TW526431B - A procedure of data security for HD and solid disk drive - Google Patents
A procedure of data security for HD and solid disk drive Download PDFInfo
- Publication number
- TW526431B TW526431B TW90125626A TW90125626A TW526431B TW 526431 B TW526431 B TW 526431B TW 90125626 A TW90125626 A TW 90125626A TW 90125626 A TW90125626 A TW 90125626A TW 526431 B TW526431 B TW 526431B
- Authority
- TW
- Taiwan
- Prior art keywords
- block
- disk
- blocks
- read
- data
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Description
現今對於硬式磁碟(Hard Disk HD)或固態磁Hard Disk HD or Solid State Magnetic
State Disk’SSD)而言,其内部資料的安全性著次〇—1 電的普及化而越發重要,不論對系統設計者的内者貝訊豕 智慧權益保障,或是對系統使用者 ^ ^ :料的安全性與否已為一重要的課題。而 m 隻即= 路一展新且方便貫用的程序以達到料=揭 的提升。 J從咮円秄貝枓安全性 一、基本概念 請參考圖五之『本案運作之流程圖』。 切八:ί : ΐ : 77 Γ (Dlsk Parti tion)的方式將磁碟·許 邏輯磁碟,*將所分碟分割成二個或三個 或寫的限制,使其達到特定之功:了予&塊疋義亚加以讀 因此本案首先定義出二 =° 塊』(User zone)、『唯種/塊名稱,即『使用者區 塊』(Protect zone)故^^塊」(R〇M —)及『保護區 組合之切割方式進行磁碟分割^體磁碟可被四種不同排列 1 ·使用者區塊、唯讀γ说 ?蚀田i π城 貝£塊及保護區塊 2·使用者區塊及唯讀區塊 ι匕龙 3 ·使用者區塊及保護區塊 4 ·使用者區塊 “ 等四種切割方式。 其中之『使用者區挣 , Α』,如同一般磁碟町執行所有之State Disk'SSD), the security of its internal data is secondary to the popularization of electricity. It becomes more and more important, whether it is to protect the intellectual rights and interests of the system designer's internal intelligence, or to the system users ^ ^ : The safety of materials has become an important issue. And m is just a new and easy-to-use procedure for Lu Yizhan to achieve the improvement of the material. J Congbei 枓 Safety I. Basic Concepts Please refer to the “Flowchart of Operation of this Case” in Figure 5. Cut eight: ί: ΐ: 77 Γ (Dlsk Parti tion) way to divide the disk into a logical disk, * Divide the divided disk into two or three or write restrictions, so that it achieves a specific function: I & block Yi Ya read it, so this case first defines the two = ° block "(User zone)," the only species / block name, that is, "Protect zone" (^^ block) "(R〇 M —) and "protection zone combination cutting method for disk partitioning ^ Volume disks can be arranged in four different ways 1 · User block, read-only γ? Eclipse field i π City shell £ block and protected block 2 · User block and read-only block ι Drake 3 · User block and protection block 4 · User block "and other four cutting methods. Among them," User block earns, Α ", just like ordinary magnetic Disc Town Performs All
526431(xiL w526431 (xiL w
料而 區塊 作 區 行 以 保 樣 指令 不能 』則 指令 動作 取、 每個 行決定 提供較 5蒦區塊 ’可執 的 塊 讀 (ATA Command),而『唯讀區塊』則只能讀取資 對資料進行刪除(Erase)或寫入(Write),『保護 指在此區域内不執行任何對磁碟區段(Sect〇r)動 (请參照圖四、『於加密模式中之磁碟指令對各 圖』之説明)’故在此保護區塊中無法對資料進 覆寫的動作而達到保密之功能。 ' 區塊的大小可由使用者經適當的程式(uti丨i ty) ’例如DOS之FDISK或DiskEdit等磁碟切割程式· 方便的方式進行磁碟的區塊分割。而唯讀區塊及 在未經致能(Enable)前’其功能與使用者區塊一 行所有的磁碟指令。 ^ 當實體磁碟被分割後, =體磁碟中之實體位置,故 命P、index』及『LBA—max』 汽體磁碟中之實體位置。為 明 τ 、Γ此三個暫存器的意義, 罐碟分割的判斷。其判斷的 為了 §己錄各區塊的大小及其在 建立『R— i ndex』、 等三個暫存器以記錄各區塊在 進一步說明請參考圖一,其說 而運用此三個參數,即可作為 法則如下: _If the block is used as a zone line to ensure that the instruction cannot be used, the instructions will be taken. Each row decides to provide more than 5 blocks of blocks that can be read (ATA Command), while the "read-only blocks" can only be read. Get funds to delete (Erase) or write (Write), "Protection means that no movement to the disk sector (Sect〇r) is performed in this area (please refer to Figure 4," Magnetism in encryption mode "Description of each figure in the disc instruction") 'Therefore, in this protection block, it is impossible to overwrite the data to achieve the function of confidentiality. 'The size of the block can be partitioned by the user through a suitable program (uti 丨 i ty)' such as FDISK for DOS or a disk cutting program such as DiskEdit. The read-only block and all functions of the disk command are the same as those of the user block before enabling. ^ When the physical disk is divided, = physical location in the physical disk, so P, index 'and "LBA-max" physical location in the vapor disk. In order to clarify the meaning of the three registers of τ and Γ, the judgment of can-plate division. The judgement is for § the size of each block recorded and the establishment of three temporary registers such as "R-index" to record each block. For further explanation, please refer to Figure 1, which uses these three parameters. , As the rule is as follows: _
1 · 1使用者區塊、唯讀區塊及保護區塊 R—index— 1 且 LBA—max〉 P—index〉 R一index 1 · 2使用者區塊及唯讀區塊 R—index— 1 且 LBA_max=P—index> R一index1 · 1 user block, read-only block and protection block R_index — 1 and LBA — max> P — index> R — index 1 · 2 user block and read-only block R — index — 1 And LBA_max = P-index > R-index
i案號90125626 — 牟 q 日 倏正_ 說明(3) 1. 3使用者區塊及保護區塊 R_index$ 1 且 LBA_max> i ndex = R__i ndex 1. 4使用者區塊 R_ i ndex^ 1 且 LBA_max = P一index = R— index 二、詳細技術說明: 1. R—index、P一index、LBA一max 暫存器之設定 透過工具程式的方式來設定R_incjex、p_index及 LBA —max三個暫存器(Register),例如utility A,可自動 由磁碟之MBR中找各區塊之長度,經計算後設定R_in(jex、 P一index及LBA一max這三個暫存器的值。 2. 加密密碼(Encryption) 當唯讀區塊及保護區塊建立後,在未設定密碼 (Password)之前,以上兩區塊與使用者區塊一般,可執行 所有的磁碟指令(ΑΤΑ Command),此時R__passwd及 P一pa s s wd為内定值(j)efauit Value)為 n 〇xFFFFFF,,。 一旦R — passwd或P — passwd被設定後,亦即R-Passwd或 P一passwd不為” 0xFFFFFF,,時,唯讀區塊或保護區塊之區塊 相關功能經由磁碟控制韌體致能後隨即開始啟動。i Case No. 90125626 — Mou q Rizheng Zheng _ Explanation (3) 1. 3 user blocks and protection blocks R_index $ 1 and LBA_max > i ndex = R__i ndex 1. 4 user blocks R_ i ndex ^ 1 and LBA_max = P_index = R_ index II. Detailed technical description: 1. R_index, P_index, LBA_max register settings: Set R_incjex, p_index, and LBA —max three registers through the tool program. Registers, such as utility A, can automatically find the length of each block from the MBR of the disk, and after calculation, set the three register values of R_in (jex, P_index, and LBA_max. 2 Encryption After the read-only block and the protection block are established, before the password is set, the above two blocks are the same as the user block and can execute all disk commands (ΑΤΑ Command). At this time, R_passwd and P_pass wd are the default value (j) efauit Value) is n × FFFFFF ,. Once R—passwd or P—passwd is set, that is, R-Passwd or P—passwd is not “0xFFFFFF”, when the read-only or protection block related functions are enabled via disk control firmware It then starts.
當電源起動(P 〇 w e r 0 η )後或任何方式之系統重置When the power is turned on (P 0 w e r 0 η) or the system resets in any way
第6頁 年月 ρ» 修正 ΐ、發明說明(4) (System Reset )時,而磁碟控制韌體(f丨rmware)偵測到 R —passwd或P — passwd不為内定值時,則唯讀區塊或保護區 塊之資料保護功能即啟動。但如果唯讀區塊不存在,則 R_passwd功能被禁能(Disable)。同理保護區塊不存在, 則P_passwd功能亦被禁能。 請再參考圖二,其表示了與密碼設計相關之暫存器結 構,其中R — passwd、P — passw(i可由外部程式來設定。 系統設計者可擁有一控制碼,此處稱為一『供應者 碼』(Vendor Code),是一獨立之控制碼,而『供應者 鎖』(Vendor Key)則由系統使用者設定,類似批號之處 理,兩者均由一獨立之外部應用程式,例如U t i 1 i t y B, 輸入。而『鎖號』(K e y N u m b e r )則由系統使用者經由上述 Uti 1 ity A來設定。『鎖號』8b it中僅有7b it有效,其定 義為在1 2 8組密碼中之第n組密碼是有效的。因為任一組密 碼之大小均為4個位元組(B y t e s ),故每次查核密碼時有 5 1 2個位元組的密碼需進行辨識。『供應者碼』及『供應 者鎖』之設定流程,請參考圖六、『供應者碼』及『供應 者鎖』設定流程圖。 3·解除密碼(Decryption)Page 6 Month ρ »Correction, invention description (4) (System Reset), and the disk control firmware (f 丨 rmware) detects that R —passwd or P — passwd is not the default value, only The data protection function of the read block or protected block is activated. However, if the read-only block does not exist, the R_passwd function is disabled. Similarly, if the protection block does not exist, the P_passwd function is also disabled. Please refer to Figure 2 again, which shows the register structure related to password design, where R — passwd, P — passw (i can be set by an external program. The system designer can have a control code, which is called a " "Vendor Code" is an independent control code, and "Vendor Key" is set by the system user, similar to the batch number processing, both of which are handled by a separate external application, such as Enter U ti 1 ity B. The “lock number” (K ey N umber) is set by the system user via the above Uti 1 ity A. Only “7b it” of “lock number” 8b it is valid, which is defined as The nth password in the 1 2 8 passwords is valid. Because the size of any password is 4 bytes (Bytes), there are 5 1 2 passwords each time the password is checked. Need to identify. "Supplier Code" and "Supplier Lock" setting flow, please refer to Figure 6, "Supplier Code" and "Supplier Lock" setting flow chart. 3. Decryption
526431 mc T I 案號 90125626 _ 五、發明說明(5) 當R_passwd或P — passwd被設定後,則丰— 保護區塊功能啟動或被鎖住(Lock)。如要開鎖 # u龙双 唯讀區塊功能或保護區塊功能,則必須透堝 ^UnlQek) a W殊之磁碟指 令之方式進行密碼查核及開鎖機制。如密螞查核失敗時, 則唯讀區塊或保護區塊之功能立即啟動。 、τ 如表一所示,即為本案密碼偵檢之磁碟指令定義:其 包括有本案特別定義之ΑΤΑ指令碼(FEh),輪入規則描述了 錯誤回應描述及指令說明。526431 mc T I Case No. 90125626 _ V. Description of the invention (5) When R_passwd or P — passwd is set, the Feng — protection block function is activated or locked (Lock). If you want to unlock # u 龙 双 Read-only block function or protection block function, you must pass through the password ^ UnlQek) a special disk command to perform password check and unlock mechanism. If the security check fails, the read-only block or protection block function is activated immediately. As shown in Table 1, τ is the definition of the disk instruction for password detection in this case: it includes the ATTA instruction code (FEh) specially defined in this case, and the rotation rules describe the description of the error response and the instruction description.
表一、密碼偵檢 A T A指令 指令碼 -FEh 輸入 - 定址(Address) ΑΤΑ 定義碼值(De f au 11 )Table 1. Password detection A T A instruction Instruction code -FEh input-Address ΑΤΑ defined code value (De f au 11)
0x1 f 7 1 Command 1 OxFE ixif 6 1 Drv/Head 1 _ Oxlf 5 1 CvlMSB 1 —— 0x1 f 4 1 CvlLSB 1 —— 0x1 f 3 --------- 1 SecNum 1 一 0x1 f 2 1 SecCnt 1 OxFE ixlll 1 Feature Cmd| OxAA/OxBB0x1 f 7 1 Command 1 OxFE ixif 6 1 Drv / Head 1 _ Oxlf 5 1 CvlMSB 1 —— 0x1 f 4 1 CvlLSB 1 —— 0x1 f 3 --------- 1 SecNum 1-0x1 f 2 1 SecCnt 1 OxFE ixlll 1 Feature Cmd | OxAA / OxBB
OxAA:表為 R_passwd镇檢 第8頁 ^^90125626 曰 修正 (6) 0χΒΒ·表為p —貞檢 錯誤回應輸出〜若無支援此指令,則元件將回應至錯誤 暫存器之ABRT,資料在唯讀區塊或保護 區塊内。 _极態OxAA: The table shows the R_passwd check. Page 8 ^^ 90125626, said correction (6) 0 × ΒΒ · The table is p — Chastity error response output ~ If this command is not supported, the component will respond to the ABRT of the error register. Within a read-only or protected block. _ Polar state
XX
X R ERR I (UNC IDNF ABRT AMNF —X 1 1_— x 一_ 段 (5 ;ector)的 資 料 > 而 藉 由 此 資 料 來 控 制 指 令 的 功 能。 4. 韌 體 計 算密 碼 之 方 式 如 圖 三所 示 j 為 韌 體 對 密 碼 運 算 方 式 之 示 意 圖 〇 當 韌 體 程 式 從 1 2 8組密碼中取得由鎖號( :Key N u m b e r )所指定之 密 碼 後 5 則進 行 如 圖 二 之 計 算 流 程 5 可 經 由 一 特 定 的 邏 輯 運 算 符 號 或一 方 程 式 運 算 而 得 到 計 算 結 果 j 如 果 計 算 結 果 與 P_ _pas swd或 R_ 一 pas: 3 wd相 同 j 則 將 唯 讀 塊 或 保 護 區 塊 之 功 能 解 除 釋放 , 即 將 唯 讀 區 塊 或 保 護 區 塊 之 唯 讀 或 保 護 功 能 禁 能 使其 如 同 使 用 者 塊 一 樣 可 1 由 讀 寫 資 料 ; 若 不 相 同 則 唯讀 區 塊 或 保 護 區 塊 功 能 啟 動 致 能 〇 請 參 考 圖 七 之 『 唯 讀 區塊 j 與 r 保 護 區 塊 之 功 能 解 除 流 程 圖 〇 所 以 ,經 由 本 案 之 實 施 可 將 常 用 之 系 統 記 錄 資 料 存 放 於 使 用者 區 塊 j 而 將 系 統 主 程 式 或 驅 動 程 式 存 放 於 『 唯 讀 區 塊』 内 9 以 避 免 程 式 遭 到 不 正 常 或 未 經 允 許 的 變 第9頁XR ERR I (UNC IDNF ABRT AMNF —X 1 1_— x 1_ (5; ector) data> and use this data to control the function of the command. 4. The firmware calculates the password as shown in Figure 3. j is a schematic diagram of the firmware-to-password calculation method. 0 When the firmware program obtains the password specified by the lock number (: Key N umber) from the 128 passwords, 5 the calculation process shown in Figure 2 is performed. 5 The calculation result is obtained by a specific logical operation symbol or a formula operation. If the calculation result is the same as P__pas swd or R__pas: 3 wd, then the function of the read-only block or protection block will be released. The read-only block or The read-only protection of the protection block or the protection function is disabled to make it read and write data as the user block; if it is not the same, the read-only block or protection block function is enabled. Please refer to Figure 7 Block j with r The function release flowchart of the protection block. Therefore, through the implementation of this case, the commonly used system log data can be stored in the user block j and the system main program or driver can be stored in the "read-only block" 9 to avoid The program has been changed abnormally or without permission 第 9 页
526431 I flAz :案號 90125626 Λ:_ 修正 .—…,…-w>Jl v 五、發明說明(7) 更及更改而破壞系統之運作。而『保護區塊』則可存放系 統核心程式,其必須透過密碼確認始可執行核心程式。因 此及其可以對磁碟系統作一有效之加密保護功能,使得系 統設計者的智慧財產得以保護,同時對於系統的使用者而 言,亦可以達到資料的隱密性與安全性以保護資料,此係 為目前習知之各類型磁碟機所無法企及之功能者。 本案所揭示者,乃較佳實施例之一種,舉凡局部之變 更或修飾而源於本案之技術思想而為熟習該項技藝之人所 易於推知者,倶不脫本案之專利權範疇。 綜上所陳,本案無論就目的、手段與功效而言,在在 顯示其乃一創新之加密技術加以創作人設計之巧思,首先 應用創作合於實用,亦在在符合發明之專利要件,懇請 貴審查委員明察,並祈早日賜予專利,俾嘉惠社會,實感 得便。526431 I flAz: Case No. 90125626 Λ: _ Amendment. —…,… -W > Jl v 5. Description of the Invention (7) Changes and changes will destroy the operation of the system. The "protected block" can store the core program of the system, which must be confirmed by a password before the core program can be executed. Therefore, it can make an effective encryption protection function on the disk system, so that the intellectual property of the system designer can be protected, and for the users of the system, the privacy and security of the data can be achieved to protect the data. This is a feature that cannot be reached by all types of drives currently known. The one disclosed in this case is one of the preferred embodiments. Those who change or modify locally and derive from the technical ideas of this case and who are easy to infer for those skilled in the art, do not depart from the scope of patent rights in this case. To sum up, no matter in terms of purpose, method and effect, this case shows that it is an innovative encryption technology and the ingenuity of the creator's design. First of all, the application of creation is practical, and it also meets the patent requirements of the invention. I urge your reviewing committee to make a clear observation and pray for the granting of patents at an early date.
第10頁 ~ /月对日 號 90125626 ^_3_ 修正Page 10 ~ / Month to Day Issue 90125626 ^ _3_ Correction
圖示說明: 圖一、 圖二、 圖三、 圖四、 圖五、 圖六、 圖七、 磁碟分割示意圖 本案之各種暫存器結構圖 韋刃體對密碼運算方式之示意圖 於加密模式中之磁碟指令對各區塊動作圖 本案運作之流程圖 @ 『供應者碼』及『供應者鎖』設定流程圖 『唯讀區塊』與『保護區塊』之功能解除流程圖 圖號說明: I、 磁碟機, II、 唯讀區塊(ROM zone), 12、 保護區塊(pr〇tect zone), 13、 使用者區塊(User zone), III、 R_i ndex, 121、P—index, 1 3 1、LBA_max, 20、Vendor Code (16bits ), 21、Vendor Key (16bits), 22、 Valid Password(32bits), 30、 R—passwd(32bits), 31、 P_passwd(32bits), 40、 Key Number for R_passwd(8bits), 41、 Key Number for P一passwd(8bits),Schematic description: Figure 1, Figure 2, Figure 3, Figure 4, Figure 5, Figure 6, Figure 7, and Disk Schematic diagrams of various register structures in this case. Flow chart of the operation of each block's disk instruction on the operation diagram of this case @ "Supplier code" and "Supplier lock" setting flow chart "Read-only block" and "protected block" function release flow chart Figure number description : I, drive, II, ROM zone, 12, protection zone, 13, user zone, III, R_index, 121, P- index, 1 3 1, LBA_max, 20, Vendor Code (16bits), 21, Vendor Key (16bits), 22, Valid Password (32bits), 30, R-passwd (32bits), 31, P_passwd (32bits), 40, Key Number for R_passwd (8bits), 41, Key Number for P_passwd (8bits),
第12頁 修正丨 案號 90125626 _η 修正 輯日f 5 特定的邏輯運算符號或一方程式運算 5 1、計算結果 f (20, 21,22)】 詞彙說明 R_ i ndex P_i ndex LBA max 為一 1 6位元之暫存器 為一 1 6位元之暫存器 為一 1 6位元之暫存器 MBR:主啟動記錄(Master Boot Record)Amendment on page 12 Case number 90125626 _η Amendment date f 5 Specific logical operation symbol or one formula operation 5 1. Calculation result f (20, 21, 22)] Vocabulary description R_ i ndex P_i ndex LBA max is 1 1 6 The 16-bit register is a 16-bit register MBR: Master Boot Record
第13頁Page 13
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW90125626A TW526431B (en) | 2001-10-17 | 2001-10-17 | A procedure of data security for HD and solid disk drive |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW90125626A TW526431B (en) | 2001-10-17 | 2001-10-17 | A procedure of data security for HD and solid disk drive |
Publications (1)
Publication Number | Publication Date |
---|---|
TW526431B true TW526431B (en) | 2003-04-01 |
Family
ID=28450656
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW90125626A TW526431B (en) | 2001-10-17 | 2001-10-17 | A procedure of data security for HD and solid disk drive |
Country Status (1)
Country | Link |
---|---|
TW (1) | TW526431B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI460591B (en) * | 2007-09-30 | 2014-11-11 | Lenovo Singapore Pte Ltd | Data encryption and decryption methods, systems and storage equipment |
-
2001
- 2001-10-17 TW TW90125626A patent/TW526431B/en not_active IP Right Cessation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI460591B (en) * | 2007-09-30 | 2014-11-11 | Lenovo Singapore Pte Ltd | Data encryption and decryption methods, systems and storage equipment |
US9323956B2 (en) | 2007-09-30 | 2016-04-26 | Lenovo (Singapore) Pte. Ltd. | Merging external NVRAM with full disk encryption |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9658969B2 (en) | System and method for general purpose encryption of data | |
JP5922113B2 (en) | One-time authentication method for accessing encrypted data | |
TWI595379B (en) | Security management unit, host controller interface including same, method operating host controller interface, and devices including host controller interface | |
US8464073B2 (en) | Method and system for secure data storage | |
JP5402498B2 (en) | INFORMATION STORAGE DEVICE, INFORMATION STORAGE PROGRAM, RECORDING MEDIUM CONTAINING THE PROGRAM, AND INFORMATION STORAGE METHOD | |
EP3627368B1 (en) | Auxiliary memory having independent recovery area, and device applied with same | |
JP2008072717A (en) | Hard disc streaming cryptographic operations with embedded authentication | |
US20100241875A1 (en) | External storage device and method of controlling the same | |
JP2006268851A (en) | Data transcription in data storage device | |
US7818567B2 (en) | Method for protecting security accounts manager (SAM) files within windows operating systems | |
US20110225407A1 (en) | System and Method for Recovering From an Interrupted Encryption and Decryption Operation Performed on a Volume | |
US8856550B2 (en) | System and method for pre-operating system encryption and decryption of data | |
TWI526870B (en) | Systems and methods for providing anti-malware protection and malware forensics on storage devices | |
JP2004013899A (en) | Control access to data stored on storage device of trusted computing platform system | |
TW201137660A (en) | Method and system for protecting an operating system against unauthorized modification | |
US20150089218A1 (en) | Secure storage with scsi storage devices | |
TW526431B (en) | A procedure of data security for HD and solid disk drive | |
US20100088770A1 (en) | Device and method for disjointed computing | |
JPH0675713A (en) | Method and apparatus for controlling reading and writing hard disk of microcomputer | |
JP2022092579A (en) | Computer-implemented method, computer system, computer program, and computer readable medium | |
JP2008234188A (en) | Information processor | |
JP4564477B2 (en) | Thin client, thin client system, and program | |
JP6493258B2 (en) | Storage control device, storage device, storage control method and program | |
JP5435642B2 (en) | File control program, file control apparatus, and file control method | |
WO2013024702A1 (en) | External storage device and method for controlling external storage device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GD4A | Issue of patent certificate for granted invention patent | ||
MM4A | Annulment or lapse of patent due to non-payment of fees |