and system for protecting unencrypted data outflow method. /' [Previous technology] With the maturity of information processing and communication transmission technology, the communication between the resources is becoming faster and easier, and the functions provided by the information processing devices are increasingly used in all fields. Diversification, such as the processing of text, image and even sound and image formats. Most of the decentralized systems used in enterprises are connected through the enterprise network...the intranet is mainly composed of one =: two: The user side is composed of the user, so they are mutually transferred to each other. Therefore, it often causes management difficulties, and nearly 2 internal data is freed from the Internet. Some operators provide some information, such as : Firewall 'antivirus programs, etc.' to avoid embarrassment: Into the company or employees through the Internet to make the company internal: = However, this data security system is still not effective against reserves (such as the gallbladder). In response to the above problems, some people in the industry have adopted the fingerprint identification 4 + mechanism to block I/O蟑, and to encrypt and avoid unique and unique identification functions. The vigilant who invades the privilege of stealing the data is only + t ', and since there is a person who opens it (Keype "s〇n" ', so the user wants to access the work, the cloud g U is notified by the machine. The official will open the authority _, so 110624 5 200921450 will be made into a "management of a large number of enterprises in the exchange of information, will push the gamma + ..., u investment in the internal control of the NC data, external data reading and exchange ...."Go to the effective number of our patent notice No. 34 "The information security system and method of the flow situation" - the different preservation of the slain news | >, the purpose is to follow a different data protection method, When you want to transfer the internal information to the internal neighbors, you need to contact the feeding device to obtain the user's knowledge, and you will be in the filial piety of the enterprise. Because:: ring: = into a large load' even reduce theft Take =:::2 pre-2 by the external type of memory device also reduces the internal area network factor button ^_π > Bellow - and private order, simultaneous mouth, due to Bellow access authentication generated #荇The total loss of the rain industry is a problem to be solved in this industry. ^ The negative of the 'Beiwei' [invention content] U In view of the above-mentioned shortcomings of the prior art, one of the inventions can be based on the installation of electronic matters, the provision of clothing哉 之 之 处理 处理 处理 处理 处理 处理 处理 处理 处理 处理 处理 处理 处理 处理 处理 之 之 之 之 之 之 之 之 之 之 之 之 之 之 之 之 之 之 之 之 直接 直接 直接 直接 直接 直接 直接 直接 直接 直接 直接 直接For the second group of shore washing and methods that are opened for reading in a specific group without the need for a network server, the internal area network is also reduced due to data access. U Beko access to the load generated by the certification. 110624 6 200921450 μ Mingzhi - the purpose is to provide a data protection device, the system is precisely managed by peer-to-peer mode, to achieve effective control of the data to the externally obtained base. And other purposes, this A data protection device, system and method are provided. The data protection device is applied to an electronic device having a memory interface and a memory unit, wherein the first transmission = electrical insertion - external connection The storage device, the data protection device to the test group, is electrically connected to the first transmission interface, and is used for detecting whether the external storage device accesses the unencrypted asset from the memory unit. The module is respectively connected to the first transmission interface and the memory for inputting unencrypted data extracted from the memory unit: and the user interface module is respectively decrypted with the detection module, and ^ The module and the memory unit are electrically connected, and the memory device is inserted into the first transmission interface; the mode:: the measurement; the external storage device is to be stored from the memory unit without encryption; The interface module (4) is transmitted to the specific identification code associated with the unencrypted data by the specific machine on the electronic device, and is stored in the memory unit according to the 槿:/two-port solution (four), so that the encryption/decryption 1 is performed. , , and (4) identification code pairs Unencrypted data is encrypted by the encryption program. (4) (4) When the data is encrypted..., the user wants to open the encrypted interface (4) whether it has an angle...-order to open the encrypted data, if not, then keep The]]0624 200921450 has been the encryption state of the data. The data protection system of the present invention applies a server end and at least one user end. The data protection system includes at least: a first transmission interface disposed on the user end for electrically inserting an external storage device. a memory unit disposed on the user end and the server end for storing data: wherein the memory unit of the server end stores a plurality of specific identification codes; respectively, configured on the user end and the server end The second transmission interface, ί = the second transmission interface is respectively connected to the user end and the local end of the remnant end and the user end is connected by the second transmission interface of the second transmission interface of the local end == end So that the server end transmits the at least one of the ::: identification code stored in the memory unit of the (four) device end to the second transmission interface connected to the feeder end by: The specific identification code is stored in the memory end of the user end ... the test module 'and the first transmission - 1, .. element access unencrypted data preparation is not self-memory single system on the first side of the addition / Decryption module, ... Haidi-transport interface And a user connection for generating a force on the memory unit of the user terminal, and a program for setting the user on the user terminal and the detection module, the force "solution, face module, Recalling that the unit is electrically connected to the memory unit, and the external storage device is inserted into the memory unit Μ ^ (4) Up to the user tv, the encryption/decryption module stores the encrypted poor material by the external storage device after the unencrypted 110624 8 200921450 (4) line-specific program according to the specific identification code in the gambling memory 4 And when the detection module (4) external material device wants to open the encrypted data from the transmission interface, the encryption/decryption module matches the pepper: memory, unit search and the encrypted data: ; 疋: According to the specific identification code to perform the decryption process to open the added mountain Becco right, the encrypted state of the encrypted data is maintained. The data protection method of the present invention is applied to an electronic device having a memory cell and a memory cell, wherein: an electrical plug-in external storage device, the data protection step is used. At least - the electronic device and the ship end are established. The server under the network is based on the electronic device of the electronic device=serving the memory device corresponding to the summer number of the Iduan machine, and storing the memory unit at the local end of the electronic device; the v-code is used to set the local end of the electronic device Through the first transmission interface: the identification limit is determined; the electronic device determines the first transmission interface: the Dingbei storage storage event or (4) the read event; if the electronic device receives the storage interface to receive the storage event, The electronic*W is transmitted to the memory unit W (four) identification code for encryption to store = stored in the external connection electrically connected to the first-pass interface, and the data protection method is terminated: the connection storage device: The disconnection-transmission interface receives the read event, and the electronic dice display: the specific identification code of the unit is stored in the first-pass decryption process, and the electronic device determines whether the success is successful. Second data confidential Then, the electronic device turns on the successfully decrypted data: = Π0624 200921450 The information and protection method is displayed about the inability to open = ', r is successfully decrypted, the message is displayed on the electronic device, and the current 4' pass interface is desired. The steps of the data protection method of the data read. 'Therefore, the data protection device of the present invention is based on different electronic Sujin ..... '/, the main unencrypted data phase two: the number is generated - and the encryption process is to be taken out, and then the weight is When the unencrypted data is used to enable the electronic device to perform the fetching operation, the encrypted data must be opened by the original specific singer and the conventional technology is used to complete the decryption process. Compared with the edited unencrypted; material (===user-side encryption = backup outflow, and let the enterprise: storage, staff (such as: internal enterprise) use,: 2 4; 2: Department Bu ~ and suffered damage 'And two: Beixun* certification procedures, but also reduce the burden of internal ordering of the glass. u 3, the same way as the Beike access certification produced [implementation] The following is by a specific formula, Those skilled in the art will be able to embody the other advantages and effects of the present invention by the contents disclosed in the present specification. The specific examples of the present invention are implemented or applied. , this description Kuizhong:: other different f in different views and should The invention is further described in detail in the following examples, but 110624 10 200921450 does not limit the invention by the term 'street view'. The present invention is applied to a portable electronic device, and the present invention describes the A cover 4 of the present invention. The following drawings are only simplified in schematic form, and not in the example. It is not related to the present invention, so when f py ^ #number, shape and size are drawn. When the shell 1 ^ Λ %, the fine energy of each component, the slave „ is limited by the schema, and can be based on the number of solids I and the ratio It is not for the husband to read the flute two to make changes, and to explain the first. The reading brother 1 map 'is used to say f is a schematic diagram of the basic structure of the block. For example, the 5 month tributary protection device 2 〇 device 20 is applied to one One or two 'the data protection of the invention-, 0 1 search for the interface of the interface 11; 5 __ —?, (the ss several 12 electronic devices 1 〇, δ 己 早 早 ° 亥 一 传输 传输 传输 传输 传输 传输 传输 传输 传输 俜Sexual insertion-external storage device 30. 11 series for electric 10 series can be used for personal computers, notes A transfer seal eight items left foot 〆 1] ^ brain, industrial computer by the second transmission line interface 11 may pan-string

Bus ; USB) ^ IEEE1394 ^ JL - Universal Serial 或/、匕隨插即用#7姆淮人工 該外接式料設備3G係為H ’而 夕一 ^ &式硬碟機、隨身碟之苴Φ 之一。而该資料保護裝置20則包括:”、击 、中 輸介面1 1之偵測槿έ P彳ν 电^連接該第一傳 m則換組21、分別電性 11與該記憶單元12之力"解密模组=:二專輸介面 該偵測模組21與該加/解密模組22之“者::連f 23。 心彳史用者介面桓組 :下對照第!圖對本發明之資料保 各構件進行詳細說明。 夏π之上揭 該偵測模組21與該第一傳輪 镇測該外接式料設備⑽否自 110624 200921450 資裨。洶如,該偵測模組Μ係 電路,以當該外接式儲存設備3〇因—進位的邏輯判斷 生電訊號傳輸時’即改變該邏輯判斷;=!T產 體實現的方式外,該伯測模植 :的狀恶’除了硬 斷動作之指令集所組成而内嵌於由用^ :=_測判斷的作動原= 之技術’故不在此另行贅述。 所白知 f 該加/解㈣纽22係分別與該第 該記憶單元12電性連接,用 專輸;丨面11以及 加密資料進行加密程序。己憶單元12取出之未 之加密產生的方式係為二而言’該加/解密模組22Bus ; USB) ^ IEEE1394 ^ JL - Universal Serial or /, 匕 plug and play #7 姆华人工 The external material equipment 3G is H ' 夕一 ^ ^ & hard disk drive, flash drive 苴 Φ one. The data protection device 20 includes: a detection of the hitting, the middle interface 1 槿έ P彳ν, the connection of the first pass, the change of the group 21, the electrical 11 and the force of the memory unit 12 respectively. "Decryption Module=: Two-in-one interface The detection module 21 and the encryption/decryption module 22 are ":: even f 23. The palpitations of the user interface group: the next comparison! The drawings illustrate the components of the present invention in detail. The detection module 21 and the first transmission wheel are used to test whether the external material equipment (10) is from 110624 200921450. For example, the detection module is configured to change the logic judgment when the external storage device 3 determines the transmission of the power signal due to the logic of the carry-in; The test of the model: the form of the evil is composed of the instruction set of the hard-breaking action and is embedded in the technique of the actuating original judged by the ^:=_ test, so it will not be described here.知知 f The addition/solution (4) New 22 is electrically connected to the first memory unit 12, and is encrypted by a dedicated transmission; The way in which the encryption of the unrecognized unit 12 is generated is two. The encryption/decryption module 22

Encryption Standard ; # ( 模組22亦可;—4 /斤法產生,且該加/解密 一二執仃加/解密動作之指令集的形式内 ί,. /解^?2Γ面模組23係分別與該偵測模組21、該加 接式儲存設備元12電性連接’用以當該外 模置於該第—傳輸介面11且由偵測 未加密資心L存6又傷3〇自該記憶單元12取出 名稱力Γ才使用者介面模組23將依據不同使用者 資料相c? t特定的機器訊號產生-與該未加密 並錯存至;I:::::碼二據以傳輸至該加/解密模組 定辨思早70 2’令該加/解密模組22依據該特 ==該未加密資料進行加密程序,之後,准予該外 子°又備30自该電子裝置1 〇取出完成加密程序的資 Π0624 】2 200921450 ===模組21制該外接式儲存設備3q自該第 =面U開啟已加密資料時,該加/解密模組㈣ ^ = 12搜尋是否有與已加密資料相吻合之特定辨 依據該特定辨識碼完成解密程序,若否,則 ,二:=保:加密狀態。於本實施例中,該特定辨識碼所 ^次,的機裔訊號係可包括:出礙序號、機種、生產公 转使該特定辨識碼更具有可識別性,較佳地,該 碼係為一隱藏式的唯讀關聯槽,用以預防被有心 修改或刪除。具體Μ,未加密資料係以明文方式 m共企業内部授權使用者存取時,可透過於該使用 核、、且23預先安裝之一應用軟體(如:w〇rd、Exce卜 :_rp:lnt)開啟閱讀’而已加密資料則以密文方式呈 拯已加密貝料亦可透過該第—傳輸介面11供該外 ^儲存設備30存取,但由於該已加密資料係以密文方 :見日此’右不將該已加密資料^以解密,則任何人 U f,、,、法透過任何應用軟體40有效開啟閱讀。 參閱第2圖’係用以說明電子裝置搭載本發明之資料 =裝置20與未搭載本發明之f料保護裝置2()而與外接 L諸存。又備30連接下所執行的資料存取處理示意圖。如 f所示’電子裝iHU、1()2、1G3皆搭載有可開啟資料供 =用者閱讀之應用軟體4〇,該電子裝置1G1由於並未搭 ^發明之資料保護裝置2〇,故使用者可直接透過應用 二=40開啟未加密資料閱讀,而該電子裝置ι〇2、丨⑽ 係才。載有貝料保護裝置2G,以透過該資料保護裝置2〇電 110624 13 200921450 性插接M外接式儲存設備3g時,若使 料取出並儲存於該外接式 者奴肸未加密資 料保護裝置2〇依據不同?二了 3°,則會先分別由資 诼不丨J电子裝置102、103的特定地。。 號各自產生與未加密資料、戍:訊 資料保護裝置2"的力"解密模組二==該 102卜1031,再由該外接式儲存設備3〇取 :2包 料,此時’若欲將已加密資料完成解密程序二::賢 f 開啟閱讀前’須先由該加/解密模組2()於^ ^ 12搜尋是否有與已加密資料相吻合之特定辨 =原先完成加密之資料保護装置2。所搭;二3 置102、1G3方可進行有效的解密程序,例如,電子^ 102由於特定辨識碼並不吻合加密封包1G31,故將料 7封包1031所搭狀已加密資料完成解密,藉以避免 有心人竊取已加密資料於另一安裝有相同資料保護裝置 =之電子裝置10中開啟閱讀’進而有效預防有心者直接 藉由外接式儲存設備所竊取的資料被開啟閱讀。 ^再者,另一實施例中,兩台電子裝置102、103之特 定辨識碼可透過-遠端伺服器提供,而該特定辨識碼可為 2同或具有特定處理權限的碼值,藉此准予經該資料保護 裝置20加密的資料可在不同的電子裝置開啟並閱讀,舉 例而言,若使用該電子裝置1〇2、103的使用者屬於企& 中相同部門的同仁時,由於兩台電子裝置1〇2、1〇3所儲 存的特定辨識碼係為該遠端伺服器所提供且具有存取相 容權限,故於該電子裝置102所編輯處理的資料雖經過該 110624 14 200921450 :==:::=2°進行加_’然, 式儲存設備竊取資料外, .特定環境下准予資料交換。^依據以4存取而求在 參閱第3圖及第4岡έ 系統之基本架構方=二說明本發明之資料保護 保護系統係由—飼::::。°3圖所示’本發明之資料 X中所構成之—企業内部網路(一〇,且於 本:中,該飼服器端50與該使用 丨 C、d)係為主從式架構之關係,而該 二1〇…〇d)係例如個人電腦、筆記型電腦、工孝電 广子裝置’且該伺服器端50不 者 -對多、多對-及多對多的= :構白可,以下實施例,以單—個使用者端(電 飼服器端為例說明’如第4圖所示’該 。包括設置於電子裝置4。(即使用者端)上用以= 妾式儲存設備3G電性插接之第—傳輸介面4卜 於該電子裝置40及伺服器端5〇上用以儲存資料之記: =42、5卜設置於電子裝置4〇上並與該第一傳輪介面〇 ^性連接之偵測模組21、設置於該電子裝置初上分別與 ,第-傳輸介面41以及該記憶單元42電性連接之加/解 密模組22以及設置於該電子褒置4〇上分別與該偵測模组 d、該加/解密模組22以及該記憶單元42電性連接之使 ]10624 15 200921450 用者介ώ模組2 3。 本實施例之電子裝置4Q與触⑼ 外,該電子裝置4〇所搭 ^連接枝制 Μ可寸1示0隻敖置2 〇之各構伴 -運作關係與第1圖所示之電子# w 1η π 之。稱件的 .W 〇〇 ,Η π 书子衣置10所搭载的資料保護 ·;=: 之處則不另贊述。本實施例之電子 人弟1圖所示之電子裝置10不同的是,該電子事 置40透過本端的第二傳輪 疋忑电子衣 你认人 寻铷,丨面43與伺服器端50之第二 傳輸”面53連結’該飼服器端5〇藉由 ― < 53將内存於本端記憶單 μ弟一傳輸"面 伺服器端50連接之電子穿置寸疋辨哉碼傳送至與該 逆按之私子裝置(即使用 定電子裴置40間可相互存&、ρ卩弘、,)使右干4寸 仵罐妒置2〇 ^ 歼亚閱讀經各自之資料 資料。於本實施例中,該第二傳輸Encryption Standard; # ( Module 22 is also available; -4 / kg method is generated, and the addition/decryption of the two-in-one execution/decryption action instruction set is in the form of ί,. /解^?2Γ面模块23 The detection module 21 and the add-on storage device element 12 are respectively electrically connected to be used when the external module is placed on the first transmission interface 11 and is detected by the unencrypted asset L. After the name of the memory unit 12 is taken out, the user interface module 23 will generate a specific machine signal according to different user data, and the unencrypted and wrongly stored; I::::: code The transmission/decryption module is determined to transmit the encryption/decryption module 22 to cause the encryption/decryption module 22 to perform an encryption process according to the special == the unencrypted data, and then the external assistant is allowed to prepare 30 from the electronic Device 1 〇 Remove the information to complete the encryption program 0624 】 2 200921450 === Module 21 The external storage device 3q opens the encrypted data from the first face U, the encryption/decryption module (4) ^ = 12 There is a specific identification that matches the encrypted data, and the decryption process is completed according to the specific identification code. If not, then: 2: = Guarantee: Encrypted state. In an embodiment, the specific signal of the specific identification code may include: an obstacle number, a model, and a production revolution to make the specific identification code more recognizable. Preferably, the code system is a hidden type. The read-only association slot is used to prevent the intentional modification or deletion. Specifically, the unencrypted data is in the plaintext mode, and when the user is authorized to access the enterprise, the one can be pre-installed through the use of the core, and 23 The application software (eg: w〇rd, Exce: _rp: lnt) starts reading 'and the encrypted data is encrypted in encrypted form. The encrypted material can also be stored in the external storage device 30 through the first transmission interface 11 Take, but because the encrypted data is in the ciphertext side: see this day, the right does not decrypt the encrypted data ^, then anyone U f,,,,,,,,,,,,,,,,,,,,,,,,, 2 is a diagram for explaining the data access processing performed by the electronic device in which the data of the present invention is mounted, the device 20, and the f-protecting device 2 () of the present invention are not mounted, and the external L is stored. As shown in f 'electronics iHU, 1 () 2, 1G3 It is equipped with an application software that can open the data for the user to read. The electronic device 1G1 does not have the data protection device 2 invented, so the user can directly open the unencrypted data through the application 2=40. The electronic device 〇2, 丨(10) is equipped with a bedding protection device 2G for transmitting and storing the material to the M external storage device 3g through the data protection device 2, 110624 13 200921450 The external slave slave unencrypted data protection device 2 is different according to the difference, and the specific location of the J electronic device 102, 103 is first determined separately. . The number of each generated and unencrypted data, 戍: data protection device 2 " force " decryption module two == 102 1021, and then by the external storage device 3: 2 packets, at this time To complete the decryption process of the encrypted data 2:: xian f Before reading, 'Before the encryption/decryption module 2 () must first search for ^ ^ 12 to see if there is a specific identification that matches the encrypted data = the original encryption is completed Data protection device 2. If the specific identification code does not match the sealed package 1G31, the encrypted data of the packet 1031 is decrypted to avoid decryption. The intentional person steals the encrypted data and opens the reading in another electronic device 10 equipped with the same data protection device=to prevent the intentional person from directly reading the data stolen by the external storage device. Further, in another embodiment, the specific identification codes of the two electronic devices 102, 103 can be provided by the remote server, and the specific identification code can be a code value of 2 or with specific processing authority. The data permitted to be encrypted by the data protection device 20 can be opened and read by different electronic devices. For example, if the user who uses the electronic device 1, 2, 103 belongs to the same department in the enterprise & The specific identification code stored in the electronic device 1〇2, 1〇3 is provided by the remote server and has access compatibility rights. Therefore, the data edited by the electronic device 102 passes through the 110624 14 200921450. :==:::=2° to add _', the storage device steals data, and the data exchange is granted in a specific environment. ^ According to the 4 access and the basic architecture of the 3rd and 4th έ system, the data protection system of the present invention is described by: feeding::::. Figure 3 shows the 'inside the information X of the present invention—the internal network of the enterprise (in the case of the present, the serving terminal 50 and the used 丨C, d) is the master-slave architecture. The relationship, and the two 〇 ... 〇 d) are, for example, personal computers, notebook computers, Gongxiao electric wide sub-devices 'and the server end 50 is not - many, many pairs - and many to many =: For the following embodiments, a single user end (the electric feeding device end is taken as an example) as shown in FIG. 4, which is provided on the electronic device 4 (ie, the user end). = The third interface of the storage device 3G is connected to the electronic device 40 and the server terminal 5 for storing data: =42, 5b are disposed on the electronic device 4〇 and The detection module 21 of the first connection interface is connected to the encryption/decryption module 22 which is respectively connected to the first transmission interface 41 and the memory unit 42 and is disposed on the electronic device. The electronic device 4 is electrically connected to the detecting module d, the adding/decrypting module 22, and the memory unit 42 respectively] 10624 15 200921450 The interface module 2 3. In addition to the electronic device 4Q and the touch (9) of the embodiment, the electronic device 4 is connected to each other, and the operation relationship and the relationship between the two devices are displayed. The electronic #w 1η π shown in Fig. 1. The .W 〇〇 of the weighing piece, 资料 π The data protection carried by the book clothing set 10;;: The place is not separately mentioned. The electronic person of this embodiment The difference between the electronic device 10 shown in FIG. 1 is that the electronic device 40 is identifiable through the second rim of the electronic device, and the second surface of the server terminal 50 is 53. The connection 'the bottom of the feeding machine 5' is transmitted by the < 53 to the electronic memory of the local memory, and the electronic server is connected to the electronic server. The private device (that is, 40 sets of electronic devices can be stored with each other, and 卩 卩, 卩, 、, 、, 、, 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 The second transmission

Bus; USB)、IEEm(U II 排(UniVerSal _〇2.1卜藍芽(blJt h傳輸介面外,亦可透過如Bus; USB), IIEm (U II row (UniVerSal _ 〇 2.1 blue buds (blJt h transmission interface, can also pass

L 進行益線傳浐 6 〇〇 )及乙太網路等通訊介面 進仃…泉傳輸。值得一提的是, 區域網路内建立特 遷。。編50可針對 用權限,並將且古f、、、成貝(例如相同部門同事)的使 的電子裝置40、Γ玄使用權限的辨識碼傳送至各成員所屬 屬的電子\置41;!^許加密資料於特定群組的成員所 解密,以使特定君、Γ 該使用權限的辨識碼來進行 、、而盔干成員所屬之電子裝置的資料可相互交 二:無需經由飼服器進行繁項的資料存取認證程序,同 可^力=部區域網路因資料存取認證所產生的負荷,且 可增加内部資料的互通性。 、饤且 110624 16 200921450 二〗第5圖,其係用以說明本發明之資料t 流程示意圖,如貝抖保瘦方法之 戈Μ所不’百先在步驟S1 〇巾,八 内部網路的各電子杜 中$位於企業 卞衣置與伺服器端建立铜攸、击& -服器端依據各電子壯班々u ’ 妾,使该伺 .碼並傳至對應的電 的特疋辨識 記憶單元中,而^各電子裝置本端的 第一傳輪介面進杆次钮六% 又疋包子哀置本端透過 f 求,部分電子穿置H 的權限’且依據資料存取需 有互通性;ι;π:辨識碼所設定的資料存取權限具 保護裝置,即該資料保 句广裝―本發明之資料 組以及使用者介面模板,:中二偵:模組、加/解密模 ,程式,而該偵測模組、:/解載入 形式内钱於該控制程式内,且置=右^曰令集的 面及第二傳輪介面,該第_傳卜2置具有弟一傳輸介L carries out the communication line 6 〇〇 ) and the communication interface such as Ethernet. It is worth mentioning that esports are established within the local area network. . The code 50 can be transmitted to the electronic device 40 of the member's affiliation for the electronic device 40 and the privilege identification code of the franchise; ^ The encrypted data is decrypted by the members of the specific group, so that the specific identification code of the use authority can be performed, and the data of the electronic device to which the helmet member belongs can be mutually intersected: no need to go through the feeding device The complicated data access authentication procedure can increase the load of internal data due to the load generated by the data exchange authentication. 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 Each electronic Duzhong$ is located at the enterprise's clothing and server side to establish a copper cymbal, hit & - server end according to each electronic 々 々 ' ' ' 妾 妾 妾 妾 妾 妾 妾 妾 妾 妾 妾 妾 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据 依据In the memory unit, the first transfer interface of the electronic device at the local end of the electronic device enters the second button, and the 疋 子 哀 哀 本 本 本 本 , , , , , , , , , , , , , , , , , , , , , , , , , ;ι;π: The data access authority set by the identification code has a protection device, that is, the data sentence sentence is widely loaded - the data group and the user interface template of the present invention, the second detection: the module, the encryption/decryption mode, a program, and the detection module, the : / unloading form, the money in the control program, and set = the right side of the command set face and the second transfer interface, the first _ _ _ 2 set has a brother Transmission media

f:· L 存設備電性插接,以藉由該第:;::::與-外接式儲 的資料儲存於盥今望一 專輪;丨面將電子裝置本端 設備,或者藉由該第一傳輪介面;接=式儲存 連接的外接式儲存設備所儲存的資==輸介面電性 讀取,然,是否可順利完成資料儲存子裝置 績的處理步驟(即步驟SU至步驟S17 :取仍需視後 輸介面則用以與該伺服器::定’該第二傳 接收該旬服器端所提供的特二::,傳輪介面 S1]。 辦歲碼,接著進至步驟 在步驟S1J中,由各電子妒 、置本糕判斷其第一傳輸介 110624 17 200921450 面是否4收到資料儲存或 事件,則進至步㈣的^牛#若接收到儲存 SI4。 ]5貝取尹件,則進至步,驟 在步驟S12中,電子贫罢士 .資料儲存事件,故對欲儲存二輪介面接收到 定”加密處理’接著進至步驟億單元的特 在步驟S13中,電子奘罢士 於與該第—傳許入而1本柒將加密處理的資料儲存 f結束本發明之‘:::連接的外接式儲存設備中,即可 使電子裝 猎此步知S11至步驟S13, 備儲t 而处J過的貧料即便被該外接式传 備储存,但因所儲存的資料已 关式U存狄 護裝置進行加宓,故1 /工电衣置本端的資料保 中被開啟,:非密資料將無法於其它的電他 裝置,且儲存有具=1子裝置亦1本發明之資料保護 外接式儲存設備所二;:互通性之特定辨識碼’則可對該 ,程序的電;::::=進行解密,進行解 讀取子:子裝置本端的第-傳輸介面接收到 恃罡1 子裝置本端的資料保護裝置以儲存於記 〜早兀的特定辨識一 、 行解密處理。如弟料"I面所頃取的資料進 斷是==中,令該電子裝置本端之資料保護裝置判 解达,若成功解密則進至步驟S16 ;若盔法 利解密則進至步驟Sl7。 右一去順 在步驟S16中,於該電子裝置本端開啟該成功解密的 110624 18 200921450 資科,卸可結束本發明之資料保護方法。 在步驟S1 7中,於該電子裝置本端顯示有關於無法開 啟透過第一傳輪介面所欲讀取的資料之訊息,即可結束本 發明之資料保護方法。 綜上所述’本發明係提供一種資料保護裝置、系統及 方法,其主要係依據不同使用者名稱及電子裝置上特定的 機器訊號產生一與欲取出未加密資料相關聯的特定辨識 碼,並據以對該未加密資料進行加密程序後,再由—外接 式儲存設備完成取出動作,使該電子裝置欲自該外接式儲 存設備開啟該已加密資料時,須以原定特定辨識碼拍:勿合 才能完成解密程序,相較於習知技術而言,本發明係可^ 獨透過各使用者端加密所編輯的資料(如:企業資訊)= 防止其由外接式儲存設備流出,並讓企業内部所有的 只能在内部敎群組成M (如:企業内部)使用,㈣免 :業因資訊外流而受到損害’且由於無需經由伺服 =的資料存取認證程序,同時亦減少内部區域網 料存取認證所產生的負荷。 貝 上述實施例僅例示性說明本發明 ::用於限制本發明。任何熟習此項技藝^ ΐ本下’對上述實施例進行修飾與: 範圍所列。 爾-圍,應如後述之申請專利 【圖式簡單說明】 第1圖為一方塊示意圖,苴顯干太 /、頌不本發明之資料保護裝 110624 19 200921450 置之‘基未架構方塊示意圖; 第2圖為一應用示意圖,用以說明 明之貢料保護裝置與未搭载本笋明:子衣置搭載本發 外接式儲存設備連接下所執行的V料^f護裝置而與 第3圖為一實施配置關係 '子取^里示意圖; 系統由-觸端與多個使用者:么不本發明資料保護 統之配置關係圖; (味而所組成之資料保護系 弟4圖為一方塊不意圖,立BK — _1_ - 口具頦不本發明資料保護系統 之基本架構方塊示意圖;以及 第5圖為一實施流程圖,用以說明本發明資料保護方 法之實施流程圖。 、 【主要元件符號說明】 10, 101,1 02, 1 03, 40 電子裝置 l〇a, 10b, 10c, 10d 使用者端 11, 41 第一傳輪介面 12, 42 記憶單元 20 資料保護裝置 ,,21 偵測模組 22 加/解密模組 23 使用者介面模組 30 外接式儲存設備 40 應用軟體 43, 53 第一傳輸介面 50 伺服器 51 記憶單元 S10〜S17 步驟 20 110624f:· L The device is electrically plugged in, so that the data stored in the first:::::: and the external storage is stored in the current special wheel; the electronic device local device, or by The first transfer interface; the storage device stored in the external storage device of the storage connection == the electrical interface of the input device, and whether the processing step of the data storage sub-device performance can be successfully completed (ie, step SU to the step) S17: It is still necessary to use the rear interface to use the server:: 'The second transmission receives the special two provided by the server::, the transmission interface S1]. To the step S1J, it is determined by each electronic device and the cake that the first transmission medium 110624 17 200921450 surface 4 receives the data storage or event, and then proceeds to the step (4) of the ^ cattle # if the storage SI4 is received. 5 取 尹 件 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , the electronic 奘 士 于 于 与 该 该 该 该 该 该 该 该 该 该 该 该 该 该Ending the '::: connected external storage device of the present invention, the electronic device can be loaded with the step S11 to the step S13, and the poor material stored in the storage device can be stored even by the external storage device. However, because the stored data has been closed by the U-protection device, the data protection of the 1/Electric clothing is turned on, and the non-density data will not be available to other devices. 1 = sub-device 1 also the data protection external storage device of the present invention;: the specific identification code of the interoperability ', the program's electric;::::= is decrypted, and the de-reading is performed: The first transmission interface of the sub-device receives the data protection device of the local device of the first sub-device to store the specific identification of the first-time device and the decryption process for the first-time device. If it is ==, the data protection device at the local end of the electronic device is judged to be reached. If the decryption is successful, the process proceeds to step S16; if the helmet is decrypted, the process proceeds to step S17. The right one goes to step S16, where The electronic device local end opens the successful decryption of 110624 18 200921450 According to the data protection method of the present invention, in step S17, the information protection method of the present invention can be terminated by displaying a message on the local end of the electronic device that the information to be read through the first transfer interface cannot be opened. In summary, the present invention provides a data protection device, system and method, which mainly generate a specific identification code associated with a specific machine signal and an electronic device to generate an unidentified data. After the encryption process is performed on the unencrypted data, the external storage device performs the fetching operation, so that when the electronic device wants to open the encrypted data from the external storage device, the original identification code must be taken: It is not necessary to complete the decryption process. Compared with the prior art, the present invention can encrypt the edited data (such as enterprise information) through each user terminal to prevent it from being discharged by the external storage device, and let All within the enterprise can only be used in the internal group M (eg: internal), (4) exempt: the industry is damaged due to information outflow 'and because there is no need = Servo data access authentication procedure, while also reducing the load of the internal region of web material generated by the access authority. The above examples are merely illustrative of the invention: <RTI ID=0.0>> Any of the above-described embodiments are modified with the following:尔-围, should apply for a patent as described later [Simple description of the drawing] Figure 1 is a block diagram, 苴 干 干 颂 颂 颂 颂 颂 颂 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 624 Figure 2 is a schematic diagram of an application to illustrate the protection device of the Ming and the V material and the protective device that is not equipped with the external storage device. An implementation configuration relationship 'child's schematic diagram; system by - contact and multiple users: what is not the configuration of the data protection system of the invention; (the composition of the data protection system is not a block of 4 Intention, BK - _1_ - The basic architecture block diagram of the data protection system of the present invention; and FIG. 5 is an implementation flow chart for explaining the implementation flow chart of the data protection method of the present invention. Description] 10, 101, 1 02, 1 03, 40 Electronic device l〇a, 10b, 10c, 10d User terminal 11, 41 First wheel interface 12, 42 Memory unit 20 Data protection device, 21 Detection mode Group 22 encryption/decryption mode 23 UI module 30 is an external storage device 40, software applications 43, 53 of the first server 51 memory 50 transmission interface unit step S10~S17 20110624

Claims (1)

200921450 、'申請專利範圍: ι· ==置.係應用於一具有-第-傳輪介面 以電性插置::之%子瓜置’其中該第-傳輪介面用 包二. $ 4妾式儲存設備,該資料保護裝置至少 1測模組’係與該第—傳輸介面電性連接 = 外接式儲存設備是否自記憶單元存取未加 f 該記分別與該第-傳輸介面以及 加密資料進行力』序=自該記憶單元取出之未 /解別與㈣測模組、該加 式儲存設備對應插置::;二:二:以當該外接 組摘測該外接式儲二且由偵測模 時,—V=;:: = 疋的機器訊號產生一盥兮去^ + 电千裝置上特 辨識碼,且據以僅於* \ 岔貧料相關聯的特定 憶單元,令該加/解密模===並儲存至該記 :密資料進行加密程序後,由該:接;::碼對該未 禮加密後的資料, 式緒存设備儲存 設備欵自該第—傳二5:\測m且偵測該外接式儲存 解密—記: = 料時, 吻合之特定辨識碼,若是,::二與/加密資料相 依據5亥特定辨識喝進行解 J10624 21 200921450 以:啟該已加密資料,若否,則保持該已加密 貢料的加密狀態。 2·如申請專利範圍第1項所述之資料保護裝置’ 中, -該加/解密模組加密的方式係為高級加密標準 UdVanCed Standard)渾算法。 3·如申請專利範圍第}項所述之資料保護裝置,其中, 2 =式儲存^備係為可攜式硬碟機、隨身碟之其中 f ' 4 ·如申請專利節jfi筮1 τ5 ^ ^ 車巳固弟1項所述之資料保護裝置,豆中, 『第;,介面係為泛用串列匯流排(Un二 二::、1咖94或採用具有隨插即用 5. :種資料保護线,係應用—健器 者端二該資料保護系統至少包括: 使用 使用者端上之第一傳輸介面’用以 置一外接式儲存設備; 描 元:別設置於使用者端及伺服器端上之記憶單 兀,用以儲存資料,i 早 存複數筆特定辨識中㈣服“之記憶單元儲 介面者端及㈣器端上之第二傳輸 本端的記:::=分猶用者端及祠服器端 弟二傳輪介面而與伺服哭嫂沾笛本鳊的 使該飼服器端藉由第;二面―:連接,以 弟一傳輸;丨面將該伺服器端之記 110624 22 200921450 憶單元所儲存的至少— — 服器端之第二傳輪介 :?識碼傳送至與該祠 辨識碼储存於該使用者端的記億單用=.,並將該特定 设置於使用者端上 介面電性連接,偵测儲傳輸 憶單元存取未加密資料;接式健存政備是否自記 =於使用者端上之加/解 弟-傳輸介面以及使用者 係、刀別與》 以對自該使用老, °己^、早兀電性連接,用 行加密程序;以及 出之未加岔貧料進 二置於使用者端上之使用者 该,組、該力"解密模組以 =二 兀電性連接,用以當 者知之以思早 第—傳於八而曰Λ 存設備對應插置於該 奴自该記憶單元儲存未加密 t備 依據儲存於該使用者端之一 /加模組 對該未加密資料進行:密二7=寺定辨識碼 備儲存該加密後的#料 '妾式储存設 該第一傳輸介面開啟已加密資料 否有盘解在权組於該使用者端之記憶單元搜尋是 节特二已加密資料相吻合之特定辨識碼’若是,依據 Ζ、疋辨識碼進行解密程序以開啟該已加密資料,4 ’則保持該已加密資料的加密狀態。 右 如申請專利範圍第5項所述之資料保護系統,其中, Π0624 23 6. 200921450 '該伺•服器端之記憶單元 不同使用者端而產:者储存的特定辨識碼係依據 ==利範圍第5項所述之資料保護系統,且中, :力"解密模組加密的方式係為高級加密標準 8. (Advanced Encryption Standard) 0 彻圍第5項所述之資料保護系統,直中, ^一^切存設備係為可攜式硬碟機、隨身碟之其中 之一者 〇 八 9. =請=範圍第5項所述之資料保護系統’其中’ 遠第一傳輸介面係為泛用串 Ser.al Bus ; USB) MEEE1394 , Γ 功能的標準介面。 或採用具有隨插即用 10.::明專利範圍第5項所述之資料保護系統,盆中, 二^辨用以設定使用者端本端透過第:傳輸 需求,針對部分使用者心“/ 依據貧料存取 :子:權限具有互通性,以准予部分具有該互通性二 辨减碼的使用者端相互開啟或儲存彼此的資料。 11. 一種資料保護方法,係應用於 以及一記憶單元之電子麥置’/中傳輸介面 以電性插置一外接式儲存4 翰"面用 下列步驟: 切存叹備,“料保護方法包括 至少一電子裝置與词服器端建立網路連接 飼服器端依據該電子裝置之機器訊號提供對應= Π0624 24 200921450 傳至與該機器訊號對應的電子襄置中,且 中,而該記憶單元 .傳輸介面進行資料存取的權限;、而透過第一 料儲置判斷第-傳輸介面是否接收到資 t f件或貢料讀取事件; 若該電子裴置判斷第一八 r件,該電子裳置對欲儲存料::㈣儲存事 '特定辨識碼進行加密處於記憶單元的 :與該第-傳輪介面電性連接的:== ’:結束該資料保護方法的步驟;以及…子°又 件,:::::置判斷第-傳輸介面接收到讀取事 第存於記億單元的特定辨識碼對該 子裝的資料進行解密處理,且由該電 置H 密’若成功解密則於該電子茫 * = ':=資料,並結束該資料保護方法的 結束該資料保護方法的步驟。 貞料之成息,亚 12.==範圍第η項所述之資料保護方法, :亥力…處理方式係採用高級加密”(Adv:L ncryption Standard)涫管法。 ]10624 25 13 200921450 乏一者。 14.如申凊專利範圍第】】項所述之資料保護方法,其尹, 。亥第傳輸介面係為泛用串列匯流排(jjni versa 1 Serial Bus,USB) 、IEEE1 394或採用具有隨插即用 功恶的標準介面。 15.如申請專利範圍第u項所述之資料保護方法,其中, 該特定辨識碼用以設定電子裝置本端透過第一傳輸 資料存取的權限,且伺服器端依據資料存取 舄求’針對部分電子穿:晋 存取權π且古H、 疋辨識碼所設定的資料 、/、 通性,以准予部分具有該互通性特定 辨識碼的電子裝置相 、『生特疋 互開啟或儲存彼此的資料。200921450, 'Application for patent range: ι· == set. It is applied to a have-the-pass-wheel interface to electrically insert::% of the melons are placed in the first-passing wheel interface package 2. $ 4 The 储存-type storage device, the data protection device at least one test module is electrically connected to the first transmission interface = whether the external storage device is accessed from the memory unit without adding f, respectively, the first transmission interface and the encryption The data is carried out in the order of the data = the unresolved from the memory unit and the (four) test module, the add-on storage device correspondingly inserted::; two: two: when the external group picks up the external storage When detecting the mode, the machine signal of -V=;:: = 产生 generates a special identification code on the ^^ electric device, and according to the specific memory unit associated with only the * \ 岔 poor material, The encryption/decryption module=== is stored in the record: after the encryption data is encrypted, the data is encrypted by the :::: code, and the device storage device is stored in the first Pass 2:5 and measure the external storage and decryption - remember: = material, match the specific identification code, if yes, :: The second and / encrypted data phase according to the 5 Hai specific identification drink to solve the solution J10624 21 200921450 to: start the encrypted data, if not, then maintain the encrypted state of the encrypted tribute. 2. In the data protection device described in claim 1, the encryption/decryption module is encrypted by the advanced encryption standard UdVanCed Standard. 3. The data protection device as described in the application scope of the patent scope, wherein the type 2 storage device is a portable hard disk drive, and the flash drive is f ' 4 · such as the patent application section jfi筮1 τ5 ^ ^ The data protection device described in the 1st article of the car, the bean, "the first; the interface is a general-purpose serial bus (Un 22::, 1 coffee 94 or with plug-and-play 5.: The data protection line is applied to the health device. The data protection system includes at least: using the first transmission interface on the user terminal to set up an external storage device; the description element: not set on the user end and The memory unit on the server side is used to store data, i pre-stores the number of specific identifications (4) in the memory unit of the storage unit and the second transmission of the unit on the (4) end:::= The user and the server are connected to the server and the server is crying and squeaking. The server is connected by the second side of the second side of the server.端之记110624 22 200921450 Recall that the unit stores at least the second pass of the server The identification code is transmitted to the account with the identification code stored in the user terminal, and the specific setting is electrically connected to the user interface, and the storage and storage unit is accessed to access the unencrypted data; Whether the connection health management is self-reported = on the user side of the add / solve the brother - the transmission interface and the user system, the knife and the "with the use of the old, ° already ^, early electrical connection, use The encryption program; and the user who is placed on the user end without the addition of the poor material, the group, the force " decryption module is connected by = 兀, for the person to know - Passed in the eighth and the storage device is inserted in the slave. The memory is stored in the memory unit. The unencrypted data is stored in the user terminal/add module to perform the unencrypted data: Mi 2 = Temple The identification code is stored in the encrypted #material's storage device. The first transmission interface opens the encrypted data. If there is a disk solution, the memory unit search in the user group is matched with the encrypted data. Specific identification code 'if yes, based on Ζ, 疋 identification code The secret program is used to open the encrypted data, and 4' maintains the encrypted state of the encrypted data. The data protection system described in claim 5 is right, wherein Π0624 23 6. 200921450 'the server The memory unit is produced by different user terminals: the specific identification code stored by the user is based on the data protection system described in item 5 of the == profit range, and the method of encrypting the encryption module is an advanced encryption standard. 8. (Advanced Encryption Standard) 0 The data protection system described in item 5 is straightforward. ^1^The memory device is one of the portable hard disk drive and the flash drive. Please = the data protection system described in item 5 of the scope 'where the far first transmission interface is the general-purpose string Ser.al Bus; USB) MEEE1394, the standard interface of the function. Or use the data protection system described in item 5 of the plug-and-play 10.:: patent scope, in the basin, to identify the user end through the first: transmission demand, for some users" / According to the poor material access: child: the rights have interoperability, to allow some users with the interoperability two to reduce the code to open or store each other's data. 11. A data protection method, applied to a memory The unit's electronic wheat '/ medium transmission interface is electrically inserted into an external storage 4 John's face with the following steps: Cut and sigh, "material protection method includes at least one electronic device and the word server end to establish a network The connection device is provided according to the machine signal of the electronic device, corresponding to =0624 24 200921450, and is transmitted to the electronic device corresponding to the machine signal, and the memory unit transmits the interface for data access; Whether the first transmission interface receives the resource tf or the tributary reading event through the first material storage; if the electronic device determines the first eight r pieces, the electronic device pairs the material to be stored:: (4) The deposit 'specific identification code is encrypted in the memory unit: electrically connected to the first-passing interface: == ': the step of ending the data protection method; and... the sub-parts, ::::: Determining that the first transmission interface receives the specific identification code stored in the unit of the unit, and decrypts the data of the sub-package, and the electronic data is encrypted by the electric device. If the data is successfully decrypted, the electronic device is 茫* = ': = data, and the end of the data protection method ends the steps of the data protection method. The information protection method described in sub-n.==range item n, :Hai Li...the processing method is advanced encryption" (Adv:L ncryption Standard) method.]10624 25 13 200921450 14. The data protection method described in the application scope of the patent application, the Yin, the transmission interface is a universal serial bus (USB), IEEE1 394 or The data protection method according to the invention of claim 5, wherein the specific identification code is used to set the right of the electronic device to access the first transmission data through the first transmission data. And the server end requests data for partial electronic wear: Jin access right π and ancient H, 疋 identification code, and/or generality to grant part of the electronic with the specific identification code of the intercommunication according to the data access request. The device phase, "specially open to each other or store each other's data. 110624 26110624 26
TW96142630A 2007-11-12 2007-11-12 Data protection device, system and method TW200921450A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW96142630A TW200921450A (en) 2007-11-12 2007-11-12 Data protection device, system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW96142630A TW200921450A (en) 2007-11-12 2007-11-12 Data protection device, system and method

Publications (1)

Publication Number Publication Date
TW200921450A true TW200921450A (en) 2009-05-16

Family

ID=44727871

Family Applications (1)

Application Number Title Priority Date Filing Date
TW96142630A TW200921450A (en) 2007-11-12 2007-11-12 Data protection device, system and method

Country Status (1)

Country Link
TW (1) TW200921450A (en)

Similar Documents

Publication Publication Date Title
JP5556895B2 (en) Content data reproducing apparatus, update management method, and update management program
JP4187935B2 (en) RADIO COMMUNICATION SYSTEM, TRANSMITTING DEVICE, RECEIVING DEVICE, AND CONTENT DATA TRANSFER METHOD
US8707404B2 (en) System and method for transparently authenticating a user to a digital rights management entity
KR100605071B1 (en) System and method for secure and convenient management of digital electronic content
CN103748592B (en) For controlling the system and method to the access of protected content
KR100628655B1 (en) Method and system for exchanging contents between different DRM devices
JP4865854B2 (en) Digital copyright management method and apparatus
TW565800B (en) Communications system, terminal, reproduction program, storage medium storing reproduction program, server, server program, and storage medium storing server program
TWI462558B (en) System and method for storing a password recovery secret
TWI313551B (en)
CN108476404A (en) Safety equipment matches
TWI394419B (en) System and method for managing encrypted content using logical partitions
TW200816767A (en) System and method for trusted data processing
TW201112656A (en) Secure time functionality for a wireless device
TW201201041A (en) Data security method and system
WO2020199028A1 (en) Security chip, security processing method and related device
WO2009027126A1 (en) System and method for protection of content stored in a storage device
KR20220039779A (en) Enhanced security encryption and decryption system
CA2891610C (en) Agent for providing security cloud service and security token device for security cloud service
JP4996625B2 (en) Method for specifying common key between first communication device and second communication device, and device for specifying common key between first communication device and second communication device
WO2017137481A1 (en) A removable security device and a method to prevent unauthorized exploitation and control access to files
TW201205337A (en) Download management system
TW200921450A (en) Data protection device, system and method
WO2024088145A1 (en) Data processing method and apparatus, and program product, computer device and storage medium
KR20180043679A (en) A method for providing digital right management function in cloud storage server communicated with gateway server