FILE SYSTEM PROTECTION APPARATUS AND METHOD IN AUXILIARY STORAGE DEVICE

Abstract

The present invention relates to a file system protection technology, which is applied to an auxiliary storage device (20), and to an apparatus and method for protecting a file system in a manner of blocking or warning about, in advance, an access to a file system or a change of the file system and identifying permission of a user as necessary. A control device (60) is connected to a host interface (30), a data storage device (40), and a user input device (50) to control an operation mode of the auxiliary storage device or manage and protect a file system object to be protected, according to a user command. When the operation mode of the auxiliary storage device is a management mode, the user can designate file system objects to be protected by the user and set a protection type, wherein information set by the user is stored in an object DB (70) to be protected. In a normal mode, when an access by a host computer targets a file system object listed in the object DB to be protected, a protection operation is performed by referring to the protection type of the object DB to be protected. In the normal mode, the host computer cannot access the object DB (70) to be protected, set in a setting mode by the user, and thus, the object DB (70) to be protected can be prevented from being changed or damaged by malicious code.

Claims

1. A device for protecting a file system in an auxiliary storage device having a host interface configured to communicate with a host computer and a data storage device configured to store data, the device comprising: a user input device configured to receive information for selecting an operation mode of the auxiliary storage device and related information from a user; and a control device configured to control the operation mode of the auxiliary storage device and manage and protect a file system object to be protected, wherein the operation mode comprises a normal mode in which a protection operation is performed in a case where an access target is a file system object to be protected when the host computer accesses the auxiliary storage device, and a management mode in which a user designates a file system object to be protected as an object to be protected and sets a protection type therefor.

2. The device of claim 1, further comprising an object database (DB) to be protected in which the object to be protected designated by the user and the protection type set by the user are stored in the management mode, wherein the protection operation is performed with reference to the protection type of the object DB to be protected, when access of the host computer in the normal mode is targeted to a file system object listed in the object DB to be protected.

3. The device of claim 1, wherein the control device comprises a file system protection module comprising: an access information analysis unit configured to analyze access information provided by the host computer; a file system object confirmation unit configured to confirm a file system object that is using a storage space of an access address included in the access information; and an object protection unit configured to selectively process access to the access address according to the protection type designated by the user when the confirmed file system object is the object to be protected designated by the user.

4. The device of claim 3, wherein the file system protection module of the control device further comprises an access log unit configured to create and store log information including an access time, an address, and a command type.

5. The device of claim 1, further comprising a display device configured to display a processing status of the control device.

6. (canceled)

7. The device of claim 5, wherein the control device comprises a file system protection module comprising: an access information analysis unit configured to analyze access information provided by the host computer; a file system object confirmation unit configured to confirm a file system object that is using a storage space of an access address included in the access information; an object protection unit configured to selectively process access to the access address according to the protection type designated by the user when the confirmed file system object is the object to be protected designated by the user; and a protection state display unit configured to enable a display device driving module to output a type of the file system object and an access process result to the display device.

8. (canceled)

9. The device of claim 1, wherein the protection type of the object to be protected is at least one selected from among “warning” which notifies that access to a specific file system object has occurred, “permission confirmation” which accepts access only when the user's permission is obtained, “access rejection” which indicates that access is rejected unconditionally, and “permission confirmation and then recovery information storage” which receives the user's permission, allows access, and stores recovery information of a corresponding file system object.

10. The device of claim 9, wherein when the access to the specific file system object is read access, the protection type for the object to be protected includes at least one of the warning and the permission confirmation.

11. (canceled)

12. The device of claim 9, wherein when the access to the specific file system object is write access, the user's permission required for the permission confirmation and the recovery information storage among the protection types of the object to be protected is triggered by an approval signal that is input from the user's mobile phone to the control device.

13. The device of claim 9, wherein when the protection type of the file system object is the permission confirmation or the permission confirmation and recovery information storage, the user input device further comprises a user permission confirmation input unit for a user to input whether to permit access to an address or a file system object.

14. The device of claim 13, wherein the control device comprises a file system protection module comprising: an access information analysis unit configured to analyze access information provided by the host computer; a file system object confirmation unit configured to confirm a file system object that is using a storage space of an access address included in the access information; a protection state display unit configured to enable a display device driving module to output a type of the file system object and a permission request to the display device when the confirmed file system object is the object to be protected designated by the user and the protection type is the permission confirmation or the permission confirmation and recovery information storage; and an object protection unit configured to perform access when a permission confirmation input is received from the user input device.

15. (canceled)

16. A method of protecting a file system in an auxiliary storage device having a host interface configured to communicate with a host computer and a data storage device configured to store data, the method comprising: 1) receiving information for selecting an operation mode of the auxiliary storage device and related information from a user; and 2) controlling the operation mode of the auxiliary storage device and managing and protecting a file system object to be protected, wherein the operation mode of the auxiliary storage device comprises a normal mode in which a protection operation is performed in a case where an access target is a file system object to be protected when the host computer accesses the auxiliary storage device and a management mode in which a user designates a file system object to be protected as an object to be protected and sets a protection type therefor.

17. The method of claim 16, wherein the protection type of the object to be protected is at least one selected from among “warning” which notifies that access to a specific file system object has occurred, “permission confirmation” which accepts access only when the user's permission is obtained, “access rejection” which indicates that access is rejected unconditionally, and “permission confirmation and then recovery information storage” which receives the user's permission, allows access, and stores recovery information of a corresponding file system object.

18. The method of claim 17, wherein when the access to the specific file system object is read access, the protection type for the object to be protected includes at least one of the warning and the permission confirmation.

19. (canceled)

20. The method of claim 17, wherein when the access to the specific file system object is write access, the user's permission required for the permission confirmation and the recovery information storage among the protection types of the object to be protected is triggered by an approval signal that is input from the user's mobile phone to the control device.

21. (canceled)

22. (canceled)

23. The device of claim 5, wherein the protection type of the object to be protected is at least one selected from among “warning” which notifies that access to a specific file system object has occurred, “permission confirmation” which accepts access only when the user's permission is obtained, “access rejection” which indicates that access is rejected unconditionally, and “permission confirmation and then recovery information storage” which receives the user's permission, allows access, and stores recovery information of a corresponding file system object.

24. The device of claim 23, wherein when the access to the specific file system object is read access, the protection type for the object to be protected includes at least one of the warning and the permission confirmation.

25. The device of claim 24, wherein the user's permission required for the permission confirmation is triggered by an approval signal that is input from the user's mobile phone to the control device.

26. The device of claim 23, wherein when the access to the specific file system object is write access, the user's permission required for the permission confirmation and the recovery information storage among the protection types of the object to be protected is triggered by an approval signal that is input from the user's mobile phone to the control device.

27. The device of claim 23, wherein when the protection type of the file system object is the permission confirmation or the permission confirmation and recovery information storage, the user input device further comprises a user permission confirmation input unit for a user to input whether to permit access to an address or a file system object.

Description

DESCRIPTION OF DRAWINGS

[0030] FIG. 1 is a schematic diagram of an auxiliary storage device according to a first embodiment of the present invention.

[0031] FIG. 2 is a block diagram of a control device of the auxiliary storage device according to the first embodiment.

[0032] FIG. 3 is a block diagram of a file system protection module of the control device according to the first embodiment.

[0033] FIG. 4 is a block diagram of an auxiliary storage device according to a second embodiment of the present invention.

[0034] FIG. 5 is a block diagram of a control device of the auxiliary storage device according to the second embodiment.

[0035] FIG. 6 is a block diagram of a file system protection module of the control device according to the second embodiment.

[0036] FIG. 7 is a block diagram of an auxiliary storage device according to a third embodiment of the present invention.

[0037] FIG. 8 is a block diagram of a control device of the auxiliary storage device according to the third embodiment.

[0038] FIG. 9 is a block diagram of a file system protection module of the control device according to the third embodiment.

BEST MODES

[0039] Advantages and features of the present invention and implementation methods thereof will be clarified through the following embodiments described in detail with reference to the accompanying drawings. However, the present invention is not limited to embodiments disclosed herein and may be implemented in various different forms. The embodiments are provided for making the disclosure of the prevention invention thorough and for fully conveying the scope of the present invention to those skilled in the art. It is to be noted that the scope of the present invention is defined by the claims.

[0040] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. Herein, the singular shall be construed to include the plural, unless the context clearly indicates otherwise. The terms “comprises” or “comprising” as used herein specify the presence of stated elements, steps, operations, and/or components but do not preclude the presence or addition of one or more other elements, steps, operations, and/or components.

[0041] Hereinafter, the preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In adding reference numerals to the elements of each drawing, the same elements are given the same reference numerals as much as possible even if they are shown on different drawings. In the description of the present invention, detailed descriptions of related known elements or functions will be omitted if they may obscure the gist of the present invention.

[0042] FIG. 1 is a schematic diagram of an auxiliary storage device 20 according to a first embodiment of the present invention. Basically, a host computer 10 is configured to access the auxiliary storage device 20. The auxiliary storage device 20 includes a host interface 30 for communicating with a host computer, a data storage device 40 for storing data, a user input device 50 for receiving a user input, and a control device 60, connected to the host interface 30, the data storage device 40, and the user input device 50, to control operation modes of the auxiliary storage device or to manage and protect a file system object to be protected according to a user command.

[0043] The control device 60 includes an operation mode control module (61 in FIG. 2) to control the operation modes (normal mode and management mode) of the auxiliary storage device 20. The normal mode and the management mode may be selected by a user through the user input device 50. When the operation mode of the auxiliary storage device 20 is the management mode, a user may designate file system objects to be protected and set a protection type, and the information set by the user is stored in an object DB to be protected 70. In the normal mode, when the access of the host computer targets a file system object listed in the object DB to be protected 70, a protection operation is performed with reference to the protection type of the object DB to be protected. In the normal mode, the host computer cannot access the object DB to be protected 70 set by the user in a setting mode, thereby preventing malicious code from changing or damaging the object DB to be protected 70.

[0044] Here, the file system object basically refers to an element, or a combination of elements, included in the file system. Therefore, the file system object may be a sector, a cluster, a file path, a file name, a directory, partition, or a drive itself and may be a combination thereof. Accordingly, an element included in the file system itself, namely, Master Boot Record (MBR), Partition Boot Record (PBR), and Master File Table (MFT) in the case of NTFS and also File Allocation Table (FAT) in the case of FAT file system, may be a file system object. Therefore, the file system object may be a storage space such as a sector or cluster designated by CHS or LBA, may refer to a specific file such as “c:/users/documents/PEACE.doc”, may refer to files or the entirety of a directory indicating temporary use such as “/temporary”, may be a partition or drive such as drive D:, or may be a cluster such as MBR.

[0045] The control device 60 may be implemented with a central processing unit (CPU) that controls the auxiliary storage device 20 and related hardware or software. The user input device 50 may be implemented with electrical switches manipulated by a user. On the other hand, the user input device 50 may include a communication module to use the information received by wire or wirelessly, so that it may check a single or a plurality of user input or data. In this case, an input device of an external terminal may substantially replace the user input device 50. For example, a touch screen or key inputter of a mobile phone may be connected to the auxiliary storage device 20 through a communication scheme such as Bluetooth to replace the user input device 50. In this case, it is preferable to be careful not to block exposure to the outside by adopting a security protocol.

[0046] In FIG. 2, the control device 60 further includes an object DB to be protected management module (hereinafter, “object DB management module”) 62 and a file system protection module 63 in addition to the operation mode control module 61.

[0047] The object DB management module 62 performs a function of receiving a user's input and creating or changing the object DB to be protected 70 when the auxiliary storage device 20 is in the management mode. The user may designate a file system object to be protected as an object to be protected and also may designate a protection type. In this case, the user's information may be input by the user input device 50, or may be input to the object DB management module 62 through the host interface 30 bu using an auxiliary storage device management program performed by the host computer 10 under a limited environment (e.g., after setting the management mode through the user input device of the auxiliary storage device). In the case of using such a method, if use environment is not restricted, there may be an attack by malicious code utilizing the unrestricted use environment, and so caution is required. However, since such a method is easy to use, it is preferable to use the method after the management mode is selected in the auxiliary storage device.

[0048] The protection types include “warning,” “permission confirmation,” “permission confirmation and recovery information storage,” and “access rejection.” Here, the recovery information storage is applicable when an inaccessible storage area of the host computer 10 is provided together, such as including an original auxiliary storage device and a backup auxiliary storage device in a manner similar to the prior invention of the present inventor. The designation of the protection type of the object to be protected is also possible by providing the user with means such as an initialization program or a management program as described above. Meanwhile, the protection type may be set to distinguish whether the access of the host computer 10 is write or read. Therefore, for example, the user can create the object DB to be protected 70 as follows. It is preferable that the files or directories registered in the object DB to be protected 70 are automatically updated when their names are changed, but the files or directories may be restricted so that the name change is impossible.

[0049] A configuration example of the object DB to be protected 70 is shown below. In the DB configuration example below, the type of object can be expressed as an address like LBA0-LBA33, a file path and file name like D:/PEACE.doc, or a directory like D:/WORLD. In the examples, write access of Master Boot Record (MBR) responsible for booting in the case of an NTFS partition and LBA0-LBA33 responsible for booting in the case of a GPT (GUID Partition Table) partition is prohibited.

TABLE-US-00001 NAME/ADDRESS READ_PROTECT WRITE_PROTECT LBA0-LBA33 Warning Access rejection MBR Warning Access rejection D:/PEACE.doc — Permission confirmation D:/WORLD — Warning D:/SEOUL.doc Permission Permission confirmation confirmation and recovery information storage C:/TREE.doc Warning Warning

[0050] The “warning” is simply implemented by notifying a user that there has been access to the file system object, through a light-emitting diode (LED), an alarm, or a display device. The “permission confirmation,” which is to accept access only when the user's permission is received, may be implemented by outputting a message for permission confirmation to a display device and by receiving permission confirmation through the user input device 50, or may be implemented by automatically determining that permission is confirmed when a specific switch is in the ON state or when a value input through other communication terminals corresponds to the ON state. The “access rejection,” which is to reject access unconditionally, is implemented by notifying a user that access to the file system object is rejected, through an LED, an alarm, or a display device after the access is rejected. The “permission confirmation and recovery information storage” is implemented by accepting access with the user's permission and thereafter storing recovery information to prepare for damage to the file system object. In this case, the recovery information storage is possible only when an inaccessible storage area of the host computer is provided together in a normal situation.

[0051] Next, since file system objects are usually composed of a plurality of clusters or sectors, the user answer confirmed may be stored and used to automatically process access to the clusters constituting the file system object. That is, by receiving a user answer once and adopting the same answer for all clusters constituting a corresponding file for a certain period of time, it is possible to exclude an unnecessary user confirmation task.

[0052] Meanwhile, when the access is read access, only permission confirmation or warning among the above-described protection types is applicable. In particular, in the case of read access, permission confirmation is a method that can prevent an unauthorized third party from attempting to leak the information by secretly copying files. In this case, a user's permission required for the permission confirmation may use a simple switch input (e.g., through the user input device 50). However, the permission confirmation may also be triggered by an approval signal input from the user's mobile phone to the control device (e.g., a method in which an app. of the mobile phone and the control device are automatically connected to enable a separate password to be automatically input from the mobile phone). That is, a communication terminal function is given to the user input device 50 of the auxiliary storage device 20, and an app capable of communicating with the auxiliary storage device 20 and operating as the user input device 50 is installed on the mobile phone. Thus, when the mobile phone and the auxiliary storage device 20 are connected to each other, it is possible to process (automatically approve) the permission confirmation without the user's intervention. At this time, the app installed on the mobile phone may be linked with the auxiliary storage device by receiving a separate password from the user or by being activated using the mobile phone's unique device number, USIM id, etc.

[0053] Also, in the case of write access, it is preferable to perform permission confirmation in a different way from the permission confirmation by the automatic approval of read access. That is, in the case of write access, the change in configuration of the file system has to be accompanied, so the automatic approval in the case of read access may result in approving the attack of malicious codes. Accordingly, it is preferable that the automatic approval in the case of write access be used only for the permission confirmation and recovery information storage.

[0054] FIG. 3 is a block diagram of the file system protection module 63 in the control device 60 shown in FIG. 2. The file system protection module 63 may be configured to include an access information analysis unit 631 for analyzing access information provided by the host computer 10, a file system object confirmation unit 632 for confirming a file system object that is using a storage space of an access address included in the access information, and an object protection unit 633 for selectively processing access to the access address according to a protection type designated by a user when the confirmed file system object is an object to be protected designated by the user.

[0055] In addition to the configuration, the file system protection module 63 may further include an access log unit 634 for creating and storing log information composed of an access time, an address, a command type, etc. Using this access log unit 634, the user may manage the log information through an app. of a mobile phone.

[0056] FIG. 4 is a block diagram of an auxiliary storage device according to a second embodiment of the present invention. A display device 80 is added in the auxiliary storage device 20 of the first embodiment of FIG. 1. Here, the display device 80 may be configured using an LED, a display, an alarm device, or their combination. In another embodiment, the display device 80 may be configured by an external terminal device and a communication module in a manner similar to the user input device 50 to deliver information to the outside by wire or wirelessly. It is also possible to integrate the user input device 50 and the display device 80 into a single input/output device. In this case, the integrated input/output device may be implemented as a whole or a part of a terminal that is communicatively connected to the control device 60 (i.e., connected over a communication network or connected by a specially designed communication means or method).

[0057] FIG. 5 is a block diagram of the control device 60 of the auxiliary storage device according to the second embodiment shown in FIG. 4. In addition to the elements shown in FIG. 2, a display device driving module 64 for driving the display device 80 is further included. Also, referring to FIG. 6, the file system protection module 63 additionally includes a protection state display unit 635 for enabling the display device driving module 64 to indicate the type of file system object and an access processing result to the display device 80, in addition to an access information analysis unit 631 for analyzing access information provided by the host computer 10, a file system object confirmation unit 632 for confirming a file system object that is using a storage space of an access address included in the access information, and an object protection unit 633 for selectively processing access to the access address according to a protection type designated by a user when the confirmed file system object is an object to be protected designated by the user, as shown in FIG. 3.

[0058] Also, as in the case of the first embodiment, the file system protection module 63 may include an access log unit 634 for creating and storing log information composed of an access time, an address, a command type, etc. Using this access log unit 634, the user may manage the log information through an app. of a mobile phone.

[0059] In the second embodiment, the protection state display unit 635 may be connected to an external terminal device such as a mobile phone and implemented to deliver or exchange information, wherein the connection may be implemented using a communication network (i.e., using a communication network or using a specially designed communication means or method). In this case, substantially, the screen of the mobile phone will be the display device 80, and the input means of the mobile phone will be the user input device 50, and an app. Installed in the mobile phone will process the display and input operations. In this case, the control device 60 will be connected to the mobile phone through a communication module, and the above-described log information management will also be possible with this app.

[0060] An example of the above-described objet DB to be protected 70 will be described. In the example, a user has designated MBR as an object to be protected, and a write protection type is “access rejection.” Now, it is assumed that the host computer 10 is infected with a computer virus and the virus attempts to corrupt the MBR in order to disable booting. If the virus of the host computer 10 issues a write command to a sector 0 of the MBR, the auxiliary storage device 20 first confirms that the sector 0 belongs to the file system object MBR through a file system object confirmation process. Subsequently, the auxiliary storage device 20 confirms that a write operation for the MBR is rejected by checking the object DB to be protected 70. Accordingly, the auxiliary storage device 20 rejects a write command of the host computer 10 and notifies the user of this, through the display device 80. In this case, the display device 80 may be the screen of the mobile phone in which the app. is running as described above. That is, when such a warning situation occurs, the app. is automatically activated to notify the user that the MBR is about to be changed or damaged by the write command. In this case, the user may view the log information through the app. Therefore, the user can perceive an abnormal operation of the host computer 10 by collecting such information, and thus the user may check the abnormality of the host computer 10 by running an anti-virus program or by other methods.

[0061] The “access rejection” can also be reported to the host computer in other ways. As an example: In the case of Windows OS, if an error occurs in the write operation, bad sectors are checked by executing the “chkdsk” program, which may greatly affect the operation of the host computer. Thus, it may be only reported to the host computer that the write operation is successful, and the auxiliary storage device, through the protection state display unit 635, may display only that access is rejected. However, if the OS supports the function of the present invention, this implementation method will not be necessary.

[0062] FIG. 7 is a block diagram of an auxiliary storage device 20 according to a third embodiment of the present invention. The third embodiment further includes a user permission confirmation input unit 90 for receiving a user permission confirmation input from the user input device 50 of the auxiliary storage device 20 of the second embodiment shown in FIG. 4. The user permission confirmation input unit 90 performs a process for a user to input whether to permit access to a corresponding address or a file system object when the protection type of the file system object is “permission confirmation” or “permission confirmation and recovery information storage.”

[0063] FIG. 8 is a block diagram of a control device 60 of the auxiliary storage device 20 according to the third embodiment, and a modified file system protection module 63′ is included. The file system protection module 63′ includes, as shown in FIG. 9, an access information analysis unit 631 for analyzing access information provided by the host computer 10, a file system object confirmation unit 632 for confirming a file system object that is using a storage space of an access address included in the access information, a second object protection unit 636 for performing access when a permission confirmation input is received from the user input device 50, and a second protection state display unit 637 for enabling the display device driving module 64 to output the type of file system object and a permission request to the display device 80 when the confirmed file system object is an object to be protected designated by a user and the protection type is “permission confirmation” or “permission confirmation and recovery information storage.”

[0064] Also, the modified file system protection module 63′ in FIG. 8 may further include an access log unit 634 for creating and storing log information composed of an access time, an address, a command type, etc. Using this access log unit 634, the user may manage the log information through an app. of a mobile phone.

[0065] The protection state display unit 635 of FIG. 6 and the second protection state display unit 637 of FIG. 9 may be connected to an external terminal device such as a mobile phone. In this case, substantially, the screen of the mobile phone is the display device 80, and the input means of the mobile phone is the user input device 50. Also, an app. for processing them is executed on the mobile phone. In addition, the control device 60 is connected to the mobile phone through a communication module, and the above-described log information management is also possible with the app.

[0066] As in the afore-mentioned example, the case where a user designates a file D:/PEACE.doc as an object to be protected will be described. Here, it is assumed that D:/PEACE.doc occupies sector 100 to sector 111. Since both the read protection type and the write protection type for the file are “permission confirmation,” the file system protection module 63′ warns the user when there is a write or read attempt and performs a procedure for obtaining permission. For example, suppose that the host computer 10 is infected with ransomware. In this case, ransomware will try to encrypt and then delete the file. Ransomware usually damages a file in the form of overwriting in order to disable the file undeletion function of Windows. Now, suppose that the virus of the host computer 10 gives a write command to sector 100 of D:/PEACE.doc. First, the auxiliary storage device 20 confirms that the sector 100 belongs to the file system object D:/PEACE.doc, through the file system object confirmation process. Subsequently, the auxiliary storage device 20 confirms that a write operation for D:/PEACE.doc is performed with the user's permission by checking the object DB to be protected 70. Accordingly, the auxiliary storage device 20 notifies the user that a write command of the host computer 10 for the file D:/PEACE.doc has occurred, through the display device 80, and waits for permission.

[0067] The display device 80 and the user input device 50 can be replaced with an element that uses a communication module and a mobile phone, as described before. In this case, the screen of the mobile phone is used as the display device 80, and a touch screen or a key input device is used as the user input device 50. Also, an app. running on a mobile phone drives the devices so that the function of the file system protection module 63′ may be implemented. That is, when a warning occurs, the app. is automatically executed to notify a user that a write command for D:/PEACE.doc has been received from the host computer 10, to display a message for asking whether the user will grant permission, and to wait for confirmation. If the user grants the permission, the write command is executed, and if the user rejects the permission, the write command of the host computer 10 on the corresponding file is rejected.

[0068] In another embodiment, the access information analysis unit 631 of the file system protection modules 63 and 63′ may be implemented to analyze the file system of the host computer 10 and confirm a file system object that is using a storage space of an access address included in the access information, by using a search table including sector or cluster information allocated to a file, a directory, or the like. At this time, preferably, the search table is used after being collectively created not during a normal operation but upon booting or when the auxiliary storage device 20 is in the management mode, and is updated whenever the file system is changed.

[0069] Also, all or some functions (e.g., a function of confirming the file system object in the search table) of the file system protection modules 63 and 63′ can be separately implemented as hardware or a single chip. When all of the functions are embedded in a chip, the file system protection modules 63 and 63′ can be implemented by executing program codes in which the file system protection type is implemented with an independent memory, a CPU interface circuit, a high-speed computing circuit, and the like. Meanwhile, it is possible to separate only a function of confirming a file system object from the search table and implement a search-only chip with a field-programmable gate array (FPGA) and a computing core. At this time, the search-only chip includes a CPU interface circuit, a memory interface circuit independently having a shared memory or a dedicated memory and capable of accessing a memory of a CPU, and a computing core equipped with a search engine, and performs an operation of confirming a file system object using sector or cluster information on the basis of the search table.

[0070] Meanwhile, usually, Windows OS automatically executes the “chkdsk” program when receiving an answer that access is not possible from the auxiliary storage device. This operation is a natural operation of the OS to check the failure of the auxiliary storage device but is an unnecessary operation that takes a great deal of time in a structure such as the auxiliary storage device 20 of the present invention. Therefore, it would be more preferable to modify the operation so that the above operation is not performed by using an OS patch program or the like. If it is difficult to modify using the OS patch program, access may be rejected by answering, to the OS, that the write operation was successful even though the access was rejected. In this case, a problem may occur due to data inconsistency, but a user may determine that his/her computer does not perform a normal operation and thus appropriately cope with the problem, because the file has been protected and he/she has been warned about improper access. Meanwhile, in this case, the OS commands a write operation for the remaining sectors 101-111, and it is preferable to exclude an unnecessary user confirmation task by applying a user response to sector 100 to all clusters constituting the corresponding file for a certain period of time.

[0071] The above-described file system protection apparatus in the auxiliary storage device, or the auxiliary storage device to which the file system protection method is applied may be implemented to perform the above functions by being employed in electronic computing devices or computers (a personal computer (PC), a server computer, a mobile terminal, etc.) of various types and uses.

[0072] The present invention has been described in detail with reference to the preferred embodiments, but those skilled in the art can understand that the present invention may be carried out in specific forms different from those described herein without changing the technical spirit or essential features of the present invention. Therefore, the above-described embodiments are to be regarded as illustrative rather than restrictive. The scope of the present invention is defined not by the detailed description but by the following claims, and all changes or modifications within the claims and their equivalents will be construed as being included in the technical scope of the present invention.

FILE SYSTEM PROTECTION APPARATUS AND METHOD IN AUXILIARY STORAGE DEVICE

Inventors

Cpc classification

Classification Explorer

G06F21/10

PHYSICS

Classification Explorer

H04W12/08

ELECTRICITY

Classification Explorer

H04L63/10

ELECTRICITY

Classification Explorer

G06F21/79

PHYSICS

Classification Explorer

G06F2221/2101

PHYSICS

Classification Explorer

G06F21/6218

PHYSICS

Classification Explorer

G06F21/604

PHYSICS

Classification Explorer

H04L63/14

ELECTRICITY

Classification Explorer

G06F21/55

PHYSICS

Classification Explorer

H04W12/12

ELECTRICITY

Classification Explorer

G06F21/31

PHYSICS

International classification

Classification Explorer

G06F21/62

PHYSICS

Classification Explorer

G06F21/31

PHYSICS

Abstract

Claims

Description