TW200828074A - Security method, security system and pairing/encryption system - Google Patents

Abstract

A security method for access control between a host and a storage device is provided. The storage device includes a memory which memory stores a fist identity code and a file system therein. The file system is configured to store a secured data and a first storage space. The host is stored with a second identity code. The security method includes the following steps. First, the data stored in the first storage space is uploaded to the host, wherein the first storage space is generated by a pairing/encryption process. Following, the data stored in the first storage space is decrypted into a decrypted data. Afterward, the decrypted data is compared with the first identity code and the secured data for verifying the validity of the decrypted data. Last, according to the validity of the decrypted data, the right of the host for accessing the secured data is decided.

Description

200828074 IX. Description of the invention: [Technical field of invention] The method of __-_ full method and pure, especially the method and system 'and its associated storage device and host pair encryption [previous technology] consumer electronics The functions of the products are diversified, and the storage requirements for the blown materials are also increased. Therefore, come to Otani Ribeka (for example, including Multimedla J over plugged small flash memory memory, +, 笠锉 壮 壮 Memory Memory Memory stick cards, etc. 4b is stored; ^ in the storage board Expanding its memory capacity has become a trend. The storage of the digital data of the 1st 料 置 有机 有机 有机 有机 有机 有机 有机 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 则 保 保 保 保 保 保 保 保 保Copying and spreading. Here's a general description of the preservation method of Lai (four) materials ^ ^ Knowledge of the storage of the money of the heart of the reading (four) system tc endurance. As shown in the figure of a younger, - storage device 记忆 memory 150 is stored - security The storage device 15 legality of the full data, after that, the host 10 user access / 15 〇 security data. A sergeant can be accessed and used memory: the following two major directions. Set the preservation method package; first, the department will store the preservation information plus ypti〇n), storage;

= With the host 10 has a separate key (Key), through the storage device 'host 10, the two sides of the mutual verification of Jin Yu, solve the real I valley i-tent key); thereafter, then this content gold Record pair encryption I 200828074 data riding decryption (DeCryption); Finally, the host 1 〇 output of the preservation of the material. Next, the identification code of the host and the storage device 15 is verified to confirm the access authority of the host 1G to the storage device 15. After the verification, the host 1 accesses and uses the security data. Although the above-mentioned verification method can provide a certain degree of protection for the preservation data, the risk of dissemination is increased, which threatens the preservation of the data provider, in view of the fact that the system of circulation (4) is riding up and the security data is taken up. ϋ ° In order to protect the intellectual property of the creator of the preservation data, it is necessary to verify the entire poor. At the same time, if the information is protected, the households are inadvertently changed, or the people are shaped, and the customs are well-off; Γ: In view of this, Qing has sought out, and further strengthens the preservation of storage devices, users and users. More comprehensive protection is provided at the end. The present invention is directed to providing a kind of preservation.

System, its hunting (four) diligent security record, storage device - identification code = two identification code encrypted calculation data 'to control the host to save the second brother can make the preservation data was tampered or improperly used, dry + sub-clothing , the device carries the wire. Another object of the present invention is to provide a first-identification system for the preservation data and the storage device, and to perform the encryption calculation to generate the domain data stored in the other stone horse into the host to detect the security data. Tampering or being improperly enabled can be accessed by the storage device. The present invention discloses a security method, which is applicable to the control host to access a storage attack. The storage device is detachably coupled to the host computer. The storage device includes a memory, and the memory system stores a first identification code and a file system. The file system is structured to store a security data and a first storage space. The host system pre-stores a second identification code. The step of the security method is to first upload the data of the first storage location to the host, wherein the first storage space is generated by a pairing encryption program. Secondly, the first storage space is decrypted to generate a decrypted data. Then, judging whether the decrypted data is correct, the determination of the correctness of the decrypted data includes verifying whether the decrypted asset = conforms to the first identification code and the security information. Finally, the correctness of the H-density data controls the host to access the security data.豕 4 Included in the description. In the embodiment, the paired encryption package encryption device is described, wherein the paired encryption device has an internal order: the paired encryption device retrieves the security data, and 5= is followed by 'using the feature content, the first Just as stepping on the life to form - plus "encrypted data downloaded to the first - library space, and the invention further discloses a storage device including - memory and - host. The and a slot system system, limbs The system stores a first identification code with a diver's sub-space, wherein the first ^^ section has a data system stored in the laboratories. 8 200828074 Pre-passing-pairing plus pure device, and having -memory, the memory The material=device's data connected to the storage-storage space is stored with the “secondary identification code.” The data of a storage space is decrypted, and the host, the host, whether the first decrypted data meets the The first-decryption data. The host verification system accesses the security data. The horse and the security material are used to control the invention. The invention further discloses a storage system, a system, a pairing encryption system package, a brother memory system, Memory system storage = clothing system, the file # 4 别 code w and - file record love carving ... stored a security information. The host includes -

ΐ ΐ ... 己 己 己 己 己 己 己 己 己 己 己 己The pairing plus poverty F

Save the device! And the host. The pairing encryption device G can take the security data, and generate a special f-internal customer, which is suitable for the content, the content of the genre, and the genre of the genre. The second identification code is encrypted and executed to generate an encrypted data. The pairing encryption device generates a -first storage space in the storage dreaming system, and the encryption material is down = music storage space. 5 Hai, the above summary and the following detailed description and drawings are all intended to be able to explain the ways, means and strengths of the invention for achieving the intended purpose. Other objects and advantages of the present invention will be described in the following description and drawings. ϋ [Embodiment] First, please refer to the second figure, which is a schematic diagram of the system architecture of the paired encryption system of the present invention. As shown in the second figure, the pairing encryption system 2 includes a storage device 20, a host 22, and a pairing encryption device 24. 200828074 The storage device 20 stores a security data and is set to be paired with the host. The purpose of this pairing is to limit the usage rights of the storage device. The client can only access the storage device 2 by the host 22. The host 22 here is an electronic product, for example, a personal digital assistant, a wireless communication device, a digital camera, a digital audio and video playback device, and a GPS wire scale. The storage device 2 () means that the large f includes the flash marks of each Weige. The age device (4) can be plugged and unplugged ^ connected to the host 22, the host 22 Sun Zuoyu " Du m pull also the security information. The storage device 20 is stored as shown in the second figure. The storage device 20 includes a first n U limb 200 stored in the body 200, and the file system has a system of: === case system Accompanied by Shen Zu +, θ 〗 〖204, used to match the storage and storage - the first includes - the memory is fine, the memory 22 〇 system is added and the main 5 = = ^ 犹 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 The data is generated to generate a _'two-set 24 having a privilege, and the feature content, the first-pair cryptographic device 24, and the encryption calculus can be used to generate a force and a second identification code to perform the standard system of the device 20 Produce Besun and F to set 24 and download the confidential data to the first storage space ^ a storage space, add the first identification code 201, and record the identity identification code ^^* Regulated in the management of products. The specific storage area of the same, "," flash card, with the unique identification code, the second J, the code 221 is the host 22 special. The music-code 221 can be the product sequence of the host 22 10 200828074. In addition, the file system 2〇2 can be / or NTFS slot season · move ~ $ according to 12, FATi6, FAT32 between 204 " = = ^ = architecture, and the preservation of data storage space ^ a warehouse 206 as a file The device St is connected to the paired encryption S connection method (4). The pairing encryption device ^2 space 206 has the first storage-decryption gold potential for generating the encrypted data. 22G series has been stored

The permissions are different, the permissions of \^ Μ金余223 and the e-gold record 26 are not limited, and their functions will be described in detail. The J and encryption device 24 includes a data access module 240 to interface with the module 242. Data access mode ^ 2 〇, host "丨,; u7 people μ supply, ugly system connection to the storage device; ^ # % read 26 for wire. Add (four) calculation module 242 = Yu-before access module Group 240, the encryption calculation module 242 is responsible for the collection group 240 to retrieve the security data to generate the feature content, using the §Hai feature content, the first iik nr Zff . parallel encryption calculus to generate the second ¥1/^ The second identification code 221 is paired with L (four) (4) device 24 2 : the mechanism of the computer hardware architecture is used to achieve the aforementioned pairing force I. In addition, those skilled in the art can know that the storage device is known. ί ς ^ Γ 22 # Connected to the pairing encryption device 24 through the process fixture, the control tool is set according to the actual needs, therefore, no longer do ^ ^ then "see the third picture" The figure is a flow chart of the steps of the pairing encryption method of the storage device 20 / and the machine 22 of the present invention. The related system 200828074 architecture should also refer to the second figure. As shown in the figure, the pairing encryption method includes the following steps. : First, connect the storage device 20 and the host 22 to the paired encryption device. 24, wherein the encryption device 24 paired with a heterologous / permission generating a first storage 206 (step S300); secondly, the encryption device 24 to retrieve the pairing preservation of data content to generate a feature (step S302);

Then, the pairing encryption device 24 performs the encryption calculation using the feature content, the first identification code 2〇1 and the second identification code 221 to form a confidential data (step S304), and finally, the pairing encryption device 24 is in the storage device 20. A first storage space 206 is generated in the file system 2〇2, and the encrypted data is downloaded to the first storage space 206 (step S306). In step S300, the electronic key 26 is further connected to the pairing encryption device 24, so that the pairing encryption device 24 has the step of generating the rights of the first and the space 206. In the step S 3 02, the encryption of the pairing encryption device 24: the security-dealing (the pressing, the step S3〇4 orders the use of the special and the second identification code work to add: The code 201 calculation method is f, which is based on the actual; to = plus; the data is re-stated. For the sake of; sigh, here is not the security system of the invention 3 3 is used to control the preservation of data / Next, please refer to the fourth figure, the system architecture diagram of the figure. This security system 12 200828074 access. The storage device 2 〇 encryption program, in the ' ' '22 through the paired encryption system 2 is assigned to the host 22. For example, P In the middle of use, the storage device 20 is pluggably connected and the host 22. = Figure 壮 Γ, the security system 3 includes the storage device 2, the 彳 clothing 20 includes a memory 2 〇〇 'memory 200 Including a full-service file system. The file system is withdrawn from the full data storage process '204 and - the first - storage space 206. The space writers save the security data, and the first storage students. Edited the memory 220 produced by the encryption program, stored in p 2Q And having - memory 220, the data is decrypted to generate mf22 to move the first storage space to meet the first - identification: 2 〇; shell material. The host 22 verifies the access to the full data. "乂 and the preservation In order to control the protection = the storage device 2 〇 更 — 储存 储存 储存 储存 储存 储存 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找 找The decryption key 223 is used for the host 22 to use the security data, and the host 22 has a decryption/testing solution. / 姨心姨 group 226, decryption/inspection 226 system uses the decryption Jin Yu 223 Jiang Di Miao - σ松', and the material is decrypted as decrypted data: and the code and Wei Quan data. Whether the material meets the requirements of the first-identification host 22 processing 226 system is the application matching function. Seeking the hard (four) structure mechanism, Achieving its decryption and verification 13 200828074 The material pairing encryption method shows that the data of the first storage space 206, the first identification code 201 and the second identification code 221 are generated by 5:2: 2. Therefore, the security system 3 uses the decryption gold. The data stored in the sub-space 206 of the key 223 is decrypted, and - The comparison of the security code plus the second recognition 221, to confirm the preservation of the ',, ... white, the combined record 'Asia, and confirm whether the preservation information has been changed. 卩] 糸,, first wood structure% at the same time The first method of preservation includes the following steps: - (4) The data of the first storage space 206 in the 7®® 7^ is uploaded to the host 22, and the step S5 〇〇:); The encryption program generates (step, _ person, the host 22 de-provisions the data of the first storage space 206 to generate - decrypt the data (step S5G2); (Bei Jing determines the correctness of the decryption (4) by the production data, wherein The decryption identification code 20 includes verifying whether the decrypted data conforms to the first 4th code 201 and the preservation data (step S504); and the wholly-owned correct (four) method, refer to the sixth figure, which is a preservation of the present invention. Fang Shi: The second step is as shown in _, this specific device ^ step 'shooting host 22 is stationed in the wrong memory" person uploads the first storage space 2〇 & the data to the host called step 14 200828074 step S610); , the verification module 226 decrypts the data of the decrypted money storage space m to generate a solution Confidential information, tribute includes - device code, - host code and - data code (steps to attack the mountain; then, decryption / verification module 220 Li Xiao I #, space write data and use pairing 22: 2) to distinguish Whether the data of the first storage space 2G6 is ^^ 680); access to the security tribute (if the judgment of step S630 is the first time, the secret information is the same, then the second storage door f S - the shell And the data of the encryption/verification module 226 and the 〇δ are uploaded to the host data to meet the payment code 221 stored in the second storage space 208 (step S64〇); If the judgment of S640 is not in accordance with the second identification code 221, then the data stored in the storage space 208 is stored with data (step S64f; step-by-step determination of the second storage space 2〇8) If the age is gone, it means that the storage device space 208 is stored illegally, and then, the & main branch 22 does not match, the data access is S680); and the machine 22 accesses the security data (step If the rabbit is judged in step S642, it represents the storage device 2n ",, - The storage space has not yet stored the asset machine 22, and the second identification port is connected to the host 22, and then the main download is downloaded to the second storage space 208 (step 15: f is broken to decrypt the data device code conforms to the first-identification two Hungary, decryption Whether the data code of the data conforms to whether the security material is changed (step S660), (4) the data code of the decryption (4) is not conformed to the security data, and then the host 22 is terminated (step S680);

200828074 S644); Whether the device code of the decrypted data conforms to the first-identification code. The identification code is 2〇Γ, and the device for decrypting the data does not conform to the first: the material access is illegal, and the device 20 does not match the host 22. (Step S680); 8 is to terminate the host 22 to save the data if the step S650 code 201, then enter a data to confirm the preservation if the step S660 data, on behalf of the preservation of the access to the preservation data,: (10) judgment If the information code of the material meets the security 1 change, then the maintenance is completed; step S670). 22, access to access and use of security information (^, hunting as detailed in the above examples, the preservation method and system of the present invention = over the main, 14 storage device pairing encryption program, the preservation data, storage bag The first identification code and the second identification code are encrypted to generate the data, and then the security method and the system decrypt the data of the first storage space to verify whether the storage device is connected to the host B, and X, Confirming whether the encrypted data and the security (4) are changed, thereby enhancing the legality and forwardness of the use of the security data. 16 200828074 However, the above description is only for the detailed description and drawings of the specific embodiments of the present invention, and is not intended to be used. The invention is to be construed as being limited by the scope of the following claims, and any one skilled in the art in the field of the invention can be easily changed or modified to cover the patents defined in the following. Scope. [Simplified description of the diagram] The first diagram is the system architecture of the storage device reading system of the known technology. The second diagram is the distribution of the invention. Schematic diagram of the system architecture of the encryption system; the third diagram is a flow chart of the steps of the paired encryption procedure of the present invention; the fourth diagram is a schematic diagram of the system architecture of the security system of the present invention; Step flow chart; and the sixth figure is a flow chart of steps of a specific embodiment of the preservation method of the present invention. Φ [Main component symbol description] 1: Storage device reading system 2: Paired encryption system 3: Security system • 10, 22: host: 15, 20: storage device 150, 200, 220: memory 201: first identification code 202: file system 17 200828074 204: security data storage space 206: first storage space 208: second storage space 221: second identification code 223: decryption key 226: decryption/verification module 24: pairing encryption device 240: data access module 242: encryption calculation module 26: electronic key 18

Claims (1)

200828074 X. The scope of the patent application: The seed protection king U ' is suitable for the control-host pair--strong access, the storage device is pluggably connected to the storage device to carry out the inclusion-memory, the memory system Storage 2, '_Storage and Broadcasting System>, the structure of the file system is equipped with: identification code and code, the security method includes the following steps: health storage - brother two identification (8) the first storage space information The storage space is pre-passed and paired with encryption=, wherein the data of the first-aged-storage space is decrypted to generate a positive data, and the decryption data is decrypted; The decrypted data is; ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -) the pairing encryption device operates the security data to generate - in the feature (a-3) using the feature content, the encryption algorithm m "second identification code (4)) is stored in the storage device. And clothing The first storage space is generated in the private case system, 19 200828074, and the encrypted data is downloaded to the first storage space. 3. The preservation method described in claim 2, wherein in step (a-1) The method further includes the step of connecting an electronic key to the pairing encryption device, so that the paired encryption device has the right to generate the first storage space. 4. The security method according to claim 2, wherein The pairing encryption device performs a hashing operation on the security data to generate the feature content. 5. The security method according to claim 1, wherein the host system stores a decryption key 5 Decrypting the data of the first storage space by using the decryption key to generate the decrypted data. 6. The security method of claim 1, wherein the decrypted data comprises a device code, a host code, and a The data code is as follows: 7. The method for preservation according to item 6 of the patent application, wherein in step (c), the device code is verified and the data code meets the first The identification code and the security tribute are used to determine the correctness of the solution and the tribute. 8. The preservation method according to claim 7, wherein the file system of the storage device further comprises a second storage space. The second storage space cooperates with storing the second identification code. 9. The security method of claim 8, wherein the step (c) further comprises the following steps: (c-Ι) uploading the second Storing the data of the space to the host; (c-2) determining whether the data of the second storage space conforms to the second identification code; and (〇3) whether the data according to the second storage space conforms to the second identification 20 200828074 a code for controlling the host to access the security method described in item 9 of the security, and (1), the data of the right music storage space does not comply with the termination in the step (c-3) If the host accesses the security data, the identification code is the second identification code, and if the information of the second storage space does not match: in step (c-2) ) includes the following steps: "^乐二标识码,更_) Whether the second storage space is stored or not is stored (c-22). If the second storage space has not stored data, '=, and 12 are downloaded to the second storage space. The second identification code of f far away is as in the second item of the patent application scope: second, middle, and further includes the following steps: ~, wherein in step (b) (four) · the decrypted data, the first storage is the same as the encrypted data And whether the data of the two rooms (b-2) if (4) - the storage space (4) and the encryption host access the security data. , ask, 13, if the application of the patent _ _ item, the second, if the decrypted data is incorrect, then terminate the host, in the step (d access. Money is fully funded for the system 14, - kind of security The system is turned over to control - the whole system includes: , 'Dou access', the storage device, including one but the identification code and the file system: the memory system stores the first data, and has The first storage system stores the security storage room, and the first stored data is stored in the memory system by the 200828074 and the host computer. The domain has a memory, wherein the first-storage identification code; the first-storage space;:=! is uploaded to the host, the host host verifies the solution (four) data, the 15 full-beauty From the control of the access to the security data. And the security system, such as the patent system of the 14th patent system, has a security system, where the host 16 mines the first storage; the host system uses the decryption gold w car, , the data stored between them is decrypted for the decryption Du=Special_The security system described in Item 15 is used to solve the module. The decryption uses: “: The data stored in the storage space is decrypted = ^ The information is the same as the first identification code to (10) 17 The security system according to Item 14, wherein the decryption file " ^=code and a data code, the host determines whether the decrypted data is not the 4th identification code and the verification of the security data. Whether the code meets the first-identification code, and whether the data code meets the security information. 18 ^ The security system of claim 14, wherein the storage file system further comprises a second storage space. 19. The security system of claim 18, wherein the data of the second storage space is further uploaded to the host, and the host verifies whether the data of the second storage space conforms to the second identification file. In order to control access to the full data of Bao 22 200828074. 20 21 22 ::==_ The security system described in Item 14, where the pairing match = the encryption exercise is " Two identification codes The encryption; 2 secret data 'to generate the first-to-fault space, and store the shellfish in the first storage space. - A paired encryption system, comprising: a storage splitting 'including a memory identifier and - Yu'an has stored a first data from the 'u version; Tian Muyu, first, the file system is stored with a security one: the machine is Γ-memory, the memory system stores - the second identification dressing set ' Connected to the storage device and the host, the pairing encryption 奘罟 p ^ ^ ^ 特 特 特 特 特 特 特 特 特 特 特 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏The Angyi (4) code is used for the encryption calculation, and the file system of the storage shelf is generated to generate a first storage of the second Becco 2 encrypted data to be downloaded to the first storage room, and the pairing mentioned in item 21 of the profit range The encryption system, further including the Du Er Qian '8 electronic key system, is connected to the pairing encryption device, so that the paired encryption device has the authority. a paired encryption system as described in item 21, wherein the paired encryption device comprises: a data access module that accesses the storage device, the host, and the electronic key; and 23 23 200828074 An encryption calculation module is connected to the data access module, and the encryption calculation module retrieves the security data through the data access module to generate the feature content, and utilizes the feature content, the first The identification code and the second identification code perform an encryption calculation to generate the encrypted data. 24. The paired encryption system of claim 23, wherein the ^cryption algorithm module performs a hash calculation on the security data to generate the " feature content. twenty four