TW200928739A - Storage device and access authority management system and method used therefor - Google Patents

Abstract

A storage device and access authority management system and method used therefor are provided. The authority management system includes a storage device having an identified program with a client name list and a client with a client name. While the storage device and the client is connected by a plug-and-play connecting interface, the identified program runs a checking client process automatically to decide the authority of the storage device depending on the result to check that the client name list and the client name.

Description

200928739 IX. Description of the Invention: [Technical Field] The present invention relates to a usage right management system for a storage device and a method thereof, and in particular to a plug-and-play storage device and a usage rights management system thereof And methods. [Prior Art] Ο

Since the universal serial bus (Universal seriai Bus, USB) has excellent transmission speed and convenience of plug-and-play, it has been used in various external connection interfaces. The process of flashing and flashing is constantly improving, making the volume of flash memory shrinking day by day, and the capacity is larger and the cost is lower. So in recent years, many manufacturers have successively introduced the universal serial bus with the flashing Connected storage devices (that is, commonly known as USB flash drives) have been widely accepted by consumers, gradually replacing traditional floppy disks, light, and the like. But also, it is too convenient for these USB external storage devices to be used. As long as the computer is ΞίΤΠΓ, you can immediately back up the data in the computer to the capital. When the long-term enterprise _ device, how to do the right Deadline/Control::^* Use this type of enterprise for employees. In order to improve the efficiency of the security, it is usually only possible to use USB external storage device = 疋97 for: = data access action. The second fruit 'via the USB external device, bring back the research and development, analysis and research; market people can (10) enterprise news, with USB external storage device, with :::, body 2 can be used by customers (4) internal Phase _ material m 2 library storage device, please directly approve the hand towel. From Wei Bing 5 200928739, the risk of being out of the house is also a subject--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The use of rights management system, sentence person. ❹ 验 test two-way dog, with the first connection interface and built-in terminal device name table = body, 7 and terminal device, with the second connection implementation of Lin Lin, identity verification Finally, when the terminal device name table has the upper, k device name 'and the terminal device name table has the terminal, the storage device is used to use the terminal device. Said to re-propose a storage device usage rights management method, which provides an end storage device, the storage device has an identity verification program with a final name list, and a second connection interface: a solid terminal Terminal device of the device name. When the first connection interface of the first connection and the final device of the storage device is connected, the authentication program executes a terminal device authentication program to determine whether the terminal device name is present in the name list of the device. Finally, based on the result of the comparison, it is determined whether the storage device can be used on the terminal device. The present invention proposes a storage device comprising at least a disc area having an identification device of a terminal device name table and a plaintext area set to a hidden state. After the identity certification program is executed and the predetermined result is obtained, the plaintext area is cancelled. The usage right management system and method of the storage device proposed by the invention P can make the storage device have the appropriate authority for each terminal device, and can also reduce the loss of the storage device when the user accidentally loses the storage device. Risk of leakage of confidential information. The above and other objects, features and advantages of the present invention will become more <RTIgt; [Embodiment] ❹

The invention mainly provides a usage right management system for a storage device and a method thereof, so that the usage authority of the storage device in each terminal device can be appropriately determined and can also be low when the user accidentally loses the storage device. The risk of leakage of confidential information. Related embodiments are described below. A schematic diagram of the first embodiment in which the two embodiments are not poor. The storage device γ includes a plurality of terminal devices 2G (such as the first terminal device 2, the second terminal device 20, the eight devices 23, etc.); and the storage device 10 has an interoperability connection interface 丨9, 219 with the terminal devices. 229, 239, etc., some of the terminal devices 2 can be connected by the interface 19, and must be transferred to Weishan. Here, 'each terminal device=name' is because the terminal device name is the second terminal device name of each terminal terminal device 22, and the second terminal device name is C. The second storage device, the second terminal device 23's certificate program (1), and the terminal having the list of all terminal devices having the identity verification device 10 in the authentication program ^ allows the connection interface 19 of the health device ω to be inserted into the terminal tT U2 . When the storage device executes the authentication program U1 and enters the connection interface, the self-certification program m will read it: use the face_verification work; this body name, and the terminal with the authentication program lu, 2 The terminal device name table U2 of the terminal device name of the device is the same as the terminal device table of the 200928739 having the same terminal device as the terminal device inserted therein; however, if the terminal device name table 112 does not have the terminal device therewith The terminal device name of the cluster is not opened. The terminal device name table 112 of the H device 1G, which has a final name of A), is connected to the terminal device 21 (the terminal device name is shocked) The name table 112, 1 will automatically compare the end device name table m in the storage device 10, and the device name A' will be opened at this time. The device name A' will open the storage device 22 (final (four) department Jl' When the storage device 10 is inserted into the second terminal pair storage device 10 B), the authentication process S111 is also automatically = the terminal device name table 112 in the device 10 is compared. The terminal device name B' is found. Not open for storage Set 1: 10 identities ^ 3 \ ill terminal 认证 authentication program. Through the above storage device to verify the storage device _ = = =, you can have the permissions on the specific terminal device, · For specific storage devices, please refer to FIG. 2A and the first map at the same time, wherein the second embodiment of the month is a schematic diagram, the first...the execution step of the attack method is flown (4). The device of the setting I = includes the storage device H) And the multi-aged end-mounted system = as described in the first embodiment, the only difference between the identification and the identification is that the storage device is out of the box, except for having the terminal device name table 114 preset password 115, and It performs two steps of verifying the program money. The first terminal device authentication program includes the steps S and _, which are described in the same manner as the J embodiment, and are not described herein again.坌- 半同8th 200928739 The authentication program 113 can perform the comparison between the preset password 115 and the user password to open the usage right of the terminal device inserted by the storage device 1 (step S230); If not, the usage right of the storage device 10 is turned off (step S24G). Through the above-mentioned terminal device authentication program, it is possible to use the device to view the use of the terminal device; further, the step-by-step authentication program can confirm that the storage device is used by the user himself, and the prevention can be used when the device is prevented. The certification procedure 'prevents others from making sense is that when there is no absolute = for the two executions of the above-mentioned execution temptation, the first step can be performed first, and the first step is: Step, or, the second step can be performed first. The second step performs the first step; or, the first step and the second step can refer to the 3A map and the first map, wherein the 3A diagram is the second step: the execution step of the r is called a flowchart. Its system』 = installed == 10 and a plurality of terminal devices 2. ;only - no = except for the identification device 18, and the authentication program m, including the implementation; T is, the device authentication program 'the package will be the cup storage order (step _, the user pattern is read at this time, after completion) The authentication process=6 recognizes the Chiang device 18 to perform the user fingerprint user fingerprint pattern 1 oblique 3116 to preset the fingerprint pattern 118 and the limit (step S3301 · 4 Μ Μ right eye then open the storage device 10 use right right) The object is to close the use permission of the storage device 110 (step 9 200928739 L through this dual verification mode, not only can the terminal device be used to effectively manage the storage device to use the terminal device; further ===== is set to the user himself When used, pre-preventing others from using this device, you can use the fingerprint authentication program, ❹ ❹ the same 'the two steps of the above-mentioned execution verification program are not absolutely sequential. 4^明2 for a storage with rights management function The device 30, such as the two devices 30 of the connection interface 49, has a zone 32 and a hidden zone 33; wherein the optical zone 31 is the location of the automatic execution program of the storage 30; the plaintext zone 32 provides the storage zone. The original user can't see and use the original password provided by the manufacturer, and it is determined that the commercially available storage device has a storage device through the system verification program 311. When the authentication program == terminal paste and: copy verification ^ turn Wei set 40 ^ end device name table 312 has its inserted at this time will be granted _ # ^ said, Yilin transferred to the new program. Μ, the user gives the user access to the data in plain text 200928739. The permission and the difference between the storage device of the embodiment are as described in the previous embodiment. The difference is the design of the pure certificate program 311. In other words, the identity The verification program 311 can have a dual verification mode with a terminal device authentication program and a password authentication program; or a dual verification with a terminal device new program and a fingerprint button program^

❹ style. Among them, the terminal device verification program, the MME verification program, and the fingerprint verification program are as described above. Through the above two dual verification methods, not only can the storage device be able to manage the remote device's remote authority, but the user can also use the user's own device to prevent the user from accidentally losing the storage device. To prevent others from using this storage device. As described above, the storage device 1〇, 3〇 of the present invention may be a device having a storage function, such as a flash memory (FlashMem〇ry), a magnetic memory, or the like. The connection interface 19, 39, 219, 229, 239, 39, 49, etc., may be any connection interface having a plug-and-play (Plug-anci-piay) function, such as a general-purpose serial bus (USB) or IEEE1394. The terminal devices 2, 21, 22, 23, 40, etc., may be any electronic device having a data storage function, such as a personal computer (PC), a workstation (Work Station), or a server (Server). The fingerprint recognition device 18 is a device having a function of reading a fingerprint pattern, such as a push pattern recognition device or a scanning pattern recognition device. Furthermore, another embodiment of the present invention is to place the fingerprint recognition device 18 on the terminal device instead of the storage device. While the invention has been described above by way of a preferred embodiment, it is not intended to limit the invention, and the invention may be modified and modified without departing from the spirit and scope of the invention. The scope of protection is subject to the definition of the scope of the patent application. 11 200928739 [Simple description of the drawings] Fig. 1 is a schematic view showing a first embodiment of the present invention. Fig. 2A is a schematic view showing a second embodiment of the present invention. Fig. 2B is a flow chart showing the execution steps of an operation method of the second embodiment. Figure 3A is a schematic view of a third embodiment of the present invention. Fig. 3B is a flow chart showing the execution steps of an operation method of the third embodiment. Figure 4 is a schematic view of a fourth embodiment of the present invention. [Description of main component symbols] 10, 30: storage device 20, 40: terminal device 18: fingerprint identification device 21: first terminal device 22: second terminal device 23: third terminal device 19, 219, 229, 239, 39 49: connection interface 111, 113, 116, 311: authentication program 118: preset fingerprint pattern 32: plaintext area 35: body 112, 114, 117, 312: terminal device name table 115: preset password 31: optical disc area 33: hidden area S200~S240: performing steps S300 to S340 according to an embodiment of the present invention · Step 12 of an embodiment of the present invention

Claims (1)

200928739 X. Applying for a patent garden 〗 The usage rights management system of the L storage device comprises: 7 storage device, having a first connection interface and an identity verification program having a terminal device name table built therein; and a final device; When there is a second connection interface and a terminal device name, and the verification process interface is connected, the body name table #:$: vanadium 仃 terminal device authentication program has the terminal device name than the terminal device name terminal, and When the terminal device name table has the two fs, the access authority of the storage device to the terminal device is opened. If the terminal device name table does not have the terminal device name, the system is closed. The application system is the application of the storage device for the storage device described in the first paragraph of the patent scope, m&amp;; further includes executing a password authentication program to input one of the users = and the built-in function in the authentication program The password is compared; if one's, the storage device is opened for use by the secret device: if it is inconsistent, = open the storage | placed in the terminal device. The use authority of the storage device described in item 1 of the scope of the patent application further includes an execution-fingerprint authentication program to input a fingerprint of one of the users, and one of the built-in authentication programs If the preset fingerprint pattern is consistent with the second, the access authority of the storage device to the terminal device is opened; if not, the usage permission of the storage device for the terminal device is not opened. 5. The use authority of the storage device of claim 4, wherein the storage device further comprises a fingerprint identification device. Wang Rushen's use of the storage device described in item 5 of the β patent patent range = system' wherein the fingerprint identification device comprises a push-type fingerprint recognition device or a woman-style fingerprint recognition device. 13 200928739 7. A method for managing usage rights of a storage device, comprising: providing a storage device having a first connection interface, wherein the storage device has an identity verification program having a terminal device name table; When the second connection interface is connected to the terminal-located name-terminal-connected connection, the first connection surface of the eight storage surface is connected with the first connection side of the scale county, so that the identity verification process is performed - Ο ❹ Whether or not the storage device can be used on the secret device is determined according to whether the terminal device name table has the terminal device name or not. 8. The management method for the storage device according to claim 7 of the patent application scope 'In addition to executing the terminal device authentication program, the certificate program compares one of the input user passwords with the preset password built in the program; if; the use authority of the device is; If not, then === the right to use the device in the terminal device. The use of the storage device as described in item 7 of the patent application scope is also included in the execution of the terminal. The end device authentication program executes a finger bite sequence to compare one of the input user fingerprint patterns with one of the preset fingerprint patterns of the authentication program; if so, the storage device is opened. The right of the final position; if not, the authority to use the terminal device. Xia Yu ι〇. A storage device, comprising: a CD-ROM area storage with a terminal device name table ; and ^ Mingwen District, is set to the hidden state, and after the identity verification program 200928739 is executed and the predetermined result is obtained, the hidden state ', _ where 'the plaintext area is set to the hidden state cannot be used by the user' When the plaintext area is unhidden, the user can access the data. The storage device is as described in claim 1, wherein the device further includes a hidden area. 12. The storage device of claim 1, wherein the identity verification program executes a terminal device authentication procedure when the storage device is inserted into a terminal device having a terminal device name. 13. The storage device of claim 12, wherein the terminal device authentication program has a terminal device name than the terminal device name table, and if so, cancels the hidden state of the plaintext region and is open. The storage device has the right to use the terminal device. 14. The storage device of claim 12, wherein the authentication program executes a second password authentication program to execute the terminal-user password and the identity verification. The preset password is built in the program for comparison; if so, the hidden state of the plaintext area is eliminated, and the storage device is opened for use in the terminal device. 15. The storage device of claim 12, wherein the authentication program is executed in addition to the program, and the fingerprint authentication is performed to input the user fingerprint pattern and the identity. In the verification program, one of the preset fingerprint patterns performs the H, then cancels the hidden state of the plaintext area and opens the use permission of the storage device to the terminal device. 15