CN105989392A - Mobile storage system, access control method thereof and manufacturing method thereof - Google Patents
Mobile storage system, access control method thereof and manufacturing method thereof Download PDFInfo
- Publication number
- CN105989392A CN105989392A CN201510077263.7A CN201510077263A CN105989392A CN 105989392 A CN105989392 A CN 105989392A CN 201510077263 A CN201510077263 A CN 201510077263A CN 105989392 A CN105989392 A CN 105989392A
- Authority
- CN
- China
- Prior art keywords
- module
- password
- control module
- access
- flash memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 130
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000004519 manufacturing process Methods 0.000 title claims abstract description 11
- 230000005540 biological transmission Effects 0.000 claims abstract description 39
- 238000005192 partition Methods 0.000 claims description 55
- 238000013500 data storage Methods 0.000 claims description 45
- 230000002093 peripheral effect Effects 0.000 claims description 21
- 238000004891 communication Methods 0.000 claims description 20
- 238000005516 engineering process Methods 0.000 claims description 8
- 239000002184 metal Substances 0.000 claims description 8
- 229910052751 metal Inorganic materials 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 239000003822 epoxy resin Substances 0.000 claims description 4
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 claims description 4
- 229920000647 polyepoxide Polymers 0.000 claims description 4
- 239000010931 gold Substances 0.000 claims description 3
- 229910052737 gold Inorganic materials 0.000 claims description 3
- 239000000565 sealant Substances 0.000 claims description 3
- 238000005538 encapsulation Methods 0.000 claims 1
- WABPQHHGFIMREM-UHFFFAOYSA-N lead(0) Chemical compound [Pb] WABPQHHGFIMREM-UHFFFAOYSA-N 0.000 description 4
- 101001128814 Pandinus imperator Pandinin-1 Proteins 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 101001024685 Pandinus imperator Pandinin-2 Proteins 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000003292 glue Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 239000004033 plastic Substances 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
Description
技术领域technical field
本发明涉及移动存储技术,特别涉及一种移动存储系统、其存取控制方法及其制造方法。The invention relates to mobile storage technology, in particular to a mobile storage system, its access control method and its manufacturing method.
背景技术Background technique
在移动存储技术领域,带有通用串行总线(USB)接口的移动存储装置,由于其高速的数据传输速度受到越来越多的青睐。USB移动存储装置的功能由其内部的移动存储系统完成,目前针对USB移动存储装置内部的移动存储系统安全存储的研究越来越多,主要以针对U盘中的移动存储系统的研究居多。In the field of mobile storage technology, mobile storage devices with a universal serial bus (USB) interface are increasingly favored due to their high-speed data transmission speed. The function of the USB mobile storage device is completed by its internal mobile storage system. At present, there are more and more researches on the safe storage of the mobile storage system inside the USB mobile storage device, mainly focusing on the research on the mobile storage system in the U disk.
为了实现U盘中移动存储系统的安全存储,目前主要采用盘锁加密和数据加密两种方式。In order to realize the safe storage of the mobile storage system in the U disk, two methods of disk lock encryption and data encryption are mainly used at present.
其中使用数据加密方式,是对移动存储系统中存储的数据本身进行加密,加密是由计算机完成的,读取数据时,需经过解密后再传回给用户。移动存储系统中的存储区域一般分为两个分区,针对加密的分区,在解密之前不能访问,而没有加密或已经解密的加密分区可以访问,并且每个分区的存取属性固定不变。用户每次使用数据时都需要进行一次解密过程,给用户使用带来了不便。Among them, the data encryption method is used to encrypt the data stored in the mobile storage system itself. The encryption is completed by the computer. When reading the data, it needs to be decrypted and then sent back to the user. The storage area in the mobile storage system is generally divided into two partitions. The encrypted partition cannot be accessed before decryption, while the unencrypted or decrypted encrypted partition can be accessed, and the access attributes of each partition are fixed. The user needs to perform a decryption process every time the data is used, which brings inconvenience to the user.
使用盘锁加密方式,用户在使用前需输入盘锁口令,如果输入不正确可以重复输入到正确为止,由于U盘一般和计算机连接,因此很容易通过软件使用穷举的方法破解盘锁。为了解决以上缺陷,有的U盘在用户使用前还需输入一个用户口令,输入不正确时用户将看不到U盘中的任何内容,并且为了防止恶意破解口令,U盘内的移动存储系统存储有允许用户输入口令的最大次数,当用户输入口令的次数大于该存储次数时,U盘锁死,用户需要前往厂家才能重新解锁,或者U盘中的数据会自动清除。这种方式虽然解决了恶意破解口令的问题,但也为用户使用带来了不便,因为一旦不慎超过了重试次数就需前往厂家解密,或者会彻底失去数据。Using the disk lock encryption method, the user needs to input the disk lock password before using it. If the input is incorrect, you can re-enter it until it is correct. Since the U disk is usually connected to the computer, it is easy to crack the disk lock through software using exhaustive methods. In order to solve the above defects, some U disks need to input a user password before the user uses it. If the input is incorrect, the user will not be able to see any content in the U disk, and in order to prevent malicious password cracking, the mobile storage system in the U disk It stores the maximum number of times the user is allowed to enter the password. When the number of times the user enters the password is greater than the stored number, the U disk is locked and the user needs to go to the manufacturer to unlock it again, or the data in the U disk will be automatically cleared. Although this method solves the problem of maliciously cracking passwords, it also brings inconvenience to users, because once the number of retries is accidentally exceeded, it is necessary to go to the manufacturer to decrypt, or the data will be completely lost.
目前针对以上两种保证安全存储的方式的移动存储系统,其外形符合U盘的尺寸,封装较容易拆卸,对于使用盘锁的U盘来说,一旦打开封装获得内部存储数据的芯片,数据的安全就得不到保证了。At present, the mobile storage system for the above two ways of ensuring safe storage has an appearance that conforms to the size of the U disk, and the package is easier to disassemble. Safety cannot be guaranteed.
在申请号为200520109901.0的中国专利申请中,公开了一种具有集成电路(IC)卡、磁卡外形,通过USB接口和外部设备进行通信的卡式装置,该卡式装置的外形符合ISO7810标准,长度、宽度和高度分别为86.5毫米、53.98毫米和0.75毫米,图1示出了现有技术中具有USB接口的卡式装置的外形。相对于普通的USB移动存储装置例如U盘,该USB卡式装置具有更方便携带的优点,但目前还没有符合这种卡式装置外形并且实现安全存储的移动存储系统。由上述介绍可以看出,目前存在的移动存储系统都是符合例如U盘等体积较大的USB移动存储装置外形,无法直接应用于USB卡式装置中,而且目前已有的符合U盘外形的移动存储系统在安全存储方面还具有一定缺陷,无法在用户使用方便的前提下保证安全存储。In the Chinese patent application with the application number 200520109901.0, a card-type device with the shape of an integrated circuit (IC) card and a magnetic card is disclosed, which communicates with external devices through a USB interface. The shape of the card-type device complies with the ISO7810 standard, and the length , width and height are 86.5 millimeters, 53.98 millimeters and 0.75 millimeters respectively, Fig. 1 has shown the appearance of the card device with USB interface in the prior art. Compared with ordinary USB mobile storage devices such as U disks, the USB card-type device has the advantage of being more portable, but there is no mobile storage system that conforms to the shape of the card-type device and realizes safe storage. It can be seen from the above introduction that the currently existing mobile storage systems conform to the shape of larger USB mobile storage devices such as U disks, and cannot be directly applied to USB card devices, and the existing mobile storage systems that conform to the shape of U disks The mobile storage system also has certain defects in safe storage, and cannot guarantee safe storage under the premise of user convenience.
发明内容Contents of the invention
有鉴于此,本发明提供一种移动存储系统,该系统的外形符合ISO7810标准,能够在用户使用方便的前提下保证安全存储;为此本发明还提供一种制造该移动存储系统的方法以及该移动存储系统的存取控制方法。In view of this, the present invention provides a mobile storage system, the appearance of which conforms to the ISO7810 standard, and can ensure safe storage under the premise of user convenience; for this reason, the present invention also provides a method for manufacturing the mobile storage system and the An access control method for a mobile storage system.
一种移动存储系统,该系统外形符合ISO7810标准,该系统包括:通用串行总线USB传输控制模块、闪存模块和微处理器模块;A mobile storage system, the system appearance conforms to the ISO7810 standard, the system includes: a universal serial bus USB transmission control module, a flash memory module and a microprocessor module;
所述USB传输控制模块,用于将外部设备的输入口令传输给微处理器模块;在微处理器模块控制下,外部设备访问闪存模块中对应的用户数据存储分区;在微处理器模块控制下,拒绝与外部设备的所有通信;The USB transmission control module is used to transmit the input password of the external device to the microprocessor module; under the control of the microprocessor module, the external device accesses the corresponding user data storage partition in the flash memory module; under the control of the microprocessor module , rejecting all communication with external devices;
所述闪存模块,包括一个以上用户数据存储分区和口令存储区;所述用户数据存储分区对应不同的预置口令具有不同的存取属性,用于存储用户数据;所述口令存储区,用于存储对应数据存储分区不同存取属性的预置口令;The flash memory module includes more than one user data storage partition and password storage area; the user data storage partition has different access attributes corresponding to different preset passwords, and is used to store user data; the password storage area is used for Store preset passwords corresponding to different access attributes of the data storage partition;
所述微处理器模块,用于接收USB传输控制模块传输的输入口令;在闪存模块中查找到与输入口令匹配的预置口令时,控制USB传输控制模块,外部设备按照该预置口令对应用户数据存储分区的存取属性,访问闪存模块中对应的用户数据存储分区;在闪存模块中没有查找到与输入口令匹配的预置口令时,控制USB传输控制模块,拒绝与外部设备的所有通信。The microprocessor module is used to receive the input password transmitted by the USB transmission control module; when the preset password matching the input password is found in the flash memory module, the USB transmission control module is controlled, and the external device corresponds to the user according to the preset password The access attribute of the data storage partition accesses the corresponding user data storage partition in the flash memory module; when the preset password matching the input password is not found in the flash memory module, the USB transmission control module is controlled to reject all communications with external devices.
所述闪存模块中的口令存储区进一步用于存储预置口令与用户数据存储分区存取属性的对应关系,供微处理器模块读取该对应关系。The password storage area in the flash memory module is further used to store the corresponding relationship between the preset password and the access attribute of the user data storage partition, for the microprocessor module to read the corresponding relationship.
所述微处理器模块包括访问控制模块和存取属性控制模块;The microprocessor module includes an access control module and an access attribute control module;
所述访问控制模块,用于接收USB传输控制模块传输的输入口令;在闪存模块中查找到与输入口令匹配的预置口令时,将输入口令提供给存取属性控制模块,触发存取属性控制模块,接收存取属性控制模块发送的存取属性控制信息,控制USB传输控制模块,外部设备按照所述存取属性控制信息的内容,访问闪存模块中对应的用户数据存储分区;在闪存模块中没有查找到与输入口令匹配的预置口令时,控制USB传输控制模块,拒绝与外部设备的所有通信;The access control module is used to receive the input password transmitted by the USB transmission control module; when the preset password matching the input password is found in the flash memory module, the input password is provided to the access attribute control module to trigger the access attribute control The module receives the access attribute control information sent by the access attribute control module, controls the USB transmission control module, and the external device accesses the corresponding user data storage partition in the flash memory module according to the content of the access attribute control information; in the flash memory module When no preset password matching the input password is found, the USB transmission control module is controlled to refuse all communications with the external device;
所述存取属性控制模块,用于根据所述访问控制模块提供的输入口令,从闪存模块的口令存储区中读取预置口令与各个存储分区存取属性的对应关系,生成携带输入口令对应用户数据存储分区存取属性的存储属性控制信息,提供给访问控制模块。The access attribute control module is used to read the corresponding relationship between the preset password and the access attributes of each storage partition from the password storage area of the flash memory module according to the input password provided by the access control module, and generate a corresponding password carrying the input password. The storage attribute control information of the access attribute of the user data storage partition is provided to the access control module.
一种存取控制方法,其特征在于,移动存储系统每次上电后该方法包括:An access control method, characterized in that the method comprises: each time the mobile storage system is powered on:
A、微处理模块通过USB传输控制模块接收输入口令;A, the microprocessing module receives the input password through the USB transmission control module;
B、微处理器模块在闪存模块中查找与输入口令匹配的预置口令,查找到时执行步骤C,没有查找到时执行步骤D;B. The microprocessor module searches for a preset password matching the input password in the flash memory module, and executes step C when found, and executes step D when not found;
C、微处理模块控制USB传输控制模块,外部设备按照该预置口令对应用户数据存储分区的存取属性,访问闪存模块中对应的用户数据存储分区;C, the microprocessing module controls the USB transmission control module, and the external device accesses the corresponding user data storage partition in the flash memory module according to the access attribute of the preset password corresponding to the user data storage partition;
D、微处理器模块控制USB传输控制模块,拒绝与外部设备的所有通信。D. The microprocessor module controls the USB transmission control module and rejects all communications with external devices.
所述存取属性包括:只读、可读写和不可见。The access attributes include: read-only, read-write and invisible.
一种移动存储系统的制造方法,该方法包括:采用裸芯片、以及由外围器件形成的外围电路,构成移动存储系统中的模块;将模块基于符合ISO7810标准的外形采用环氧树脂封装;其中按照以下步骤构造模块:A method for manufacturing a mobile storage system, the method comprising: using a bare chip and a peripheral circuit formed by peripheral devices to form a module in the mobile storage system; encapsulating the module with epoxy resin based on an outline conforming to the ISO7810 standard; The following steps construct the module:
A、将裸芯片和外围器件粘贴在带有触点的金属载带上,粘贴完成后进行固化;A. Paste the bare chip and peripheral devices on the metal carrier tape with contacts, and cure after the pasting is completed;
B、使用引线键合技术采用金丝桥接所述外围器件,形成外围电路;桥接裸芯片与金属载带上的触点、以及裸芯片与外围电路;B. Using wire bonding technology to bridge the peripheral devices with gold wires to form a peripheral circuit; bridge the bare chip and the contact on the metal carrier tape, and the bare chip and the peripheral circuit;
C、使用封胶覆盖步骤B中桥接完成后形成的引线,恒温静置。C. Use sealant to cover the leads formed after bridging in step B, and let stand at a constant temperature.
步骤B中所述引线键合技术为使用热超声工艺的引线键合技术,形成的引线弧高度为0.1毫米。The wire bonding technology described in step B is a wire bonding technology using a thermosonic process, and the height of the formed wire loop is 0.1 mm.
从上述技术方案可以看出,本发明提供的移动存储系统,外形符合ISO7810标准,相比现有的诸如U盘的存储系统,可以应用在卡式装置中,放入到用户的钱包中,便于携带,并且可以在用户使用方便的前提下,保证安全存储。It can be seen from the above technical solutions that the mobile storage system provided by the present invention conforms to the ISO7810 standard in appearance. Compared with existing storage systems such as U disks, it can be applied to card-type devices and put into users' wallets, which is convenient Portable, and can be safely stored under the premise of user convenience.
本发明的移动存储系统及其存取控制方法,在系统内查找到与输入口令匹配的预置口令时,外部设备可以按照预置口令对应用户数据存储分区内的存取属性访问对应的用户数据存储分区,从而实现多用户使用同一个移动存储系统而不影响每个用户的存储安全,在系统内没有查找到与输入口令匹配的预置口令时,拒绝用户与移动存储系统的所有通信,直至移动存储系统重新上电,从而在方便用户操作的前提下保证安全存储。In the mobile storage system and its access control method of the present invention, when a preset password matching the input password is found in the system, the external device can access the corresponding user data according to the access attribute in the user data storage partition corresponding to the preset password Storage partitions, so that multiple users can use the same mobile storage system without affecting the storage security of each user. When no preset password matching the input password is found in the system, all communications between the user and the mobile storage system will be rejected until The mobile storage system is powered on again, so as to ensure safe storage under the premise of user-friendly operation.
本发明移动存储系统的制造方法,在移动存储系统的模块中使用裸芯片,并将引线键合技术用于模块的制造,因此移动存储系统中的各个模块体积都较小,在将这些模块基于符合ISO7810标准的外形采用环氧树脂封装就完成了移动存储系统的制造,这样制造出来的移动存储系统外形符合ISO7810标准,能够用于USB卡式装置中。The manufacturing method of the mobile storage system of the present invention uses bare chips in the modules of the mobile storage system, and uses wire bonding technology for the manufacture of the modules, so that the volume of each module in the mobile storage system is relatively small, and these modules are based on The appearance conforming to the ISO7810 standard is encapsulated with epoxy resin to complete the manufacture of the mobile storage system. The appearance of the manufactured mobile storage system conforms to the ISO7810 standard and can be used in a USB card device.
附图说明Description of drawings
图1为现有技术中具有USB接口的卡式装置的外形示意图;FIG. 1 is a schematic diagram of the appearance of a card device with a USB interface in the prior art;
图2为本发明提供的移动存储系统的原理框图;Fig. 2 is the functional block diagram of the mobile storage system provided by the present invention;
图3为本发明移动存储系统的存取控制方法流程图。FIG. 3 is a flow chart of the access control method of the mobile storage system of the present invention.
具体实施方式detailed description
为使本发明的目的、技术方案和优点更加清楚明白,下面结合实施例和附图,对本发明进一步详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the embodiments and accompanying drawings.
首先介绍本发明提供的移动存储系统,该系统的外形符合ISO7810标准,能用于图1所示的USB卡式装置中。如图1所示的USB卡式装置,其USB接口为位于表面上的四个电极触点,外部设备与这四个电极触点形成电连接,从而为卡式装置内的存储系统上电,例如将上述卡式装置与读卡器等读写装置配合使用,再将读卡器与计算机相连,计算机就可以通过卡式装置上的USB电极触点为卡式装置上电,然后计算机就可以和卡式装置进行通信。Firstly, the mobile storage system provided by the present invention is introduced. The appearance of the system conforms to the ISO7810 standard and can be used in the USB card device shown in FIG. 1 . As shown in Figure 1, the USB card device has four electrode contacts on the surface of its USB interface, and the external device forms an electrical connection with these four electrode contacts, thereby powering on the storage system in the card device. For example, use the above-mentioned card device in conjunction with a card reader and other reading and writing devices, and then connect the card reader to a computer, and the computer can power on the card device through the USB electrode contacts on the card device, and then the computer can Communicate with the card device.
图2示出了本发明提供的移动存储系统的原理框图,该移动存储系统包括:USB传输控制模块、闪存模块和微处理器模块。Fig. 2 shows a functional block diagram of the mobile storage system provided by the present invention, the mobile storage system includes: a USB transmission control module, a flash memory module and a microprocessor module.
所述USB传输控制模块,通过信号线与USB卡式装置上的USB接口相连,从而实现和外部设备之间的数据传输。USB传输控制模块,用于接收微处理器模块发送的提示输入口令的命令,接收外部设备送入的输入口令,传输给微处理器模块;在微处理器模块的控制下,外部设备访问闪存模块中的对应用户数据存储分区;在微处理器模块的控制下,拒绝与外部设备的所有通信,这里的通信可以是包括外部设备想重试输入口令或访问闪存模块等所有的通信。The USB transmission control module is connected to the USB interface on the USB card device through a signal line, so as to realize data transmission with external equipment. The USB transmission control module is used to receive the prompt input password command sent by the microprocessor module, receive the input password sent by the external device, and transmit it to the microprocessor module; under the control of the microprocessor module, the external device accesses the flash memory module Corresponding user data storage partition in; under the control of the microprocessor module, reject all communication with external equipment, the communication here can include all communication such as external equipment wants to retry input password or visit flash memory module.
所述闪存模块,包括一个以上用户数据存储分区和口令存储区;所述用户数据存储分区对应不同预置口令具有不同的存取属性,用于存储用户数据;所述口令存储区,用于存储对应不同用户数据存储分区存取属性的预置口令。The flash memory module includes more than one user data storage partition and password storage area; the user data storage partition has different access attributes corresponding to different preset passwords, and is used to store user data; the password storage area is used to store Preset passwords corresponding to the access attributes of different user data storage partitions.
所述微处理器模块,用于向USB传输控制模块发送提示输入口令的命令,接收USB传输控制模块传输的输入口令;在闪存模块中查找到与输入口令匹配的预置口令时,控制USB传输控制模块,外部设备按照该预置口令对应用户数据存储分区的存取属性,访问闪存模块中对应的的用户数据存储分区;在闪存模块中没有查找到与输入口令匹配的预置口令时,控制USB传输控制模块,拒绝外部设备与移动存储系统的所有通信。The microprocessor module is used to send a command prompting the input password to the USB transmission control module, and receives the input password transmitted by the USB transmission control module; when finding a preset password matching the input password in the flash memory module, control the USB transmission The control module, the external device accesses the corresponding user data storage partition in the flash memory module according to the access attribute of the preset password corresponding to the user data storage partition; when no preset password matching the input password is found in the flash memory module, the control The USB transmission control module rejects all communication between the external device and the mobile storage system.
本发明提供的外形符合ISO7810标准移动存储系统相比现有的诸如U盘的存储系统,可以应用在卡式装置中,放入到用户的钱包中,便于携带,并且可以在用户使用方便的前提下,保证安全存储.具体地,能够用于图1所示的USB卡式装置中;在口令输入正确时,外部设备按照预置口令对应用户数据存储分区的存取属性,访问闪存模块中对应的用户数据存储分区,实现了多用户使用同一个移动存储系统时不相互影响;在口令输入错误时,拒绝外部设备与移动存储系统的所有通信,直至重新对移动存储系统上电。Compared with existing storage systems such as U disks, the mobile storage system provided by the present invention conforms to the ISO7810 standard and can be used in card-type devices and put into users' wallets, which is easy to carry and can be used on the premise of user convenience. Next, secure storage is ensured. Specifically, it can be used in the USB card device shown in Figure 1; when the password is entered correctly, the external device accesses the corresponding user data storage partition in accordance with the preset password. The user data storage partition realizes that multiple users do not affect each other when using the same mobile storage system; when the password is entered incorrectly, all communication between the external device and the mobile storage system is rejected until the mobile storage system is powered on again.
在上述本发明移动存储系统中,闪存模块的口令存储区可以进一步用于存储预置口令与用户数据存储分区存取属性的对应关系,预置口令可以包括多个普通用户口令和一个管理员口令,其中使用管理员口令访问移动存储系统,可以对普通用户口令进行修改或增删。预置口令与各个存储分区的存取属性对应关系,具体限定了不同的预置口令对应不同的用户数据存储分区时所具有的不同访问权限,各个存储分区的存取属性可以包括可读可写、只可读和不可见三种。以一个简单的实例说明预置口令与各个存储分区存取属性的对应关系。In the above-mentioned mobile storage system of the present invention, the password storage area of the flash memory module can be further used to store the correspondence between preset passwords and user data storage partition access attributes, and the preset passwords can include multiple common user passwords and an administrator password , where the administrator password is used to access the mobile storage system, and the ordinary user password can be modified or added or deleted. The corresponding relationship between the preset password and the access attributes of each storage partition specifically defines the different access rights that different preset passwords have when corresponding to different user data storage partitions. The access attributes of each storage partition can include readable and writable , only readable and invisible. A simple example is used to illustrate the correspondence between preset passwords and access attributes of each storage partition.
表一Table I
如表一所示,移动存储系统设置有四个预置口令Pin1~Pin4,移动存储系统中的闪存模块中划分为三个用户数据存储分区。假设用户A使用的用户口令为Pin1,按照表一示出的对应关系,用户A使用Pin1口令访问移动存储系统,对1区内的数据可读可写,对2区内的数据不可见,即用户A完全看不到2区内的数据,对3区的数据只可读。与上述用户A有相同的过程,假设用户B使用用户口令Pin2,用户B在访问移动存储系统后,对1区~3区的数据都只可读。而管理员口令对1区~3区的数据均可读可写。因此,闪存模块中的用户数据存储分区,对应不同的预置口令可以具有不同的存取属性。As shown in Table 1, the mobile storage system is provided with four preset passwords Pin1-Pin4, and the flash memory module in the mobile storage system is divided into three user data storage partitions. Assuming that the user password used by user A is Pin1, according to the corresponding relationship shown in Table 1, user A uses the Pin1 password to access the mobile storage system, and can read and write the data in area 1, but cannot see the data in area 2, that is User A cannot see the data in zone 2 at all, and can only read the data in zone 3. The process is the same as that of user A above, assuming that user B uses the user password Pin2, after user B accesses the mobile storage system, the data in area 1 to area 3 can only be read. And the administrator password can read and write the data in the 1st area to 3rd area. Therefore, the user data storage partitions in the flash memory module may have different access attributes corresponding to different preset passwords.
当然,根据实际需要,某些用户数据存储分区无需加密,可以作为公共存储区来使用。Of course, according to actual needs, some user data storage partitions do not need to be encrypted and can be used as public storage areas.
在闪存模块的口令存储区中进一步存储预置口令与各个用户数据存储分区存取属性的对应关系后,微处理器模块可以包括:访问控制模块和存取属性控制模块。After further storing the correspondence between the preset password and the access attribute of each user data storage partition in the password storage area of the flash memory module, the microprocessor module may include: an access control module and an access attribute control module.
所述访问控制模块,用于接收USB传输控制模块传输的输入口令。访问控制模块在闪存模块中查找与输入口令匹配的预置口令,其中当预置口令为多个时,需遍历闪存模块口令存储区中的所有预置口令。当访问控制模块在闪存模块中查找到与输入口令匹配的预置口令时,将输入口令传输给存取属性控制模块以触发存取属性控制模块,接收存取属性控制模块送入的对应输入口令的存取属性控制信息,控制USB传输控制模块,外部设备按照存取属性控制信息中预置口令对应用户数据存储分区的存取属性,访问各个用户数据存储分区;当访问控制模块在闪存模块中没有查找到与输入口令匹配的预置口令时,控制USB传输控制模块,拒绝外部设备与移动存储系统的所有通信。The access control module is used to receive the input password transmitted by the USB transmission control module. The access control module searches the flash memory module for a preset password that matches the input password, and when there are multiple preset passwords, it needs to traverse all the preset passwords in the password storage area of the flash memory module. When the access control module finds a preset password matching the input password in the flash memory module, the input password is transmitted to the access attribute control module to trigger the access attribute control module, and receives the corresponding input password sent by the access attribute control module The access attribute control information controls the USB transmission control module, and the external device accesses each user data storage partition according to the access attribute of the user data storage partition corresponding to the preset password in the access attribute control information; when the access control module is in the flash memory module When no preset password matching the input password is found, the USB transmission control module is controlled to reject all communications between the external device and the mobile storage system.
所述存取属性控制模块,用于根据访问控制模块提供的输入口令,从闪存模块的口令存储区中读出预置口令与用户数据存储分区存取属性的对应关系,生成携带输入口令对应用户数据存储分区存取属性的控制信息,并提供给访问控制模块。The access attribute control module is used to read out the corresponding relationship between the preset password and the access attribute of the user data storage partition from the password storage area of the flash memory module according to the input password provided by the access control module, and generate a corresponding user password carrying the input password. The control information of the access attribute of the data storage partition is provided to the access control module.
在本发明提供的移动存储系统中,还可以进一步包括一个指示灯,当移动存储系统上电后,该指示灯可以发亮,用于告知用户移动存储系统上电成功。由于本发明移动存储系统用于图1所示USB卡式装置中,上述指示灯可以是嵌在USB卡式装置塑料基片中的发光二极管,并可以与USB接口即电极触点使用信号线在装置内部连接,当移动存储系统上电后,该发光二极管即可用通过电极触点获得发亮的电流,从而指示用户移动存储系统上电成功。In the mobile storage system provided by the present invention, it may further include an indicator light, which can light up when the mobile storage system is powered on, and is used to inform the user that the mobile storage system is powered on successfully. Because the mobile storage system of the present invention is used in the USB card device shown in Figure 1, the above-mentioned indicator lights can be light-emitting diodes embedded in the plastic substrate of the USB card device, and can be connected with the USB interface, that is, the electrode contacts using signal lines. The device is internally connected. When the mobile storage system is powered on, the light-emitting diode can be used to obtain a bright current through the electrode contacts, thereby indicating to the user that the mobile storage system is powered on successfully.
其次,介绍本发明移动存储系统的存取控制方法,图3为本发明移动存储系统的存取控制方法流程图,移动存储系统每次上电后该流程包括:Next, the access control method of the mobile storage system of the present invention is introduced. FIG. 3 is a flow chart of the access control method of the mobile storage system of the present invention. After each power-on of the mobile storage system, the process includes:
步骤301:微处理器模块通过USB传输控制模块接收输入口令。Step 301: The microprocessor module receives the input password through the USB transmission control module.
步骤302:微处理器模块在闪存模块中查找与输入口令匹配的预置口令,查找到时执行步骤303,没有查找到时执行步骤304。Step 302: The microprocessor module searches the flash memory module for a preset password matching the input password, and executes step 303 if found, and executes step 304 if not found.
步骤303:微处理器模块控制USB传输控制模块,外部设备按照预置口令对应用户数据存储分区的存取属性,访问闪存模块中的对应用户数据存储分区。Step 303: the microprocessor module controls the USB transmission control module, and the external device accesses the corresponding user data storage partition in the flash memory module according to the access attribute of the user data storage partition corresponding to the preset password.
本步骤中,存取属性可以包括只读、可读可写和不可见。In this step, the access attributes may include read-only, read-write and invisible.
步骤304:微处理器模块控制USB传输控制模块,拒绝用户与移动存储系统的所有通信。Step 304: the microprocessor module controls the USB transmission control module, rejecting all communications between the user and the mobile storage system.
本步骤中,输入口令与预置口令不一致,说明用户输入口令错误,则微处理器模块控制USB传输控制模块,拒绝用户与移动存储系统的所有通信。所述所有通信包括用户想重新输入口令和访问移动存储系统等。In this step, if the input password is inconsistent with the preset password, it means that the user enters a wrong password, and the microprocessor module controls the USB transmission control module to reject all communication between the user and the mobile storage system. All communications include users wanting to re-enter passwords and access removable storage systems, etc.
经过步骤301~步骤304,本发明利用移动存储系统的存取控制方法流程结束,使用该流程,能够在用户口令输入正确时,允许用户按照预置口令对应各个用户数据存储分区的存取属性访问闪存模块中的各个用户数据存储分区,实现了多用户使用同一个移动存储系统时,各自的存储安全不相互影响。在用户输入口令错误时,拒绝用户与移动存储系统的所有通信,直至重新对移动存储系统上电,移动存储系统才又按照所述流程开始工作,在用户使用方便的前提下,保证安全存储。After steps 301 to 304, the flow of the access control method using the mobile storage system in the present invention ends. Using this flow, when the user password is input correctly, the user is allowed to access according to the preset password corresponding to the access attribute of each user data storage partition. Each user data storage partition in the flash memory module realizes that when multiple users use the same mobile storage system, their respective storage security does not affect each other. When the user enters a wrong password, all communication between the user and the mobile storage system will be rejected, and the mobile storage system will start working according to the described process until the mobile storage system is powered on again, ensuring safe storage on the premise of user convenience.
在本发明移动存储系统及其存取控制方法中,也可以设置一个每次上电口令允许错误次数阈值,再设置一个口令验证失败次数变量,当用户输入口令错误时,将口令验证失败次数变量的数值进行更新,比较更新后的口令验证失败次数变量的数值超过每次上电口令允许错误次数阈值时,再拒绝用户与移动存储系统的所有通信。In the mobile storage system and its access control method of the present invention, it is also possible to set a threshold value for the number of times of password errors per power-on, and then set a variable for the number of times of password verification failures. When comparing the value of the updated password verification failure times variable with the value exceeding the permissible password error threshold for each power-on, all communications between the user and the mobile storage system are rejected.
最后介绍本发明移动存储系统的制造方法,移动存储系统中的模块,内部包括裸芯片、以及由外围器件形成的外围电路,要制造移动存储系统,首先按照以下步骤构造模块:Finally, the manufacturing method of the mobile storage system of the present invention is introduced. The modules in the mobile storage system include bare chips and peripheral circuits formed by peripheral devices. To manufacture the mobile storage system, the modules are first constructed according to the following steps:
A、将裸芯片和外围器件粘贴在带有触点的金属载带上,粘贴完成后进行固化。A. Paste the bare chip and peripheral devices on the metal carrier tape with contacts, and cure after the pasting is completed.
本步骤中,将裸芯片和其外围器件粘贴在金属载带上的操作,可以使用贴片机完成,而固化可以通过将贴好裸芯片和其外围器件的金属载带放入热循环固化箱中完成。In this step, the operation of pasting the bare chip and its peripheral devices on the metal carrier tape can be completed by using a mounter, and the curing can be done by putting the metal carrier tape pasted with the bare chip and its peripheral devices into a thermal cycle curing box completed.
B、使用引线键合技术采用金丝桥接所述外围器件,形成外围电路;桥接裸芯片与金属载带上的触点、以及裸芯片与外围电路。B. Using wire bonding technology to bridge the peripheral devices with gold wires to form a peripheral circuit; bridge the bare chip and the contact on the metal carrier tape, and the bare chip and the peripheral circuit.
本步骤中,可以使用引线键合工艺中的热超声工艺,使引线弧度为0.1毫米左右,金丝可以承受大于4克的力。可以使用引线键合机完成本步骤的操作。经过步骤A和步骤B后,裸芯片和其外围电路才可以与其他部件进行数据交互,从而正常工作。In this step, the thermosonic process in the wire bonding process can be used, so that the curvature of the lead wire is about 0.1 mm, and the gold wire can withstand a force greater than 4 grams. This step can be done using a wire bonding machine. After step A and step B, the bare chip and its peripheral circuits can exchange data with other components to work normally.
C、使用封胶覆盖步骤B中桥接完成后形成的引线,恒温静置。C. Use sealant to cover the leads formed after bridging in step B, and let stand at a constant temperature.
本步骤中,由于步骤B使用引线键合技术桥接后,引线的位置悬空,为了固定引线,使用封胶将引线覆盖住。可以在热循环烘箱中进行恒温静置。In this step, since the position of the lead wire is suspended after the wire bonding technique is used in Step B, the lead wire is covered with sealing glue in order to fix the lead wire. Standing at constant temperature can be carried out in a thermal circulation oven.
在将移动存储系统中的模块制造完成后,需要将这些模块统一封装,将模块基于符合ISO7810标准的外形采用环氧树脂封装。After the modules in the mobile storage system are manufactured, these modules need to be packaged uniformly, and the modules are packaged with epoxy resin based on the shape conforming to the ISO7810 standard.
以上所述的具体实施例,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施例而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. Protection scope, within the spirit and principles of the present invention, any modification, equivalent replacement, improvement, etc., shall be included in the protection scope of the present invention.
Claims (7)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510077263.7A CN105989392A (en) | 2015-02-13 | 2015-02-13 | Mobile storage system, access control method thereof and manufacturing method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510077263.7A CN105989392A (en) | 2015-02-13 | 2015-02-13 | Mobile storage system, access control method thereof and manufacturing method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105989392A true CN105989392A (en) | 2016-10-05 |
Family
ID=57041413
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510077263.7A Pending CN105989392A (en) | 2015-02-13 | 2015-02-13 | Mobile storage system, access control method thereof and manufacturing method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105989392A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108664817A (en) * | 2017-03-30 | 2018-10-16 | 金士顿数位股份有限公司 | Intelligent and safe memory |
| CN109144400A (en) * | 2017-06-16 | 2019-01-04 | 杭州海康威视数字技术股份有限公司 | A kind of date storage method, device and electronic equipment |
| CN110826113A (en) * | 2018-08-09 | 2020-02-21 | 深圳市菲德越科技有限公司 | Data secure storage method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2812131Y (en) * | 2005-06-17 | 2006-08-30 | 北京神州龙安科技有限公司 | A card type apparatus |
| CN201044180Y (en) * | 2007-05-30 | 2008-04-02 | 北京二十一世纪科技发展有限公司 | Smart card type safety USB flash drive |
| US20080301817A1 (en) * | 2003-06-20 | 2008-12-04 | Renesas Technology Corp. | Memory card |
| CN101355075A (en) * | 2007-07-25 | 2009-01-28 | 三星半导体(中国)研究开发有限公司 | Smart card carrier tape, smart card packaging module using the carrier tape, and manufacturing method thereof |
| CN102200948A (en) * | 2010-03-23 | 2011-09-28 | 北京爱国者信息技术有限公司 | Multi-partition memory device and access method thereof |
| CN102437111A (en) * | 2011-12-01 | 2012-05-02 | 中南大学 | Method and device for fast lead-in arc forming by using wire clips to make breakpoints |
| CN104102595A (en) * | 2013-04-12 | 2014-10-15 | 张永昌 | High security removable storage device |
-
2015
- 2015-02-13 CN CN201510077263.7A patent/CN105989392A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080301817A1 (en) * | 2003-06-20 | 2008-12-04 | Renesas Technology Corp. | Memory card |
| CN2812131Y (en) * | 2005-06-17 | 2006-08-30 | 北京神州龙安科技有限公司 | A card type apparatus |
| CN201044180Y (en) * | 2007-05-30 | 2008-04-02 | 北京二十一世纪科技发展有限公司 | Smart card type safety USB flash drive |
| CN101355075A (en) * | 2007-07-25 | 2009-01-28 | 三星半导体(中国)研究开发有限公司 | Smart card carrier tape, smart card packaging module using the carrier tape, and manufacturing method thereof |
| CN102200948A (en) * | 2010-03-23 | 2011-09-28 | 北京爱国者信息技术有限公司 | Multi-partition memory device and access method thereof |
| CN102437111A (en) * | 2011-12-01 | 2012-05-02 | 中南大学 | Method and device for fast lead-in arc forming by using wire clips to make breakpoints |
| CN104102595A (en) * | 2013-04-12 | 2014-10-15 | 张永昌 | High security removable storage device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108664817A (en) * | 2017-03-30 | 2018-10-16 | 金士顿数位股份有限公司 | Intelligent and safe memory |
| CN108664817B (en) * | 2017-03-30 | 2021-12-21 | 金士顿数位股份有限公司 | Intelligent safety memory |
| CN109144400A (en) * | 2017-06-16 | 2019-01-04 | 杭州海康威视数字技术股份有限公司 | A kind of date storage method, device and electronic equipment |
| CN110826113A (en) * | 2018-08-09 | 2020-02-21 | 深圳市菲德越科技有限公司 | Data secure storage method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9589160B2 (en) | Working method for smart card reader | |
| US10425821B2 (en) | Mobile data storage device with access control functionality | |
| US20240333511A1 (en) | Cryptographic authentication to control access to storage devices | |
| CN101872334A (en) | Compound type usb equipment and implementation method thereof | |
| CN101794362A (en) | Trusted computation trust root device for computer and computer | |
| CN105989392A (en) | Mobile storage system, access control method thereof and manufacturing method thereof | |
| CN102662874B (en) | Double-interface encryption memory card and management method and system of data in double-interface encryption memory card | |
| CN206515828U (en) | The data storage device of safety encryption | |
| CN102831081A (en) | Transparent encryption and decryption secure digital memory card (SD card) and implementation method thereof | |
| CN102004705B (en) | USB storage device based on hardware encryption | |
| CN108875412B (en) | inSE safety module | |
| CN201438374U (en) | Encrypted mobile memory device | |
| CN201886463U (en) | USB (universal serial bus) memory device based on hardware encryption | |
| CN108875879A (en) | A kind of two-way authorization authentication method and device based on the close security algorithm of state | |
| CN104252874B (en) | mobile memory | |
| EP3021603A1 (en) | Method of managing pairing with a wireless device | |
| CN102223227B (en) | Safe and intelligent code memory chip and automatic communication file reestablishing method thereof | |
| CN207182282U (en) | A kind of two-way authorization authentication device based on the close security algorithm of state | |
| CN109063518B (en) | Data access method and system and memory storage device | |
| CN211606520U (en) | Security chip based on SIM function | |
| CN114238206A (en) | Internet of things system on chip and working method thereof | |
| CN106845300A (en) | A kind of secure readers and safe card reading method | |
| CN113312000B (en) | Hard disk and storage system | |
| US20200057575A1 (en) | Multi-chip package, controlling method of multi-chip package and security chip | |
| CN205121571U (en) | Encrypted USB (Universal serial bus) flash disk |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161005 |