201201038 六、發明說明: 【發明所屬之技術領域】 .[⑻]本發明係關於一種儲存裝置驗證系統,尤指利用一客戶 . 金鑰與一設備金鑰進行雙重加解密驗證之儲存裝置驗證 糸統。 [先前技術] 刚於m統領射,多半係由設備商職系統硬體 和執行該硬體之軟體,並將該系統硬體與軟體販售給系 0 統商’系統商㈣助其客戶進行祕規劃。於大部份的 例子中,系統商會因應制客戶之需求開發客製化之應 用程式’以控制不同之控制裴置。 _目此“商最重要的#錢缺前獻客肢應用程式 …而’客戶若需擴充產能時’時常為了節省成本會 構買較為廉價之系統硬體’並自行複製與安I上述之應 用程式與軟體,造成线商叹設備商莫大之損失。 闺目前防止盜版之技較要有兩種…種是於安裝應用程 u μ輪入授權序號’但是’於此例子中,客戶已具有只 少一組授權序號,或是客戶切整㈣相助程式之 儲存裝置進行複製於另一儲錢置上,因此難以克服此 問題。 [晒另―種為執行應隸狀會連上網際崎傳送驗證資訊 π系、先商,若驗證不通過則,無法執行。但是於工業領 域中’客戶為了防止内部資料m半都無法或不願 意於外部之網際網路連接,因此,難以適用此方式。 099121101 表單編號A0101 第3頁/共23頁 0992037223-0 201201038 【發明内容】 [0006] 為了改善上述習知之缺失,本發明之目的係提供一種儲 存裝置驗證純及方法,其彻—客戶金料—設備金 錄進行雙重加解密以驗雌㈣置驗證系統,以防止一 電子裳置讀取儲存裝置上未經授權之應用程式。 [0007] 了達成上述之目的,本發明係提供一種儲存裝置驗證 系統,係包含-電子裝置與1錢置。該電子裝置, 係包含-記憶單元,該記憶單元係存有—加解㈣式。 該儲存裝置,係用以安裝於該電子|置,該記憶單元係 存有-加密應用程式、一加密金鑰資料;其中盆中談 電子裝置係依據—設備麵,解密該加密錢資料,^ =ΠΓ並依據該客戶金錄解密該加密應用程 式以形成一應用程式。 [0008] =達=目的,明另提供一種儲存裝置驗證 方法’係…列步驟:將―儲存裳置安裝 置。依據-客戶金輪加密一應用程式1 用程式,並㈣加絲^切存於_存裝置。= 子裝置依據-設備麵加㈣客戶錢以形成—加》密金 餘資料,並㈣加密錢資贿存㈣贿裝置。 電子装置欲執行該應用程式時,依據該設備 = 客戶金麟密該加密/用^金鑰。該電抒置依據該 在應用程U還原成該應用程式。 [0009] 099121101 為了達成上狀目的,本發”提供—韻 方法,係包含下列步驟Ο將-儲存裝置安裝於—二 置。該歧裝置依據—客戶•加密-應用程式,以= 表單編號A0101 第4頁/共23頁 099121101 表單編號A0101 0992037223-0 201201038 成—加密應用程式,並 f堵存於該錯存裝置。將該儲存式與該客戶金餘 該電子裝置依據-設備金餘加密電子裝置。 密金輪資料,並將該加密金輪資;:金餘以形成—加 當該電子裝置欲執行該應用子虛該儲存裝置。 亥客戶錢咖峨—物該應用2 [0010] 〇 综上所述’本發明係利絲戶為與設備麵進行雙重 加解被驗證儲存m之加密助㈣m如習知 技術般,需要連接至網際網路加以驗證。此外,當客戶 複製儲存1置至另-台電子袭置執行時,由於該電子装 置並無法取得正確之設備金鑰,因此亦無法取得客戶金 鑰以解密該加密應用程式,因此可以限寒該應用程式只 月b限疋於該特定之電子裝置使用.,進而能達到防止應用 程式被盜用之問題。 - ◎ [0011] 另於本發明中,於系嬈商本身:可完全與輕易地進行本發 明之儲存裝置驗證方法,不需要將應用程式洩漏給第三 人’可增加應用程式之保密性。 【實施方式】 [0012] 請參閱第一圖與第二圖,第一圖係本發明之儲存裝置驗 099121101 證系統之系統圖,第二圖係本發明之儲存裝置之方塊圖 。本發明之儲存裝置300驗證系統係可包含—設定裝置 100、一電子裝置2〇〇與一儲存裝置3〇〇。該設定裝置1〇〇 與該電子裝置200係可為一工業用電腦、個人電腦、或筆 表單編號A0101 第5頁/共23頁 0992037223-0 201201038 記型電腦等裴置,該設定裝置100係用以設定該電子裝置 200與該儲存裝置3〇〇。該儲存襞置3〇〇係可為一記憶卡 、一硬碟、或一隨身磘等可讀寫之儲存裝置300,於本實 施例中該儲存裝置3〇〇係為一記憶卡。上述之電子裝置 200係可由設備商製造完後,送交於系統商進行設定。 [0013] [0014] 099J21101 该設定裝置1〇〇係可包含一處理單元110、一記憶體120 讀卡單元130、以及一輪入單元14〇。該處理單元 11〇係可為一處理晶片並與該記憶體12〇、該讀卡單元 130、以及該輸入單元140電性連接。該記憶體12〇係可 儲存有一操作程式121、—應用程式122、一加解密程式 U3、一客戶金鑰。該讀卡單元13〇係可供該儲存裝置 3〇〇插置並電性連接。該輸入單元14〇係可為一鍵盤及滑 鼠等輸入裝置。客戶金输係可經由該輸入單元14〇輸入於 該記憶體12G。本發明所提及之加解密程式、利用金餘 (Key)進行加密或是解密之動作,均為習知之技術,如利 用Hash、DES、AES等加解密技術,在此不多作描述。 若該儲存裝置300與該讀卡單元13〇電性連接,該處理單 元110係可依據該客戶金鑰加密該應用程式122,以形成 一加密應用程式,並儲存於該儲存裝置3〇〇。若該儲存裝 置300與該電子裝置2〇〇之讀卡單元230電性連接,該處 理單元1丨〇則7將n亥加进應用程式傳送於該電子裝置2 〇 〇 ,並使該電孑裝置2〇〇儲存該加密應用程式於該儲存裝置 3〇〇 〇 於另一例子4錯存裝置3〇〇與該電子裝置2〇〇之讀卡 單元230電性連接,讀儲存裝置300之資料區31〇係儲存 表單編號第6頁/共23 ¥ 0992037223-0 [0015] 201201038 [0016] Ο [0017]201201038 VI. Description of the invention: [Technical field to which the invention pertains] [(8)] The present invention relates to a storage device verification system, in particular to a storage device verification using a client. a key and a device key for double encryption and decryption verification. System. [Prior Art] Just before the m system led, most of them were hardware and hardware of the equipment business system, and the system hardware and software were sold to the system vendor (4) to assist their customers. Secret plan. In most of the cases, the system developer develops customized applications in response to the needs of the customer to control different control devices. _ 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目 目Programs and software, causing the line to sigh the loss of equipment manufacturers. 闺 Currently there are two ways to prevent piracy... the application is to install the application u μ turn in the authorization serial number 'but' in this example, the customer has only If there is one set of authorized serial numbers, or the storage device of the customer's cut-out (four) helper program is copied to another storage bank, it is difficult to overcome this problem. [Twisting another kind of implementation should be performed by the company. The information π system, first business, if the verification does not pass, can not be executed. However, in the industrial field, 'customers in order to prevent internal data m are unable or unwilling to connect to the external Internet, so it is difficult to apply this method. 099121101 Form No. A0101 Page 3 of 23 0992037223-0 201201038 SUMMARY OF THE INVENTION [0006] In order to improve the above-mentioned drawbacks, the object of the present invention is to provide a storage device verification. And the method, the customer-gold material-device gold record double encryption and decryption to test the female (four) verification system to prevent an electronic device from reading the unauthorized application on the storage device. [0007] OBJECTS OF THE INVENTION The present invention provides a storage device verification system, which includes an electronic device and a memory device. The electronic device includes a memory unit, and the memory unit has a solution (4). Installed in the electronic device, the memory unit stores an encryption application and an encryption key data; wherein the electronic device in the basin is based on the device surface, decrypting the encrypted money data, ^=ΠΓ and according to the customer The golden record decrypts the encrypted application to form an application. [0008] = 达 = purpose, Ming also provides a storage device verification method 'system... column step: will store the storage device. According to - customer gold wheel encryption an application Program 1 uses the program, and (4) adds the wire to the _ memory device. = Sub-devices based on the device side plus (4) customer money to form - add "extra gold data, and (4) encryption money bribes (four) bribe device. When the electronic device wants to execute the application, according to the device=Customer Jinlin, the encryption/use of the key. The device is restored to the application according to the application U. [0009] 099121101 In order to achieve the purpose, Ben The "providing-rhythm method" includes the following steps: mounting the storage device to the second set. The device is based on the client-encryption-application, with the form number A0101, page 4/23 pages, 099121101 form number A0101 0992037223-0 201201038 into the encryption application, and f is blocked in the device. The storage type and the customer's gold-based electronic device are encrypted according to the device. The data of the gilt wheel, and the volatility of the cryptopoly;; the gold surplus to form - add when the electronic device wants to execute the application virtual storage device. Hai customer money curry - the application of the application 2 [0010] In summary, the invention is based on the double-extraction of the equipment surface to verify the storage of m encryption assistance (four) m, as in the conventional technology, need to be connected to The internet is verified. In addition, when the customer copies the storage 1 to another electronic execution, since the electronic device cannot obtain the correct device key, the customer key cannot be obtained to decrypt the encrypted application, so the cold application can be limited. The application is only limited to the use of the particular electronic device. This can prevent the application from being stolen. - ◎ [0011] In addition, in the present invention, the system itself: the storage device verification method of the present invention can be completely and easily performed, and the application does not need to be leaked to a third person' to increase the confidentiality of the application. [Embodiment] [0012] Please refer to the first figure and the second figure. The first figure is a system diagram of the storage device of the present invention, which is a 099121101 certificate system, and the second figure is a block diagram of the storage device of the present invention. The storage device 300 verification system of the present invention may include a setting device 100, an electronic device 2A, and a storage device 3A. The setting device 1 and the electronic device 200 can be an industrial computer, a personal computer, or a pen form number A0101, page 5 of 23 pages 0992037223-0 201201038, such as a type of computer, the setting device 100 It is used to set the electronic device 200 and the storage device 3〇〇. The storage device 3 can be a memory card, a hard disk, or a portable storage device 300 such as a portable device. In the embodiment, the storage device 3 is a memory card. The electronic device 200 described above can be manufactured by the equipment manufacturer and sent to the system vendor for setting. [0014] 099J21101 The setting device 1 can include a processing unit 110, a memory 120 card reading unit 130, and a wheeling unit 14A. The processing unit 11 can be a processing chip and is electrically connected to the memory 12, the card reading unit 130, and the input unit 140. The memory 12 can store an operating program 121, an application 122, an encryption and decryption program U3, and a client key. The card reading unit 13 is adapted to be inserted and electrically connected to the storage device. The input unit 14 can be an input device such as a keyboard and a mouse. The customer credit system can be input to the memory 12G via the input unit 14A. The encryption and decryption program mentioned in the present invention and the operation of encrypting or decrypting by using Key is a conventional technique, such as using Hash, DES, AES, etc., and is not described here. If the storage device 300 is electrically connected to the card reading unit 13, the processing unit 110 can encrypt the application 122 according to the customer key to form an encrypted application and store it in the storage device. If the storage device 300 is electrically connected to the card reading unit 230 of the electronic device 2, the processing unit 1 transfers the application to the electronic device 2, and causes the device to be transferred. The device 2 stores the encrypted application in the storage device 3, and the other device 4 is connected to the card reading unit 230 of the electronic device 2, and reads the data of the storage device 300. Zone 31〇Storage Form Number Page 6 of 23 ¥ 0992037223-0 [0015] 201201038 [0016] Ο [0017]
G 099121101 有該應用程式’該處理單元110係可執行該操作程式121 ,傳輸該客戶金鑰於該電子裝置200,並控制該電子裝置 200之加解密程式221依據該客戶金鑰加密該應用程式, 以形成一加密應用程式320,並儲存於該儲存裝置3〇〇。 °玄電子裝置2〇〇係可包含—處理單元21〇、一記憶單元 22〇、一讀卡單元230、一輪入單元240、與一網路卡250 ,其中該網路卡250係設有一網路卡號,該網路卡號係可 為—設備驗證碼。該處理單元21〇係可為一處理晶片並與 該圮憶單元220、該讀卡單元230、鱗輸入單元240與該 網路卡250電性連揍。該記憶單元22〇隹可儲存有一加解 岔程式221與一設備金鑰222。該讀卡單元230係可供該 儲存裝置300插置並電性連接。該輸入單元24〇係可為一 鍵盤及滑鼠等輸入裝置。 .:匕:..: . 當該儲存裝置300電性連接該讀卡單元23〇時,若該儲存 裝置300之資料區310係存有一應用程式以及一客戶金鑰 ,該處理單元210係可執行該加解密程式221以依據該客 戶金鑰加岔該應用程式以形成—加密應用程式32〇,並儲 存於該儲存裝置300 ’最後並清除該資料區31〇内之該應 用程式以及該客戶金^上述之客戶錢亦可不儲存於 該儲存裝置300内’係可經由該輸入單元24〇輸入,或是 接收該設定裝置剛所傳輸之客戶金餘。於另一例子中, 該應用程式亦可不儲存於該儲存裝置綱,可經由該設定 裝置100所傳輸。 該儲存裝置300係可包含-記憶體3〇卜該記憶體3〇1係 設有該資料區310與-儲存裝置驗證碼34〇,以及儲存有 表單編號A0101 第7頁/共23頁 0992037223-0 [0018] 201201038 一加密應用程式320、一加密金鑰資料330。該儲存裝置 驗證碼340係於該儲存裝置3〇〇出廠時,由製作廠商設定 之該儲存裝置300之唯一編碼,因此不會有兩個儲存裝置 300具有一樣之儲存裝置驗證碼34〇。當該儲存裝置300 安裝於該電子裝置200時,該電子裝置200係可讀取該儲 存裝置驗證碼340與該設備驗證碼以形成該設備金鑰222 。.此外一設備商亦可於該記憶單元220儲存一設定驗證碼 ’該電子裝置200係讀取該儲存裝置驗證碼340、該網路 卡250號或該設定驗證碼以形成該設備金鑰222。 [0019] [0020] 請參閱第二圖與第三圖’第三圖係為本發明之客戶端應 用系統圖’其中該儲存裝置3〇〇係可與該讀卡單元230電 性連接。於本例子中’系統商設定完儲存裝置300並安裝 於電子裝置200内時,可將該電子裝置200設置於客戶端 之自動控制系統中。該終端電腦4〇〇係遠端操作該電子裝 置200,以經由該控制裝置500控制該終端設備6〇〇,其 中該終端設備600係可為一機械手臂或是一攝影機等設備 .. … : 。當該電子裝置2 0 0欲發出操作指令於該控制裝置5 〇 〇時 ’該電子裝置200之處理單元21〇會先執行該加解密程式 221,該加解密程式221會先讀取該網路卡號與該儲存裝 置驗證碼340以形成一設備金錄222。該加解密程式221 並利用該設備金鑰222解密該加密金鑰資料330,以取得 一客戶金鑰,並依據該客戶金鑰解密該加密應用程式320 以形成一應用程式。因此終端電腦4〇〇係可遠端執行該應 用程式’以下達操作指令給該控制裝置5〇〇。 於本例子中’若該網路卡號與該儲存裝置驗證碼34〇,有 099121101 表單編號A0101 第8頁/共23頁 0992037223-0 201201038 其中一者不符合,則無法解密該加密金鑰資料33〇,進而 該電子裝置200無法獲得及執行該應用程式。因此客戶端 無法經由複製該儲存裝置300之資料,或是另行購買電子 裝置200 ’執行該應用程式。 [0021] 請參閱第四圖,料本發明之儲存I置驗證方法之第— 實施例之步驟流程圖,另請一併參考第一圖至第三圖。 此實施例之特徵係為將該儲存裝置3〇〇安裝該電子裝置 200時製作該加密應用程式32〇。於加密步驟時,首先, θ [0022] 可先將該儲存敦置3G〇安裝於該電子裝置2 Q Q (步驟$ ^ 〇 1 )〇 之後,依據一客戶金鑰加密一應用程式,以形成—加密 應用程式320,並將該加密應用程式32〇儲存於該儲存裝 置300 (步驟S1G3),其中該客戶金鑰係由系統商提供, 因此無論是客戶或是設備商均不會取得該客戶金鑰可 更進一步保護該應用程式不致於外洩。 [0023] Ο 於細部之實施方式中,线商可依S求轉下列兩種方 式進行,第一種方式為,系統商將儲存於該記憶體12〇之 客戶金鑰加密儲存於該記憶體12〇之應用程式122,以形 成該加密應用程式32Q,並由舰定裝置loo傳輸該加密 應用程式32G與該客戶金錄於該電子裝置2QQ,最後由該 電子裝置綱將該加密應用程式32G與該客戶金輪儲存於 該儲存裝置3GG 1此可管控該應用程式122,限制健存 於该设定裝置1GG,以減少朗該應用程式122之危險。 [0024] 另一作法是’可於_存裝謂G之資_31〇儲存該應 099121101 表單編號A0101 第9頁/共23頁 0992037223-0 201201038 用程式。該客戶金鍮可經由該電子裝置200之輸入單元 240輸入或是由該設定裝置100傳輸至該電子裝置200, 亦或是直接儲存於該儲存裝置300之資料區310。之後, 該電子裝置200可依照該客戶金鑰加密該應用程式,以形 成一加密應用程式320,並將該加密應用程式320儲存於 該儲存裝置300。之後,該電子裝置200可清除該資料區 310之應用程式。 [0025] 下一步,該電子裝置200係讀取該儲存裝置300之儲存裝 置驗證碼34 0與該電子裝置2 00之設備驗證碼以形成該設 備金鑰222,若有該設定驗證碼則一併讀取以形成該設備 金鑰222。該電子裝置200依據該設備金鑰222加密該客 戶金鑰以形成一加密金鑰資料330,並將該加密金鑰資料 330儲存於該儲存裝置300 (步驟S105),之後,該電子 裝置200可清除該資料區310中之應用程式或是客戶金鑰 〇 [0026] 由於該設備驗證碼係可為網路卡號,熟知此技術之人可 知每一網路卡250之網路卡號均為唯一之卡號,並且該儲 存裝置驗證碼340係為該儲存裝置300出廠時,所設定之 唯一之代碼(ID)。因此應用程式被限定為只有特定之電 子裝置200與儲存裝置300才能讀取。只要該加密金鑰資 料330 —經設定完畢,除了該電子裝置200之設備商能將 該加密金鑰資料330解密之外,無論是系統商或是使用客 戶均無法將該加密金鑰資料330解密。當該電子裝置200 本身需要升級或置換時,必須透過設備商,如此可保護 設備商之商機。 099121101 表單編號A0101 第10頁/共23頁 0992037223-0 201201038 [0027] ❹ 上述之步驟執行完畢後,可將該電子裝置200設置於客戶 端之工業自動控制系統中(如第三圖所示),當該電子 裝置200欲執行該應用程式時,該電子裝置200之加解密 程式221,依據該設備金鑰222解密該加密金鑰資料330 (步驟S107),之後該電子裝置200之加解密程式221會 判斷是否解密成功(步驟S10 9 ),若解密成功則可以取 得該客戶金鑰(步驟S111),若解密失敗該電子裝置200 則可發出一錯誤訊息,該錯誤訊息可傳送至該終端電腦 400,供操作者檢視(步驟S119)。由於該設備金鑰222 係根據該電子裝置2 0 0輿該轉存裝i 3 0 0,因此客戶端無 法自行更換該電子裝置200與該儲存裝置3〇〇,可保障系 統商與設備商之利益。 [0028] ❹ [0029] 最後,該電子裝置200依據該客戶金鑰解密該加密應用程 式320 (步驟S113),之後該電子裝置200之加解密程式 221會判斷是否解密成功(步驟S115),若解密成功則可 使該加密應用程式320還原成該應用程式,並加以執行( 步驟Sill),若解密失敗該電子裝置200則可發出一錯誤 訊息(步驟S119)。 第五圖係為本發明之儲存裝置驗證方法之第二實施例之 步驟流程圖’另請一併參考第一圖至第三圖。與第一實 施例不同之處在於,將該儲存裝置300安裝於該設定裝置 100時製作該加密應用程式320。於加密步驟時,首先。 將一儲存裝置300安裝於一設定裝置1〇〇 (步驟S301)。 該設定裝置100依據一客戶金鑰加密一應用程式,以形成 一加密應用程式320 ’並將該加密應用程式320儲存於該 099121101 表單編號A0101 第11頁/共23頁 0992037223-0 201201038 儲存裝置300,該客戶人认 客戶金鑰亦可選擇性地一同儲存於該儲 存裝置300之資料區31 j傾仔 i〇 (步驟幻03)。該系統商玎將該 儲存襞置300安裴於該雷 電子裝置200 (步驟S3〇5)。 [0030] [0031] [0032] 該電子裝置200依據—执 。又備金錄2 2 2加密該客戶金鑰以形 成一加密金鑰資料33〇,G 099121101 has the application 'The processing unit 110 can execute the operating program 121, transmit the customer key to the electronic device 200, and control the encryption/decryption program 221 of the electronic device 200 to encrypt the application according to the customer key. To form an encryption application 320 and store it in the storage device 3. The electronic device 2 can include a processing unit 21A, a memory unit 22, a card reading unit 230, a wheeling unit 240, and a network card 250, wherein the network card 250 is provided with a network. The road card number, the network card number can be - device verification code. The processing unit 21 can be a processing chip and electrically connected to the memory unit 250, the card reading unit 230, and the scale input unit 240. The memory unit 22 can store an add-on program 221 and a device key 222. The card reading unit 230 is adapted to be inserted into and electrically connected to the storage device 300. The input unit 24 can be an input device such as a keyboard and a mouse. When the storage device 300 is electrically connected to the card reading unit 23, if the data area 310 of the storage device 300 is stored with an application and a customer key, the processing unit 210 can Executing the encryption and decryption program 221 to add the application according to the customer key to form an encryption application 32, and store the same in the storage device 300' and clear the application and the client in the data area 31 The above-mentioned customer money may not be stored in the storage device 300, and may be input through the input unit 24 or receive the customer's gold balance just transmitted by the setting device. In another example, the application may not be stored in the storage device and may be transmitted via the setting device 100. The storage device 300 can include a memory 3, the memory 3 is provided with the data area 310 and the storage device verification code 34, and the form number A0101 is stored. Page 7 / 23 pages 0992037223 - [0018] 201201038 An encryption application 320, an encryption key material 330. The storage device verification code 340 is uniquely encoded by the manufacturer 300 when the storage device 3 is shipped from the factory, so that no two storage devices 300 have the same storage device verification code 34. When the storage device 300 is installed in the electronic device 200, the electronic device 200 can read the storage device verification code 340 and the device verification code to form the device key 222. In addition, a device vendor may also store a setting verification code in the memory unit 220. The electronic device 200 reads the storage device verification code 340, the network card number 250, or the setting verification code to form the device key 222. . [0020] Please refer to the second and third figures. The third figure is the client application system diagram of the present invention. The storage device 3 can be electrically connected to the card reading unit 230. In the present example, when the system provider sets the storage device 300 and installs it in the electronic device 200, the electronic device 200 can be placed in the automatic control system of the client. The terminal computer 4 remotely operates the electronic device 200 to control the terminal device 6〇〇 via the control device 500, wherein the terminal device 600 can be a robot arm or a camera device, etc.. . When the electronic device 200 is to issue an operation command to the control device 5, the processing unit 21 of the electronic device 200 first executes the encryption/decryption program 221, and the encryption/decryption program 221 reads the network first. The card number and the storage device verification code 340 form a device record 222. The encryption/decryption program 221 decrypts the encryption key data 330 by using the device key 222 to obtain a customer key, and decrypts the encryption application 320 according to the customer key to form an application. Therefore, the terminal computer 4 can remotely execute the application's following operational commands to the control device 5. In this example, 'If the network card number and the storage device verification code 34〇, there are 099121101 form number A0101 page 8/23 pages 0992037223-0 201201038 one of which does not match, the encryption key data cannot be decrypted 33 In other words, the electronic device 200 cannot obtain and execute the application. Therefore, the client cannot execute the application by copying the data of the storage device 300 or separately purchasing the electronic device 200'. [0021] Please refer to the fourth figure, which is a flow chart of the steps of the first embodiment of the present invention, and please refer to the first to third figures together. This embodiment is characterized in that the encryption application 32 is created when the storage device 3 is mounted on the electronic device 200. In the encryption step, first, θ [0022] may first install the storage device 3G〇 to the electronic device 2 QQ (step $^ 〇1 ), and then encrypt an application according to a customer key to form - Encrypting the application 320 and storing the encrypted application 32 in the storage device 300 (step S1G3), wherein the customer key is provided by the system vendor, so neither the client nor the device vendor will obtain the client gold The key further protects the application from leaking. [0023] In the implementation of the detailed method, the line provider can perform the following two methods according to S. In the first method, the system provider encrypts and stores the customer key stored in the memory 12 in the memory. The application 122 is formed to form the encryption application 32Q, and the encryption application 32G is transmitted by the security device loo and the customer is recorded in the electronic device 2QQ, and finally the encryption application 32G is used by the electronic device. The application of the client device to the storage device 3GG 1 can control the application 122 to limit the health of the application device 1GG to reduce the risk of the application 122. [0024] Another method is to store the account in the _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ The customer key can be input to the electronic device 200 via the input unit 240 of the electronic device 200 or directly stored in the data area 310 of the storage device 300. Thereafter, the electronic device 200 can encrypt the application according to the customer key to form an encrypted application 320, and store the encrypted application 320 in the storage device 300. Thereafter, the electronic device 200 can clear the application of the data area 310. [0025] Next, the electronic device 200 reads the storage device verification code 34 0 of the storage device 300 and the device verification code of the electronic device 200 to form the device key 222, and if there is the setting verification code, And read to form the device key 222. The electronic device 200 encrypts the customer key according to the device key 222 to form an encryption key data 330, and stores the encryption key data 330 in the storage device 300 (step S105). Thereafter, the electronic device 200 can Clearing the application or customer key in the data area 310 [0026] Since the device verification code can be a network card number, those skilled in the art can know that the network card number of each network card 250 is unique. The card number, and the storage device verification code 340 is the unique code (ID) set when the storage device 300 is shipped. Therefore, the application is limited to read only by the specific electronic device 200 and the storage device 300. As long as the encryption key data 330 is set, the encryption key data 330 cannot be decrypted by the system vendor or the customer except that the device vendor of the electronic device 200 can decrypt the encryption key data 330. . When the electronic device 200 itself needs to be upgraded or replaced, it must pass through the equipment manufacturer, thus protecting the opportunity of the equipment manufacturer. 099121101 Form No. A0101 Page 10 / Total 23 Page 0992037223-0 201201038 [0027] ❹ After the above steps are completed, the electronic device 200 can be placed in the industrial automation system of the client (as shown in the third figure). When the electronic device 200 is to execute the application, the encryption/decryption program 221 of the electronic device 200 decrypts the encryption key data 330 according to the device key 222 (step S107), and then the encryption and decryption program of the electronic device 200. 221, it is determined whether the decryption is successful (step S10 9). If the decryption is successful, the customer key can be obtained (step S111). If the decryption fails, the electronic device 200 can send an error message, and the error message can be transmitted to the terminal computer. 400, for the operator to view (step S119). Since the device key 222 is based on the electronic device 200, the client can not replace the electronic device 200 and the storage device 3, thereby ensuring the system vendor and the device vendor. interest. [0029] Finally, the electronic device 200 decrypts the encryption application 320 according to the customer key (step S113), and then the encryption/decryption program 221 of the electronic device 200 determines whether the decryption is successful (step S115), if If the decryption succeeds, the encrypted application 320 can be restored to the application and executed (step Sill). If the decryption fails, the electronic device 200 can issue an error message (step S119). The fifth drawing is a flow chart of the second embodiment of the storage device verification method of the present invention. Please also refer to the first to third figures together. The difference from the first embodiment is that the encryption application 320 is created when the storage device 300 is installed in the setting device 100. In the encryption step, first. A storage device 300 is mounted to a setting device 1 (step S301). The setting device 100 encrypts an application according to a customer key to form an encryption application 320 ' and stores the encryption application 320 in the 099121101 Form No. A0101 Page 11 / 23 pages 0992037223-0 201201038 Storage device 300 The customer identification customer key may also be selectively stored together in the data area of the storage device 300 (step phantom 03). The system proposes to mount the storage device 300 to the lightning electronic device 200 (step S3〇5). [0032] The electronic device 200 is based on the implementation. Also prepare the gold record 2 2 2 to encrypt the customer key to form an encryption key data 33〇,
座將該加密金鑰資料330儲存於 該儲存裝置300,若兮安Α A ^ 戶金鑰儲存於該儲存裝置300之 資料區310,可選擇由兮次止、丨 貝料區310讀取該客戶金鑰,該 客戶金錄亦可選擇由該電子裝置之輸人單元24〇輸入 或是由該設定裝置1GG之輪入單湖輪人(步驟s3〇7) 上述之步驟執行完畢後,可將該電子裝置20G設置於客戶 端之工業自動控制系統中(如第三圖所示),當該電子 裝置_欲執行該應用程式時,該電子裝置綱之加解密 程式22卜依據該設備金繪奶解密該加密金錄資料33〇 (步驟S3G9),之後該電子裝__加解密程式221會 判斷是否解密成功(步驟S311),若解密成功則可以取 得該客戶金輪(步驟S313 ),若解密*敗該電子裝置2〇〇 則可發出-錯誤訊息,該錯誤訊息可傳送至該終端電腦 400,供操作者檢視(步驟S32l)。由於該設備金鑰222 係根據該電子裝置200與該儲存裴置3〇〇,因此客戶端無 法自行更換該電子裝置200與該健存裝置3q〇,可保障系 統商與設備商之利益。 最後,該電子裝置200依據該客戶金輪解密該加密應用程 式320 (步驟S315),之後该電子裝置2〇〇之加解密程式 221會判斷是否解密成功(步驟S317),若解密成功則可 099121101 表單編號A0101 第12頁/共23頁 0992037223-0 201201038 使該加密應用程式320還原成該應用程式,並加以執_ 步驟S319),若解密失敗該電子裝置2〇〇則可發出〜 訊息(步驟S321 )。 3 ' [0033] 綜上所述,本發明係利用客戶金鑰與設備金鑰進行雙 加解密驗證儲存裝置上之加密應用程式,不需要 習知 技術般,需要連接至網際網路加以驗證。此外,木 备客戶 複製儲存裝置至另一台電子裝置執行時,由於該 裝 置並無法取得正確之設備金鎗,因此亦無法取得客戶金 〇 鑰以解密該加密應用程式,因此可以限定該應用程式〇 能限定於該特定之電子裝置使用,進而能達到防止應^ 程式被盜用之問題》 [0034] 藉由以上較佳具體實施例之詳述,係希望能更加清楚描 述本發明之特徵與精神,而並非以上述所揭露的較佳: 體實施例來對本發明之範疇加以限制。相反地,其目的 是希望能涵蓋各種改變及具相等性的安排於本發明所欲 申請之專利範圍的範疇内。 〇 【圖式簡單說明】 [0035] 第一圖係本發明之儲存裝置驗證系統之系統圖; [0036] 第二圖係本發明之儲存裝置之方塊圖; [0037] 第三圖係為本發明之客戶端應用系統圖; [0038] 第四圖係為本發明之儲存裝置驗證方法之第—實施例之 步驟流程圖;以及 [0039] 第五圖係為本發明之儲存裝置驗證方法之第二實施例之 步驟流程圖。 099121101 表單編號Α0101 第13頁/共23頁 0992037223-0 201201038 【主要元件符號說明】 [0040] 設定裝置100 [0041] 主處理單元110 [0042] 主記憶體1 2 0 [0043] 主操作程式121 [0044] 主應用程式122 [0045] 主加解密程式123 [0046] 主讀卡單元130 [0047] 主輸入單元140 [0048] 電子裝置200 [0049] 處理單元210 [0050] 記憶單元2 2 0 [0051] 加解密程式221 [0052] 設備金鑰222 [0053] 讀卡單元230 [0054] 輸入單元240 [0055] 網路卡2 5 0 [0056] 儲存裝置300 [0057] 記憶體301 [0058] 資料區310 099121101 表單編號A0101 第14頁/共23頁 0992037223-0 201201038 [0059] 加密應用程式320 [0060] 加密金鑰資料330 [0061] 儲存裝置驗證碼340 [0062] 終端電腦400 [0063] 控制裝置500 [0064] 終端設備600 Θ 〇 099121101 表單編號A0101 第15頁/共23頁 0992037223-0The cryptographic key data 330 is stored in the storage device 300. If the ΑAΑ key is stored in the data area 310 of the storage device 300, the cryptographic key area 310 can be selected to be read. The customer key, the customer record can also be selected by the input unit 24 of the electronic device or by the setting device 1GG into the single lake wheel (step s3〇7), after the above steps are completed, The electronic device 20G is disposed in an industrial automatic control system of the client (as shown in FIG. 3). When the electronic device is to execute the application, the electronic device is encrypted and decrypted according to the device. The painter decrypts the encrypted record data 33〇 (step S3G9), and then the electronic device__encryption/decryption program 221 determines whether the decryption is successful (step S311), and if the decryption is successful, the customer golden wheel can be obtained (step S313), if Decrypting the electronic device 2 can issue an error message, which can be transmitted to the terminal computer 400 for viewing by the operator (step S32l). Since the device key 222 is based on the electronic device 200 and the storage device, the client cannot replace the electronic device 200 and the health device 3q, thereby protecting the interests of the system vendor and the device vendor. Finally, the electronic device 200 decrypts the encryption application 320 according to the customer golden wheel (step S315), and then the encryption/decryption program 221 of the electronic device 2 determines whether the decryption is successful (step S317), and if the decryption succeeds, the 099121101 form No. A0101, page 12/23, 0992037223-0 201201038 The encrypted application 320 is restored to the application and executed (step S319), and if the decryption fails, the electronic device 2 can issue a ~ message (step S321) ). 3 ' [0033] In summary, the present invention uses a customer key and a device key to perform a double encryption/decryption verification of the encrypted application on the storage device, and does not require a conventional technique to be connected to the Internet for verification. In addition, when the wood backup customer copies the storage device to another electronic device for execution, since the device cannot obtain the correct device gun, the customer key cannot be obtained to decrypt the encrypted application, so the application can be limited. 〇 can be limited to the use of the particular electronic device, thereby achieving the problem of preventing theft of the application. [0034] With the above detailed description of the preferred embodiments, it is desirable to more clearly describe the features and spirit of the present invention. The scope of the invention is not limited by the preferred embodiments disclosed herein. On the contrary, the intention is to cover various modifications and equivalents within the scope of the invention as claimed. BRIEF DESCRIPTION OF THE DRAWINGS [0035] The first drawing is a system diagram of a storage device verification system of the present invention; [0036] The second drawing is a block diagram of the storage device of the present invention; [0037] The client application system diagram of the invention; [0038] FIG. 4 is a flow chart of the steps of the first embodiment of the storage device verification method of the present invention; and [0039] FIG. 5 is a verification method of the storage device of the present invention. Flow chart of the steps of the second embodiment. 099121101 Form No. 101 0101 Page 13 / Total 23 Page 0992037223-0 201201038 [Description of Main Component Symbols] [0040] Setting Device 100 [0041] Main Processing Unit 110 [0042] Main Memory 1 2 0 [0043] Main Operation Program 121 [0044] main application 122 [0045] main encryption and decryption program 123 [0046] main input unit 140 [0047] main input unit 140 [0048] electronic device 200 [0049] processing unit 210 [0050] memory unit 2 2 0 [0051] encryption and decryption program 221 [0052] device key 222 [0053] card reading unit 230 [0054] input unit 240 [0055] network card 2 5 0 [0056] storage device 300 [0057] memory 301 [0058] ] Data Area 310 099121101 Form No. A0101 Page 14 / Total 23 Page 0992037223-0 201201038 [0059] Encryption Application 320 [0060] Encryption Key Data 330 [0061] Storage Device Verification Code 340 [0062] Terminal Computer 400 [0063] Control Device 500 [0064] Terminal Device 600 Θ 〇 099121101 Form No. A0101 Page 15 of 23 0992037223-0