TWI387897B - Device and method for encrypting and decrypting data - Google Patents

Device and method for encrypting and decrypting data Download PDF

Info

Publication number
TWI387897B
TWI387897B TW96114987A TW96114987A TWI387897B TW I387897 B TWI387897 B TW I387897B TW 96114987 A TW96114987 A TW 96114987A TW 96114987 A TW96114987 A TW 96114987A TW I387897 B TWI387897 B TW I387897B
Authority
TW
Taiwan
Prior art keywords
data
module
electronic device
user data
storage medium
Prior art date
Application number
TW96114987A
Other languages
Chinese (zh)
Other versions
TW200842643A (en
Inventor
Hung Chih Huang
Original Assignee
Hon Hai Prec Ind Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hon Hai Prec Ind Co Ltd filed Critical Hon Hai Prec Ind Co Ltd
Priority to TW96114987A priority Critical patent/TWI387897B/en
Publication of TW200842643A publication Critical patent/TW200842643A/en
Application granted granted Critical
Publication of TWI387897B publication Critical patent/TWI387897B/en

Links

Landscapes

  • Signal Processing For Digital Recording And Reproducing (AREA)
  • Storage Device Security (AREA)

Description

電子設備及其資料加密方法與資料解密方法 Electronic device and data encryption method thereof and data decryption method

本發明涉及一種電子設備及其資料加密方法與資料解密方法,特別涉及一種讀寫存儲介質中資料的電子設備及其資料加密方法與資料解密方法。 The invention relates to an electronic device, a data encryption method thereof and a data decryption method, in particular to an electronic device for reading and writing data in a storage medium, a data encryption method thereof and a data decryption method.

現代電子資訊技術的發展使電子設備日益廣泛地應用於人們的工作生活當中。多種電子設備用於將照片、文檔、音視頻等用戶資料記錄到存儲介質上。例如,當前有多種光碟燒錄機可以將這些用戶資料燒錄到光碟上,由於光碟具有價格便宜,並且能長時間保存用戶資料的特點而受市場歡迎。此外,多種快閃記憶體卡由於資料擦寫方便,也被廣泛用於存儲那些需要移動或暫時存放的用戶資料。 The development of modern electronic information technology has made electronic devices more and more widely used in people's work and life. A variety of electronic devices are used to record user data such as photos, documents, audio and video onto a storage medium. For example, there are currently a variety of optical disc burners that can burn these user data onto a disc, which is popular in the market because of its low cost and the ability to store user data for a long time. In addition, a variety of flash memory cards are also widely used to store user data that needs to be moved or temporarily stored due to the ease of data erasing.

通常,光碟、快閃記憶體卡等存儲介質中記錄的用戶資料都進行了加密處理,以防止非法將用戶資料複製到其他光碟或快閃記憶體卡等存儲介質上。在將用戶資料記錄到存儲介質時,電子設備將存儲介質的識別碼(Media ID)作為用戶資料的加密密碼,並將加密後的用戶資料記錄到存儲介質上。如果用戶資料被非法複製到其他的存儲介質上,由於存儲介質的識別碼不同,用戶資料將無法解密。 Generally, user data recorded in a storage medium such as a compact disc or a flash memory card is encrypted to prevent illegal copying of user data to a storage medium such as another optical disc or a flash memory card. When the user data is recorded to the storage medium, the electronic device uses the identification code (Media ID) of the storage medium as the encrypted password of the user data, and records the encrypted user data on the storage medium. If the user data is illegally copied to another storage medium, the user data cannot be decrypted due to the different identification codes of the storage medium.

然而,有些敏感的用戶資料不僅要求不被複製,甚至要求不能被非法讀取,以防止泄密。如果存儲介質丟失或是失竊,由於存儲介質的識別碼並沒有變,傳統的防止 複製的方法不能阻止用戶資料的讀取,從而可能導致用戶資料泄密。 However, some sensitive user profiles are not only required to be copied, but even required to be illegally read to prevent leaks. If the storage medium is lost or stolen, since the identification code of the storage medium has not changed, the conventional prevention The method of copying does not prevent the reading of user data, which may result in the disclosure of user data.

有鑒於此,有必要提供一種可以防止用戶資料被非法讀取的電子設備。 In view of this, it is necessary to provide an electronic device that can prevent user data from being illegally read.

此外,有必要提供一種可以防止用戶資料被非法讀取的資料加密方法。 In addition, it is necessary to provide a data encryption method that can prevent user data from being illegally read.

另外,還有必要提供一種可以正確解密上述加密方法加密的用戶資料的資料解密方法。 In addition, it is also necessary to provide a data decryption method that can correctly decrypt the user data encrypted by the above encryption method.

一種電子設備,其包括介面模組、編解碼模組及存取模組,該介面模組用於接收需要存儲到存儲介質的用戶資料及輸出從該存儲介質讀取的用戶資料;該編解碼模組用於編碼該需要存儲到存儲介質的用戶資料及解碼該從存儲介質讀取的用戶資料;該存取模組與該編解碼模組相連,該存取模組用於將該編碼後的用戶資料記錄到存儲介質上及從該存儲介質中讀取該用戶資料;該電子設備還包括加解密模組與存儲模組,該存儲模組用於存儲預定資料;該加解密模組分別與該介面模組、存儲模組及編解碼模組相連,該加解密模組用於使用該預定資料將從該介面模組接收的用戶資料進行加密後傳送至該編解碼模組進行編碼及使用該預定資料將從該編解碼模組接收的用戶資料進行解密後傳送至該介面模組輸出。 An electronic device includes an interface module, a codec module, and an access module, wherein the interface module is configured to receive user data that needs to be stored to a storage medium and output user data read from the storage medium; the codec The module is configured to encode the user data that needs to be stored to the storage medium and decode the user data read from the storage medium; the access module is connected to the codec module, and the access module is used to encode the data The user data is recorded on the storage medium and the user data is read from the storage medium; the electronic device further includes an encryption and decryption module and a storage module, wherein the storage module is configured to store predetermined data; the encryption and decryption module respectively Connected to the interface module, the storage module, and the codec module, the encryption and decryption module is configured to encrypt the user data received from the interface module by using the predetermined data, and then transmit the data to the codec module for encoding and The user data received from the codec module is decrypted using the predetermined data and transmitted to the interface module output.

一種資料加密方法,包括如下步驟:接收需要存儲的用戶資料;根據存儲在電子設備中的預定資料生成加密密 碼;使用該加密密碼對用戶資料進行加密處理;對加密後的用戶資料進行編碼;將編碼後的用戶資料記錄在存儲介質上。 A data encryption method includes the steps of: receiving user data to be stored; generating an encryption key according to predetermined data stored in the electronic device The code uses the encrypted password to encrypt the user data; encodes the encrypted user data; and records the encoded user data on the storage medium.

一種資料解密方法,包括如下步驟:讀取存儲介質中的用戶資料;將讀取的該用戶資料進行解碼;判斷該用戶資料是否經過加密處理;如果該用戶資料經過加密處理,則根據電子設備中存儲的預定資料生成解密密碼;使用該解密密碼解密該用戶資料;將解密後的該用戶資料輸出。 A data decryption method includes the following steps: reading user data in a storage medium; decoding the read user data; determining whether the user data is encrypted; and if the user data is encrypted, according to the electronic device The stored predetermined data generates a decryption password; the decrypted password is used to decrypt the user data; and the decrypted user data is output.

上述電子設備及資料加密方法與解密方法在對用戶資料加密並存儲到存儲介質的過程中,將電子設備中的預定資料作為加密密碼,該加密密碼不會被存儲到存儲介質中,即便存儲介質丟失,由於密碼保存在電子設備中,其他電子設備不能得到相應的加密密碼而無法讀取加密後的用戶資料,從而有效防止用戶資料被非法讀取。 In the process of encrypting and storing the user data to the storage medium, the electronic device and the data encryption method and the decryption method use the predetermined data in the electronic device as an encrypted password, and the encrypted password is not stored in the storage medium, even if the storage medium Lost, because the password is stored in the electronic device, other electronic devices cannot obtain the corresponding encrypted password and cannot read the encrypted user data, thereby effectively preventing the user data from being illegally read.

請參閱圖1,其為電子設備100的示意圖。電子設備100用於將用戶資料加密存儲在存儲介質上,防止用戶資料被非法讀取。存儲介質可以是光碟10、存儲卡20或軟碟30等。電子設備100包括介面模組102、加解密模組104、編解碼模組106、存取模組108及存儲模組110。 Please refer to FIG. 1 , which is a schematic diagram of an electronic device 100 . The electronic device 100 is configured to encrypt the user data on the storage medium to prevent the user data from being illegally read. The storage medium may be the optical disc 10, the memory card 20, or the floppy disk 30 or the like. The electronic device 100 includes an interface module 102, an encryption and decryption module 104, a codec module 106, an access module 108, and a storage module 110.

介面模組102用於與外部設備連接,以接收需要存儲的用戶資料並將接收到的用戶資料發送到加解密模組104;或輸出已經解密的用戶資料。 The interface module 102 is configured to connect with an external device to receive user data that needs to be stored and send the received user data to the encryption and decryption module 104; or output the user data that has been decrypted.

加解密模組104與介面模組102及存儲模組110相連。存儲模組110中存有用於對用戶資料進行加解密的預定資料,該預定資料是與電子設備100關聯對應的,不同的電子設備的預定資料不同。例如,該預定資料可以是電子設備100的序列號、內部主要晶片或模組的識別碼等。加解密模組104用於將該預定資料或該預定資料與用戶輸入的自定義密碼的結合作為加密密碼,對需要存儲的用戶資料進行加密處理或者對從存儲介質上讀出的用戶資料進行解密處理。 The encryption and decryption module 104 is connected to the interface module 102 and the storage module 110. The storage module 110 stores predetermined data for encrypting and decrypting user data, and the predetermined data is associated with the electronic device 100, and the predetermined materials of different electronic devices are different. For example, the predetermined material may be a serial number of the electronic device 100, an identification code of an internal main chip or a module, or the like. The encryption and decryption module 104 is configured to use the combination of the predetermined data or the predetermined data and the customized password input by the user as an encryption password, encrypt the user data to be stored, or decrypt the user data read from the storage medium. deal with.

編解碼模組106與加解密模組104相連,用於將加密後的用戶資料進行編碼以便存儲在存儲介質上;或者將從存儲介質中讀出的用戶資料進行解碼處理以便加解密模組104進行解密。通常,不同的存儲介質存儲用戶資料的格式並不相同,編解碼模組106用於將加密後的用戶資料編碼成適宜於記錄在存儲介質上的格式或者將記錄在存儲介質上的用戶資料解碼成適宜於電子設備100處理的格式。 The codec module 106 is connected to the encryption and decryption module 104 for encoding the encrypted user data for storage on the storage medium; or decoding the user data read from the storage medium for the encryption and decryption module 104. Decrypt. Generally, different storage media store user data in different formats. The codec module 106 is configured to encode the encrypted user data into a format suitable for recording on a storage medium or to decode user data recorded on the storage medium. A format suitable for processing by the electronic device 100.

存取模組108用於以光、電、磁等方式將用戶資料存儲在存儲介質上或從存儲介質中讀出用戶資料。例如,以鐳射的方式在光碟20上燒錄用戶資料,以電信號的方式在快閃記憶體式存儲卡20上存儲用戶資料或以磁的方式在軟碟30上記錄用戶資料等。此外,存取模組108還用於在存儲介質上的標記區域作出標記,以指示存儲介質上存儲的用戶資料是否經過加密處理。 The access module 108 is configured to store user data on or from the storage medium in an optical, electrical, magnetic or the like manner. For example, the user data is burned on the optical disc 20 in a laser manner, the user data is stored on the flash memory type memory card 20 by electrical signals, or the user data is recorded on the floppy disk 30 in a magnetic manner. In addition, the access module 108 is further configured to mark the marked area on the storage medium to indicate whether the user data stored on the storage medium is encrypted.

上述電子設備100在對用戶資料加密並存儲到存儲介質的 過程中,將電子設備100中的預定資料作為加密密碼,該加密密碼不會被存儲到存儲介質中,即便存儲介質丟失,由於密碼保存在電子設備100中,其他電子設備不能得到相應的加密密碼而無法讀取加密後的用戶資料,從而有效防止用戶資料被非法讀取。 The above electronic device 100 encrypts and stores the user data to the storage medium. In the process, the predetermined material in the electronic device 100 is used as an encryption password, and the encrypted password is not stored in the storage medium. Even if the storage medium is lost, since the password is stored in the electronic device 100, other electronic devices cannot obtain the corresponding encrypted password. The encrypted user data cannot be read, thereby effectively preventing the user data from being illegally read.

請參閱圖2,為進一步說明,以下以光碟機200為例對電子設備100進行示例性的描述。光碟機200包括IDE(Integrated Drive Electronics,集成設備電路)介面模組202、SHA-1(Secure Hash Algorithm,安全雜湊演算法)加解密模組204、光存儲編解碼模組206、鐳射燒錄讀取模組208及唯讀記憶體210。 Please refer to FIG. 2 . For further explanation, the electronic device 100 is exemplarily described below by taking the optical disk drive 200 as an example. The optical disk drive 200 includes an IDE (Integrated Drive Circuit) interface module 202, a SHA-1 (Secure Hash Algorithm) encryption and decryption module 204, an optical storage codec module 206, and a laser burning and reading module. Module 208 and read-only memory 210 are taken.

IDE介面模組202用於與外部設備連接,例如與電腦主板的IDE介面相連,以接收電腦發送的用戶資料或將從光碟30讀取的用戶資料傳遞給電腦。此外,光碟機200還可以採用其他的介面模組102,例如SATA(Serial Advanced Technology Attachment,串列高級技術附加裝置)介面模組或USB(Universal Serial Bus,通用串列匯流排)介面模組等。 The IDE interface module 202 is configured to be connected to an external device, for example, to an IDE interface of the computer motherboard to receive user data sent by the computer or to transfer the user data read from the optical disk 30 to the computer. In addition, the optical disk drive 200 can also use other interface modules 102, such as SATA (Serial Advanced Technology Attachment) interface module or USB (Universal Serial Bus) interface module. .

SHA-1加解密模組204與IDE介面模組202及唯讀記憶體210相連。唯讀記憶體210用於存儲產生加密密碼的預定資料,該預定資料包括光機模組(Traverse)識別碼、主控電路模組識別碼及光碟機序列號。唯讀記憶體210包括第一存儲單元212、第二存儲單元214及第三存儲單元216分別用於存儲該光機模組識別碼、主控電路模組識別碼及光碟機序列號。在光碟機200的生產過程中,通常為 主要配件配置一一對應的識別碼或序列號。由於這些識別碼或序列號的唯一性,便於追蹤整個生產測試過程,快速找到不良產品的批次及供應商等資訊。SHA-1加解密模組204選擇光機模組識別碼、主控電路模組識別碼及光碟機序列號中的一個或多個進行計算生成加密密碼。SHA-1加解密模組204根據該加密密碼採用SHA-1加密演算法對用戶資料進行加密解密。 The SHA-1 encryption/decryption module 204 is connected to the IDE interface module 202 and the read-only memory 210. The read-only memory 210 is configured to store predetermined data for generating an encrypted password, and the predetermined data includes a Traverse identification code, a main control circuit module identification code, and a CD player serial number. The read-only memory 210 includes a first storage unit 212, a second storage unit 214, and a third storage unit 216 for storing the optical module identification code, the main control circuit module identification code, and the optical disc drive serial number. In the production process of the optical disc drive 200, it is usually The main accessory is configured with a one-to-one corresponding identification code or serial number. Due to the uniqueness of these identification codes or serial numbers, it is easy to track the entire production test process and quickly find information on batches and suppliers of defective products. The SHA-1 encryption/decryption module 204 selects one or more of the optical module identification code, the main control circuit module identification code, and the optical disk drive serial number to calculate and generate an encrypted password. The SHA-1 encryption/decryption module 204 encrypts and decrypts the user data by using the SHA-1 encryption algorithm according to the encrypted password.

光存儲編解碼模組206與SHA-1加解密模組204相連,用於採用EFMplus(Eight-to-Fourteen Modulation plus,8-14調製改進版)的編碼技術對加密後的用戶資料進行編碼,以便將加密後的用戶資料存儲在存儲介質上。由於光碟10中用“坑”和“岸”的變化來表示二進位資料中的1,因此用於直接記錄在光碟10中的資料不能包含連續的1。藉由EFMplus編碼後將8位元的二進位資料變成16位的二進位資料從而使該16位的二進位資料中不包含連續的1。相應地,光存儲編解碼模組206還用於將從存儲介質中讀出的用戶資料進行解碼處理以便加解密模組104進行解密。 The optical storage codec module 206 is connected to the SHA-1 encryption and decryption module 204 for encoding the encrypted user data by using an encoding technique of EFMplus (Eight-to-Fourteen Modulation plus, 8-14 modulation modified version). In order to store the encrypted user data on a storage medium. Since the change in "pit" and "shore" in the optical disc 10 indicates 1 in the binary material, the material for direct recording in the optical disc 10 cannot contain consecutive ones. After the EFMplus encoding, the 8-bit binary data is converted into 16-bit binary data so that the 16-bit binary data does not contain consecutive ones. Correspondingly, the optical storage codec module 206 is further configured to perform decoding processing on the user data read from the storage medium for decryption by the encryption and decryption module 104.

鐳射燒錄讀取模組208用於將編碼後的用戶資料燒錄到光碟10上,或者將光碟10中記錄的用戶資料讀出。通常,鐳射燒錄讀取模組208包括鐳射光源、光學系統、光感測器等。在燒錄光碟時,鐳射光源發出鐳射光束後,經光學系統將光束聚焦到光碟10上,藉由鐳射光束改變光碟10的記錄層的屬性,例如改變相位等達到燒錄用戶資料到光碟10的目的。讀取光碟10中的用戶資料時,從光碟 10反射回的光束由光感測器接收,光感測器根據接收的光束產生相應的信號以得出存儲在光碟10中的用戶資料。鐳射燒錄讀取模組208還用於在光碟10的標記區域作出標記,以指示存儲在光碟10的用戶資料是否經過加密處理。例如,對於CD-R/RW光碟,將RID(Recorder Unique Identifier,燒錄機唯一識別碼)的最後16位元組作為標記區域,以標記存儲在光碟10的用戶資料是否經過加密處理。而對於DVD+R/RW光碟,可以是InnerDisc Identification Zone(光碟內部識別區)中每個ECC(Error Correction Code,改錯碼)的最後16位元組作為該標記區域;對於DVD-R/RW光碟,可以是R-Physical Format Information Zone(物理格式資訊區)中每個ECC的最後16位元組作為該標記區域;對於DVD-RAM光碟,可以是DDS(Disc Definition Structure,盤定義結構)中的最後16位元組作為該標記區域。 The laser programming read module 208 is configured to burn the encoded user data onto the optical disc 10 or read the user data recorded in the optical disc 10. Typically, the laser programming read module 208 includes a laser source, an optical system, a light sensor, and the like. When the optical disc is burned, the laser light source emits a laser beam, and the optical beam is focused on the optical disc 10, and the laser beam is used to change the properties of the recording layer of the optical disc 10, for example, changing the phase, etc., to burn the user data to the optical disc 10. purpose. When reading the user data in the disc 10, from the disc The reflected light beam is received by the light sensor, and the light sensor generates a corresponding signal based on the received light beam to derive the user data stored in the optical disk 10. The laser programming read module 208 is also used to mark the marked area of the optical disc 10 to indicate whether the user data stored on the optical disc 10 is encrypted. For example, for a CD-R/RW disc, the last 16-bit tuple of the RID (Recorder Unique Identifier) is used as a mark area to mark whether the user data stored in the optical disc 10 is encrypted. For a DVD+R/RW disc, it may be the last 16-bit tuple of each ECC (Error Correction Code) in the InnerDisc Identification Zone as the mark area; for DVD-R/RW The disc may be the last 16 bytes of each ECC in the R-Physical Format Information Zone as the marked area; for the DVD-RAM disc, it may be in the DDS (Disc Definition Structure) The last 16 bytes are used as the marked area.

光碟機200在加密存儲用戶資料的過程中,使用了存儲在光碟機200中的預定資料產生加密密碼進行加密,即便光碟10丟失,光碟10在放入到其他光碟機中時,由於不同的光碟機中具有不同的光機模組識別碼、主控電路模組識別碼及光碟機序列號,因而不能產生正確的解密密碼,用戶資料也不能正確解密,從而有效防止用戶資料泄密。除了採用SHA-1加密演算法外,還可以採用其他的加密演算法,例如SHA-2、BlowFish、MD5等。 The CD player 200 encrypts and stores the user data, and uses the predetermined data stored in the optical disk drive 200 to generate an encrypted password for encryption. Even if the optical disk 10 is lost, the optical disk 10 is placed in another optical disk drive due to different optical disks. The machine has different optical module identification code, main control circuit module identification code and CD player serial number, so the correct decryption password cannot be generated, and the user data cannot be decrypted correctly, thereby effectively preventing user data leakage. In addition to the SHA-1 encryption algorithm, other encryption algorithms such as SHA-2, BlowFish, MD5, etc. can be used.

為了進一步提高安全性,還可以藉由IDE介面模組202輸 入用戶自定義的密碼。SHA-1加解密模組204根據自定義的密碼、光機模組識別碼、主控電路模組識別碼及光碟機序列號生成上述加密密碼對用戶資料進行加密處理。由於用戶輸入了自定義的密碼,因而,在解密時,僅當用戶輸入了正確的自定義密碼後,方能正確解密讀取用戶資料。 In order to further improve security, you can also use the IDE interface module 202 to lose Enter a user-defined password. The SHA-1 encryption/decryption module 204 generates the encrypted password according to the customized password, the optical module identification code, the main control circuit module identification code, and the optical disk drive serial number to encrypt the user data. Since the user inputs a custom password, when decrypting, the user can correctly decrypt the read user data only after the user enters the correct custom password.

請參閱圖3,其為一較佳實施方式的資料加密方法流程圖。首先,步驟302,介面模組102接收需要存儲的用戶資料。 Please refer to FIG. 3 , which is a flowchart of a data encryption method according to a preferred embodiment. First, in step 302, the interface module 102 receives the user profile that needs to be stored.

步驟304,判斷需要存儲的用戶資料是否需要進行加密處理。如果需要進行加密處理,則進入步驟306。如果判斷結果為不需要進行加密處理,則直接進入步驟310。 Step 304: Determine whether the user data to be stored needs to be encrypted. If encryption processing is required, then step 306 is entered. If the result of the determination is that the encryption process is not required, the process proceeds directly to step 310.

步驟306,根據電子設備100中的預定資料生成加密密碼。如果接收的用戶資料中包含用戶自定義的密碼,則結合該自定義的密碼和預定資料生成加密密碼。該預定資料可以是電子設備100的序列號、內部主要晶片或模組的識別碼等。由於型序列號、識別碼等的唯一性,不同的電子設備100產生的加密密碼不同,即加密密碼也具有唯一性。 Step 306: Generate an encrypted password according to the predetermined data in the electronic device 100. If the received user profile contains a user-defined password, the encrypted password is generated in conjunction with the customized password and the predetermined profile. The predetermined data may be the serial number of the electronic device 100, the identification code of the internal main chip or module, and the like. Due to the uniqueness of the serial number, the identification code, and the like, the encrypted passwords generated by the different electronic devices 100 are different, that is, the encrypted passwords are also unique.

步驟308,使用加密密碼對用戶資料進行加密處理。可以採用多種加密演算法對用戶資料進行加密處理,例如SHA-1、SHA-2、BlowFish、MD5等。 Step 308, encrypting the user data by using an encrypted password. User data can be encrypted using a variety of encryption algorithms, such as SHA-1, SHA-2, BlowFish, MD5, and so on.

步驟310,對加密後的用戶資料進行編碼,以便於將用戶資料記錄在存儲介質上。 Step 310: Encode the encrypted user data to facilitate recording the user data on the storage medium.

步驟312,將編碼後的用戶資料記錄在存儲介質上。 In step 312, the encoded user data is recorded on a storage medium.

步驟314,在存儲介質上作出標記,以指示存儲的用戶資料已經經過加密處理。 Step 314, marking is performed on the storage medium to indicate that the stored user profile has been encrypted.

上述資料加密方法藉由電子設備100內存儲的預定資料將用戶資料進行加密後存儲在存儲介質上,即便存儲介質丟失,丟失後的存儲介質在其他電子設備上使用時,由於不同的電子設備內存儲的預定資料不同,不能產生正確的解密密碼,因而用戶資料不能正確解密,確保了用戶資料的安全。 The data encryption method encrypts the user data by using predetermined data stored in the electronic device 100, and then stores the data on the storage medium. Even if the storage medium is lost, the lost storage medium is used on other electronic devices because of different electronic devices. The stored reservation data is different, and the correct decryption password cannot be generated, so the user data cannot be decrypted correctly, and the security of the user data is ensured.

電子設備100在讀取上述加密的用戶資料時,採用的解密方法如圖4所示:首先,步驟402,讀取存儲介質的標記區域,該標記區域內記錄有存儲介質內存儲的用戶資料是否經過加密的標記。 When the electronic device 100 reads the encrypted user data, the decryption method used is as shown in FIG. 4. First, in step 402, the mark area of the storage medium is read, and the user information stored in the storage medium is recorded in the mark area. Encrypted markup.

步驟404,根據讀取的標記區域,判斷存儲介質內存儲的用戶資料是否經過加密處理。如果未經過加密處理,則按照傳統的資料讀取方法,即電子設備100讀取存儲介質中的用戶資料後(步驟406),將讀取的用戶資料進行解碼(步驟408),再將解碼後的用戶資料輸出(步驟418)。如果步驟404的判斷結果為存儲介質內存儲的用戶資料是經過加密處理的,則進入步驟410。 Step 404: Determine, according to the read mark area, whether the user data stored in the storage medium is subjected to encryption processing. If the encryption process is not performed, according to the conventional data reading method, after the electronic device 100 reads the user data in the storage medium (step 406), the read user data is decoded (step 408), and then decoded. User profile output (step 418). If the result of the determination in step 404 is that the user profile stored in the storage medium is encrypted, the process proceeds to step 410.

步驟410,電子設備100讀取存儲介質中的用戶資料。 Step 410: The electronic device 100 reads the user profile in the storage medium.

步驟412,將讀取的用戶資料進行解碼。 Step 412: Decode the read user data.

步驟414,根據電子設備100中的預定資料生成解密密碼。如果在加密過程中,用戶輸入了自定義的加密密碼,則提示用戶輸入該自定義的加密密碼以便與存儲模組110中的預定資料結合生成解密密碼。 Step 414: Generate a decryption password according to the predetermined material in the electronic device 100. If the user enters a custom encrypted password during the encryption process, the user is prompted to enter the customized encrypted password to generate a decrypted password in conjunction with the predetermined material in the storage module 110.

步驟416,將解密密碼用於解密用戶資料,採用與加密演算法相應的演算法來解密用戶資料。 In step 416, the decryption password is used to decrypt the user data, and the algorithm corresponding to the encryption algorithm is used to decrypt the user data.

步驟418,將解密後的用戶資料輸出。 In step 418, the decrypted user profile is output.

此外,加密後的用戶資料的解密方法還可以採用如圖5所示的流程步驟:首先,步驟502,讀取存儲介質的標記區域,該標記區域內記錄有存儲介質內存儲的用戶資料是否經過加密的標記。 In addition, the decrypted method of the encrypted user data may also adopt the process steps shown in FIG. 5: First, in step 502, the mark area of the storage medium is read, and the user area stored in the storage medium is recorded in the mark area. Encrypted tag.

步驟504,電子設備100讀取存儲介質中的用戶資料。 Step 504, the electronic device 100 reads the user profile in the storage medium.

步驟506,將讀取的用戶資料進行解碼。 In step 506, the read user data is decoded.

步驟508,根據步驟502中讀取的標記區域內的標記,判斷存儲介質內存儲的用戶資料是否經過加密處理。如果未經過加密處理,則將解碼後的用戶資料輸出(步驟514)。如果步驟508的判斷結果為存儲介質內存儲的用戶資料是經過加密處理的,則進入步驟510。 Step 508: Determine, according to the mark in the mark area read in step 502, whether the user data stored in the storage medium is subjected to encryption processing. If the encryption process has not been performed, the decoded user profile is output (step 514). If the result of the determination in step 508 is that the user profile stored in the storage medium is encrypted, the process proceeds to step 510.

步驟510,根據電子設備100中的預定資料生成解密密碼。如果在加密過程中,用戶輸入了自定義的加密密碼,則提示用戶輸入該自定義的加密密碼以便與存儲模組110中的預定資料結合生成解密密碼。 Step 510: Generate a decryption password according to the predetermined material in the electronic device 100. If the user enters a custom encrypted password during the encryption process, the user is prompted to enter the customized encrypted password to generate a decrypted password in conjunction with the predetermined material in the storage module 110.

步驟512,將解密密碼用於解密用戶資料,採用與加密演算法相應的演算法來解密用戶資料。 In step 512, the decryption password is used to decrypt the user data, and the algorithm corresponding to the encryption algorithm is used to decrypt the user data.

步驟514,將解密後的用戶資料輸出。 In step 514, the decrypted user profile is output.

上述資料解密方法藉由電子設備100內存儲的預定資料對加密後的用戶資料進行解密,由於不同的電子設備內存儲的預定資料不同,因而只有對用戶資料進行加密的電子設備100才能進行解密,確保了用戶資料的安全。 The data decryption method decrypts the encrypted user data by using predetermined data stored in the electronic device 100. Since the predetermined data stored in different electronic devices is different, only the electronic device 100 that encrypts the user data can decrypt. Ensure the security of user data.

綜上所述,本發明符合發明專利要件,爰依法提出專利申請。惟,以上所述者僅為本發明之較佳實施方式,舉凡熟悉本案技藝之人士,在援依本案創作精神所作之等效修飾或變化,皆應包含於以下之申請專利範圍內。 In summary, the present invention complies with the requirements of the invention patent and submits a patent application according to law. However, the above description is only a preferred embodiment of the present invention, and equivalent modifications or variations made by those skilled in the art of the present invention should be included in the following claims.

10‧‧‧光碟 10‧‧‧DVD

20‧‧‧存儲卡 20‧‧‧ memory card

30‧‧‧軟碟 30‧‧‧ floppy

100‧‧‧電子設備 100‧‧‧Electronic equipment

102‧‧‧介面模組 102‧‧‧Interface module

104‧‧‧加解密模組 104‧‧‧Addition and decryption module

106‧‧‧編解碼模組 106‧‧‧Codec Module

108‧‧‧存取模組 108‧‧‧Access Module

110‧‧‧存儲模組 110‧‧‧Memory Module

200‧‧‧光碟機 200‧‧‧CD player

202‧‧‧IDE介面模組 202‧‧‧IDE interface module

204‧‧‧SHA-1加解密模組 204‧‧‧SHA-1 encryption and decryption module

206‧‧‧光存儲編解碼模組 206‧‧‧Optical storage codec module

208‧‧‧鐳射燒錄讀取模組 208‧‧‧Laser burning reading module

210‧‧‧唯讀記憶體 210‧‧‧Read-only memory

212‧‧‧第一存儲單元 212‧‧‧First storage unit

214‧‧‧第二存儲單元 214‧‧‧Second storage unit

216‧‧‧第三存儲單元 216‧‧‧ third storage unit

302~314‧‧‧資料加密方法流程步驟 302~314‧‧‧ Data encryption method process steps

402~418‧‧‧資料解密方法流程步驟 402~418‧‧‧ Data decryption method process steps

502~514‧‧‧另一資料解密方法流程步驟 502~514‧‧‧ another data decryption method process steps

圖1為一較佳實施方式的電子設備的示意圖;圖2為一較佳實施方式的光碟機的示意圖;圖3為一較佳實施方式的資料加密方法示意圖;圖4為一較佳實施方式的資料解密方法示意圖;圖5為另一較佳實施方式的資料解密方法示意圖。 1 is a schematic diagram of an electronic device according to a preferred embodiment; FIG. 2 is a schematic diagram of an optical disc drive according to a preferred embodiment; FIG. 3 is a schematic diagram of a data encryption method according to a preferred embodiment; Schematic diagram of the data decryption method; FIG. 5 is a schematic diagram of a data decryption method according to another preferred embodiment.

302~314‧‧‧資料加密方法流程步驟 302~314‧‧‧ Data encryption method process steps

Claims (19)

一種電子設備,其包括介面模組、編解碼模組及存取模組,該介面模組用於接收需要存儲到存儲介質的用戶資料及輸出從該存儲介質讀取的用戶資料;該編解碼模組用於編碼該需要存儲到存儲介質的用戶資料及解碼該從存儲介質讀取的用戶資料;該存取模組與該編解碼模組相連,該存取模組用於將該編碼後的用戶資料記錄到存儲介質上及從該存儲介質中讀取該用戶資料;其改良在於:該電子設備還包括加解密模組與存儲模組,該存儲模組用於存儲預定資料,該預定資料與該電子設備關聯對應;該加解密模組分別與該介面模組、存儲模組及編解碼模組相連,該加解密模組用於使用該預定資料將從該介面模組接收的用戶資料進行加密後傳送至該編解碼模組進行編碼及使用該預定資料將從該編解碼模組接收的用戶資料進行解密後傳送至該介面模組輸出。 An electronic device includes an interface module, a codec module, and an access module, wherein the interface module is configured to receive user data that needs to be stored to a storage medium and output user data read from the storage medium; the codec The module is configured to encode the user data that needs to be stored to the storage medium and decode the user data read from the storage medium; the access module is connected to the codec module, and the access module is used to encode the data The user data is recorded on the storage medium and the user data is read from the storage medium; the improvement is that the electronic device further includes an encryption and decryption module and a storage module, and the storage module is configured to store predetermined data, the predetermined The data is associated with the electronic device; the encryption and decryption module is respectively connected to the interface module, the storage module and the codec module, and the encryption and decryption module is used for receiving the user from the interface module by using the predetermined data. The data is encrypted and transmitted to the codec module for encoding, and the user data received from the codec module is decrypted and transmitted to the interface module output by using the predetermined data. 如申請專利範圍第1項所述之電子設備,其中該預定資料包括該電子設備的序列號。 The electronic device of claim 1, wherein the predetermined material comprises a serial number of the electronic device. 如申請專利範圍第1項所述之電子設備,其中該預定資料包括該電子設備的內部主要晶片識別碼。 The electronic device of claim 1, wherein the predetermined material comprises an internal main chip identification code of the electronic device. 如申請專利範圍第1項所述之電子設備,其中該預定資料包括該電子設備的內部主要模組的識別碼。 The electronic device of claim 1, wherein the predetermined data includes an identification code of an internal main module of the electronic device. 如申請專利範圍第1項所述之電子設備,其中該加解密模組採用安全雜湊演算法對該用戶資料進行加解密。 The electronic device of claim 1, wherein the encryption and decryption module encrypts and decrypts the user data by using a secure hash algorithm. 如申請專利範圍第1項所述之電子設備,其中該電子設備為光碟機。 The electronic device of claim 1, wherein the electronic device is a CD player. 如申請專利範圍第6項所述之電子設備,其中該介面模組為IDE介面模組、SATA介面模組與USB介面模組中的一種。 The electronic device of claim 6, wherein the interface module is one of an IDE interface module, a SATA interface module, and a USB interface module. 一種資料加密方法,包括如下步驟:接收需要存儲的用戶資料;根據存儲在電子設備中的預定資料生成加密密碼,該預定資料與該電子設備關聯對應;使用該加密密碼對用戶資料進行加密處理;對加密後的用戶資料進行編碼;將編碼後的用戶資料記錄在存儲介質上。 A data encryption method, comprising the steps of: receiving user data to be stored; generating an encryption password according to predetermined data stored in the electronic device, wherein the predetermined data is associated with the electronic device; and encrypting the user data by using the encrypted password; The encrypted user data is encoded; the encoded user data is recorded on a storage medium. 如申請專利範圍第8項所述之資料加密方法,其中該預定資料包括該電子設備的序列號。 The data encryption method of claim 8, wherein the predetermined material includes a serial number of the electronic device. 如申請專利範圍第8項所述之資料加密方法,其中該預定資料包括該電子設備的內部主要晶片識別碼。 The data encryption method of claim 8, wherein the predetermined material comprises an internal main chip identification code of the electronic device. 如申請專利範圍第8項所述之資料加密方法,其中該預定資料包括該電子設備的內部主要模組的識別碼。 The data encryption method of claim 8, wherein the predetermined data includes an identification code of an internal main module of the electronic device. 如申請專利範圍第8項所述之資料加密方法,其中該加密處理採用安全雜湊演算法對該用戶資料進行加密。 The data encryption method of claim 8, wherein the encryption process encrypts the user data by using a secure hash algorithm. 如申請專利範圍第8項所述之資料加密方法,其中還包括在存儲介質上作出標記的步驟,以指示存儲的該用戶資料已經經過加密處理。 The data encryption method of claim 8, further comprising the step of marking on the storage medium to indicate that the stored user profile has been encrypted. 一種資料解密方法,包括如下步驟:讀取存儲介質中的用戶資料;將讀取的該用戶資料進行解碼;判斷該用戶資料是否經過加密處理;如果該用戶資料經過加密處理,則根據電子設備中存儲的 預定資料生成解密密碼,該預定資料與該電子設備關聯對應;使用該解密密碼解密該用戶資料;將解密後的該用戶資料輸出。 A data decryption method includes the following steps: reading user data in a storage medium; decoding the read user data; determining whether the user data is encrypted; and if the user data is encrypted, according to the electronic device Stored The predetermined data generates a decryption password, and the predetermined data is associated with the electronic device; the decrypted password is used to decrypt the user data; and the decrypted user data is output. 如申請專利範圍第14項所述之資料解密方法,其中還包括讀取該存儲介質上的標記區域的步驟,以判斷該用戶資料是否經過加密處理。 The method for decrypting data according to claim 14, further comprising the step of reading the marked area on the storage medium to determine whether the user data is encrypted. 如申請專利範圍第14項所述之資料解密方法,其中該預定資料包括該電子設備的序列號。 The method for decrypting data according to claim 14, wherein the predetermined material includes a serial number of the electronic device. 如申請專利範圍第14項所述之資料解密方法,其中該預定資料包括該電子設備的內部主要晶片識別碼。 The method for decrypting data according to claim 14, wherein the predetermined material includes an internal main chip identification code of the electronic device. 如申請專利範圍第14項所述之資料解密方法,其中該預定資料包括該電子設備的內部主要模組的識別碼。 The method for decrypting data according to claim 14, wherein the predetermined data includes an identification code of an internal main module of the electronic device. 如申請專利範圍第14項所述之資料解密方法,其中採用安全雜湊演算法對該用戶資料進行解密。 For example, the data decryption method described in claim 14 is characterized in that the user data is decrypted by using a secure hash algorithm.
TW96114987A 2007-04-27 2007-04-27 Device and method for encrypting and decrypting data TWI387897B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW96114987A TWI387897B (en) 2007-04-27 2007-04-27 Device and method for encrypting and decrypting data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW96114987A TWI387897B (en) 2007-04-27 2007-04-27 Device and method for encrypting and decrypting data

Publications (2)

Publication Number Publication Date
TW200842643A TW200842643A (en) 2008-11-01
TWI387897B true TWI387897B (en) 2013-03-01

Family

ID=44822064

Family Applications (1)

Application Number Title Priority Date Filing Date
TW96114987A TWI387897B (en) 2007-04-27 2007-04-27 Device and method for encrypting and decrypting data

Country Status (1)

Country Link
TW (1) TWI387897B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI455561B (en) * 2010-08-04 2014-10-01 Hon Hai Prec Ind Co Ltd Network access device and method for accessing a network

Also Published As

Publication number Publication date
TW200842643A (en) 2008-11-01

Similar Documents

Publication Publication Date Title
CN101286338B (en) Electronic equipment and its data encryption method and data deciphering method
JP6040234B2 (en) Storage device, host device and method for protecting content
US7748012B2 (en) Method of manufacturing a limited use data storing device
US8745347B2 (en) Limited use data storing device
US7770028B2 (en) Limited use data storing device
US8140745B2 (en) Data retrieval methods
CA2381141A1 (en) Recordable storage medium with protected data area
US20040034787A1 (en) Video and/or audio information reading apparatus, information recording apparatus, optical disk reproducing apparatus, optical disk recording apparatus, information reading method, information recording method, program, and storage medium
JP2003208755A (en) Recording method, recording apparatus, reproducing method, and reproducing apparatus
US20060123483A1 (en) Method and system for protecting against illegal copy and/or use of digital contents stored on optical or other media
JP2001222861A (en) Data recording method and device, data reproducing method and device, and data recording/reproducing system
US8332724B2 (en) Data retrieval systems
JP2001319339A (en) Write once type optical disk and recording and reproducing device and recording medium for the optical disk
US20130024636A1 (en) Method of manufacturing a limited use data storing device
JP2001332019A (en) Data recording and reproducing method for write-once type optical disk, data reproducing device for write-once type optical disk and recording medium
US8220014B2 (en) Modifiable memory devices having limited expected lifetime
TWI387897B (en) Device and method for encrypting and decrypting data
US20080170688A1 (en) Method of recording and reproducing data on and from optical disc
US8462605B2 (en) Method of manufacturing a limited use data storing device
JP2012043234A (en) Optical disk, optical disk recording method, optical disk reproducing method, optical disk drive and storage system
US8014522B2 (en) Optical storage media and the corresponding cryptography for data encryption thereof
JP2001176191A (en) Data recording/reproducing method and device
JP4211174B2 (en) Data recording / playback system
JP2001155421A (en) Recording device and method, reproducing device and method and recording medium
US20060253722A1 (en) Uncopyable optical media through sector errors

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees