A dynamically adjusted security USB disk

By using the HX6802 security chip and data processing module, combined with Nand-flash, USB interface and data encryption module, the partition type and capacity of the USB flash drive can be dynamically adjusted, which solves the problem that the USB flash drive cannot be adjusted according to the usage scenario, and improves the data security and the effect of preventing data leakage and virus infection.

CN115879173BActive Publication Date: 2026-06-26SHANDONG SINOCHIP SEMICON CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
SHANDONG SINOCHIP SEMICON CO LTD
Filing Date
2022-10-19
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Existing USB flash drives cannot dynamically adjust partition types and capacities according to usage scenarios, leading to security issues such as data leaks and virus infections.

Method used

Using the HX6802 security chip and data processing module, combined with the data encryption module, the partition type and capacity of the USB flash drive can be dynamically adjusted through the data processing module, Nand-flash, USB interface and data encryption module, including optical disk partition, normal partition, encrypted partition and read-only partition. Unauthorized access control and write protection of the encrypted partition are used by the firmware layer.

Benefits of technology

It enables flexible adjustment of USB flash drive partition types and capacities, improves data security, prevents data leakage and virus infection, and ensures data security and integrity.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115879173B_ABST
    Figure CN115879173B_ABST
Patent Text Reader

Abstract

The application provides a dynamic adjustment security U disk, and belongs to the technical field of data storage. The application comprises an HX6802 security chip and a data processing module. The data processing module is used for controlling a supported Nand-flash, a data encryption module and a USB interface. The USB interface is used for data exchange with a PC. The data encryption module is connected with the USB and is used for encryption and decryption of data exchanged between the USB and the PC. The Nand-flash is connected with the data encryption module and is used for data storage. The Nand-flash supports a maximum of four LUNs. The types of the LUNs include a disc area, a normal area, an encryption area, a login area and a read-only area. The LUN partition types and partition capacities can be adjusted. The application meets the needs of multiple purposes and multiple occasions and improves the security of stored data.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to a dynamically adjustable secure USB flash drive, belonging to the field of data storage technology. Background Technology

[0002] Although large-capacity external hard drives and cloud storage are becoming increasingly popular, USB flash drives still hold a significant place in our work and daily lives. As a portable storage medium, USB flash drives are favored by users for their convenience and portability. However, their small size and portability also bring risks such as device loss, data leakage, and virus infection. With the development and rapid popularization of modern communication technology, information security issues are becoming increasingly prominent and complex. Currently available USB flash drives no longer meet increasingly stringent security encryption standards. For example, to prevent the leakage of important data, USB flash drives with encryption attributes are needed; to prevent cross-use of USB flash drives and virus infection, USB flash drives with read-only attributes are needed. The number of partitions, partition types, and capacity of a USB flash drive are determined at the factory, and it is impossible to actively adjust the partitions according to usage scenarios during daily use. Therefore, designing a USB flash drive that is compatible with different partition types and can dynamically adjust partitions is of great and urgent practical significance. Summary of the Invention

[0003] The purpose of this invention is to provide a dynamically adjustable secure USB flash drive that meets the needs of multiple uses and occasions, and improves the security of stored data.

[0004] To achieve the above objectives, the present invention employs the following technical solution:

[0005] It includes an HX6802 security chip and a data processing module; the data processing module mainly controls and supports Nand-flash, a data encryption module, and a USB interface, the USB interface being used for data exchange with a PC; the data encryption module is connected to the USB and is used to encrypt and decrypt the data exchanged between the USB and the PC; the Nand-flash is connected to the data encryption module and is used to store data;

[0006] The Nand-flash supports a maximum of 4 LUNs. The types of LUNs include optical disc partition, normal partition, encrypted partition, software login partition, and read-only partition. The number, type, and capacity of the LUN partitions can be dynamically adjusted.

[0007] The software login area is read-only; the encrypted area is accessed through this partition.

[0008] The encrypted area is displayed as a software login area in the disk manager. Data in the encrypted area can only be read after logging in. The data in the encrypted area is protected against unauthorized access through the firmware layer inside the main controller.

[0009] Files in the read-only area can be read normally but cannot be deleted or modified. The write protection of this partition is set to write protection by the firmware for the specified LUN attribute. When the USB flash drive is powered on or reset, the partition attribute is reported to the operating system. The firmware returns an error handling for illegal write operations.

[0010] Preferably, the encrypted area is displayed as a software login area in the disk manager, and data in the encrypted area can only be read after logging in; the data in the encrypted area is prevented from being accessed illegally by the firmware layer inside the main controller;

[0011] The encrypted zone login mechanism is as follows: Login is performed through the software login zone. A password is entered and sent to the firmware layer. After successful password verification, the LUN flags of the software login zone and the encrypted zone are switched. The firmware layer sets relevant flags and returns a 0628 code to the TEST_UNIT_READY message to trigger the Windows / Linux operating system to reread this partition. After receiving this command, the operating system rereads the partition and refreshes the encrypted zone.

[0012] The encrypted zone logout mechanism is as follows: After logging into the encrypted zone, a timer is started. This timer is used to record continuous inactivity in the partition. After the timer counts for more than 10 minutes, the two partition LUNs are switched, and the TEST_UNIT_READY message is returned to 06-28 to trigger the system to reread.

[0013] The preferred method for adjusting the LUN partition type is as follows: Clear the existing partitions of the USB drive and initialize it as a normal partition. Send the new partition table to the underlying firmware via software. After the firmware completes the configuration of the new partition table, perform the first USB reset. After the USB drive is enumerated and re-identified, partition the USB drive and send the configured partition table to the underlying firmware. After the firmware completes the configuration, perform the second USB reset. After the USB drive is enumerated and re-identified, obtain the new partition table and process each partition according to its attributes.

[0014] Preferably, the specific methods for adjusting different partition types are as follows:

[0015] The optical disc area writes the LBA at a specified location to the ISO software using FTL method by sending SCSI commands.

[0016] The software login area removes the write protection attribute of the current LUN in the login area, formats the partition, writes the login software program, and removes the write protection attribute.

[0017] The normal area is formatted according to the file system format selected by the user;

[0018] After logging into the encrypted area, the partition is formatted according to the file system format selected by the user.

[0019] The read-only area removes the write protection attribute of the current LUN in the software login area, formats the partition, and then removes the write protection attribute again.

[0020] Preferably, the specific process for adjusting the partition capacity is as follows:

[0021] The host computer sets relevant flags to the firmware; the host computer obtains the original partition table, arbitrarily divides the capacity ratio of the two partitions of the USB flash drive according to the adjustment requirements, the host computer software performs unloading operations on the two partitions respectively, sets the new partition ratio, and sends the new partition table to the underlying firmware. The firmware receives this configuration, records the new partition table, clears the MBR of the two partitions, sets the flag bit, returns code 0628 to the TEST_UNIT_READY message, and triggers the operating system to reread.

[0022] The host computer calculates the capacity of each partition according to the capacity ratio and selects the corresponding file system format. If the capacity is less than 32G, FAT32 is selected, and if the capacity is greater than 32G, exFAT is selected.

[0023] The host computer formats the two partitions sequentially. After formatting, the original volume labels are set. The host computer then clears the relevant labels to the firmware, and the adjustment is complete.

[0024] The advantages of this invention are: it can adjust the partition attributes of the USB flash drive according to the user's usage scenario, is compatible with various partition types and formats, avoids data leakage caused by the USB flash drive, protects the USB flash drive from virus attacks, and ensures the security of the data stored on the USB flash drive. Attached Figure Description

[0025] The accompanying drawings are provided to further illustrate the invention and form part of the specification. They are used together with the embodiments of the invention to explain the invention and do not constitute a limitation thereof.

[0026] Figure 1 This is a schematic diagram of the system structure framework of the present invention.

[0027] Figure 2 This is a schematic diagram of the partition adjustment process of the present invention.

[0028] Figure 3 This is a schematic diagram of the capacity adjustment process of the present invention. Detailed Implementation

[0029] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0030] It includes an HX6802 security chip and a data processing module; the data processing module mainly controls and supports Nand-flash, a data encryption module, and a USB interface, the USB interface being used for data exchange with a PC; the data encryption module is connected to the USB and is used to encrypt and decrypt the data exchanged between the USB and the PC; the Nand-flash is connected to the data encryption module and is used to store data;

[0031] The Nand-flash supports a maximum of 4 LUNs. The types of LUNs include optical disc partition, normal partition, encrypted partition, software login partition, and read-only partition. The number, type, and capacity of the LUN partitions can be dynamically adjusted.

[0032] The software login area is read-only; the encrypted area is accessed through this partition.

[0033] The encrypted area is displayed as a software login area (approximately 10MB in size) in the disk manager and cannot be accessed through standard read / write operations or dedicated software. Data in this area can only be read after login, and unauthorized access to the encrypted area is prevented by the firmware layer within the main controller. This achieves chip-level security, independent of the operating system and application software.

[0034] The encrypted zone login mechanism involves switching from the LOGIN zone to the encrypted zone. This is achieved by opening the login software within the LOGIN zone, entering a password, and receiving the password at the firmware layer. After successful password verification, the LUN markers of the two partitions are switched. The firmware layer then sets the relevant markers and returns a 0628 code (Unit Attention - not-ready to ready transition (format complete)) to the TEST_UNIT_READY message, triggering the Windows / Linux operating system to reread this partition. Upon receiving this command, the operating system determines that the partition is not ready and rereads it, at which point the operating system refreshes the encrypted zone.

[0035] The encrypted zone logout mechanism involves switching from the encrypted zone to the LOGIN zone. After logging into the encrypted zone, a timer is started to record any continuous inactivity in that partition. When more than 10 minutes have passed, the two partition LUNs are switched, and the TEST_UNIT_READY message returns 06-28 (Sense code), triggering a system reread.

[0036] When the read-only partition is set to write-protected, files within the partition can be read normally but cannot be deleted or modified, ensuring that data cannot be illegally tampered with or accidentally deleted. This write protection is achieved by setting a specified LUN attribute to write protection via firmware. The USB drive reports this partition attribute to the operating system upon power-on or reset. The firmware returns appropriate error handling for unauthorized write operations, such as those by third-party programs, to protect partition data security.

[0037] Partition adjustment:

[0038] Partition resizing refers to the process by which users dynamically adjust the partitions of a USB flash drive during use, without needing to return it to the factory to re-flash the firmware. This mainly includes adjusting the number of partitions, partition types, and partition sizes. The partition table is an index of the USB flash drive's partitions; all partition information is written into the partition table. Therefore, the key to dynamically resizing partitions lies in modifying the partition table information. The processing flow is illustrated in the flowchart below. Figure 2 First, all existing partitions on the USB drive are deleted, initializing it as a single regular partition (100% capacity). The upper-layer software sends a new partition table to the lower-layer firmware. After the firmware completes the configuration of the new partition table, a first USB reset is performed. Once the USB drive is re-identified through enumeration, the number and capacity of partitions on the USB drive are arbitrarily allocated as needed. The configured partition table is then sent to the lower-layer firmware, which performs a second USB reset after configuration. After the USB drive is re-identified through enumeration, a new partition table is obtained, and each partition is processed according to its attributes. The processing for each partition is shown below.

[0039] If the partition is a CDROM partition, then the LBA at the specified location is written to the ISO software using FTL mode by sending SCSI commands.

[0040] If the partition is designated as a software login partition, first remove the write protection attribute of the current LUN in the software login partition, format the partition, write the login software program, and finally remove the write protection attribute again.

[0041] The partition is designated as a normal partition. The partition will be formatted according to the file system format selected by the user (such as FAT32).

[0042] If the partition is an encrypted partition, you will be prompted to enter a password to log in to the encrypted partition. After logging in, the partition will be formatted according to the file system format selected by the user (such as FAT32).

[0043] If the partition is read-only, first remove the write protection attribute of the current LUN in the software login area, format the partition, and then remove the write protection attribute again.

[0044] Capacity adjustment:

[0045] Capacity resizing refers to the process of reallocating only the capacity of two partitions when the USB drive is configured as a normal partition and an encrypted partition. During the resizing process, formatting is performed automatically, eliminating the need for manual partition formatting by the user. See the flowchart for the processing flow. Figure 3 :

[0046] When the adjustment begins, the host computer sets relevant flags in the firmware.

[0047] The host computer obtains the original partition table and arbitrarily divides the two partitions of the USB flash drive according to the required capacity ratio. The host computer software performs unmount operations on the two partitions respectively, sets the new partition ratio, and sends the new partition table to the underlying firmware. After receiving this configuration, the firmware records the new partition table, clears the MBR of the two partitions, sets the flag bit, returns code 0628 to the TEST_UNIT_READY message, and triggers the operating system to reread.

[0048] The host computer calculates the capacity of each partition according to the capacity ratio and selects the corresponding file system format. If the capacity is less than 32G, FAT32 is selected, and if the capacity is greater than 32G, exFAT is selected.

[0049] The host computer formats the two partitions sequentially, and sets the original volume label after formatting.

[0050] After the adjustment is complete, the host computer clears the relevant markers to the firmware.

[0051] During the adjustment process, if an abnormal power outage or unplugging occurs, the USB drive's partition status can be restored. When the USB drive is powered on again, the firmware detects the relevant markers and clears the MBRs of both partitions. At this time, the two partitions of the USB drive will be displayed as "Removable Disk". After the user logs into the operating software, the host computer automatically completes the formatting operation.

[0052] Finally, it should be noted that the above descriptions are merely preferred embodiments of the present invention and are not intended to limit the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art can still modify the technical solutions described in the foregoing embodiments or make equivalent substitutions for some of the technical features. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.

Claims

1. A dynamically adjustable secure USB flash drive, characterized in that, It includes an HX6802 security chip and a data processing module; the data processing module mainly controls and supports Nand-flash, a data encryption module, and a USB interface, the USB interface being used for data exchange with a PC; the data encryption module is connected to the USB and is used to encrypt and decrypt the data exchanged between the USB and the PC; the Nand-flash is connected to the data encryption module and is used to store data; The Nand-flash supports a maximum of 4 LUNs. The types of LUNs include optical disc partitions, ordinary partitions, encrypted partitions, software login partitions, or read-only partitions. The number, type, and capacity of the LUN partitions are dynamically adjusted. The software login area is read-only; the encrypted area is accessed through this partition. The encrypted area is displayed as a software login area in the disk manager. Data in the encrypted area can only be read after logging in. The data in the encrypted area is protected against unauthorized access through the firmware layer inside the main controller. Files in the read-only area can be read normally, but cannot be deleted or modified. The write protection of this partition is set to write protection by the firmware to the specified LUN attribute. When the USB flash drive is powered on or reset, the partition attribute is reported to the operating system. The firmware returns an error handling for illegal write operations. The LUN partition type adjustment method is as follows: Clear the existing partitions of the USB flash drive and initialize it as a normal partition. Send the new partition table to the underlying firmware through the software. After the firmware completes the configuration of the new partition table, a first USB reset is performed. After the USB flash drive is enumerated and re-identified, the USB flash drive partitions are divided, and the configured partition table is sent to the underlying firmware. After the firmware completes the configuration, a second USB reset is performed. After the USB flash drive is enumerated and re-identified, the new partition table is obtained, and each partition is processed according to its attributes. The specific methods for adjusting different partition types are as follows: The optical disc area writes the LBA at a specified location to the ISO software using FTL method by sending SCSI commands. The login area removes the write protection attribute of the current LUN in the login area, formats the partition, writes the login software program, and removes the write protection attribute. The normal area is formatted according to the file system format selected by the user; After logging into the encrypted area, the partition is formatted according to the file system format selected by the user. The read-only area removes the write protection attribute of the current LUN in the login area, formats the partition, and then removes the write protection attribute again.

2. The dynamically adjustable secure USB flash drive according to claim 1, characterized in that, The encrypted area is displayed as a software login area in the disk manager. Data in the encrypted area can only be read after logging in. The data in the encrypted area is protected against unauthorized access through the firmware layer inside the main controller. The encrypted zone login mechanism is as follows: Login is performed through the software login zone. A password is entered and sent to the firmware layer. After successful password verification, the LUN flags of the software login zone and the encrypted zone are switched. The firmware layer sets relevant flags and returns a 0628 code to the TEST_UNIT_READY message to trigger the Windows / Linux operating system to reread this partition. After receiving this command, the operating system rereads the partition and refreshes the encrypted zone. The encrypted zone logout mechanism is as follows: After logging into the encrypted zone, a timer is started. This timer is used to record continuous inactivity in the partition. After the timer counts for more than 10 minutes, the two partition LUNs are switched, and the TEST_UNIT_READY message is returned to 06-28 to trigger the system to reread.

3. The dynamically adjustable secure USB flash drive according to claim 1, characterized in that, The specific process for adjusting the partition capacity is as follows: The host computer sets relevant flags to the firmware; the host computer obtains the original partition table, arbitrarily divides the capacity ratio of the two partitions of the USB flash drive according to the adjustment requirements, the host computer software performs unloading operations on the two partitions respectively, sets the new partition ratio, and sends the new partition table to the underlying firmware. The firmware receives this configuration, records the new partition table, clears the MBR of the two partitions, sets the flag bit, returns code 0628 to the TEST_UNIT_READY message, and triggers the operating system to reread. The host computer calculates the capacity of each partition according to the capacity ratio and selects the corresponding file system format. If the capacity is less than 32G, FAT32 is selected, and if the capacity is greater than 32G, exFAT is selected. The host computer formats the two partitions sequentially. After formatting, the original volume labels are set. The host computer then clears the relevant labels to the firmware, and the adjustment is complete.