TW201319856A - Flash drive with security mechanism and data storage system and a method thereof - Google Patents

Flash drive with security mechanism and data storage system and a method thereof Download PDF

Info

Publication number
TW201319856A
TW201319856A TW100140798A TW100140798A TW201319856A TW 201319856 A TW201319856 A TW 201319856A TW 100140798 A TW100140798 A TW 100140798A TW 100140798 A TW100140798 A TW 100140798A TW 201319856 A TW201319856 A TW 201319856A
Authority
TW
Taiwan
Prior art keywords
partition table
computer system
sequence
disk
disk partition
Prior art date
Application number
TW100140798A
Other languages
Chinese (zh)
Inventor
I-Ling Tsai
Chui-Hung Li
Original Assignee
Fineart Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fineart Technology Co Ltd filed Critical Fineart Technology Co Ltd
Priority to TW100140798A priority Critical patent/TW201319856A/en
Publication of TW201319856A publication Critical patent/TW201319856A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a flash drive with security mechanism which store a master boot record (MBR) and a security mechanism. The steps of the security mechanism comprise mounting a hook program in the operating system of the computer system. Next, the sequence of the partition table of the master boot record is damaged and an identification number is added to the damaged sequences of the partition table. When the operating system executes to storage the partition table, the hook program finds and confirms the identification number, and then the hook program restores the sequence of the partition table.

Description

具有防護機制之隨身碟、資料儲存系統及其方法Pen drive with protective mechanism, data storage system and method thereof

本發明係關於一種具有防護機制之資料儲存裝置,特別係關於一種具有防護機制之USB隨身碟。The invention relates to a data storage device with a protection mechanism, in particular to a USB flash drive with a protection mechanism.

為了避免公司內部資料外洩,或避免資料遭任意增刪竄改而產生不利影響,例如影響產品研發上市或造成客戶資訊流失,或使企業的競爭策略透露給競爭對手喪失競爭優勢。因此,通常公司內部都會對資料的傳輸方式進行限制。舉例而言,有些會以身分權限進行區別,限制使用者身份對檔案修改或閱讀的權限,例如使用帳號密碼之機制確保使用者具有足夠存取權限。In order to avoid the leakage of internal information of the company, or to avoid adverse impacts caused by arbitrary additions and deletions, such as affecting product development and listing, or causing loss of customer information, or to disclose the competitive strategy of the company to competitors to lose competitive advantage. Therefore, the way in which data is transmitted is usually limited within the company. For example, some will differentiate by identity rights, restricting the user's identity to modify or read the file, such as using the account password mechanism to ensure that the user has sufficient access rights.

一般防護機制的缺點乃需經執行特定軟體才能啟動,換句話說,控制資料存取的軟體通常儲存於開機磁碟中,且於開機時執行,並於開機完成後執行資料控管的工作。若將開機磁碟自原電腦系統實體移除,並以串接方式串接於其他電腦系統成為從屬磁碟時,則可透過未安裝有控制資料存取軟體之開機磁碟讀取機密資料,此時原開機磁碟將僅儲存資料不具防護效果,形成防護上的漏洞。The shortcomings of the general protection mechanism need to be activated by executing a specific software. In other words, the software for controlling data access is usually stored in the boot disk and executed at boot time, and the data control is performed after the boot is completed. If the boot disk is removed from the original computer system entity and serially connected to other computer systems as a slave disk in a serial connection, the confidential data can be read through the boot disk without the control data access software. At this point, the original boot disk will only store the data without protection, forming a loophole in protection.

一般而言,對於傳輸資料最便利的方式係使用USB快閃記憶體裝置進行資料儲存,其體積輕巧,可熱插拔亦可重複寫入。由於此種裝置傳輸資料便利快速,企業內部往往除了針對各使用者主機內部進行資料安全控管外,通常會限制禁止使用USB隨身碟,卻造成因內部資料傳輸不便而影響工作效率。In general, the most convenient way to transfer data is to use a USB flash memory device for data storage. It is lightweight, hot-swappable, and repeatable. Because such devices transmit data conveniently and quickly, in addition to data security control inside the user hosts, the internal use of USB flash drives is often restricted, which results in inconvenient internal data transmission and affects work efficiency.

中華民國專利公開號第201037596號「具安全防護裝置的隨身碟」係提供利用隨身碟之控制器讀取其密碼鎖(或安全防護韌體),用以驗證電腦使用者之密碼,當驗證通過後,可寫入資料至記憶體中。亦即,其透過一身分驗證介面進行安全驗證。然而,此仍無法有效防止資料外洩之風險,若具有權限之使用者(即具有密碼之使用者)仍可透過隨身碟將資料攜岀至公司外部,仍可能將內部機密文件外流,而形成防護上之缺口。The Republic of China Patent Publication No. 201037596 "Pneumatic Disc with Safety Protection Device" provides the use of a flash drive controller to read its password lock (or security firmware) to verify the password of the computer user. After that, the data can be written to the memory. That is, it performs security verification through a verification interface. However, this still does not effectively prevent the risk of data leakage. If a user with authority (ie, a user with a password) can still carry the data to the outside of the company through the flash drive, it is still possible to outsource the internal confidential file. The gap in protection.

有鑒於上述需求,本發明之目的係為提供具有防護機制之隨身碟,防止公司之隨身碟使用於無授權之電腦系統,或防止非公司之隨身碟使用於企業內部,可有效控管公司內部之隨身碟的使用。In view of the above needs, the object of the present invention is to provide a pen drive with a protection mechanism, prevent the company's flash drive from being used in an unauthorized computer system, or prevent a non-company portable disk from being used inside the company, thereby effectively controlling the internal company. The use of the pen drive.

為了達到上述之目的,本發明提供一種具有防護機制之隨身碟,其儲存一主開機記錄(MBR,Master Boot Record)及一防護機制,所述防護機制之步驟,首先於電腦系統之作業系統中掛載一攔截程式。其次,將該隨身碟之主開機記錄之磁碟分割表(Partition Table)之序列進行破壞,並於磁碟分割表之序列中加入一識別序號,其中攔截程式係用以於作業系統欲存取該磁碟分割表時,尋找及確認識別序號,確認後將所讀取之磁碟分割表之序列予以還原。In order to achieve the above object, the present invention provides a pen drive with a protection mechanism, which stores a master boot record (MBR) and a protection mechanism. The steps of the protection mechanism are firstly implemented in the operating system of the computer system. Mount an interceptor. Secondly, the sequence of the partition table of the main boot record of the flash drive is destroyed, and an identification serial number is added to the sequence of the disk partition table, wherein the intercepting program is used for the operating system to access When the disk is divided into tables, the identification number is searched for and confirmed, and the sequence of the read disk partition table is restored after confirmation.

本發明更提供一種具有防護機制之資料儲存系統,包含一第一電腦系統及一隨身碟。所述之第一電腦系統,該第一電腦系統之作業系統中掛載一攔截程式,而所述之隨身碟中儲存一主開機記錄(MBR,Master Boot Record),所述主開機記錄之磁碟分割表(Partition Table)的序列預先以一第二電腦系統破壞,並於磁碟分割表之序列中加入一識別序號。當隨身碟連接於第一電腦系統時,於第一電腦系統之作業系統執行讀取該磁碟分割表前,所述攔截程式執行尋找及確認磁碟分割表之序列內的識別序號,且於確認後將所讀取之磁碟分割表之序列予以還原。The invention further provides a data storage system with a protection mechanism, comprising a first computer system and a flash drive. In the first computer system, an interception program is mounted in the operating system of the first computer system, and a master boot record (MBR) is stored in the flash drive, and the magnetic record of the main boot record is recorded. The sequence of the Partition Table is pre-destroyed by a second computer system, and an identification number is added to the sequence of the disk partition table. When the flash drive is connected to the first computer system, the intercepting program performs the search and confirmation of the identification number in the sequence of the disk partition table before the operating system of the first computer system performs the reading of the disk partition table, and After confirming, the sequence of the read disk partition table is restored.

本發明係將隨身碟之磁碟分割表之序列破壞後,並於其中加入一識別序號,利用攔截程式於破壞過之磁碟分割表尋找及確認所加入之識別序號,確認為合法隨身碟後,再將磁碟分割表之序列予以還原,若於識別序號,則攔截程式將不會還原磁碟分割表,而無法進行讀取或寫入之動作。換言之,若是將該隨身碟連接於其他未具有攔截程式之電腦系統,則因磁碟分割表之序列已受到破壞,而無法讀取。故,可有效控管隨身碟連接於經授權之電腦系統使用,避免資料外洩。The invention destroys the sequence of the disk partition table of the flash drive, and adds an identification serial number thereto, and uses the interception program to find and confirm the added identification number in the broken disk partition table, and confirms that it is a legal flash drive. Then, the sequence of the disk partition table is restored. If the serial number is identified, the interception program will not restore the disk partition table, and cannot perform the reading or writing operation. In other words, if the pen drive is connected to another computer system that does not have an interception program, the sequence of the disk partition table has been corrupted and cannot be read. Therefore, the control pen drive can be effectively connected to an authorized computer system to avoid data leakage.

以上所述係用以闡明本發明之目的、達成此目的之技術手段、以及其產生的優點等等。而本發明可從以下較佳實施例之敘述並伴隨後附圖式及申請專利範圍使讀者得以清楚了解。The above is used to clarify the object of the present invention, the technical means for achieving the object, the advantages thereof, and the like. The invention will be apparent to those skilled in the art from the description of the appended claims.

本發明將以較佳實施例及觀點加以敘述,此類敘述係解釋本發明之結構及步驟,僅用以說明而非用以限制本發明之申請專利範圍。因此,除說明書中之較佳實施例以外,本發明亦可廣泛實行於其他實施例中。The present invention will be described in terms of the preferred embodiments and aspects of the invention, which are intended to be illustrative and not to limit the scope of the invention. Therefore, the present invention may be widely practiced in other embodiments in addition to the preferred embodiments described in the specification.

請參閱第一圖,係顯示本發明之隨身碟裝置之示意圖。於此實施例中,本發明之具有防護機制之隨身碟100,其包含一控制IC 202,所述控制IC 202連接於一USB介面204及快閃記憶體206。所述之隨身碟100具有開機功能,所述快閃記憶體206中儲存一主開機記錄200,其包含一主開機程式(MBP,Master Boot Program) 210及一磁碟分割表(Partition Table) 220。另請參閱第二圖,於實施例中,本發明係應用於一企業內部網路系統300,包含一伺服端電腦系統310及複數個使用者端電腦系統320,使用者可透過隨身碟100分別連接於複數個使用者端電腦系統320進行資料存取。Referring to the first figure, there is shown a schematic diagram of the flash drive device of the present invention. In this embodiment, the pen drive 100 with the protection mechanism of the present invention includes a control IC 202 connected to a USB interface 204 and a flash memory 206. The flash drive 100 has a boot function, and the flash memory 206 stores a master boot record 200, which includes a master boot program (MBP) 210 and a partition table 220. . Referring to the second figure, in the embodiment, the present invention is applied to an enterprise internal network system 300, including a server computer system 310 and a plurality of user computer systems 320, which can be respectively accessed by the user Connected to a plurality of client computer systems 320 for data access.

本發明之實施例中,具有防護機制之隨身碟100使用時係外接於使用者端電腦系統320,利用本發明之方法步驟,使隨身碟100具有防護機制及控制資料存取之功能,使用者必須經過確認才可自由傳輸、列印或複製隨身碟100中之資料。In the embodiment of the present invention, the pen drive 100 having the protection mechanism is externally connected to the user end computer system 320, and the method of the present invention is used to enable the pen drive 100 to have a protection mechanism and a function of controlling data access. The information in the pen drive 100 must be freely transferred, printed or copied.

請參考第三圖所示之本發明之具防護機制之隨身碟執行方法。首先,步驟S401,將具有防護機制之隨身碟100的磁碟分割表220之序列係預先破壞,並於序列中加入一識別序號230。此一步驟可利用第二電腦系統(即伺服端電腦系統)310預先執行。Please refer to the implementation method of the pen drive with the protection mechanism of the present invention shown in the third figure. First, in step S401, the sequence of the disk partition table 220 of the pen drive 100 having the protection mechanism is pre-disrupted, and an identification number 230 is added to the sequence. This step can be performed in advance using a second computer system (ie, a server computer system) 310.

磁碟分割表220係記錄隨身碟100記憶體中每個分割區域的起始磁軌、終止磁軌、使用的作業系統等資訊。所述磁碟分割表220之序列的破壞方式係可將磁碟分割表220予以加密,或將其序列中寫入亂數。破壞後的磁碟分割表220將使得隨身碟100中之資料無法讀取,亦即無法透過電腦系統讀取隨身碟100中之資料。The disk division table 220 records information such as the start track, the end track, and the operating system used for each divided area in the memory of the USB flash drive 100. The destruction of the sequence of the disk partition table 220 can encrypt the disk partition table 220 or write the sequence into a random number. The corrupted disk partition table 220 will make the data in the USB flash drive 100 unreadable, that is, the data in the USB flash drive 100 cannot be read through the computer system.

其中,所述之加密方式係透過加密演算法進行加密(例如:高階加密標準(AES,Advanced Encryption Standard)、DES、3DES、Blowfish),以AES高階加密標準為例,但不限定於AES高階加密標準,其鑰匙長度分別為128bits、192bits、256bits,並利用透明式加解密的格式。The encryption method is encrypted by an encryption algorithm (for example, Advanced Encryption Standard (AES), DES, 3DES, Blowfish), and the AES high-order encryption standard is taken as an example, but is not limited to AES high-order encryption. The standard has a key length of 128 bits, 192 bits, and 256 bits, and uses a transparent encryption and decryption format.

識別序號230係可任意選取,可設定每一個合法之隨身碟使用同一個序號,例如A公司為1234、B公司為5678等,或可設定每一個授權之隨身碟使用不同之序號,例如1230、1231、…123X等,設定完成後並將其製作識別序號表,並傳送至每一第一電腦系統(即使用者端電腦系統)320,即所設定之識別序號表係分別儲存於每一第一電腦系統320中。The identification number 230 can be arbitrarily selected, and the same serial number can be set for each legal flash drive, for example, company A is 1234, company B is 5678, etc., or each authorized flash drive can be set to use a different serial number, such as 1230. 1231, ...123X, etc., after the setting is completed, and the identification number table is created and transmitted to each first computer system (ie, the user terminal computer system) 320, that is, the set identification number table is stored in each of the first In a computer system 320.

其次,步驟S402,於每一第一電腦系統320之作業系統中掛載一攔截程式(hook program)。所述攔截程式之作用係於破壞過之磁碟分割表尋找預先加入之識別序號230,並判斷及確認是否為授權之隨身碟100。Next, in step S402, a hook program is mounted in the operating system of each of the first computer systems 320. The interception program functions to locate the pre-added identification number 230 on the corrupted disk partition table, and to determine and confirm whether it is an authorized flash drive 100.

執行上述步驟S401、S402之後,當具有識別序號230之隨身碟100連接至使用者端電腦系統320時,第一電腦系統320之作業系統欲存取隨身碟100之磁碟分割表220,則所述之攔截程式於磁碟分割表220中尋找是否具有識別序號230,並判斷及確認該識別序號230是否為識別序號表中之合法序號。After performing the above steps S401 and S402, when the USB flash drive 100 having the identification number 230 is connected to the user terminal computer system 320, the operating system of the first computer system 320 wants to access the disk partitioning table 220 of the portable disk 100. The interception program searches the disk partition table 220 for the identification number 230, and determines whether the identification number 230 is the legal serial number in the identification number table.

經攔截程式確認識別序號為合法序號,則所連接之隨身碟100為具有權限之裝置,所述攔截程式自動執行將受到破壞之磁碟分割表220之序列予以還原。若破壞之方式為將磁碟分割表220加密,則將磁碟分割表220予以解密,使其回復為可讀取之磁碟分割表220。相反的,若攔截程式未尋找到識別序號230,或尋找之識別序號230不是合法的序號,則所連接之隨身碟100為不具有權限之裝置,該攔截程式不會還原受到破壞之磁碟分割表220之序列,使磁碟分割表220保持破壞或加密的狀態。因而,隨身碟100之磁碟分割表220仍無法讀取,亦即無法透過電腦系統讀取隨身碟100中之資料。After the interception program confirms that the identification number is a legal serial number, the connected flash drive 100 is a device having authority, and the interception program automatically performs a sequence of restoring the corrupted disk partition table 220. If the destruction is performed by encrypting the disk division table 220, the disk division table 220 is decrypted and returned to the readable disk division table 220. Conversely, if the interception program does not find the identification number 230, or the identification number 230 is not a legal serial number, the connected flash drive 100 is a device that does not have permission, and the interception program does not restore the corrupted disk partition. The sequence of table 220 keeps the disk partition table 220 in a corrupted or encrypted state. Therefore, the disk division table 220 of the portable disk 100 is still unreadable, that is, the data in the portable disk 100 cannot be read through the computer system.

另一方面而言,若是將該隨身碟100連接於其他未具有攔截程式之電腦系統,即非為企業內部合法授權之使用者端電腦系統,則因磁碟分割表220之序列已受到破壞,而無法順利讀取或寫入隨身碟100之資料。On the other hand, if the USB flash drive 100 is connected to another computer system that does not have an interception program, that is, a user-side computer system that is not legally authorized within the enterprise, the sequence of the disk partition table 220 has been damaged. The data of the USB flash drive 100 cannot be read or written smoothly.

本發明提供一種具有防護機制之資料儲存系統,包含一第一電腦系統(即使用者端電腦系統) 320及一隨身碟100。所述之第一電腦系統320之作業系統中掛載一攔截程式,而所述之隨身碟100中儲存一主開機記錄200,所述主開機記錄200之磁碟分割表220的序列預先以一第二電腦系統(即伺服端電腦系統)310破壞,並於磁碟分割表220之序列中加入一識別序號230。The present invention provides a data storage system having a protection mechanism, including a first computer system (ie, a client computer system) 320 and a flash drive 100. An interception program is mounted in the operating system of the first computer system 320, and a main boot record 200 is stored in the flash drive 100. The sequence of the disk partition table 220 of the main boot record 200 is pre- The second computer system (i.e., the server computer system) 310 is destroyed, and an identification number 230 is added to the sequence of the disk division table 220.

由於存取隨身碟100所必須之磁碟分割表220被破壞成為無法讀取之磁碟分割表220,僅有攔截程式可將被破壞之磁碟分割表220予以還原或解密。故,若隨身碟100被連接於企業外部之電腦系統,其磁碟分割表220對企業外部之電腦系統而言非為合法或授權的磁碟裝置,而無法達成正確讀取之目的,因此可以有效防止隨身碟100之不當使用,避免資料外洩。Since the disk partition table 220 necessary for accessing the flash drive 100 is broken into the unreadable disk partition table 220, only the intercept program can restore or decrypt the corrupted disk partition table 220. Therefore, if the pen drive 100 is connected to a computer system outside the enterprise, the disk partition table 220 is not a legal or authorized disk device for the computer system outside the enterprise, and cannot be correctly read. Effectively prevent the improper use of the pen drive 100, and avoid data leakage.

本發明之優點在於,可有效防止公司之隨身碟使用於無授權之電腦系統,或防止非公司之隨身碟使用於企業內部,有效避免資料外洩而損害公司利益。The invention has the advantages that the company's portable disk can be effectively prevented from being used in an unauthorized computer system, or the non-company portable disk is prevented from being used inside the enterprise, thereby effectively preventing data leakage and harming the company's interests.

本發明之另一優點在於,可以有效控管公司內部之隨身碟的使用,以增加資料傳輸方式多元性,進而增加工作效率。Another advantage of the present invention is that it can effectively control the use of the pen drive inside the company to increase the diversity of data transmission methods, thereby increasing work efficiency.

本發明之另一優點在於,本發明所使用之防護機制非為使用密碼鎖,或非為透過身分驗證,例如IP位置或身分帳號密碼,而限制具有權限之使用者,本發明係使用攔截程式進行隨身碟之驗證,有效預防具有權限之使用者將公司機密外洩至企業外部電腦系統。Another advantage of the present invention is that the protection mechanism used in the present invention is not to use a password lock, or to pass the identity verification, such as an IP location or an identity account password, and to restrict users with rights. The present invention uses an interceptor. The verification of the flash drive can effectively prevent the authorized users from leaking the company secret to the external computer system of the enterprise.

上述敘述係為本發明之較佳實施例。此領域之技藝者應得以領會其係用以說明本發明而非用以限定本發明所主張之專利權利範圍。其專利保護範圍當視後附之申請專利範圍及其等同領域而定。凡熟悉此領域之技藝者,在不脫離本專利精神或範圍內,所作之更動或潤飾,均屬於本發明所揭示精神下所完成之等效改變或設計,且應包含在下述之申請專利範圍內。The above description is a preferred embodiment of the invention. Those skilled in the art should be able to understand the invention and not to limit the scope of the patent claims claimed herein. The scope of patent protection is subject to the scope of the patent application and its equivalent fields. Any modification or refinement made by those skilled in the art without departing from the spirit or scope of the present invention is equivalent to the equivalent change or design made in the spirit of the present disclosure, and should be included in the following patent application scope. Inside.

100...具有防護機制之隨身碟100. . . Pen drive with protection mechanism

200...主開機記錄200. . . Master boot record

210...主開機程式(MBP,Master Boot Program)210. . . Master Boot Program (MBP, Master Boot Program)

220...磁碟分割表(Partition Table)220. . . Partition Table

230...識別序號230. . . Identification number

300...企業內部網路系統300. . . Enterprise internal network system

310...第二電腦系統(即伺服端電腦系統)310. . . Second computer system (ie server computer system)

320...第一電腦系統(使用者端電腦系統)320. . . First computer system (user end computer system)

S401-S402...防護機制之方法步驟S401-S402. . . Method steps of the protection mechanism

第一圖係為本發明之隨身碟裝置之示意圖;The first figure is a schematic view of the flash drive device of the present invention;

第二圖係為本發明之企業內部網路系統;及The second figure is the internal network system of the invention; and

第三圖係為本發明之防護機制之方法步驟。The third figure is a method step of the protection mechanism of the present invention.

S401~S402...步驟S401~S402. . . step

Claims (7)

一種具有防護機制之隨身碟,其儲存一主開機記錄(MBR,Master Boot Record)及一防護機制,該防護機制係應用於一電腦系統中,其步驟包含:將該隨身碟之該主開機記錄之磁碟分割表(Partition Table)之序列進行破壞,並於該磁碟分割表之序列中加入一識別序號;以及於該電腦系統之作業系統中掛載一攔截程式;其中,該攔截程式係用以於該作業系統欲存取該磁碟分割表時,尋找及確認該識別序號,確認後將所讀取之該磁碟分割表之序列予以還原。A pen drive with a protection mechanism, which stores a master boot record (MBR) and a protection mechanism. The protection mechanism is applied to a computer system, and the steps include: the master boot record of the flash drive a sequence of a partition table (Partition Table) is destroyed, and an identification number is added to the sequence of the disk partition table; and an intercepting program is mounted in the operating system of the computer system; wherein the intercepting program is When the operating system wants to access the disk partition table, it searches for and confirms the identification number, and after confirming, restores the sequence of the disk partition table read. 如申請專利範圍第1項所述之具防護機制之隨身碟,其中該磁碟分割表之序列破壞方法包含將該磁碟分割表加密。A pen drive with a protection mechanism as described in claim 1, wherein the method for destroying the disk partition table comprises encrypting the disk partition table. 如申請專利範圍第1項所述之具防護機制之隨身碟,其中該磁碟分割表之序列還原方法包含將該磁碟分割表解密。A pen drive with a protection mechanism as described in claim 1, wherein the sequence division method of the disk partition table comprises decrypting the disk partition table. 如申請專利範圍第1項所述之具防護機制之隨身碟,其中該防護機制之步驟更包含於該作業系統欲寫入該磁碟分割表時,將所寫入之資料予以加密。A pen drive with a protection mechanism as described in claim 1 wherein the step of the protection mechanism further comprises encrypting the written data when the operating system is to write to the disk partition table. 一種具有防護機制之資料儲存系統,其包含:一第一電腦系統,該第一電腦系統之作業系統中掛載一攔截程式;一隨身碟,該隨身碟儲存一主開機記錄(MBR,Master Boot Record),其中該主開機記錄之磁碟分割表(Partition Table)的序列以一第二電腦系統破壞,並於該磁碟分割表之序列中加入一識別序號,該隨身碟可連接於該第一電腦系統;其中,當該隨身碟連接於該第一電腦系統時,於該第一電腦系統之作業系統執行讀取該磁碟分割表前,該攔截程式執行尋找及確認該磁碟分割表之序列內的該識別序號,且於確認後將所讀取之該磁碟分割表之序列予以還原。A data storage system with a protection mechanism includes: a first computer system in which an interception program is mounted in the operating system of the first computer system; and a flash drive that stores a master boot record (MBR, Master Boot) Record), wherein the sequence of the partition table of the main boot record is destroyed by a second computer system, and an identification serial number is added to the sequence of the disk partition table, and the flash drive can be connected to the first a computer system; wherein, when the portable disk is connected to the first computer system, the intercepting program performs a search and confirm the disk partitioning table before the operating system of the first computer system performs reading of the disk partitioning table The identification number in the sequence, and after confirming, the sequence of the read disk partition table is restored. 如申請專利範圍第5項所述之具防護機制之資料儲存系統,其中該第二電腦系統破壞該磁碟分割表之序列的方法包含將該磁碟分割表加密。A data storage system having a protection mechanism as described in claim 5, wherein the method of destroying the sequence of the disk partition table by the second computer system comprises encrypting the disk partition table. 如申請專利範圍第5項所述之具防護機制之資料儲存系統,其中該攔截程式還原該磁碟分割表之序列的方法包含將該磁碟分割表解密。A data storage system having a protection mechanism as described in claim 5, wherein the method for the interceptor to restore the sequence of the disk partition table comprises decrypting the disk partition table.
TW100140798A 2011-11-08 2011-11-08 Flash drive with security mechanism and data storage system and a method thereof TW201319856A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW100140798A TW201319856A (en) 2011-11-08 2011-11-08 Flash drive with security mechanism and data storage system and a method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW100140798A TW201319856A (en) 2011-11-08 2011-11-08 Flash drive with security mechanism and data storage system and a method thereof

Publications (1)

Publication Number Publication Date
TW201319856A true TW201319856A (en) 2013-05-16

Family

ID=48872520

Family Applications (1)

Application Number Title Priority Date Filing Date
TW100140798A TW201319856A (en) 2011-11-08 2011-11-08 Flash drive with security mechanism and data storage system and a method thereof

Country Status (1)

Country Link
TW (1) TW201319856A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI506438B (en) * 2013-06-11 2015-11-01 Silicon Motion Inc Data storage apparatus and management method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI506438B (en) * 2013-06-11 2015-11-01 Silicon Motion Inc Data storage apparatus and management method thereof

Similar Documents

Publication Publication Date Title
TWI312952B (en) Method of protecting information in a data storage device and data storage device for use with a host computer
CN104951409B (en) A kind of hardware based full disk encryption system and encryption method
US8464073B2 (en) Method and system for secure data storage
US8281388B1 (en) Hardware secured portable storage
US20050262361A1 (en) System and method for magnetic storage disposal
US20080072071A1 (en) Hard disc streaming cryptographic operations with embedded authentication
US20090196417A1 (en) Secure disposal of storage data
CN100378689C (en) Enciphered protection and read write control method for computer data
US20090150631A1 (en) Self-protecting storage device
US20070014403A1 (en) Controlling distribution of protected content
US20100058066A1 (en) Method and system for protecting data
US20080016127A1 (en) Utilizing software for backing up and recovering data
US20170237563A1 (en) Controlled storage device access
JPWO2006004130A1 (en) Data management method, program thereof, and program recording medium
US11861027B2 (en) Enhanced securing of data at rest
US11469880B2 (en) Data at rest encryption (DARE) using credential vault
SG185640A1 (en) Method and system of secure computing environment having auditable control of data movement
JP2008219871A (en) System and method of storage device data encryption and data access via hardware key
KR100750697B1 (en) Digital document preservation system having a share memory for user access function and document transaction method used the system
US9361483B2 (en) Anti-wikileaks USB/CD device
CN104361297A (en) File encryption and decryption method based on Linux operating system
CN101751536A (en) Transparent file encryption method for increasing file header
CN111539042B (en) Safe operation method based on trusted storage of core data files
KR20110080121A (en) Method and device for detecting if a computer file has been copied and method and device for enabling such detection
TW201319856A (en) Flash drive with security mechanism and data storage system and a method thereof