[go: up one dir, main page]

CN1475919B - Data storage security method - Google Patents

Data storage security method Download PDF

Info

Publication number
CN1475919B
CN1475919B CN 03145311 CN03145311A CN1475919B CN 1475919 B CN1475919 B CN 1475919B CN 03145311 CN03145311 CN 03145311 CN 03145311 A CN03145311 A CN 03145311A CN 1475919 B CN1475919 B CN 1475919B
Authority
CN
China
Prior art keywords
data
storage location
memory device
driver
time slot
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CN 03145311
Other languages
Chinese (zh)
Other versions
CN1475919A (en
Inventor
黄晖杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Via Technologies Inc
Original Assignee
Via Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Via Technologies Inc filed Critical Via Technologies Inc
Priority to CN 03145311 priority Critical patent/CN1475919B/en
Publication of CN1475919A publication Critical patent/CN1475919A/en
Application granted granted Critical
Publication of CN1475919B publication Critical patent/CN1475919B/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Abstract

The invention relates to a data storage security method, which is applied to a computer and a data storage device, wherein the computer accesses data of the data storage device through a driving program, and the security method comprises the following steps: providing data to be stored; the operating system of the computer provides a data storage request to the data storage device, wherein the data storage request comprises an original storage position; the driver program performs a storage location transformation operation through a preset encryption value according to the data storage request, so as to obtain an actual storage location; and the driver writes the data to be stored into the data storage device according to the actual storage position.

Description

数据储存保密方法Data storage confidentiality method

技术领域 technical field

本发明涉及一种数据储存保密方法,特别是一种应用于一电脑与一数据储存装置上的数据储存保密方法。The invention relates to a data storage security method, in particular to a data storage security method applied to a computer and a data storage device.

背景技术 Background technique

随着信息产业的快速发展,许多无形的知识与信息都已经被数字化,并以数字化信息的形式存在,例如企业所产出的各种数据文件,这些都应属于企业的私有资产而受到使用上的限制。因此,企业都尽可能地防止这类属于公司资产的数字化信息遭到员工本身或外人的盗用,于是如何对于数字化信息进行保护,是现今知识经济方兴未艾的时代中,一个越来越受到重视的课题。With the rapid development of the information industry, many intangible knowledge and information have been digitized and exist in the form of digital information, such as various data files produced by enterprises, which should belong to the private assets of enterprises and be subject to use. limits. Therefore, companies try their best to prevent such digital information belonging to the company's assets from being misappropriated by employees or outsiders. Therefore, how to protect digital information is a topic that is getting more and more attention in today's era of knowledge economy. .

然而储存于硬盘(Hard Disk Drive)中的数据是数据保密的一大漏洞,由图1所示的现有数据存取流程图可清楚看出,操作系统10所发出的读写请求(read/write request)是通过一驱动程序11(driver,例如IDE driver)的处理而进一步在硬盘12上完成存取数据(Access Data)的动作。在目前的个人电脑环境中,任何人只要拿到硬盘,便可利用任意安装有与其对应驱动程序的个人电脑来读取其内部所储存的数据。而抽取式硬盘的设计更是方便了使用者来进行数据交换,因此数据被盗取与滥用的情况非常严重,而如何通过一种简单的机制来限制数据被任意读取,是发展本发明的主要目的。However, the data stored in the hard disk (Hard Disk Drive) is a major loophole in data security. It can be clearly seen from the existing data access flow chart shown in FIG. 1 that the read and write requests (read/ write request) is to further complete the action of accessing data (Access Data) on the hard disk 12 through the processing of a driver 11 (driver, such as IDE driver). In the current personal computer environment, as long as anyone gets a hard disk, he can use any personal computer with its corresponding driver installed to read the data stored in it. The design of the removable hard disk is more convenient for users to exchange data, so the situation of data being stolen and abused is very serious, and how to restrict data from being read arbitrarily through a simple mechanism is the key to the development of the present invention. main purpose.

发明内容 Contents of the invention

本发明是一种数据储存保密方法,应用于一电脑与一数据储存装置上,该电脑通过一驱动程序来对该数据储存装置进行数据的存取,该保密方法包含下列步骤:提供一待储存数据;该电脑的操作系统向该数据储存装置提出一数据储存请求,而该数据储存请求中包含有一原始储存位置;该驱动程序根据该数据储存请求,而通过一预设加密值进行一储存位置变换运算,进而得到一实际储存位置;以及该驱动程序根据该实际储存位置而将该待储存数据写入该数据储存装置中。The present invention is a data storage security method, which is applied to a computer and a data storage device. The computer accesses the data storage device through a driver program. The security method includes the following steps: providing a data; the operating system of the computer proposes a data storage request to the data storage device, and the data storage request includes an original storage location; the driver performs a storage location with a default encryption value according to the data storage request transform operation to obtain an actual storage location; and the driver program writes the data to be stored into the data storage device according to the actual storage location.

根据上述构想,数据储存保密方法中还包含有下列步骤:该电脑向该数据储存装置提出一数据读取请求,而该数据读取请求中包含有该原始储存位置;该驱动程序根据该数据读取请求而进行该储存位置变换运算,进而得到该实际储存位置;以及该驱动程序根据该实际储存位置而将该待储存数据自该数据储存装置中读出。According to the above idea, the data storage security method also includes the following steps: the computer proposes a data read request to the data storage device, and the data read request includes the original storage location; The storage location conversion operation is performed according to the request to obtain the actual storage location; and the driver program reads the data to be stored from the data storage device according to the actual storage location.

根据上述构想,数据储存保密方法中该数据储存装置是一集成驱动电子设备接口硬盘(IDE Hard Disk)。According to above-mentioned design, this data storage device in the data storage security method is an integrated drive electronic equipment interface hard disk (IDE Hard Disk).

根据上述构想,数据储存保密方法中该电脑的操作系统是将该原始储存位置记录于一文件分配表中。According to the above idea, in the data storage security method, the operating system of the computer records the original storage location in a file allocation table.

根据上述构想,数据储存保密方法中该储存位置变换运算是将该原始储存位置位移一预设加密值而得到该实际储存位置。According to the above idea, the storage location transformation operation in the data storage security method is to obtain the actual storage location by shifting the original storage location by a preset encryption value.

根据上述构想,数据储存保密方法中该预设加密值是在安装该驱动程序时进行设定。According to the idea above, the default encryption value in the data storage security method is set when the driver is installed.

根据上述构想,数据储存保密方法中该数据储存装置是一可擦写光盘驱动器。According to the above idea, the data storage device in the data storage security method is a rewritable optical disc drive.

根据上述构想,数据储存保密方法中该数据储存装置是一软盘驱动器。According to the idea above, the data storage device in the data storage security method is a floppy disk drive.

根据上述构想,数据储存保密方法中该电脑的操作系统是将该原始储存位置记录于一文件分配表中,且从该文件分配表中将该原始储存位置取出并放入该数据读取请求中。According to the above idea, in the data storage security method, the operating system of the computer records the original storage location in a file allocation table, and takes out the original storage location from the file allocation table and puts it into the data read request .

本发明是一种数据储存保密方法,应用于一电脑与一数据储存装置上,该电脑通过一驱动程序来对该数据储存装置进行数据的存取,该保密方法包含下列步骤:提供一待储存数据;该电脑的操作系统向该数据储存装置提出一数据储存请求,该数据储存请求中包含有一原始储存位置;该驱动程序根据该数据储存请求而进行一储存位置变换运算,进而得到一实际储存位置,而该储存位置变换运算是将该原始储存位置位移一预设加密值而得到该实际储存位置;以及该驱动程序根据该实际储存位置而将该待储存数据写入该数据储存装置中。The present invention is a data storage security method, which is applied to a computer and a data storage device. The computer accesses the data storage device through a driver program. The security method includes the following steps: providing a Data; the operating system of the computer proposes a data storage request to the data storage device, and the data storage request includes an original storage location; the driver program performs a storage location conversion operation according to the data storage request, and then obtains an actual storage location. location, and the storage location conversion operation is to obtain the actual storage location by shifting the original storage location by a preset encryption value; and the driver program writes the data to be stored into the data storage device according to the actual storage location.

以下结合附图进一步说明本发明。Further illustrate the present invention below in conjunction with accompanying drawing.

附图说明 Description of drawings

图1是现有硬盘的数据存取流程图。FIG. 1 is a flow chart of data access to a conventional hard disk.

图2(a)是本发明对于电脑与数据储存装置的硬件环境中所发展出的一数据储存保密方法的数据存取示意图。FIG. 2( a ) is a schematic diagram of data access of a data storage security method developed in the hardware environment of computers and data storage devices according to the present invention.

图2(b)、(c)是本发明较佳实施例的步骤流程示意图。Fig. 2(b), (c) is a schematic flow chart of steps in a preferred embodiment of the present invention.

图3是微软公司所制定的配合其操作系统运行的输入/输出管理层驱动程序(Input/Output Supervisor Layer Driver)的功能定义表。Fig. 3 is the function definition table of the Input/Output Supervisor Layer Driver (Input/Output Supervisor Layer Driver) developed by Microsoft to cooperate with its operating system.

具体实施方式 Detailed ways

图2(a)是本发明对于电脑与数据储存装置的硬件环境中所发展出的一数据储存保密方法的数据存取示意图,当运行于电脑上的操作系统20发出一数据读写请求(read/write request)时,根据本发明的一驱动程序21将根据读写请求,而将数据读写请求中所包含的一原始储存位置进行一第一储存位置变换运算22,进而得到一实际储存位置,而驱动程序21再根据实际储存位置而对数据储存装置23进行数据存取的动作。Fig. 2 (a) is the data access schematic diagram of a data storage security method that the present invention develops in the hardware environment of computer and data storage device, when the operating system 20 running on the computer sends a data read and write request (read /write request), a driver 21 according to the present invention will perform a first storage location transformation operation 22 on an original storage location contained in the data read and write request according to the read/write request, and then obtain an actual storage location , and the driver program 21 performs data access to the data storage device 23 according to the actual storage location.

以下以一实例进行详细的步骤说明,先将本发明所发展的驱动程序安装至一电脑与一数据储存装置(例如一IDE接口硬盘)上,而于安装的过程中,驱动程序可供安装者输入一预设加密值并予以储存。The detailed steps are described below with an example. First, the driver program developed by the present invention is installed on a computer and a data storage device (such as an IDE interface hard disk), and during the installation process, the driver program can be provided to the installer. Enter a default encryption value and save it.

而当安装有本发明驱动程序的电脑运行过程中,产生一待储存数据(例如一数据文件)需要储存于数据储存装置时,运行于电脑上的操作系统便向数据储存装置(例如一IDE接口硬盘)提出一数据储存请求,而数据储存请求中包含有一原始储存位置,而电脑的操作系统可将原始储存位置记录于一文件分配表(File Allocation Table,简称FAT)中。随后,驱动程序便根据数据储存请求而进行一储存位置变换运算,进而得到一实际储存位置。储存位置变换运算可为利用预设加密值所进行的一特定算法,例如,储存位置变换运算可为将原始储存位置位移一预设加密值而得到实际储存位置,意即,驱动程序最后将根据变换后所得的实际储存位置而将待储存数据(例如一数据文件)写入数据储存装置中。And when the computer operation process that driver program of the present invention is installed, produce a data to be stored (such as a data file) and need to be stored in the data storage device, the operating system running on the computer just sends data storage device (such as an IDE interface) Hard disk) puts forward a data storage request, and the data storage request includes an original storage location, and the operating system of the computer can record the original storage location in a file allocation table (File Allocation Table, referred to as FAT). Then, the driver program performs a storage location conversion operation according to the data storage request, and then obtains an actual storage location. The storage location conversion operation can be a specific algorithm performed by using a preset encryption value. For example, the storage location conversion operation can be obtained by shifting the original storage location by a preset encryption value to obtain the actual storage location. That is, the driver will finally use the The converted actual storage location is used to write the data to be stored (for example, a data file) into the data storage device.

因此,当运行于电脑上的操作系统想读取上述数据时而向数据储存装置提出一数据读取请求时,需从文件分配表中将原始储存位置取出并放入数据读取请求中,而驱动程序便根据数据读取请求中的原始储存位置以及预设加密值所而进行上述的储存位置变换运算,进而再得回实际储存位置,如此驱动程序方能根据实际储存位置而将待储存数据自数据储存装置中读出。上述步骤的流程示意图如图2(b)、(c)所示。Therefore, when the operating system running on the computer wants to read the above data and proposes a data read request to the data storage device, it needs to take out the original storage location from the file allocation table and put it into the data read request, and the drive The program then performs the above-mentioned storage location conversion calculation according to the original storage location in the data read request and the preset encryption value, and then obtains the actual storage location, so that the driver can automatically store the data according to the actual storage location read from the data storage device. The flow diagram of the above steps is shown in Fig. 2(b) and (c).

另外,而为能提供使用上的灵活性,在数据储存动作进行时,驱动程序可显示一提示来供使用者进行选择,即目前欲进行储存的数据是否要以保密方式进行储存,若是,则可依照上述方法储存,若非,则可以一般现有方式储存,如此,未加密的数据仍可通过其它安装有相对应驱动程序的个人电脑来读取而不需要有正确的预设加密值。In addition, in order to provide flexibility in use, when the data storage operation is in progress, the driver can display a prompt for the user to choose, that is, whether the data currently to be stored should be stored in a confidential manner, and if so, then It can be stored according to the above method, if not, it can be stored in a general existing way, so that the unencrypted data can still be read by other personal computers with corresponding drivers installed without having the correct default encryption value.

因此,在运用本发明方法的个人电脑环境中,任何人拿到以本发明方法进行数据保密的硬盘,除非利用其上安装有正确预设加密值的相对应驱动程序的个人电脑来读取其内部所储存数据,否则将无法正确地读取数据,通过本发明的机制,使用者将可有效且简便地限制其储存于数据储存装置中的数据文件被任意读取,进而发展本发明的主要目的。Therefore, in the personal computer environment using the method of the present invention, anyone gets the hard disk that carries out data security with the method of the present invention, unless utilizing the personal computer that the corresponding driver program of correct default encryption value is installed on it to read its Otherwise, the data will not be able to be read correctly. Through the mechanism of the present invention, the user can effectively and easily restrict the data files stored in the data storage device from being read arbitrarily, and then develop the main idea of the present invention. Purpose.

图3是微软公司制定的配合其操作系统运行的输入/输出管理层驱动程序(Input/Output Supervisor Layer Driver)的功能定义表,其中层级编号越高,代表该层级越接近硬件端,而本发明的技术手段可完成于任意层级,但以越靠近硬件端的层级为越佳,因为可减少从中被拦截的可能性。以申请人针对硬盘所发展的集成驱动电子设备接口微型端口驱动程序(IDEminiport driver)为例,它被设置于第21层。Fig. 3 is the function definition table of the input/output management layer driver program (Input/Output Supervisor Layer Driver) that cooperates its operating system operation that Microsoft formulates, and wherein the higher the level number, represents that this level is closer to the hardware end, and the present invention The technical means can be completed at any level, but the closer to the hardware level, the better, because it can reduce the possibility of being intercepted. Taking the IDEminiport driver developed by the applicant for the hard disk as an example, it is set on the 21st layer.

综上所述,除硬盘之外,本发明数据储存装置可以是一可擦写的非易失性存储装置、一可擦写光盘驱动器或是一软盘驱动器,只要装置上的驱动程序上运用本发明所揭露的技术手段,都可有效地实现防止数据被任意盗取的功效。In summary, in addition to the hard disk, the data storage device of the present invention can be a rewritable non-volatile storage device, a rewritable optical disk drive or a floppy disk drive, as long as the driver program on the device uses this The technical means disclosed in the invention can effectively prevent data from being arbitrarily stolen.

以上所述仅为本发明其中的较佳实施例而已,并非用来限定本发明的实施范围;即凡依本发明权利要求范围所作的均等变化与修饰,都为本发明专利范围所涵盖。对于本领域的技术人员来说显而易见的是,可在不脱离本发明的精神和范围的情况下对本发明做出各种改进和变化。因此,这意味着,如果对本发明的这些改进和变化落在所附权利要求的范围及其等效范围内,本发明就涵盖了这些改进和变化。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the implementation scope of the present invention; that is, all equivalent changes and modifications made according to the scope of the claims of the present invention are covered by the patent scope of the present invention. It will be apparent to those skilled in the art that various modifications and changes can be made in the present invention without departing from the spirit and scope of the invention. Therefore, it is meant that the present invention covers the improvements and changes of the present invention if they fall within the scope of the appended claims and their equivalents.

Claims (10)

1. a data storing time slot scrambling is applied on a computer and the data memory device, and this computer expert crosses the access that a driver comes this data memory device is carried out data, and this time slot scrambling comprises the following step:
Provide one to treat storage data;
The operating system of this computer proposes a data storing request to this data memory device, includes an original storage location in this data storing request;
This driver carries out a storage location transform operation and preset secret value by one, and then obtains a physical holding of the stock position according to this data storing request; And
This driver treats that with this storage data writes in this data memory device according to this physical holding of the stock position.
2. data storing time slot scrambling as claimed in claim 1 wherein also includes the following step:
This computer proposes a data read request to this data memory device, and includes this original storage location in this data read request;
This driver is according to this data read request, and carries out this storage location transform operation by this default secret value, and then obtains this physical holding of the stock position; And
This driver is according to this physical holding of the stock position and this is treated that storage data reads in this data memory device.
3. data storing time slot scrambling as claimed in claim 1 is characterized in that this data memory device is an ide interface hard disk.
4. data storing time slot scrambling as claimed in claim 1, the operating system that it is characterized in that this computer are that this original storage location is recorded in the file allocation table.
5. data storing time slot scrambling as claimed in claim 4 is characterized in that this memory location transform operation is that this original storage location displacement should be preset secret value and obtained this physical holding of the stock position.
6. data storing time slot scrambling as claimed in claim 5 is characterized in that this default secret value is to set when this driver is installed.
7. data storing time slot scrambling as claimed in claim 1 is characterized in that this data memory device is an erasable optical disk driver.
8. data storing time slot scrambling as claimed in claim 1 is characterized in that this data memory device is a floppy disk.
9. data storing time slot scrambling as claimed in claim 2, the operating system that it is characterized in that this computer is that this original storage location is recorded in the file allocation table, and should take out and put into this data read request by original storage location from this document allocation table.
10. a data storing time slot scrambling is applied on a computer and the data memory device, and this computer expert crosses the access that a driver comes this data memory device is carried out data, and this time slot scrambling comprises the following step:
Provide one to treat storage data;
The operating system of this computer proposes a data storing request to this data memory device, includes an original storage location in this data storing request;
This driver carries out a storage location transform operation according to this data storing request, and then obtains a physical holding of the stock position, and this storage location transform operation is that this original storage location displacement one default secret value is obtained this physical holding of the stock position; And
This driver treats that with this storage data writes in this data memory device according to this physical holding of the stock position.
CN 03145311 2003-07-03 2003-07-03 Data storage security method Expired - Lifetime CN1475919B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 03145311 CN1475919B (en) 2003-07-03 2003-07-03 Data storage security method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 03145311 CN1475919B (en) 2003-07-03 2003-07-03 Data storage security method

Publications (2)

Publication Number Publication Date
CN1475919A CN1475919A (en) 2004-02-18
CN1475919B true CN1475919B (en) 2010-04-21

Family

ID=34155885

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 03145311 Expired - Lifetime CN1475919B (en) 2003-07-03 2003-07-03 Data storage security method

Country Status (1)

Country Link
CN (1) CN1475919B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5661800A (en) * 1994-03-18 1997-08-26 Fujitsu, Limited Method and manufacture for preventing unauthorized use by judging the corresponding relationship between logical and physical addresses
WO2001075608A1 (en) * 2000-03-31 2001-10-11 Sanyo Electric Co., Ltd. Interleaving apparatus and deinterleaving apparatus
CN1319205A (en) * 1999-07-28 2001-10-24 索尼公司 Recording system, data recording device, memory device, and data recording method
CN1343938A (en) * 2000-09-21 2002-04-10 优硕资讯科技股份有限公司 Method and system for controlling lease validity period of electronic files

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5661800A (en) * 1994-03-18 1997-08-26 Fujitsu, Limited Method and manufacture for preventing unauthorized use by judging the corresponding relationship between logical and physical addresses
CN1319205A (en) * 1999-07-28 2001-10-24 索尼公司 Recording system, data recording device, memory device, and data recording method
WO2001075608A1 (en) * 2000-03-31 2001-10-11 Sanyo Electric Co., Ltd. Interleaving apparatus and deinterleaving apparatus
CN1343938A (en) * 2000-09-21 2002-04-10 优硕资讯科技股份有限公司 Method and system for controlling lease validity period of electronic files

Also Published As

Publication number Publication date
CN1475919A (en) 2004-02-18

Similar Documents

Publication Publication Date Title
JP4169822B2 (en) Data protection method for storage medium, apparatus therefor, and storage medium therefor
US6378071B1 (en) File access system for efficiently accessing a file having encrypted data within a storage device
CN102945355B (en) Fast Data Encipherment strategy based on sector map is deferred to
US6654820B1 (en) System capable of recording a content onto a recording medium which does not have a medium ID
EP1946238B1 (en) Operating system independent data management
US7596695B2 (en) Application-based data encryption system and method thereof
JP2005506590A (en) System, method and device for playing audio, video or other content recorded from non-volatile memory card, compact disc or other media
KR20080090672A (en) Method and apparatus for protecting contents of a WMS device
CN113094756B (en) Data encryption method and computing device
CN108108633A (en) A kind of data file and its access method, device and equipment
US20110252242A1 (en) Multi-phase storage volume transformation
KR100857760B1 (en) Encryption Key Storage Device Using Flash Memory and Its Security Method
CN1475919B (en) Data storage security method
CN105335663A (en) Encrypted file system based on double-image file
TW200533136A (en) Key cache management through multiple localities
US9436840B2 (en) System and method for securely storing information
CN117828687A (en) Data processing method, device, electronic device and readable storage medium
US8086873B2 (en) Method for controlling file access on computer systems
KR100952484B1 (en) A security module for authenticating a mobile storage medium and a method of operating the security module
JP2006343887A (en) Storage medium, server device, information security system
JPH05233460A (en) File protection method
CA2165649C (en) File encryption scheme
JPH10340232A (en) File copy preventing device, and file reader
KR100948502B1 (en) Access control of portable and non-portable devices through file system filter drivers
TW554268B (en) Data storage security method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term

Granted publication date: 20100421

CX01 Expiry of patent term