Patent Application
20110131418
1. Field of the Invention
The present invention generally relates to a password management and authentication method, and more particularly, to a password management and authentication method suitable for an electronic device with a trusted platform module (TPM).
2. Description of Related Art
Along with the widespread of computers and networks, various computer systems have become the most indispensable tools in our daily life and the main data processing tools in workspaces. Hard disk (HD) offers the largest storage capacity among all existing storage devices and is today's most important data storage device. Thus, users of computer systems are increasingly concerned about the issue of data security. The risk of computer data leak has increased drastically along with the increasing numbers of computer intrusions and Trojan programs. Besides, notebook computers are the major target of thieves because of their high portability, high price, and easy resale. Tremendous and irremediable loss may be caused if the data in a computer system is stolen.
Presently, the most commonly adopted data protection technique is the trusted platform module (TPM) provided by the Trusted Computing Group (TCG), and many global IT companies such as Intel, Acer, IBM, HP, AMD, Sony, Sun Micro, and Microsoft support this protocol. A TPM can directly encrypt a HD or a data folder, and the encrypted HD or data folder has to be decrypted by using a TPM chip besides a password. Thus, even if a hacker obtains a user's password, the hacker cannot access the encrypted data because he has no corresponding TPM chip.
Usually, a user needs to manually input a password to decrypt a file encrypted with a TPM chip and obtain the desired operation right, function, and time. However, the user may forget the password and accordingly not be able to access the encrypted file, which may bring a great trouble to the user.
Accordingly, the present invention is directed to a password management and authentication method suitable for an electronic device with a trusted platform module (TPM). In the password management and authentication method, an authentication code is automatically generated according to a TPM password, and the authentication code is stored into an authentication device (for example, a universal serial bus (USB) flash drive or a blue tooth device) selected by a user so that the authentication device can be served as an electronic key of the TPM. Thus, the user needs not to memorize any password and can access a data folder or a hard disk (HD) encrypted by the TPM by simply connecting the authentication device to the electronic device. Thereby, it is very convenient to the user.
The present invention is also directed to a computer readable medium that can serve a storage device (for example, a flash drive or a blue tooth device) as an authentication device and set the authentication device as an electronic key of a TPM, so that a user can conveniently access a data folder or a HD encrypted by the TPM by using the authentication device.
The present invention provides a password management and authentication method suitable for an electronic device with a TPM. The password management and authentication method includes following steps. First, an authentication device connected to the electronic device is detected. Then, a hardware identification code of the authentication device is read. Next, an authentication code is generated according to the hardware identification code and a user password, and the authentication code is stored into the authentication device or the electronic device so that the authentication device can be served as an electronic key. When the authentication device is connected to the electronic device, the authentication code is automatically authenticated. If the authentication code is correct, a data folder or a HD encrypted by the electronic device is automatically decrypted so that the data folder or HD can be used by a user.
According to an embodiment of the present invention, the authentication device includes a USB flash drive, a blue tooth device, or a portable HD, the hardware identification code includes a product serial number or a media access control (MAC) address, and the electronic device includes a notebook computer, a desktop computer, or a mobile phone.
According to an embodiment of the present invention, after the step of detecting the authentication device connected to the electronic device, the user is further inquired about whether to set the authentication device as the electronic key.
According to an embodiment of the present invention, the step of generating the authentication code according to the hardware identification code and the user password further includes requesting the user to input the user password.
According to an embodiment of the present invention, the step of automatically authenticating the authentication code further includes determining whether the hardware identification code of the authentication device matches the authentication code.
According to an embodiment of the present invention, the password management and authentication method further includes closing the data folder or the HD encrypted by the electronic device when the authentication device is disconnected from the electronic device.
According to an embodiment of the present invention, the step of automatically authenticating the authentication code further includes re-authenticating the authentication code when the electronic device is resumed from a suspend state to a normal state.
According to an embodiment of the present invention, the step of automatically authenticating the authentication code further includes detecting whether the TPM is turned on and ignoring the authentication code if the TPM is not turned on.
According to an embodiment of the present invention, the step of generating the authentication code according to the hardware identification code and the user password further includes encrypting the authentication code.
According to an embodiment of the present invention, the electronic device uses the TPM to encrypt or decrypt the data folder or the HD, and the user password is a TPM password.
The present invention provides a password authentication method suitable for an electronic device with a TPM. The password authentication method includes following steps. First, whether the TPM is turned on is detected. If the TPM is turned on, whether an authentication device is connected to the electronic device is detected. Next, an authentication code in the authentication device or the electronic device is automatically authenticated. If the authentication code is correct, a data folder or a HD encrypted by the TPM is automatically decrypted so that the data folder or the HD can be used by a user.
The present invention provides a computer readable medium for storing a plurality of program instructions. The program instructions are loaded into an electronic device to perform following steps. First, an authentication device connected to the electronic device is detected. Then, a hardware identification code of the authentication device is read. Next, an authentication code is generated according to the hardware identification code and a user password, and the authentication code is stored into the authentication device or the electronic device so that the authentication device can be served as an electronic key. When the authentication device is connected to the electronic device, the authentication code is automatically authenticated. If the authentication code is correct, a data folder or a HD encrypted by the electronic device is automatically decrypted so that the data folder or the HD can be used by a user.
The present invention provides a computer readable medium including a plurality of program instructions. The program instructions are loaded into an electronic device to perform following steps. First, whether a TPM is turned on is detected. If the TPM is turned on, whether an authentication device is connected to the electronic device is detected. Next, an authentication code in the authentication device or the electronic device is automatically authenticated. If the authentication code is correct, a data folder or a HD encrypted by the TPM is automatically decrypted so that the data folder or the HD can be used by a user.
As described above, in the present invention, a flash drive or a blue tooth device is served as an electronic key of a TPM. Accordingly, a user can select his own authentication device as the electronic key, and after setting the electronic key, the user can use the flash drive or the blue tooth device to open a file encrypted by the TPM. Thereby, the user needs not to memorize any password, which is very convenient. Additionally, in the present invention, whether the electronic key used by the user is correct is determined according to a hardware identification code of the flash drive or blue tooth device so that the authentication code in the flash drive or blue tooth device is protected. Thereby, data security is further enhanced.
The accompanying drawings are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
Reference will now be made in detail to the present preferred embodiments of the invention, examples of which are illustrated in the accompanying drawings. Wherever possible, the same reference numbers are used in the drawings and the description to refer to the same or like parts.
A password management and authentication method is provided in the present embodiment, wherein an authentication device selected by a user is set as an electronic key of a trusted platform module (TPM) so that the user can directly open a data folder or a hard disk (HD) encrypted by the TPM by using the authentication device. The user needs not to memorize a TPM password. Instead, the user simply connects the authentication device to an electronic device (for example, a notebook computer, a desktop computer, or a mobile phone), and the electronic device then automatically identifies whether the connected authentication device is correct and opens the data folder or the HD encrypted by the TPM to be used by the user. Thereby, it is made very convenient to the user. In other words, the password management and authentication method provided by the present invention replaces the conventional technique that requires the password to be input manually and allows a system to automatically authenticate an authentication code and automatically input a TPM password so as to decrypt the encrypted data. In the present invention, the authentication device that can be served as an electronic key may be a universal serial bus (USB) flash drive, a blue tooth device, a portable HD, or a mobile phone with a storage function. However, the type of the authentication device is not limited in the present embodiment.
Additionally, during the process of authenticating the authentication code, whether the authentication code matches the hardware identification code of the authentication device is determined, and the data folder or the HD is not decrypted if the authentication code does not match the hardware identification code of the authentication device. Through such an authentication process, one cannot access the encrypted data even if he steals the authentication code and stores the authentication code in another authentication device. An encrypted file cannot be opened even if the authentication code is stolen as long as a different authentication device is used. Accordingly, the encrypted file is further protected. It should be noted that the hardware identification code may be an exclusive code of an electronic product, such as a product serial number or a media access control (MAC) address. However, the definition of the hardware identification code is not limited in the present embodiment.
As described above, in the present invention, an electronic key is set up by using an authentication device selected by a user and a user password, so that the user needs not to memorize the password and can use the encryption mechanism of the TPM in a simple and convenient way. In addition, the password management and authentication method provided by the present embodiment is also applicable to a general encryption system, wherein a user can conveniently set up a personalized electronic key by using a flash drive or a blue tooth device. Moreover, it should be noted that the storage of the authentication code is not limited in the present embodiment, and the authentication code may be stored in the authentication device, the electronic device, or both the authentication device and the electronic device according to the user's selection.
The present invention also provides a computer readable medium. The computer readable medium is suitable for storing a computer program including a plurality of program instructions for executing the password management and authentication method illustrated in
In foregoing step S150 illustrated in
It should be noted that foregoing step S240 is executed to prevent misjudgment that may be caused when the system is being resumed from the suspend state and not yet stabilized. However, the execution of the step S240 is not limited in the present embodiment and can be determined according to the actual design requirement without affecting the function of the present embodiment.
Based on the description of
In foregoing process for setting up the electronic key, the user may set up the electronic key through a visualized user interface, wherein the settings of the interface is not limited in the present embodiment. Next, a method provided by the present invention for setting up an electronic key will be described with reference to
In addition, it should be noted that even though foregoing embodiments are described with a TPM as an example, the application of the present invention is not limited to a system with TPM. Instead, the technique provided by the present invention may also be applied to other data encryption techniques to replace the conventional method that requires a password to be manually input by using a flash drive or a blue tooth device and to make it very convenient to the user. Those having ordinary knowledge in the art can understand other applications of the present invention through the descriptions of foregoing embodiments, and these applications will not be described herein.
As described above, in the present invention, a flash drive or a blue tooth device is used as an electronic key so that a user can conveniently open a file encrypted by a TPM. Meanwhile, in the present invention, a user is allowed to set up a personalized electronic key, and an authentication code of the electronic key is generated according to a hardware identification code and a user password so that the user's data can be further protected.
It will be apparent to those skilled in the art that various modifications and variations can be made to the structure of the present invention without departing from the scope or spirit of the invention. In view of the foregoing, it is intended that the present invention cover modifications and variations of this invention provided they fall within the scope of the following claims and their equivalents.
