TWI274499B - Authentication mechanism permitting access to data store in a data processing device - Google Patents

Abstract

Herein described is a system and method of authenticating one or more users seeking access to data stored in a storage device. The system includes an authentication mechanism, a memory, one or more files stored in the memory, and one or more applications used to view, select, execute, and display the one or more files. The method utilizes a user identifier, one or more passwords provided by a user, and the authentication mechanism.

Description

1274499

This input is advantageous for this use. A feature of the present invention for storing data stored in the data storage device is that one of the features of the present invention is that: one of the features of the present invention is access. The '5H actuators include a switch. 1 This input shorts the switch. Operate the switch, allow - segment __ for this data

One feature of the invention is that, according to an aspect of the invention, the time period can be planned by the user. A method of storing a device user receives an input provided by a customer to activate an execution device; receives a user identification code of the user; and receives a baby stone of the child user. One of the characteristics of = is that the first and third receiving steps occur in

The younger one receives the - segment after the step occurs. Or brother—the period after the receiving step occurs. The trick of the present invention is that the start-up or prohibition of the set-up is selected. One or one of the features of the invention is a switch. One feature of the invention is a switch that is turned on or off. The execution device includes a device located within the slab including a predetermined number of _ s. 6 1274499. The present invention is characterized in that the specified period of time can be calibrated by the user. One of the features of the present invention is that the verification allows the user to access the emitter of the storage device in accordance with an aspect of the present invention to provide a data storage area for one data store/storage data storage drives. The system for transferring access includes: • a processor; - finely receiving the memory in the storage device provided by the user who wants to access the data; and preparing one or more storage #1 in the memory An executable file; a computing device electrically coupled to the dragon storage device;

A thin paste of her axis - one or more can exist in the computing device! The user =" and the execution of the initialization, the execution generates a user interface in which the user can activate or deactivate the execution device. User =: The feature is that the input initiates the execution device - segment time, fine =: a feature is that if the user is activated after the execution device is activated, the user name and weight 'access to the data is initiated. ^Invented - the feature is that the execution device includes - an opening. The ^. or other advantages of the application, and the novelty characteristics, the description of the actual tearing of the _ and the clearing are more comprehensively transferred. 7, 1274499 [Embodiment] Aspects of the present invention provide a security and method for facilitating the storage of one or more data storage devices. 2 - Some aspects exaggerate the security __, which prevents unauthorized access to the data stored in the = storage. It may be valid or invalid via one or more users "face/Haiwen or authentication mechanisms. The one or more user interfaces allow the user to configure or control access to the data storage device. Example: The material ^^ or multi-copper interface can be used to configure one or more users to read and write one or more materials shared by the = and sub-snips. The one or more user interfaces control, operate, and/or configure the data storage device. ___, solid or multiple management Wei or operations, including its technical modifications, can be made by the one, _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ In the typical implementation of the network access, the PDA, the PDA, the singular storage device allows the copper to initially access one or more of the initialization surfaces. This configuration page uses the security/authentication mechanism mentioned in the 义 夕 烟 烟 烟 烟 烟 烟 烟 烟 烟. It is obtained by starting the full/verification mechanism. The security, the construction or execution. By initiating the security/authentication mechanism, 8 1274499 = · access to the object in the storage device can be limited =::, code and after the execution of the security, the action can be used for a moment. Some aspects of accessing the data stored in the storage device can prevent unauthorized entities, such as the Internet security attack, from accessing data. •two

γ:τ::γ—A storage device that can be used as a data processing or calculation for a data processing or calculation can be regarded as a network_remembering body_. In the case of the affiliation, the data storage device may include one or more drives, such as a hard disk drive or any other type of media drive, and the storage device may include a plurality of types of resources _== the storage drive may include Any medium that can store data;: Grab types can include ·, CD, Fast_ and other similar media. Hereinafter, a hard disk drive is referred to as a data storage device or a driver or component of a medium in which data is stored. In one embodiment, one or more data storage drives or hard disk drives can be combined. In a typical embodiment, the data store facilitates the merging of one or more additional data storage drives or hard disk drives. In a typical implementation, the stagnation system includes the 彳峨 机 ’ 例 例 例 例 例 例 例 例 例 例 例 例 例 例 办 办 办 办 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 魏 该 该 该 该The content may include a 9 1274499 six 1 life shot in the title of the ‘丨·%—one or more data storage driver 11 in the compilation and/or file directory. In the case of a lion industry, 'after the start of the execution machine, the energy can only be used in certain:: She Ding machine ・ After pressing (for example, a depressible press rotten 22, the skin used the temple 'One or more data files or files are accessed by the user in one minute. In this embodiment, if the user does not physically press the depressible single switch' to one or more stored in the face storage device One or more data sharing areas of the lean drive can be limited. The actuator or security/verification machine is then provided by the user to provide one or more inputs to the network attached memory or Multiple ways of configuring the page: The action can occur during the initialization of the network attached memory. In a typical embodiment, the mechanism can be provided by the user interface's folded area - Executing one or more selected ways. In a typical embodiment, only when the actuator, button switch or verification button is pressed and a request for viewing the one or more configuration pages within a certain period of time When the verification is performed, the user is allowed to serve the one or more configuration pages. A request can be selected and clicked by the client using a file system gallery such as Microsoft browser and one or more of the viewers. The profile is initiated. When the user executes the profile or profiles (ie select or click), the selected or selected profile can be provided from a network attached memory to the user client workstation. If a request to browse the one or more configuration files does not occur before the certain time 1274499 elapses, the network attached memory can prevent the one or more configuration files from being displayed. In another exemplary embodiment, The actuator or verification mechanism includes a fingerprint reader, a card reader (such as a magnetic card reader), a Radio Frequency Identification Device (RFro), a code word or password, a key identification card, or Any other verification mechanism. Alternatively, contrary to the user pressing the mechanical switch, the verification mechanism can Communicating with the network attached memory using any wired or wireless protocol. The wireless communication can include the use of a secure form of communication. For example, the wireless communication protocol can include Bluetooth or jgEE 8〇211χ. The security/authentication mechanism provides A means of preventing hackers from entering a data storage device without approval.Figure 1 is a block diagram of a typical system for using network attached memory to enhance the network in accordance with one embodiment of the present invention. One or more data processing devices provide data memory. As shown, a lion service device provides a connection between the network attached memory 100 and one or more data processing devices. The switch device can provide wired Or a wireless communication connection. For example, a wireless router can utilize any of the wired or wireless communication protocols described below: 10/100 Ethernet, Gigabit Ethernet, 802.11X Bluetooth, and the like. The one or more data processing devices include, for example, digital cameras, digital cameras, Mp3 playback crying, PDAs, and one or more personal video recorders (Personal Vide® Rec〇rder, pvR) devices. As shown in the figure... the video is shot or not installed. The personal video recorder can refer to a set-top box (STB) that can be used as a personal video recording function. On the other hand, the personal camera can refer to a personal record 1274499 to a family

A television or monitor that the user displays multimedia content. The network attached memory provides a storage device for receiving media content by one or more personal video recorders. Since the content is stored in the network attached memory, the tamping recorder may lack any data storage hardware such as a hard disk drive that is received by the network attached memory 100. Moreover, any personal processing equipment stored in other processing equipment can be easily stored by any of the data processing equipment. For example, there is no U-heb video recorder that can access a multimedia video recorder with a hard disk drive and store it in the multimedia memory of the network, and vice versa. As a result, the network attached memory 100 facilitates data sharing between the one or more data processing devices. Because it provides a central storage mechanism, the network attached memory 100 can be viewed as a virtual storage drive for the one or more data processing devices. The network attached memory 1 (8) is configured with an easily expandable storage capacity. In one embodiment, the network attached memory 1 can accept an additional hard disk drive. For example, a network attached memory 1 can accept one or more additional stone disk drives. Similarly, to accommodate future growth in data capacity, the network attached memory 100 provides a flexible storage mechanism that is easy to upgrade. In addition, the network attached memory 100 can provide data mapping and data segmentation functions. When the network attached memory 100 is first introduced into a typical switching device as shown in FIG. 1, one or more configuration parameters can be set. As part of the initialization process. In one embodiment, the parameter settings during the initialization process include the time, date, and time zone of the network add-on. The network additional memory, for example, can use the electronic computer shown in FIG. 1 as a reference original path additional storage device for setting its time, date and time zone to utilize any other data processing device as shown in FIG. (For example, a digital camcorder, a digital camera, a personal recording without a hard disk, a faceted crane, an MP3 player, or a PDA) can be used as a setting. Arrived. In one embodiment, the network attached memory setup process occurs after the network is physically connected to a network and recognized by an operating system (e.g., a Microsoft Windows operating system). Next, Figures 2 and 3 disclose an embodiment of a network attached memory system architecture. 2 is a block diagram of a network attached memory 2〇〇 in accordance with one embodiment of the present invention. The network attached memory 200 includes a printed f-board (_?8) 202 having one or more components. The one or more components are electrically connected through the printed circuit board 2〇2. The one or more components include a network attached memory chip 0丨-S〇C) 204, a random access memory, a flash memory 212, an alternating interface (1/F) 216, and a power supply 220. An interface module 224, a wireless transceiver/antenna module 228, one or more hard disk drives 232, and a control state (or processor) 236. The interface module 224 includes one or more of the following interfaces: IEEE 1394, USB, 10/100 Ethernet, Gigabit Ethernet, pCI, SATA, ΑΤΑ, IDE, SCSI, GPI0, and the like. The wireless transceiver/antenna module 228 can include a connectable module or mini PCI card that can be freely coupled to the network attached memory printed circuit board 2〇2. The number of the one or more hard disk drives 232 13 1274499 depends on the design of the network attached memory 200. The printed circuit board 2〇2 can be adapted to the number of configurations of the hard disk drive. The number of hard disk drives 232 employed may depend on whether the data provided by the additional memory 5 is mapped or segmented (i.e., RAID). In two embodiments, the controller 236 controls any elements that are communicatively coupled to the network attached memory die 204. The network attached memory chip 204 includes an integrated circuit chip that is used in conjunction with a processor or central processing unit (CPU) 240. 3 is a block diagram of a network attached memory chip 3A in accordance with one embodiment of the present invention. The network attached memory chip 3 is an integrated circuit mounted on the previously described network attached memory printed circuit board (NAS PCB). The network attached memory die 300 provides one or more functions that allow the network to attach memory for proper operation. The network attached memory chip 300 includes a central processing unit (CPU) 304', an on-chip random access memory 308, an Ethernet/MAC controller 312, a cryptographic accelerator 316, a security/authentication, key exchange. DRM wafer 320 and a plurality of interfaces 324, 328, 332, 336, 340. For example, the following interface: USB device interface 324, PCI host interface 328, GPIO/LCD/interactive media interface 332, UI interface 336, USB host interface 340. The network attached memory die 300 can be coupled to one or more of the components shown in FIG. Referring to Figure 2, the network attached memory can vary the number of data storage drives or hard disk drives depending on its storage and data mapping and segmentation requirements. Depending on the type of usage, the network attached memory can be combined with 1, 2, 4 or more hard drives. For example, a network add-on for a small office/shop environment 14 1274499 has lost 4 hard drives_execution data. ΜΗ In a court environment, the network attached memory / (four) 1 or 2 hard disk drives, from the _ _ ^ is less than the office / predecessor environment

Second deposit _. _, _路__ 航 。 can also be changed according to the type of application. __ County's increase and decrease of data storage related to the increase in frequency requirements 'The performance of network-attached memory can be based on the needs of its operation. For example, the capacity of the memory/memory or dram improves the processing performance of the network attached memory. Similarly, the size of the backplane, power supply circuitry, and other components can be adjusted to the requirements of the work environment. In a typical embodiment t, the processor 24G within the network attached memory chip (10) or 300) can execute software or hardware within the RAM pass or flash memory 212. In the embodiment of Wei Wei, Lai's implementation of the bribery program (httpM server provides a page for the user workstation (such as the client workstation) that causes the desired user interface to be displayed. In the embodiment, the software is used by the processor. Executed 240, the processor 240 includes a configuration file that is accessed and recognized by a operating system (e.g., the Microsoft Windwss operating system) such that it can be run and browsed by a typical Microsoft Windows browser. In one embodiment The configuration file is accessible before the user completes the initialization program for the network attached memory. The initialization program may include generating one or more verification passwords for future access to the configuration file. Microsoft Windows operating system It can include Windows XP, 2000, ME, 98, Pocket PC or similar operating system. When the profile is executed, 'by clicking on the title of the file displayed by Microsoft Windows Player, a user interface 15 1274499 Display the Langmu miscellaneous processing device. Thereafter, the user can provide parameters or inputs to initialize or configure the network attached storage device. The user can provide one or more of the following: the name of the network & plus memory,

Code, one or more corresponding, verification input, time, internet protocol address. The official name, the administrator's secret time zone, and the network time server. FIG. 4 is a security/inspection that helps verify that the storage access verification is valid or invalid according to an embodiment of the present invention. ^5 4, ΛΑϋι

Such as Microsoft Windows browser. In the step store, the workgroup directory (typically built in the chest) is accessed by the user by clicking on the directory in the typical browser user interface. In one embodiment, the Microsoft Office provides a data processing device that identifies and displays any configuration file calls. Each of the data processing devices includes a configuration that is displayed to a user using the wind 〇 ws browser 'eg, the tributary processing device is defaulted by one or more software or hardware configured in the data processing device The name is recognized. In step 412, in order to access the network-attached memory and body profile, the user finds and selects a displayed network by clicking on an appropriate default network-attached memory name displayed by the Windows Explorer Workgroup Directory. Additional memory. Figure 5 is a screen shot of a Wind〇ws projector showing a network attached memory directory with a typical default name, VireshNAS. The screenshot is also light in the shirt. The invention is a real 16 1274499 Displayed in the workgroup directory and then displayed. Each network attached memory is pre-configured with a default name at the time of production that is expected. In the embodiment shown in Figure 5, Viresh N乂S includes a directory tree that includes the following directories: Bulk, config, Hi^iPerf, raidl, SafeData, and punters. At step 416, the user looks for a suitable configuration file from the configuration directory of the Viresh NAS. Figure 6 is a screenshot of a Windows browser configuring one or more profiles in a directory, in accordance with one embodiment of the present invention. As shown, the configuration directory includes a Viresh NAS configuration directory. The Viresh NAS configuration directory includes two files, Configuration.html and ConfigurationFromWLAN.htm. In this embodiment, the Configuration.html is related to a LAN user. The interface is set, and ConfigurationFromWLAKhtml is the interface setting that is related to a wireless network user. At step 420, the appropriate configuration file is clicked to execute. The execution of this configuration file allows a service program provided by the network attached memory to use '.· :- ....... . The protocol (http) server provides a presence client workstation (or data processing device) The browser can include Netscape Navigator, Internet Explorer or other similar web browsers. The browser notifies the user that the configuration file is executing the command shown in Figure 7. Figure 7 is a screenshot of a Netsacpe screen in which a configuration file is executing a command in accordance with one embodiment of the present invention. Thereafter, the configuration file generates a user interface (after the page is provided by the protocol (http) server (e.g., network attached memory) used by the service program), which allows the user to enter different management parameters. Figure 8 is a screenshot of a browser of a user interface in accordance with one embodiment of the present invention that allows a user to enter one or more management parameters. The user can configure or enter one or more tubes 17 1274499 Parameters 'This management parameter enables or disables one or more security/authentication mechanisms. In the step shown in Figure 4, the user initiates or disables the security/authentication mechanism by selection. For example, the user can select one of the two (start or disable) from the drop-down, in the user interface provided by the user interface.

The old figure 9 is a block diagram of an embodiment of the network add-on memory 9 〇〇 and the actuator _ this port. Figure 9 shows the various possible connections of one or more of the network attached memories. Xie 冓 _ includes a device or mechanism that facilitates tearing one or more security/verification functions. In one code, the one or more security/authentication functions include receiving a physical input of the network attached user. For example, the actuator 9〇4 may include a touchable ._1 placed on the 1 network attached memory (4). The general organization is connected to the naval ship such as _ 2 ___ In a typical detail, the actuator 9〇4 includes a finer than the start = additional memory in the shed road - or more Zone ____: When pressed, the user is allowed to self-verify by: _ person_s or more parameters. The one or more parameters may include - a user and one or more passwords. For example, the reward can be initiated for mechanical Wei Qian. ― An administrator can set the length of the input time for the network attached memory. 5, ______ 2 execution can be side-by-side and/or configured to display the network attached memory _ user's face. In a sexual side scarf, the collection provides a configuration file for the user interface for configuring the female full/verification mechanism. ^ The _ user interface allows the user 18 1274499 to activate or deactivate the actuator and its authentication mechanism. If, after execution of the ττH executing mechanism, if one or more verification inputs are provided during the time period, the _ _ no financial face may allow access to the data stored in the network attached memory 900. Access to the material may include reading, modifying, or writing the data storage device. When the press is pressed, the front office can run for a while. This time can be planned or set by the administrator, for example, in a representative embodiment, the user must initiate initialization of the additional memory stored in the network before the executing mechanism 904 replies to its non-executing state. Access to data. For example, as long as the user accesses the data (using his computing device) for the period of time after the switch is pressed, the user will be successfully authenticated. Thereafter, for example, the user can continue to gain access to the material stored in the shed add-on memory until it stops its treatment. Users can stop their conversation by leaving the network attached to the memory. Optionally, the 'user's conversation can be lapsed at a specific time (as preset by the administrator). For example, after a successful verification occurs, the administrator can set the duration of the time, during the duration, The user can access one or more shares or one or more databases in the network attached memory 900. In a representative embodiment, after the execution of the execution mechanism 904, the user may need to enter the username and one or more passwords for a period of time before accessing the access to the material stored in the data sharing area occurs. . @这, after the move, the user may need to enter the username and one or more passwords on the - segment axis. For example, the material being accessed may include data stored in one or more data fields. For example, the material may be one of 19 1274499 or a plurality of shared files (or shared directories) located in the - (4) material area. The ia moss &^; ^ mechanism 904 is described as a part of the network attached memory 9 本 X Ming also provides a network attached memory 9 〇〇 external 'the execution is stable The network add-on orphan 900 is connected in one or more aspects of communication. For example, an external, external actuator can be connected to the network attached memory via wireless and/or wired communication. This communication can be generated using one or more verification and encryption mechanisms. The verification of the different aspects provided by the present invention can be used in the embodiment of the combination of multiple data access methods and/or systems of the thief, and the application serial number of the US patent application filed on February 3, 2005. For H/_72, the title is "Controlling the secret method of access to (4) stored in the bait storage." (Proxy number can be used together. For example, if the verification mechanism of the present invention (also That is, the actuator 9〇4) shown in FIG. 9 is preferentially used to selectively perform the access to the memory in the storage_network_addition_body in the manner of the network_addition memory lion interface type. Access to material in the swivel 900 may occur. Different aspects of the present invention may allow an actuator (such as the actuator 904 shown in Figure 9) to be secretly verified or verified to be recently introduced into the network device. When the device is added to the network, the actuator can be pressed to initiate verification or verification of the most recently connected device. If the most recently connected device is successfully authenticated, then the recently connected device can be allowed to access the storage, for example Network attached memory The above is a description of the present invention in combination with certain embodiments, and the various alternatives and equivalents of the present invention are not departing from the scope of the present invention. The specific circumstances and materials modified are all out of the scope of this issue. The aspects of the present invention are not limited to the specific embodiments disclosed above, and the specific embodiments of the private subordinates are The content of the present invention. Related Application and References The present application and claims the priority of the US Provisional Patent Application "Allowing access to the authentication mechanism of data stored in a data processing device", the application number is 60/562829, The application date is April 15th, 4th, 4th, and the full theme is incorporated here by reference. All of the references are: US Application No. 11/049905 (Attorney No. 15673US02), the application is February 3, 2005; US application number is __ (agent number is 15675US03), application number is March 22, 2005; _ US application number is _ (proxy number 15679US02), Please refer to April 8, 2005; US application number is _ (proxy number 15681US02), application number is March 30, 2005; US application number is 11/049772 (agent number 15682US02), application曰 is February 3, 2005; US application number is 11/049798 (proxy number 15683US02), application date is 21 1274499 February 3, 2005; US application number is - (agent number 15684US02), application The date is March 22, 2005; the US application number is 11/049768 (proxy number 15685US02), and the application number is February 3, 2005; the full subject matter is incorporated herein by reference. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a network attached memory according to an embodiment of the present invention.

A typical system block diagram of Attached St〇rageDevice, NAS). 2 is a block diagram of a network attached memory in accordance with one embodiment of the present invention. Figure 3 is a block diagram of a network attached memory chip ^AS〇c) in accordance with one embodiment of the present invention. Fig. 4 is a flow chart showing the operation of the program in the verification mechanism based on whether the tree is valid or invalid. Figure 5 is a screenshot of a Windows browser showing the contents of a network attached memory directory with the default name of the Viresh NAS.

The Viresh NAS is selected from the workgroup directory in accordance with one embodiment of the present invention and then displayed. 6 is a screenshot of a Windows browser of one or more configuration files in a configuration directory in accordance with an embodiment of the present invention. Figure 7 is a configuration file in accordance with an embodiment of the present invention executing a command 22 1274499

Screenshot of NetsacPe. : _ According to the invention, a real-life café interface screenshot of the user interface allows the user to input 'in-one or more management numbers. 51 is a block diagram of a network attached memory and an actuator in accordance with an embodiment of the present invention. [Main component symbol description] # Network additional memory 100, 200 One or more components of the printed circuit board (NASPCB) 202 NAS chip (NASoC) 204 Random memory 208 Flash memory 212 AC power interface 216 Power 220 interface Block 224 Wireless Transceiver/Antenna Module 228 - One or More Hard Disk Drives 232 Controller 236 Central Processing Unit (CPU) 240 10 NAS Chip (NASoC) 300 Central Processing Unit (CPU) 304 Intra Wafer Random Memory 308 Ethernet/MAC Control"System 312 Streaming AES Encryption Accelerator 316 A Security/Authentication, Key Exchange, DRM Chip 320 USB Device I/F 324 PCI Host I/F 332 GPIO/LCD/Flash Memory Media I/F 328 介 Interface 336 USB Host I/F 340 Network Attached Memory 900 Actuator 904 23

Claims (1)

1274499 X. Patent Application Range: 1. A method of accessing data stored in a material_device, the method comprising receiving an input provided by a user, the input being used by an operator operated by the user, the input being beneficial to the user Access to material stored in the data storage device. Switch 2. The method of claim i, wherein the actuator comprises using an I 〇 3 method as claimed in claim 2, the towel being shorted to the switch. 4. The method of claim 3, wherein the switch is operated to allow access to the material for a period of time. - a method of verifying a storage device user, the method comprising: receiving an input provided by the user to initiate an execution device; receiving a user identification code of the user; receiving a password of the user. 6 cattle such as application _5 lion Xiefa, fine (four): The receiving steps occur in the first, after the collection step occurs. 〜7·如巾鞠_第5撕顾施_ The third receiving step occurs within a period of time after the first receiving step and/or the second receiving step occurs. The occlusion of the occlusion. & access, a processor; the input execution device side of the memory received by the user who wants to access the data - 25 1274499 one or more storage An executable file in the memory; a computing device electrically coupled to the data storage device; a thief body present in the computing device, the application software can display the one or more files 'the computing device The application software is used for verification and initialization execution of the one or more executables, the execution generating a user interface in which the user can activate or deactivate the execution device. • Apply for the special item 8 item "_ system, the + the person initiates the execution of the injury for a period of time, allowing the user to access the information. 26