CN100476764C - Storage device and method for protecting stored data - Google Patents
Storage device and method for protecting stored data Download PDFInfo
- Publication number
- CN100476764C CN100476764C CN 200610002196 CN200610002196A CN100476764C CN 100476764 C CN100476764 C CN 100476764C CN 200610002196 CN200610002196 CN 200610002196 CN 200610002196 A CN200610002196 A CN 200610002196A CN 100476764 C CN100476764 C CN 100476764C
- Authority
- CN
- China
- Prior art keywords
- storage device
- mess code
- data
- storage
- end host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
A storage device consists of a control module connected with terminal host, a biological transducer and a storage module both being connected to said control module. The method for protecting data stored in said storage device is also disclosed.
Description
Technical field
The present invention is relevant for the guard method of a kind of storage device and storage data thereof, particularly relevant for a kind of guard method that contains the storage device and the storage data thereof of fingerprint sensor.The present invention also is associated to part inventor's following patent: (a) Chinese invention patent application case 200310116995.X, the applying date is on Dec 5th, 2003, and denomination of invention is " containing the guard method of the memorizer memory devices and the storage data thereof of fingerprint sensor "; (b) the Chinese invention patent application case numbers 200410038204.0, and the applying date is on May 13rd, 2004, and denomination of invention is " containing the guard method that the Portable of biological identification is encrypted storage device and storage data thereof "; And (c) TaiWan, China application for a patent for invention case number 094101590, the applying date is on January 19th, 2005, denomination of invention is " guard method of a kind of storage device and storage data thereof ".
Background technology
Traditionally, represent the expression mode of personal identification, the simplest no more than certificate, such as I.D., driving license or the like, be pasted with individual's photo and literal and numeral record on it.Yet identity document is counterfeit too easy, also therefore causes many criminal offences.
Further modification method is the data of utilizing magnetic stripe card record individual, and is same, and the progress of science and technology makes that magnetic stripe card is easy to be cracked.
Up-to-date method is to adopt the secret mode of chip card to protect personal data.Basically, about the secret aspect of memory chip to personal data, the most normal use-pattern is to adopt the mode of cryptoguard.Yet, access to your password and protect personal data, not only have the trouble that the user forgets Password easily, the danger that more has password cracked by the people.
Simultaneously, the device of above-mentioned representative personal identification (except chip card) all only can be carried out simple function, and can't be with multiple application integration in single device.
Therefore, U.S. Patent Publication the 2003/0110389th A1 communique discloses a kind of personal identification electronic installation that is similar to the carry-on dish of solid-state memory, and it includes the personal data of having encrypted, and can be directly connected in computer system and uses.Yet this personal identification electronic installation equally also needs the setting of password to open, and faces aforesaid problem.The best approach that addresses this problem is to utilize individual distinctive biological characteristic, such as biological identification method such as fingerprint, vocal print, person's handwriting, iris, provides comparatively complete and the active data protected mode.Its advantage is that biological characteristic is to carry and need not remember, and more can't be stolen, and is particularly in conjunction with the biological characteristic guard method of fingerprint, not only tight, and use quite convenient.
In recent years, more because the invention of chip type fingerprint sensor, make that integrating fingerprint reading device in compact electronic product no longer is infeasible technology, the correlation technique content can be referring to following patent of one of them inventor of this case straight three: 1. the Chinese invention patent application case number 02105960.8, the applying date is on April 10th, 2002, denomination of invention is " capacitance type fingerprint access chip ", and publication number is 1450489; 2. the Chinese invention patent application case number 02123058.7, and the applying date is on June 13rd, 2002, and denomination of invention is " pressure type fingerprint reads chip and manufacture method thereof ", and publication number is 1464471; 3. the Chinese invention patent application case number 02124906.7, and the applying date is on June 25th, 2002, and denomination of invention is " temperature sensor and use the identification of fingerprint chip of this temperature sensor ", and publication number is 1463674; And 4. Chinese invention patent application cases number 02132054.3, the applying date is on 09 10th, 2002, and denomination of invention be " the fingerprint access chip structure of capacitive pressure little sensing unit and application thereof ", and publication number is 1482440.This has also opened up a kind of protected mode of brand-new individualized Storage Media.
United States Patent (USP) the 4th, 582 before 20 years, and No. 985 communiques have just disclosed a kind of guard method of Storage Media, wherein utilizes the mode protection of finger print identifying to be stored in personal data in the personal identification card-type device.After the identification of fingerprint program was passed through, the protected data that is stored in the card-type device was just exported for carrying out follow-up processing or authentication procedure.This kind device size is same as general credit card at present, it mainly comprises a fingerprint sensor, image processing and recognition module and storing memory, and becomes a kind of fully independently fingeprint distinguisher (also being that fingerprint acquisition and identification all are to carry out in same device).
Chinese patent CN1302018A discloses a kind of method of coming the read-write power of control data storage device by identification of fingerprint.Yet this patent there is no form and the interface that discloses this storage device clearly.
Same, the same exposure of European patent EP 124079A1 communique is same as aforesaid U.S. Patent the 4th, 582, the data protection theory of No. 985 communiques, but different be that it is linked up interface and designs for the golden finger that uses for the SD card.In addition, the storage arrangement of EP124079A1 patent has an identification of fingerprint module, and its data protection notion is same as the CN1302018A patent, except the communication interface of EP124079A1 patent is the golden finger structure that uses for the SD card.Same, U.S. Patent Publication No. US2001/0023375 A1 also discloses a kind of in order to be stored in the mode of the data of hard disk or flash disc by identification of fingerprint protection.
World patent WO 02/42887A2 communique discloses a kind of aforesaid U.S. Patent the 4th that is same as; 582; the data protection theory of No. 985 communiques and European patent EP 124079A1 communique; but different is; by the communication of USB interface execution with terminal system; this device is similar to popular in the market flash memory, and different is to include independently fingerprint processing and recognition module.
No. 2003/005337 communique of U.S. Patent Publication disclosed and has been same as aforesaid U.S. Patent the 4th; 582; the data protection theory of No. 985 communiques and European patent EP 124079A1 communique also is same as world patent WO 02/42887A2 communique simultaneously and discloses and utilize the interface of USB as communication.Yet it is similarly a kind of free-standing fingeprint distinguisher.
BrP GB2387933 communique also discloses the theory that almost completely is same as WO 02/42887A2 communique and No. 2003/005337 communique of U.S. Patent Publication and device design, and it is a fingeprint distinguisher independently.
So far, the above-mentioned invention that contains fingeprint distinguisher, except United States Patent (USP) the 4th, 582, No. 985 communiques disclose and are applied to outside the personalized identity documents representative, and all the other there is no and contain this application and function all only as Data Protection.
In addition, the basic demand of the above-mentioned portable memory device that contains fingeprint distinguisher can allow the user this storage device can be connected to different computer systems for use exactly.Yet above-mentioned known technology contains the storage device design of finger print identification function, even use USB interface, still the fingerprint application program need be installed on computer system in advance, to allow computer system can provide man-machine interface to use for the user is convenient.Traditional practice provides a CD, for the user fingerprint application program is installed, and could allow whole storage device conveniently use.In the case, in setting the first time of each computer system, the user also will carry CD and could use this storage device in other computer system except will carrying portable memory device.
In a word, the purpose of above-mentioned known technology provides a kind of in order to recognize the storage device of protecting stored data by fingerprint.When using this device, the user must install fingerprint application software in terminal system in advance.Therefore, the fingerprint application program of storage device can't reach the effect of plug and play easily in various various computing machines.
So far, aforesaid known technology has a common characteristic, and a fingeprint distinguisher independently just is provided, and inside comprises fingerprint sensor, fingerprint image is handled and identification IC.Such design advantage is, perhaps do not need to install the fingerprint application program provides hot plug in the terminal system end ease of use, but derive another major issue, that costs an arm and a leg exactly, a fingerprint image is handled and the cost of identification IC and supporting design thereof because must increase, usually this IC is 32 Reduced Instruction Set Computer (Reduced Instruction Set Computer, RISC) or digital signal processor (Digital SignalProcessor, DSP), could carry out identification of fingerprint fast.Therefore, traditional portable memory device with fingerprint sensor has expensive shortcoming.
For solving expensive problem, best mode is to utilize the microprocessor of terminal system to carry out fingerprint image processing and identification, just can effectively reduce cost.But known technology there is no for this method and clearly discloses and propose solution at present.
Because if the work of fingerprint image processing and identification be carried out the microprocessor that is passed to terminal system by storage device carries out, then this contrive equipment must have automatic download fingerprint application program (comprising fingerprint image processing, identification and encryption and decryption functions or the like) in the function of terminal system, just can reach the function of hot plug, and the convenience that can use in any terminal system.The yet above-mentioned known technology of such solution does not provide.
For this reason, this case inventor has disclosed a kind of automatically performing (AutoRun) identification of fingerprint and application program to (c) patent in the design of terminal system at above-mentioned (a), storage device is cut into several zones, and one of them regional simulation become CD-ROM (allow terminal system cognitive to CD-ROM device), and be stored in this regional identification of fingerprint and application program just can be automatically performed.Solve known technology expensive (needing independent device for identifying) or need the prior method that identification of fingerprint software is installed on computers.
In these some invention cases, the processing of fingerprint image and contrast all are to carry out in terminal system, open the authority of read-write after finishing contrast again by special instruction (special command) notice storage device.
Such design still has some shortcomings, if that has the people to intercept this special instruction at end host exactly, then might not need fingerprint contrast and has cracked the security of storage device.
Continue above-mentioned invention, this case inventor will further provide a kind of guard method of storage data, can protect storage device of the present invention can not captured the key of memory device starting fully when terminal system is operated.
Summary of the invention
In view of this; fundamental purpose of the present invention just provides the guard method of a kind of storage device and storage data thereof; described storage device is connected with an end host; and by with the acting in conjunction of this end host; can under the cost that increases storage device not significantly, provide the valid data protected mode of the storage device that contains fingerprint sensor.
Another object of the present invention provides the guard method of a kind of storage device and storage data thereof, and its special instruction that can avoid end host control storage device to open is blocked and loses the function of data protection.
For reaching above-mentioned purpose, the invention provides a kind of storage device, in order to be connected with an end host, this end host is in order to carry out a biological identification application program and a main frame mess code generating routine.Described storage device comprises basically: a host interface, in order to be connected with described end host; One control module, it is connected to described host interface, and comprise a microprocessor, a random-access memory (ram) and a ROM (read-only memory) (ROM), the working storage of described RAM during as data processing, and described ROM stores a firmware and a device mess code generating routine that makes this storage device work; One biological sensor, it is connected to described control module, in order to sensing one user's a biological data to be identified; One data protection unit, it is connected to described control module, and in order to store data to be protected; And a storage module, it is connected to described control module, in order to store a template biological data.This template biological data is that the microprocessor by described control module is uploaded to described end host.Under the guiding of biology identification application program, described control module control biology sensor reads this biological data to be identified of user, and should be sent in the end host by biological data to be identified.This end host utilizes this biology identification application program to handle and contrast this biological data to be identified and template biological data, and judge whether both coincide, and when coincideing, utilize main frame mess code generating routine to produce one group of main frame mess code, and this main frame mess code is back in the microprocessor according to a mess code program gold key that upgrades at any time.This microprocessor utilizes this device mess code generating routine to produce an assembling scramble sign indicating number according to the mess code program gold key that upgrades at any time; and when this assembling scramble sign indicating number of contrast and this group main frame mess code are identical; make data protection unit activation (enable) for the end host access, otherwise make data protection unit forbidden energy (disable) to prevent the end host access.
For reaching above-mentioned purpose, the present invention also provides a kind of guard method of storage data of storage device, comprises following steps basically: connect a storage device and an end host; Carry out a biological identification application program at end host; A template biological data that is stored in storage device is sent to end host; Guide a user to use a biological sensor of storage device,, and should be sent to end host by biological data to be identified so that this biology sensor captures this user's a biological data to be identified; Utilize biology identification application program to handle and contrast biological data to be identified and template biological data, and judge whether both coincide, and when coincideing, utilize a main frame mess code generating routine to produce one group of main frame mess code, and this main frame mess code is back in the storage device according to a mess code program gold key that upgrades at any time; And in this storage device, utilize a device mess code generating routine to produce an assembling scramble sign indicating number according to the mess code program gold key that upgrades at any time; and when this assembling scramble sign indicating number of contrast and this group main frame mess code are identical; a data protection unit activation that makes this storage device is for the end host access, otherwise makes this data protection unit forbidden energy to prevent this end host access.
By said apparatus of the present invention and method, because the contrast of complicated biological data action is to carry out in end host, so storage device itself does not need the microprocessor of high-order.In addition, after biological data contrasted successfully, the signal that end host is sent not was to be merely in order to opening the signal of data to be protected, but one group of protean signal even be blocked, is not afraid of data disclosure to be protected yet.This is because the activation and the forbidden energy of last data protection unit carry out in control module; and the correlation data of control module is two groups of protean mess codes; only after two groups of mess codes contrasted successfully, therefore the administration authority of ability turn-on data secret unit can effectively prevent to be cracked.The contrast of mess code is quite simple, can utilize for example the microprocessor of 8051 processors just can handle, and the advantage that makes the present invention thereby captured autonomous device does not need to increase cost yet.
Description of drawings
Fig. 1 shows according to the storage device of first embodiment of the invention and the connection status synoptic diagram of an end host.
Fig. 2 shows according to the storage device of second embodiment of the invention and the connection status synoptic diagram of an end host.
Fig. 3 shows according to the storage device of third embodiment of the invention and the connection status synoptic diagram of an end host.
Fig. 4 shows the process flow diagram according to the guard method of the storage device of fourth embodiment of the invention.
The primary clustering symbol description:
1~storage device, 2~end host
10~control module 10A~microprocessor
10B~random-access memory (ram) 10C~ROM (read-only memory) (ROM)
12~host interface, 16~storage interface
20~storage module, 21~application program block
22~public block 24~secret block/data protection unit
26~hidden blocks, 30~biology sensor
40~storage expansion slot, 50~external memorizer/data protection unit
60~enciphering/deciphering chip, 70~storage interface expansion slot
80~high capacity storage element/data protection unit 210-310~method step
Embodiment
Fig. 1 shows according to the storage device of first embodiment of the invention and the connection status synoptic diagram of an end host.As shown in Figure 1, a kind of storage device 1 of present embodiment is in order to be connected with an end host 2.This end host 2 is in order to carry out a biological identification application program and a main frame mess code generating routine.Described biology identification application program and described main frame mess code generating routine can be stored in the storage device 1 in advance, by the mode that automatically performs (Auto Run) end host 2 are automatically performed again.
Described biology sensor 30 is connected to control module 10, in order to sensing one user's a biological data to be identified.This biology sensor 30 can the sensing user biological data; such as fingerprint, iris, sound, person's handwriting or other biological data etc.; and biology sensor 30 can be an area-type fingerprint sensor, a sweep fingerprint sensor, a vocal print sensor, an iris sensor or a shape of face sensor or other types of biological sensor, below only explains with fingerprint sensor.
Described storage module 20 is connected to control module 10, in order to store the mess code program gold key (produce by the fingerprint application program when this mess code program gold key also can use, and do not need to be stored in advance in the storage module 20) that a template biological data and is upgraded at any time at every turn.So-called template biological data, the owner who is exactly storage device 1 is when using for the first time this device, and left therein primary biological data, this finger print data are in order to the benchmark of conduct with the contrast of subsequent fingerprint data.Storage module 20 can be an a kind of memory module or a hard disk unit, memory module is for being selected from a non-volatility memorizer, for example a flash memory, a programmable read-only memory (prom), a ROM (read-only memory) or electricallyerasable ROM (EEROM) (EEPROM) or the like.Hard disk unit has identical cutting.In the present embodiment, storage module 20 is split into an application program block 21, one public block 22, one a secret block 24 and a hidden blocks 26.Secret block 24 is as data protection unit usefulness, so it also is to be connected to control module 10, and in order to store data to be protected.Will automatically perform at end host 2 under the situation of biology identification application program and main frame mess code generating routine, this biology identification application program and this main frame mess code generating routine can be stored in the application program block 21.In addition, this application program block 21 is to be modeled into a disc storage device, uses to make the end host 2 that is connected to this storage device 1 automatically perform this biology identification application program and this main frame mess code generating routine.This main frame mess code generating routine has identical programmed logic with this device mess code generating routine, just, can produce identical mess code according to same mess code program gold key.Public block 22 (can optionally design exist or do not exist) can store common program and data, uses to allow the user can use this common program and data before need not be by the biological identification program.In one embodiment, the mess code program gold key of template biological data and renewal at any time is stored in the hidden blocks 26.In another embodiment, mess code program gold key is not stored in hidden blocks 26 in advance, but is produced according to fingerprint characteristic (being taken from biological data to be identified) by the fingerprint application program when using at every turn, or produces in conjunction with a fingerprint characteristic and a mathematical operation.The so-called mess code program gold key that upgrades at any time is meant the initial value of supplying with main frame and device mess code generating routine, the mess code program gold key that this upgrades at any time can be updated after each main frame mess code and device mess code contrast successfully, can't be cracked easily to guarantee this storage device.
When storage device 1 was connected to end host 2, template biological data and the mess code program gold key that upgrades at any time were that the microprocessor 10A by control module 10 is uploaded to end host 2.Then, under the guiding of the performed biology identification application program of end host 2, control module 10 control biology sensors 30 read user's biological data to be identified, and should be sent in the end host 2 by biological data to be identified.Then, end host 2 utilizes biology identification application program to handle, and contrast biological data to be identified and template biological data, and judge whether both are identical in fact, and utilize main frame mess code generating routine to produce one group of main frame mess code when substantially coincideing according to the mess code program gold key that upgrades at any time, and the main frame mess code is back among the microprocessor 10A, the mode of main frame mess code passback can be direct transmission, perhaps encrypt back passback (in microprocessor 10A, also must decipher contrast more earlier), also or in conjunction with communication protocol transmit the communication protocol of the communication of USB controller (for example with) together.If under the situation about being produced by the fingerprint application program when mess code program gold key uses, its passback mode also can be as the passback mode of above-mentioned main frame mess code at every turn.Modes such as way of contrast that it should be noted that biological data can contrast with figure, unique point contrast.Then; microprocessor 10A use device mess code generating routine produces an assembling scramble sign indicating number according to the mess code program gold key that upgrades at any time; and when this assembling scramble sign indicating number of contrast and this group main frame mess code are identical in fact; make 24 activations of data protection unit for end host 2 accesses, otherwise make data protection unit 24 forbidden energy to prevent end host 2 accesses.
Fig. 2 shows according to the storage device of second embodiment of the invention and the connection status synoptic diagram of an end host.As shown in Figure 2, present embodiment is similar to first embodiment, and difference is that the storage device 1 of present embodiment more comprises a storage expansion slot 40, and it is electrically connected with control module 10, in order to be electrically connected, use the memory span that increases this storage device 1 with an external memorizer 50.This storage expansion slot 40 is in fact in order to the capacity of the storer that expands apparatus of the present invention, or by the reader (memory reader) that this device is considered as an external memorizer 50, the external memorizer of this external memorizer such as CF card, intelligent media (smart media), memory stick (memory stick) or other standard interface or hard disk (particularly one-inch or littler hard disk claim micro hard disk (microdrive) again).External memorizer 50 is to be enabled for end host 2 accesses when this assembling scramble sign indicating number conforms in fact with this group main frame mess code.After external memorizer 50 was inserted into storage expansion slot 40, control module 10 was planned to the secret block of single expansion with this external memorizer, in order to store extra data to be protected.
In addition, the external memorizer 50 among Fig. 2 also can be separately as the data protection unit, and it is connected to control module 10 by storage expansion slot 40.In the case, the secret block 24 of storage module 20 can omit.After external memorizer 50 was inserted into storage expansion slot 40, control module 10 was planned to the secret block of single expansion with this external memorizer, in order to store data to be protected.
Fig. 3 shows according to the storage device of third embodiment of the invention and the connection status synoptic diagram of an end host.As shown in Figure 3, present embodiment is similar to first embodiment, difference is that the storage device 1 of present embodiment more comprises a storage interface expansion slot 70, and it is in order to be electrically connected to control module 10 with a high capacity storage element 80, uses to this storage device 1 storage volume is provided.Enciphering/deciphering chip 60 is connected to control module 10 by a storage interface 16.Storage interface expansion slot 70 is connected to enciphering/deciphering chip 60.High capacity storage element 80 is connected to control module 10 by storage interface expansion slot 70 and enciphering/deciphering chip 60.This high capacity storage element 80 is to be enabled for end host 2 accesses when the device mess code conforms in fact with the main frame mess code.The data that pass in and out this high capacity storage element 80 can be carried out enciphering/deciphering by enciphering/deciphering chip 60.An embodiment of this high capacity storage element 80 is a magnetic hard-disk, the hard disk of particularly 3.5 cun, 2.5 cun or other size; Another embodiment of this high capacity storage element 80 is the optical disc apparatus of CD-R/RW and DVD-R/RW and any specification.Storage interface 16 and storage interface expansion slot 70 are ide interface in the present embodiment, yet also can be the interfaces of scsi interface, Serial ata interface, Compact Flash (CF) interface, a pcmcia interface or IEEE 1284 interfaces or other standard.
In addition, the high capacity storage element 80 among Fig. 3 also can be separately as the data protection unit.In the case, the secret block 24 of storage module 20 can omit.The data protection unit is to be connected to control module 10 by storage interface expansion slot 70.In addition, this high capacity storage element 80 more is connected to control module 10 by enciphering/deciphering chip 60, passes in and out the data of this high capacity storage element 80 in order to enciphering/deciphering.
Fig. 4 shows the process flow diagram according to the guard method of the storage device of fourth embodiment of the invention.As shown in Figure 4, the guard method of the storage device of storage device 1 of the present invention comprises following steps.
At first, after storage device 1 was inserted into end host 2, the host interface 12 by storage device 1 connected storage device 1 and end host 2.Then, end host 2 is carried out biology identification application program, shown in step 210.Then biology identification application program judges automatically whether this storage device 1 is used for the first time, if inquire then whether the user logins its finger print data, shown in step 220.If the user selects logon data, then begin to login fingerprint as step 225.In the case, biology sensor 30 sensing users' finger print data, shown in step 235, the template that takes the fingerprint then is shown in step 245, then with golden key encrypted template, shown in step 255.Then, with the fingerprint template data storing in hidden blocks 26.
In detecting hidden blocks 26 in the biology identification application program, store the fingerprint template data, this storage device 1 will be stored in the mess code program gold key that the template biological data and of this storage device 1 upgrades at any time and be sent to end host 2, shown in step 230 and 240.Then, biology identification application program guiding user uses a biological sensor 30 of this storage device 1, so that this biology sensor 30 these users' of acquisition a biological data to be identified, and should be sent to end host 2 by biological data to be identified, shown in step 250.Then, utilize the biology identification application program processing and contrast biological data to be identified and template biological data, and judge whether both are identical in fact, shown in step 260.When if both misfit in fact, inquire then whether the user continues contrast, shown in step 270.If the user does not continue contrast, then whole flow process finishes.If the user will continue contrast, then get back to step 250.If both are identical in fact, utilize main frame mess code generating routine to produce one group of main frame mess code, and this main frame mess code is back in the storage device 1, shown in step 280 according to the mess code program gold key that upgrades at any time.
Then, in storage device 1, utilize a device mess code generating routine to produce an assembling scramble sign indicating number, shown in step 290 according to this mess code program of upgrading at any time gold key.Then, contrasting this assembling scramble sign indicating number whether in fact identical with this if organizing the main frame mess code, shown in step 300.When this assembling scramble sign indicating number and this group main frame mess code were identical in fact, a data protection unit 24/50/80 activation that makes storage device 1 was for end host 2 accesses, shown in step 310.Otherwise this data protection unit 24/50/80 forbidden energy is finished to prevent end host 2 accesses.
It should be noted that this method can be applied in above-mentioned three embodiment, so detailed content is not described in detail in this.
By said apparatus of the present invention and method, because the contrast of complicated biological data action is to carry out in the end host, so storage device itself does not need the microprocessor of high-order.In addition, after biological data contrasted successfully, the signal that end host is sent not was to be merely in order to opening the signal of data to be protected, but one group of protean signal even be blocked, is not afraid of data disclosure to be protected yet.This is because the activation and the forbidden energy of last data protection unit carry out in control module; and the correlation data of control module is two groups of protean mess codes; only after two groups of mess codes contrasted successfully, therefore the administration authority of ability turn-on data secret unit can effectively prevent to be cracked.The contrast of mess code is quite simple, can utilize for example the microprocessor of 8051 processors just can handle, and the advantage that makes the present invention thereby captured autonomous device does not need to increase cost yet.
The specific embodiment that is proposed in the detailed description of preferred embodiment is only in order to convenient explanation technology contents of the present invention, but not with narrow sense of the present invention be limited to the foregoing description, in the situation that does not exceed spirit of the present invention and claim, the many variations of being done is implemented, and all belongs to scope of the present invention.
Claims (20)
1. storage device, in order to be connected with an end host, this end host is characterized in that in order to carry out a biological identification application program and a main frame mess code generating routine described storage device comprises:
One host interface is in order to be connected with described end host;
One control module, it is connected to described host interface, and comprise a microprocessor, a random access memory and a ROM (read-only memory), the working storage of described random access memory during as data processing, and described ROM (read-only memory) stores a firmware and a device mess code generating routine that makes described storage device work;
One biological sensor, it is connected to described control module, in order to sensing one user's a biological data to be identified;
One data protection unit, it is connected to described control module, and in order to store data to be protected; And
One storage module, it is connected to described control module, in order to store a template biological data;
Wherein:
Described template biological data is that the microprocessor by described control module is uploaded to described end host;
Under the guiding of described biology identification application program, described control module control biology sensor reads user's biological data to be identified, and should be sent in the end host by biological data to be identified;
Described end host utilizes biology identification application program to handle and contrast biological data to be identified and template biological data, and judge whether both coincide, and when coincideing, utilize main frame mess code generating routine to produce one group of main frame mess code, and this main frame mess code is back in the microprocessor according to a mess code program gold key that upgrades at any time; And
This microprocessor utilizes described device mess code generating routine to produce an assembling scramble sign indicating number according to the mess code program gold key that upgrades at any time; and when this assembling scramble sign indicating number of contrast and this group main frame mess code are identical; make described data protection unit activation for the end host access, otherwise make this data protection unit forbidden energy to prevent the end host access.
2. storage device as claimed in claim 1 is characterized in that, described data protection unit is the secret block in the storage module.
3. storage device as claimed in claim 1 is characterized in that, described data protection unit is an external memorizer, and it is connected to described control module by a storage expansion slot.
4. storage device as claimed in claim 3 is characterized in that, after described external memorizer was inserted into described storage expansion slot, described control module was planned to the secret block of single expansion with this external memorizer, in order to store data to be protected.
5. storage device as claimed in claim 1 is characterized in that, described data protection unit is a high capacity storage element, and it is connected to described control module by a storage interface expansion slot.
6. storage device as claimed in claim 5 is characterized in that, described high capacity storage element also is connected to described control module by an enciphering/deciphering chip, passes in and out the data of this high capacity storage element in order to enciphering/deciphering.
7. storage device as claimed in claim 1 is characterized in that, described biology identification application program and described main frame mess code generating routine are stored in the application program block of described storage module.
8. storage device as claimed in claim 7 is characterized in that, described application program block is modeled into a disc storage device, uses to make the end host that is connected to described storage device automatically perform biology identification application program and main frame mess code generating routine.
9. storage device as claimed in claim 1 is characterized in that, described main frame mess code generating routine has identical programmed logic with device mess code generating routine.
10. storage device as claimed in claim 1 is characterized in that, described template biological data and the mess code program gold key that upgrades at any time are stored in the hidden blocks of described storage module.
11. storage device as claimed in claim 1 is characterized in that, the described mess code program gold key that upgrades at any time is stored in the described storage module, and this mess code program of upgrading at any time gold key is that microprocessor by described control module is uploaded to end host.
12. storage device as claimed in claim 1 is characterized in that, the described mess code program gold key that upgrades is at any time produced by described biology identification application program.
13. storage device as claimed in claim 1 is characterized in that, the described mess code program gold key that upgrades is at any time produced according to biological data to be identified by described biology identification application program.
14. storage device as claimed in claim 1 is characterized in that, the described mess code program gold key that upgrades is at any time produced according to a biological data to be identified and a mathematical operation by described biology identification application program.
15. the guard method of the storage data of a storage device is characterized in that, comprises following steps:
Connect a described storage device and an end host;
Carry out a biological identification application program at end host;
A template biological data that is stored in described storage device is sent to described end host;
Guide a user to use a biological sensor of this storage device,, and should be sent to described end host by biological data to be identified so that this biology sensor captures this user's a biological data to be identified;
Utilize biology identification application program to handle and contrast described biological data to be identified and described template biological data, and judge whether both coincide, and when coincideing, utilize a main frame mess code generating routine to produce one group of main frame mess code, and this main frame mess code is back in the described storage device according to a mess code program gold key that upgrades at any time; And
In described storage device; utilize a device mess code generating routine to produce an assembling scramble sign indicating number according to the described mess code program gold key that upgrades at any time; and when this assembling scramble sign indicating number of contrast and this group main frame mess code are identical; a data protection unit activation that makes described storage device is for the end host access, otherwise makes this data protection unit forbidden energy to prevent the end host access.
16. the guard method of the storage data of storage device as claimed in claim 15; it is characterized in that; one application program block of described storage module is modeled into a disc storage device; and wherein store described biology identification application program and described main frame mess code generating routine, use making the end host that is connected to described storage device automatically perform this biology identification application program and this main frame mess code generating routine.
17. the guard method of the storage data of storage device as claimed in claim 15 is characterized in that, more comprises following steps: the mess code program of upgrading the at any time gold key that will be stored in described storage device is sent to end host.
18. the guard method of the storage data of storage device as claimed in claim 15 is characterized in that, more comprises following steps: utilize described biology identification application program to produce the mess code program gold key of renewal at any time.
19. the guard method of the storage data of storage device as claimed in claim 15 is characterized in that, more comprises following steps: utilize described biology identification application program to produce the mess code program gold key that upgrades at any time according to biological data to be identified.
20. the guard method of the storage data of storage device as claimed in claim 15 is characterized in that, more comprises following steps: utilize described biology identification application program to produce the mess code program gold key that upgrades at any time according to a biological data to be identified and a mathematical operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610002196 CN100476764C (en) | 2006-01-18 | 2006-01-18 | Storage device and method for protecting stored data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610002196 CN100476764C (en) | 2006-01-18 | 2006-01-18 | Storage device and method for protecting stored data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101004716A CN101004716A (en) | 2007-07-25 |
| CN100476764C true CN100476764C (en) | 2009-04-08 |
Family
ID=38703875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610002196 Active CN100476764C (en) | 2006-01-18 | 2006-01-18 | Storage device and method for protecting stored data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100476764C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104346296B (en) * | 2013-08-09 | 2019-02-01 | 慧荣科技股份有限公司 | Data storage device and voltage protection method thereof |
| CN103593619A (en) * | 2013-11-13 | 2014-02-19 | 宇龙计算机通信科技(深圳)有限公司 | Method and system applied to data protection |
| CN109753821B (en) * | 2017-11-01 | 2022-03-15 | 瑞昱半导体股份有限公司 | Data access device and method |
-
2006
- 2006-01-18 CN CN 200610002196 patent/CN100476764C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN101004716A (en) | 2007-07-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7519203B2 (en) | Portable encrypted storage device with biometric identification and method for protecting the data therein | |
| TWI282940B (en) | Memory storage device with a fingerprint sensor and method for protecting the data therein | |
| US7447911B2 (en) | Electronic identification key with portable application programs and identified by biometrics authentication | |
| US7539830B2 (en) | Portable storage device capable of automatically running biometrics application programs and methods of automatically running the application programs | |
| US7461266B2 (en) | Storage device and method for protecting data stored therein | |
| EP1990734A1 (en) | Portable and independent system for storage and display of passwords and pins | |
| TWI326846B (en) | ||
| US20080126810A1 (en) | Data protection method for optical storage media/device | |
| CN101017462A (en) | Portable memory devices having biological date protection mechanism and protection method thereof | |
| CN100476764C (en) | Storage device and method for protecting stored data | |
| CN100452000C (en) | Portable memory devices and method for automatically performing biology identification application program | |
| US7519829B2 (en) | Storage device and method for protecting data stored therein | |
| US20100174902A1 (en) | Portable storage media with high security function | |
| US20070150746A1 (en) | Portable storage with bio-data protection mechanism & methodology | |
| CN1333348C (en) | Method for protecting portable cryptographic storage device of containing biological identification and stored data | |
| TWI296780B (en) | Hard disk apparatus with a biometrics sensor and method of protecting data therein | |
| WO2009038446A1 (en) | A portable secure identity and mass storage unit | |
| CN100451999C (en) | Memory and method for protecting storage data | |
| CN1624667A (en) | Storage store device containing finger print senser and method for protecting its stored document | |
| CN1996269A (en) | Memory device with fingerprint sensing function and data protection method therefor | |
| CN101089896A (en) | Protection method for file of optical store medium/device | |
| CN1285018C (en) | Identity of electronic key and control method | |
| CN101034377A (en) | Hard disk device containing biosensor and protection method of stored data | |
| KR20070109488A (en) | The mouse of finger drive ring with nand flash memory | |
| WO2007065809A3 (en) | Portable electronic device, method for clearing a chip card, and computer program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |