201037551 六、發明說明: 【發明所屬之技術領域】 種外安全領域之技術,且特別是有關於- 吹…乂子裝置及其製造方法,以及一種外接式儲存裝置的 育訊安全管理方法。 于衣置们 【先前技術】 f ^ ttfl^^(inf〇rmation security) Ο Ο 二 部的重要資料,避免重要資料外流而 w成么司的重大損失。圖丨㈣示f訊安全f理系統的並中一 種架構。請參照圖i,此架構包括有資訊安全飼服器脱、 AD(actlve directory,譯為目錄服務)伺服器1〇4、資料庫 (database)106及控制台(c〇ns〇le)1〇8。其中,資訊安全伺服器 102安裝有資訊安全管理軟體。上述這些設備係透過公司内部 網路110而與電腦112、114、116、118及12〇連接且這些 電月尚都女裝有刖述資訊安全管理軟體的代理程式(卿叫。管理 者可透過控制台108來對資料冑1〇6奴上述電腦的資料存取 權限’以便讓資訊安全管理系統管理這些電腦的資料存取 (詳後述)。 ' 圖2繪示習知之一種應用於前述資訊安全管理系統的 USB隨身碟架構。所謂USB隨身碟即是USB flash drive,其 中USB為universal serial bus的縮寫,譯為通用串列匯流排。 請參照圖2,此USB隨身碟200包括有記憶單元202、控制單 元204及USB連接介面206。記憶單元202已執行過高階格式 化(high level format) ’因而建立有檔案系統(me system)。如圖 所示,此檔案系統具有開機(boot)區段、檔案索引表(flle allocation table,FAT)區段、根目錄(ro〇t direct〇ry)區段及檔案 儲存區段。 3 201037551 在上述四個區段中,檔案儲存區 者之檔案的區段,根目静㈣用只際用來儲存使用 案索引表軸_,而播 索引資訊,至於開機區段則用來==:2 2〇8(即以斜.干案錯存區段又被劃分為隱藏空間 區且=ΓΓ9Λδ )開放空間210(即未以斜線標示之 -L滅工間208内儲存有識別碼(idemificati〇nc〇de仍 Ο ¢) 干〜顯不出開放空間210 _儲存内容,而不會顯 播案索引表區段、根目錄區段及隱藏空間』 安ΐ管理系統分有二種操作方式,其中第—種 方弋則:疋„時連線的方式來進行操作,而第二種操作 明了進行操作。請參照圖1及圖2來說 種㈣方式。*有貝工將USB隨身碟細連接至圖^ 入=任-電腦,例如連接至電腦116時,電腦ll6中之資訊安 體的代理程式,就會絲得USB隨身碟綱之隱藏 =丄。8内的識別碼’並將有一 USB隨身碟連接至電腦ιΐ6 、月况’以及USB隨身碟2GG的識別碼告知資訊安全伺服器 <J2«接著,=貝5fL安全伺服器102便會向AD伺服器104確認 電腦116是否屬於公司内部管控的電腦。 次承上述,一但確認為是,資訊安全伺服器1〇2就會轉而向 貝料庫106確認USB隨身碟200的識別碼,以判斷此識別碼 J否屬於管理者事先透過控制台108輸入至資料庫1〇6的内部 =控識別碼。若又確認為是,那麼資訊安全伺服器1〇2就會向 資料庫106取得對應於USB隨身碟200之識別碼的資料存取 4 201037551 ί I 取觀告知電腦116。如此—來,電腦116 =貝心全官理軟體的代理程式,便可根# USB隨身磾· =別碼的貧料存取權限’來管控電腦】 磾 之間的資料存取行為。 ⑯身碟200 ^將繼續說日二種方式,請再參照圖丨及圖2。 Ο Ο 至電腦I^H200連接至圖1中的任一電腦,例如連接 夺,電腦116中之資訊安全管理軟體的代理鞋々, 二會去取得USB隨身碟2〇〇之隱藏空間2 工’ 將取得的辨識碼盘電腦116塞㈣識別碼,並 識別碼來做tbtf事先儲存之么司内部所有的管控 刚來識別碼可由管理者事先透過控制台 時认定备t 丁設定,並於設定這些管控識別碼的同 伺;二二識別碼對應的資料存取權限’進而讓資訊安全 定完畢後將這㈣控識_騎—管Μ 取取得識別碼之後’—但代理程式判斷所 :的識別碼疋屬於公司内部管控識別碼的其中之 =就會依照此識別碼對應的資料存取權限來:t 參輪犯&身碟2〇0之間的資料存取行為。反之,^代理Π 顺所取得的識別碼並不屬於公司 轾式 式就會關電腦m與USB隨身碟之間戈理程 而此處所指的限制,例如是禁止電腦116將^^取行為。 ==圖2所示型式的USB隨㈣,有利於 貝说女王管控,然而由上述的說明可知,在記憶單元中劃: 5 201037551 出一隱藏空間的USB隨身碟,乃是特製的USB隨身碟,故必 須要有USB隨身碟製造商願意配合設計及生產才行。此外, 在圖2所示的USB隨身碟200中,所採用的控制單元2〇4也 必須具有可將記憶單元202的檔案儲存區段,劃分為隱藏空間 208及開放空間210這二個部分的功能,故也必須要有控制單 元製造商願意配合設計及生產才行。這麼一來,就會導致採用 資訊安全管理系統的這些公司,必須再額外花費一筆錢去訂做 特製的USB隨身碟,且也不見得花錢就買得到。201037551 VI. Description of the invention: [Technical field to which the invention pertains] Techniques in the field of extraterrestrial safety, and in particular, relating to a blowing device, a manufacturing method thereof, and an information management method for an external storage device. In the clothing [previous technology] f ^ ttfl ^ ^ (inf〇rmation security) Ο Ο two important information, to avoid the outflow of important data and w. Figure 丨 (4) shows a parallel architecture of the security system. Please refer to Figure i. This architecture includes information security device, AD (actlve directory) server 1, 4 database, database 106 and console (c〇ns〇le). 8. The information security server 102 is installed with an information security management software. These devices are connected to computers 112, 114, 116, 118, and 12〇 through the company's internal network 110. These electric moons have women's agents that describe the information security management software. The console 108 accesses the data access rights of the above computer to the data security management system to enable the information security management system to manage the data access of these computers (described later). FIG. 2 illustrates a conventional application to the aforementioned information security. The USB flash drive architecture of the management system. The so-called USB flash drive is a USB flash drive, wherein USB is an abbreviation of universal serial bus, which is translated into a universal serial bus. Referring to FIG. 2, the USB flash drive 200 includes a memory unit 202. The control unit 204 and the USB connection interface 206. The memory unit 202 has performed a high level format 'and thus has a file system (me system). As shown, the file system has a boot sector. , flle allocation table (FAT) section, root directory (ro〇t direct〇ry) section and file storage section. 3 201037551 In the above four sections, file storage The section of the file of the person, the root of the static (four) is used to store the use of the index table axis _, and broadcast the index information, as for the boot section is used ==: 2 2 〇 8 (ie to the oblique. The error-storing section is further divided into a hidden space zone and = ΓΓ9 Λ δ) open space 210 (ie, the identification code (idemificati〇nc〇de still ¢) is stored in the L-external 208 not marked with a slash (dry) Out of the open space 210 _ store content, but not broadcast the index table section, root directory section and hidden space 』 An ΐ management system has two modes of operation, the first type of 弋 疋 疋 时 时 连The operation of the line is performed, and the second operation is clear. Please refer to Figure 1 and Figure 2 for the (4) method. * There is a beard to connect the USB flash drive to the picture ^in=any-computer, for example connection When you go to the computer 116, the agent of the information security in the computer ll6 will be hidden by the USB flash drive program = 丄. The identification code in 8 'and a USB flash drive connected to the computer ιΐ6, month condition' and USB flash drive 2GG identification code informs the information security server <J2« Next, = Bei 5fL security server 1 02 will confirm to the AD server 104 whether the computer 116 belongs to the computer controlled by the company. After the above, once confirmed, the information security server 1〇2 will turn to the USB library 106 to confirm the USB flash drive 200. The identification code is used to determine whether the identification code J belongs to the internal = control identification code that the manager inputs into the database 1〇6 through the console 108 in advance. If it is confirmed to be YES, the information security server 1 〇 2 will obtain the data access corresponding to the identification code of the USB flash drive 200 to the database 106. 4 201037551 ί I The computer 116 is notified. So - come, computer 116 = Beixin full official software agent, you can root #USB portable 磾 = = = = = = = = = = = = = = = = = 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 The 16-disc 200 ^ will continue to say two ways, please refer to Figure 丨 and Figure 2. Ο 至 Connect to the computer I^H200 to connect to any computer in Figure 1, such as the connection, the agent of the information security management software in the computer 116, the second will go to the USB flash drive 2 〇〇 hidden space 2 work ' The identification code disk computer 116 will be obtained (4) identification code, and the identification code will be used for tbtf pre-storage. All the internal management and control codes of the company can be determined by the administrator through the console in advance, and these settings are set. Control the same code of the identification code; the data access permission corresponding to the second and second identification codes', and then let the information security be fixed, then (4) control _ riding - pipe 取 after obtaining the identification code' - but the agent judges: The code 疋 belongs to the company's internal control identification code = it will follow the data access authority corresponding to this identification code: t 轮 犯 &&amp; 2 〇 0 data access behavior. On the other hand, the agent code obtained by the agent does not belong to the company. It will turn off the computer between the computer m and the USB flash drive. The limitation here is, for example, prohibiting the computer 116 from taking action. == Figure 2 shows the type of USB with (4), which is beneficial to the Queen said, but the above description shows that in the memory unit: 5 201037551 A hidden USB flash drive, is a special USB flash drive Therefore, it is necessary to have a USB flash drive manufacturer willing to cooperate with the design and production. In addition, in the USB flash drive 200 shown in FIG. 2, the control unit 2〇4 used must also have the file storage section of the memory unit 202 divided into two parts: the hidden space 208 and the open space 210. Functionality, it is also necessary to have a control unit manufacturer willing to cooperate with design and production. As a result, these companies that use the information security management system must spend an extra fee to order a special USB flash drive, and they can't afford to buy it.
【發明内容】 ^本發明的目的就是在提供一種外接式儲存裝置,其適合與 貢訊安全管理系統搭配使用,並且在外接式儲存裝置的製造過 程中’不需要特定元件製造商的配合。 匕 本發明的另一目的就是在提供一種外接式儲存裝置的製 造方法’其可製造出適合與資訊安全管理系統搭配使用的外 式儲存裝置,並且在外接式儲存裴置的製造過程中, 定元件製造商的配合。 而荷 本發明的再-目的就是在提供一種外接式儲存裝 訊安全管理方法’其可使電腦能判斷與其連接之外接式 置是否屬於公司内部管控之外接式儲存裝置,據以決;: 予此外接式儲存裝置對應的資料存取權限。 啊 本發明提出一種外接式儲存裝置,其包括有連接介 面及記 憶單7L。所述記憶單兀建立有财H此翻彡⑥ 區段及儲料輕段,而職區段錢案料魏 有識別碼。此識別碼可被安裝有資訊安全管理軟體:聦: 識,而資訊安全管理軟體會使電腦依據識別如 = 存裝置對應的資料存取權限。 r按式健 6 201037551 本發明另糾-種外接式儲针置的製造方法 L首=共外接式儲,置,此外接她置具有 2機區段及檔案索引表區段,並在開機區段或槽4弓= &中儲存制碼,此識制可被安裝有資訊安全管理=表區 而資訊安全管理軟體會使電腦依據識二2 式儲存裝置對應的資料存取權限。 向軾予外接 Ο Ο 1 m提ώ -種外接讀㈣置㈣訊安全管理方 法’適用於-電腦,而此電腦安裝 巨理方 方法中,首先是利用上述資訊安=:二:^在此 外接式儲存裝置所具㈣辟單以=摘雜至電腦之 檀案系統所具有之開機區段内'或是,案==所建立的 引表區段内’是否儲存有識別碼。接著^判斷槽案索 體取得識別竭,並確認識二:資= :電腦依據識別碼而賦予外接式儲“ 内別碼是儲存於開機區段 段,檔案儲存區 索引=向儲存於標齡索引:㈣’此 儲存位置標:上述索引資訊撤 本發^明乃是在 » 或樓案索引麵段巾^儲存|置之檔案純的開機區段 -存識別碼’且此識別碼可被安装有資訊 7 201037551 全管理軟體會使電腦依據 發_提出之外接因此,本 使用,並且在外接式儲存 *q理线搭配 製造商的配合m k抓中m特定元件 一套資訊安全管理方法,透針對外接式儲存|置提出 =嶋統的_4^=之=存裝 Ο Ο i二右為是,便又再進-步判別識別碼是否屬 接式儲存裝置對應二據:二==而_卜 儲存裝置m料取行為。 、彳電腦與外接式 懂’下文特舉較佳實;的、特徵和優點能更明顯易 【實施方式】 所附圖式,作詳細說明如下。 圖3繪示依照本發明一實施例之 圖3,此外接式儲存裝置300包 儲^置。請參照 则及連接介面3。6。控制單元3〇4用二=:=制單元 貧枓存取,並透過連接介面3()6連接 ^二^進行 以進行資料傳輸。此記憶單元302已^子裝置’ 系f。如圖所示,此檔案系統具:機2::ϊ 紫弓丨表區段、根目錄區段及槽案儲存區段。 检案 者之ΐί述四麵段中,财儲存區卿是實際用來儲存使用 4: ί 口 7錄區段用來擺放根目錄相關資料,而ΐ =索弓丨表區段卿來產生及存放檔針特區段巾 = 索弓I貧訊,至於開機區段則用來存放開機時的重要程 8 201037551 料。當外接式儲存裝置_ 時,電腦只會顯示出檔案储存^内連^_面3^連接至電腦 出開機區段、檔案索引表區段及根 ^内谷,而不會顯示 在此例中,上述之開機區財的儲存内容。 可被安裝有ttfl安全管理㈣ 碼’此識別碼 =使電腦依據識別如辭外接式:里軟 料存取權限。換句話說,資訊 存裝置3⑼對應的貧 Ο 識別碼之對應的資料存取權限,來= 上述 裝置300之間的資料在* /f 冤細本身與外接式儲存 資料儲存至外接式儲存裝】㊁將電腦,的 一步說明如何在上述開機區段中存放識別碼。圖4來進 的機區段中存放識別碼 的不思圖。如圖4所示,勺棬gg -、 (sectorMO? , Φ χτ ^ 隐早 70 302 具有 Ν 個磁區SUMMARY OF THE INVENTION It is an object of the present invention to provide an external storage device that is suitable for use with a tribute security management system and that does not require the cooperation of a particular component manufacturer during the manufacture of the external storage device. Another object of the present invention is to provide a method of manufacturing an external storage device that can produce an external storage device suitable for use with an information security management system, and in the manufacturing process of the external storage device, The cooperation of component manufacturers. The re-invention of the invention is to provide an external storage and security management method that allows the computer to determine whether the external connection is connected to the company's internal control external storage device, according to the decision; In addition, the data access authority corresponding to the connected storage device. The present invention provides an external storage device including a connection interface and a memory sheet 7L. The memory unit establishes a section 6 of the translation and a light section of the storage unit, and the job section has a identification code. This ID can be installed with the information security management software: 聦: 识, and the information security management software will enable the computer to identify the data access rights corresponding to the storage device. r according to the type of health 6 201037551 The invention is further corrected - the manufacturing method of the external type of needle storage L first = a total external storage, set, in addition, she has a 2 machine section and file index table section, and in the boot area The segment or slot 4 bow = & store the code, this knowledge can be installed with the information security management = table area and the information security management software will make the computer access the data access rights corresponding to the 2nd type storage device. To the external Ο Ο 1 m ώ 种 - kind of external reading (four) set (four) information security management method 'applicable to - computer, and this computer installed Ju Li Fang method, the first is to use the above information security =: two: ^ in addition The connected storage device has (4) a single copy to the computer in the boot sector of the computer, or whether the file is stored in the boot section of the computer. Then ^ judge the trough case body to obtain the identification exhaustion, and confirm the identification two: capital =: the computer is given an external storage according to the identification code. "The internal code is stored in the boot sector segment, the file storage area index = stored in the age index : (4) 'This storage location mark: The above index information is revoked. The description is in the » or the index of the index section of the towel ^ storage | set the file pure boot section - save the identification code ' and this identification code can be installed There is information 7 201037551 full management software will make the computer based on the _ external connection, therefore, the use, and in the external storage *q management line with the manufacturer's cooperation mk grasp m specific components a set of information security management methods, through External storage|Settings=嶋^的_4^==存装Ο Ο i 2 right is yes, then it is further step-by-step to determine whether the identification code is connected to the storage device corresponding to two data: two == and _ Bu storage device m material taking behavior. 彳Computer and external type understanding 'The following special features are better; the features and advantages can be more obvious and easy to make [Embodiment] The drawings are described in detail below. Figure 3 shows FIG. 3 according to an embodiment of the present invention, in addition to storage The device 300 is stored in the package. Please refer to the connection interface 3. 6. The control unit 3〇4 is accessed by the two =:= system unit, and connected through the connection interface 3()6 for data processing. This memory unit 302 has a device 'f. As shown, the file system has: machine 2:: 紫 purple bow table section, root directory section and slot file storage section. In the four sections, the Treasury is used to store and use the 4: ί port 7 section for the root directory related information, and ΐ = Needle section towel = cable bow I poor news, as for the boot section is used to store the important process 8 201037551 material. When the external storage device _, the computer will only show the file storage ^ inline ^_ face 3 ^ Connect to the computer to boot the boot section, the file index table section and the root ^ valley, and will not display the storage contents of the above boot area in this example. Can be installed with ttfl security management (four) code 'this identification Code=Enable the computer to recognize the external connection type: the soft material access authority. In other words, the information storage device 3 (9) corresponds to The data access authority corresponding to the barren identification code comes to = the data between the above devices 300 is stored in the external storage device and the external storage device is stored in the external storage device. The identification code is stored in the boot section. Figure 4 shows the inconsistency of the identification code in the incoming section. As shown in Figure 4, the scoop gg -, (sectorMO?, Φ χτ ^ 隐早 70 302 has Ν Magnetic zone
SeCt〇r)402,其中>^為正整數。開機區段、檔案索引 ❹ 及^儲存區段中的每—區段,皆是由多個磁區 術所組成,而其中開機區段是固定由第丨個(以 ϋΥΓϋ來標示)磁區402所組成。在此開機區段中,只 Η是用來存放主要開機記錄(刪4_嶋吨 ),也就是存放先前所述,開機時會用到的重要程式及資 =而第2個(以!來標示)至第63個磁區4〇2通常不會擺放 -貝料,也就是第2個至第63個磁區搬通常是㉔的區間。 因此’便可將上述識別碼儲存於開機區段内,位於主要開機呓 錄(即第1個磁區402)之後的區間中。以此例來說,是將上述 識別碼儲存於第63個磁區402中。當然,若是上述之第】個 磁區402仍有足夠的儲存空間,那麼也可以是將上述之識別碼 201037551 儲存在第1個磁區4〇2中。 單元二^二st柯贿全管理倾_查看記憶 .:依外接ΐ:ί有置識:碼對電 為。 接式儲存裝置 料存取行 圖5綠示依照本發明另 照圖W匕外接式儲存裝置5〇〇 ^夕==裝置。請參 〇置遍的不同之處在於,外接式儲====儲存裝 元502的開機區段中儲存識別碼,而疋在記憶單 案索引表區段中儲存識別碼。以下再 來地的播 在上述權案索引表區財存放識別碼。 步說明如何 識別:為ΪΓ何在記憶單元502之播案索引表區段中存放 由於浐宰^ /「在/f中’記憶單元502具有N個磁區602。 ==此=^放:案儲存區段中之各 Ο 中產生檔案606,以在檔案索;=Γ 槽案儲存區段 索引資訊604,鈇後再將^別赌二又中對應產生檔案606之 •識碼儲存於索引資訊刚中。如此 的播案ΐ引』看記憶單715〇2 限,從而管控電腦與外接式儲存装置之間的資料 荦儲上述之釣|資訊604記錄有槽案606於檔 =存區段中的储存位置,並記錄有槽案606的儲存位置是否 為抽壞磁區(bad sector)的資訊,以便讓電腦可以判斷此儲存位 201037551 置是否可正確讀寫,且帝引咨4 „„ 及其他有關槽案606的資气,因m有槽案606的播名 f. 604 tm 604 ^ ^ 示為損壞磁區。舉例而將槽案_所處儲存位置標 檔案606的檔名改為‘石馬/ =索引,604所記錄之 理軟體就只需查看記惰單元…電腦中的資訊安全管 損壞磁區的靖區段内,有標示 Ο Ο 之-槽=此-中來而==;儲,案儲存區段内 看記憶單元502的標案索引表區段内 有識別碼,就能進一步使雷 :索引貝訊中疋否儲存 置·對應的資料存取權限外接式儲存裝 則之間的資料存取從而官控電腦與外接式儲存裳置 碟:=皆為⑽隨身 200 > 儲存區段,並不需要赫*〔或/ ;。己饫單兀中的檔案 分,且本發明所^被f刀為隱藏空間及開放空間這二個部 不必具有可將„之外由接式儲存裝置所採用之控制單元,也 開放空間的功妒二早,中的標案儲存區段劃分為隱藏空間及 適合鱼資喊二 本發騎提出之外接式齡裝置不僅 製造過=搭配ί用,並且在外接式儲存裝置的 ^η ,.疋王不兩要特疋兀件製造商的配合。值得一接 存裳置;麼夕及usb隨身碟以外的儲 曆外接式儲存裝置及·也可能不具有控制單 201037551 元 Ο ❹ 圖7即繪示依照本發明一實施例之外接式儲存裝置的製 造方法。請參照圖7,在此方法中,首先是提供—外接式儲存 裝置,此外接式儲存裝置具有記憶單元(如步驟S7〇2所示)。 接著,在上述記鮮元巾建立檔㈣統,此檔㈣統具有開 區段及檔案索引表區段,並在開機區段或槽案素引表區段令儲 存-識別碼’此識與可被絲有資訊安全體之電腦辨 識,而資訊安全管理軟體會使電腦依據識別碼而賦予 存裝置對應的資料存取權限(如步驟S704所示)。 在上述步驟S7G4巾’若是在職區段 將,儲存於開機區段内,位於主要開機記錄之後 二間中。反之,在上述步驟S7〇4中,若是選擇在 〜f案,以在檔案索引表區段中對應產生上述檔案之索引 宏ΐ後再將識別碼儲存於此索引資訊中。此外,若是選擇 的内子識別碼’還可進一步修改此索引資訊 安全管理軟射針㈣磁區,讓資訊 碼之尋找。 有心不_磁£的索引資訊來進行識別 全管針對外接式儲存裝置提出—套資訊安 接式儲存裝置的資訊安:管圖理8二=;二 於-電腦,且此電腦安裝有資、t女王“里方法適用 裝置所具有的記憶單元中,於 電月_之外接式儲存 有之開機區段内’或是播案系統;r有 12 201037551 是否儲存有識別碼(如步驟S802所示 ^ 儲存有識別碼。此外,在步驟要二機:錄,後,間中’是否 看檔案封表區段内是ί儲^卜資訊安全管理軟體查 索5丨时引資訊中,是否儲存有識別碼。—看槽案 資訊;憶單元中’並沒有儲存識別外 Ο Ο 外接式儲存裝置中的仍可讀取儲存在 單元中儲存有識別碼時虽外接式儲存裝置的記憶 碼’並確認識別碼是否屬軟體取得識別 控識別碼的其中之一,以理軟體所預設之多個管 接式儲存t置_的資^ ^使電驗顧別碼而賦予外 在執行完 體所預設之多個管控識別碼的/中^,=資訊安全管理軟 便使電腦依據朗碼_接胃訊安全管理軟體 權料如步驟s_所示m接2存裝置對應的資料存取 理軟體所預設之多個管控識別碼的;= 馬:屬:資訊安 軟體便限制電腦與外接式儲存裝置i門的次訊女全管理 驟S810所示)。 置之間的貝料存取行為(如步 〜f ίΓί述賴安辣财法的教示,圖1所示之m入 g系統的料者,便可修改資訊安 貝。文王 訊安全管理軟體的_ 服™搬所安裝之資 所安裝之資訊安全管理軟體的tii、的118及120 往式的刼作,讓本發明所提 201037551 出之外接式儲存裝置適合與圖丨 配使用。再用本發明所提出 ^ ^安全管理系統搭 系統之間的操作方式來舉例之。妾式錯存裝置與資訊安全管理 必須先說明的是,在此資訊 其 資訊安全管理系統亦分有二種=理方法中,所運用到的 是必須以隨時連線的方式來、式,其中第一種操作方式 不必隨時連線也可進行“再乍二第,種操作方式則是 Ο ❹ 方式。當有員工將本發明所提出1來說明第一種操作 中的任&出卜接式儲存裝置連接至圖1 ㈣仕,例如連接至電腦116 〜口 全管理軟體的代理程式,就合去 ,116中之貝· 記憶單元中,儲存於記憶單::σ接式儲存裝置所具有的 ^ 4機區段内或是檔案索引表區 代理程式取得開機區段内之識別碼的方 開機區段内’位於主要開機記錄之後的^ 代理程式取得檔㈣引“之識別碼。此外’上述 案索引表區==内,別碼的方式’是去查看槽 所需之識別ί索5丨貝财,是否儲存有識別碼,進而取得 ㈣ίΐ述’―但代理程式取得儲存在上述外接式儲存裝置中 m ’就會將有—外接式储存裝置連接至㈣116的情 102。垃-此夕'接式儲存裝置的識別碼告知資訊安全伺服器 雪腦ιιΛ’貝訊安全饲服器1〇2便會向AEM司服器104確認 疋否屬於公司内部管控的電腦。—但相為是,資訊 服益102就會轉而向資料庫106確認上述外接式儲存裝 別碼’以判斷此識別碼是否屬於管理者事先透過控制台 麻次=至資料庫106的内部管控識別碼。若又確認為是,那 麼貧訊安全飼服器102就會向資料庫106取得對應於上述外接 14 201037551 式儲存裝置之珥_ 知電腦116。:此—來貝:斗存取權限,並將此資料存取權限主 理程式,便可根據4外中之資訊安全管理軟體的; 限,來管控電腦ί16 置之識別鳴的資料存取權 Ο 〇 本發明所提出之外接式儲再參照圖1。當有員工將 如連接至電腦116時,==接至旧t的任-電腦,例 程式’就會去取得外接^ ^之貝訊女全管理軟體的代理 於記憶單元之装置所具有的記憶單元中,館存 開識別,方式,包括』去查: 別碼,進响得所f之識料。、是否儲存有識 素引表區段内之識別妈的得標案 索引㈣中,是否儲存有識别碼,進段内的 ^就會將取得的辨識碼與電腦H6事先^的識別 訊安全飼服器資料存取權限,進而讓資 ,識別碼對朗資财及每一 118 及 12〇。 可王电月自 112、114、116、 因此,在代理程式取得識別碼之後,— =线別碼是屬於公司内部管控識別碼的其中之 == 二镜的資料存取權限來管控電:'16 U卜接式儲存裝置之間的資料存取行為。反之,若代理程 15 201037551 式判斷所取得—獅並 ★ 耘式就會限制電碯ί16虚;Α 5内部管控識別碼時,代理 取行為。而此處所指的限制,^接式儲存裝置之間的資料存 至外接式儲存裝置,但],如π禁止電腦116將槽案錯存 置t的檔案。 乃可讀取儲存在外接式儲存裝 、·’示上所述’本發明乃9 ο 開機區段或檔案㈣表^中儲夕存m存裝置之檔案系統的 裝有資訊安全管理軟體之電腦識別碼可被安 電腦依據朗碼而解外接^貝^全管理軟體會使 限。因此,本發明所提出之外資料存取權 要特定元件製造商的配裝太置的製造過程中,不需 存裝置提出-套資訊安全管ς =發明還針對外接式儲 接式儲存裝置之檔案系統的開機區段^辨^電腦;連接之外 否儲存有識別碼,若為是,便又二二案索表段中,是 公司内部的管控識別碼,以這= 否屬於 ο 腦與外接式儲存裝置之間的資料存取^格限’還是要限制電 ,本發明已以祕實施例㈣如上,財 本發明,任何《此技藝者,在顿 内,當可作些許之更動與潤飾,因此本發二=神^圍 附之申請專利範圍所界定者為準。 ’、屢耗圍視後 【圖式簡單說明】 圖 a 1 W丹〒—種架構。 2繪示習知之-種應祕前述f訊安全管理系統的 圖 繪示資訊安全管理系統的其中—種架構 繪示習知之一種應用於俞古二 16 201037551 USB隨身碟架構。 圖3繪示依照本發明一實施例之外接式館存裝置 圖4為說明如何在記憶單元302之 碼的示意圖。 開機區段令存放識別 ΟSeCt〇r) 402, where >^ is a positive integer. Each of the boot sector, the archive index ❹ and the ^ storage section is composed of a plurality of magnetic regions, and wherein the boot sector is fixed by the third (marked by ϋΥΓϋ) magnetic region 402. Composed of. In this boot section, only the main boot record (deleting 4_嶋 tons) is stored, which is the important program and information used in the booting, and the second one (by ! Marked) to the 63rd magnetic zone 4〇2 is usually not placed - batting, that is, the 2nd to 63rd magnetic zone is usually 24 intervals. Therefore, the above identification code can be stored in the boot sector, in the interval after the main boot record (i.e., the first magnetic zone 402). In this example, the identification code is stored in the 63rd magnetic zone 402. Of course, if the above-mentioned magnetic region 402 still has sufficient storage space, the above identification code 201037551 may be stored in the first magnetic region 4〇2. Unit two ^ two st a bribery full management _ _ memory :: According to external ΐ: ί have knowledge: code to electricity for. Connected Storage Device Material Access Line Figure 5 is a green display in accordance with the present invention. Figure 4 is an external storage device. The difference is that the external storage ==== storage unit 502 stores the identification code in the boot section, and stores the identification code in the memory file index table section. The following broadcasts are stored in the above-mentioned rights index table. The step explains how to identify: why is it stored in the broadcast index table section of the memory unit 502. Since the memory unit 502 has N magnetic regions 602 in the memory unit 502. == This = ^ put: case storage A file 606 is generated in each of the sections to store the section index information 604 in the file; then, the code of the corresponding file 606 is stored in the index information. In the case of such a broadcast, the memory list is 715〇2, so that the data between the computer and the external storage device is managed and stored. The information 604 records the slot 606 in the file=storage section. The storage location is recorded, and the storage location of the slot 606 is recorded as information of the bad sector, so that the computer can judge whether the storage location 201037551 can be correctly read and written, and the guide 4 and other Regarding the qualification of the slot 606, the broadcast name f. 604 tm 604 ^ ^ of the slot case 606 is shown as a damaged magnetic zone. For example, the file name of the storage location mark file 606 is changed to 'stone. Horse / = index, 604 recorded software software just need to look at the idle unit... information security tube in the computer In the Jing section of the damaged magnetic zone, there is a mark Ο - - slot = this - medium and ==;; in the storage section, the identification index of the memory unit 502 is identified by an identification code. Further to make Lei: Index 讯 疋 储存 储存 · · 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 对应 官 官 官 官 官 官 官 官 官 官 官 官 官 官 官 官 官 官 官 官 官 官The storage section does not require the file division in the hexadecimal unit, and the two parts of the invention are hidden space and open space, and the two parts do not have to be connected. The control unit used in the storage device also has the function of opening the space for two early days. The standard storage section is divided into hidden space and suitable for fish and shouting. The external connection device is not only manufactured = with ί Use, and in the external storage device ^ η, 疋 不 不 要 要 要 要 要 要 。 。 。 。 。 。 。 。 。 。 。 It is worthwhile to store the storage device; the external storage device other than the USB flash drive and the USB flash drive and/or may not have the control list 201037551 Ο ❹ Figure 7 shows the external storage device according to an embodiment of the present invention. Production method. Referring to Figure 7, in this method, first, an external storage device is provided, and the external storage device has a memory unit (as shown in step S7〇2). Then, in the above-mentioned fresh-spot towel, a file (four) system is created, and the file (four) system has an open section and a file index table section, and the storage-identification code is identified in the boot section or the slot-entry section. The information security management software can cause the computer to grant the data access authority corresponding to the storage device according to the identification code (as shown in step S704). In the above step S7G4, if the in-service section is stored in the boot section, it is located in the second section after the main boot record. On the other hand, in the above step S7〇4, if the ~f case is selected, the index macro of the file is correspondingly generated in the file index table section, and then the identification code is stored in the index information. In addition, if the selected inner sub-identification code can further modify the index information, the security management soft needle (4) magnetic area is used to find the information code. The index information of the heart is not _ magnetic to identify the whole tube for the external storage device - the information of the information connection storage device information: tube diagram 8 2 =; two in - computer, and this computer is installed, In the memory unit of the Queen's method, the memory unit is stored in the power-on section of the power-on-the-month connection or the broadcast system; r has 12 201037551 whether an identification code is stored (as shown in step S802). ^ There is an identification code stored in it. In addition, in the second step of the machine: Record, after, in the middle of the 'Do not look at the file in the table section is ί 储 ^ 卜 information security management software search 5 丨 when the information, whether stored Identification code. - Look at the slot information; in the unit, 'there is no storage identification Ο Ο The external storage device can still read the memory code of the external storage device when the identification code is stored in the unit' and confirm Whether the identification code belongs to the software and obtains one of the identification control identification codes, and the plurality of pipe-connected storages set by the management software are configured to give the external execution execution Set a number of management identification codes / in the ^, = capital The security management software makes the computer based on the language code _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Dependent: Information security software will limit the computer and the external storage device i door secondary management female management step S810). Between the set of material access behavior (such as step ~ f Γ Γ 述 赖 赖 辣 辣 辣 的 教 教The information of the m-g system shown in Figure 1 can be modified by the information. The information security management software installed by the company's security management software _ service TM installation of the information security management software tii, 118 and 120 The method of the present invention allows the external storage device of the present invention to be used in conjunction with the drawings. The operation mode between the systems of the security management system proposed by the present invention is exemplified. Device and information security management must first explain that in this information, its information security management system is also divided into two kinds of methods: the method used must be connected in a timely manner, the first operation No need to connect at any time. "After the second, the mode of operation is the Ο ❹ method. When an employee has proposed the invention to provide a description of the first operation of any & outlet storage device is connected to Figure 1 (d), for example, the connection To the computer 116 ~ port full management software agent, go, 116 in the Bay memory unit, stored in the memory list:: σ connected storage device has ^ 4 machine section or file index table The agent in the zone obtains the identification code in the boot sector. The agent in the boot sector is located after the main boot record. The agent obtains the file (four) and the identifier of the file. In addition, the above index table area ==, the code is The way 'is to check the identification of the slot. 5 丨 财 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , The storage device is connected to the situation 102 of (4) 116. The identification code of the -- ' 'connection storage device informs the information security server that the snow ι ι Λ Λ 贝 贝 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全 安全- But if it is, the information service benefit 102 will then confirm the above-mentioned external storage device code ' to the database 106 to determine whether the identification code belongs to the manager's prior control through the console = to the internal control of the database 106 Identifier. If it is confirmed to be YES, then the poor security feeder 102 will obtain from the database 106 the corresponding computer 116 corresponding to the external 14 201037551 storage device. : This - come to Bay: bucket access rights, and this data access rights manager program, according to the information security management software of the 4 outside, can control the computer access rights之外 之外 The external storage of the present invention is further referred to FIG. 1 . When an employee will connect to the computer 116, == to the old t-computer, the program will go to the memory of the device that is connected to the memory unit of the external management software. In the unit, the library saves the identification, the method, including the "check": the code, the response to the sound. Whether to store the identification index (4) of the identification mom in the occultation section, whether the identification code is stored, and the identification code obtained in the segment will be securely fed with the computer H6. Access to data, and then to the capital, the identification code for Lang Zicai and each 118 and 12 〇. Wang Wangyue from 112, 114, 116, therefore, after the agent obtains the identification code, the -= line code is one of the company's internal control identification code == two mirrors data access authority to control power: ' Data access behavior between 16 U-connected storage devices. On the other hand, if the agency 15 201037551 judges that the obtained lion and ★ 耘 will limit the power 碯 16 Α Α Α Α Α Α 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部 内部In the case of the limitation referred to herein, the data between the connected storage devices is stored in the external storage device, but, for example, π prohibits the computer 116 from arbitrarily storing the file in the slot file. It can read the computer equipped with the information security management software stored in the external storage device, the above-mentioned invention is the file system of the storage system or the file (4) table The identification code can be solved by the computer based on the Lang code and the external management software will limit the limit. Therefore, the data access right proposed by the present invention is not required to be stored in the manufacturing process of the component manufacturer. The information security device is also invented for the external storage device. The booting section of the file system ^ distinguishes the computer; if there is an identification code stored outside the connection, if it is, then the second and second case table is the internal management identification code of the company, so that = no belongs to ο brain and The data access between the external storage devices is limited to 'restriction of electricity', and the present invention has been described in the fourth embodiment of the invention, as described above, the financial invention, any "this artist, in the election, when there are some changes Retouching, therefore, the definition of the scope of the application for patent application is subject to the definition of the patent application scope. ‘, after repeated consumption of vision [simplified diagram] Figure a 1 W Dan 〒 - kind of architecture. 2 depicting the knowledge of the above-mentioned information security management system of the above-mentioned information security management system, which is one of the architectures of the information security management system, which is used in Yugu 2 16 201037551 USB flash drive architecture. 3 is a schematic diagram of an external storage device in accordance with an embodiment of the present invention. FIG. 4 is a schematic diagram showing how the code is stored in the memory unit 302. Boot section to store identification Ο
圖5繪示依照本發明另一實施例之外接式儲存裝置。 圖6為說明如何在記憶單元502之檔案索引表區段中存 放識別碼的示意圖。 圖7繪示依照本發明一實施例之外接式儲存裝置的製造 方法。 化 圖8繪示依照本發明一實施例之外接式儲存裝置的資訊 安全管理方法。 【主要元件符號說明】 102 :資訊安全伺服器 104 : AD伺服器 106 :資料庫 108:控制台 110 :内部網路 112、114、116、U8、12〇 :電腦 200 : USB隨身碟 202、302、502 :記憶單元 204、304 :控制單元 206 : USB連接介面 208:隱藏空間 210 :開放空間 300、5〇〇 :外接式儲存裝置 306 :連接介面 17 201037551 402、602 .磁區 604 ··索引資訊 606 :檔案 S702 、 S704 、 S802FIG. 5 illustrates an external storage device in accordance with another embodiment of the present invention. Figure 6 is a diagram showing how the identification code is stored in the file index table section of the memory unit 502. FIG. 7 illustrates a method of fabricating an external storage device in accordance with an embodiment of the present invention. FIG. 8 illustrates an information security management method of an external storage device according to an embodiment of the invention. [Main component symbol description] 102: Information security server 104: AD server 106: database 108: console 110: internal network 112, 114, 116, U8, 12: computer 200: USB flash drive 202, 302 502: memory unit 204, 304: control unit 206: USB connection interface 208: hidden space 210: open space 300, 5: external storage device 306: connection interface 17 201037551 402, 602. magnetic area 604 · · index Information 606: Files S702, S704, S802