CN102096641A - Double-factor shadow password protection method for mobile storage medium data safety - Google Patents
Double-factor shadow password protection method for mobile storage medium data safety Download PDFInfo
- Publication number
- CN102096641A CN102096641A CN 201010584677 CN201010584677A CN102096641A CN 102096641 A CN102096641 A CN 102096641A CN 201010584677 CN201010584677 CN 201010584677 CN 201010584677 A CN201010584677 A CN 201010584677A CN 102096641 A CN102096641 A CN 102096641A
- Authority
- CN
- China
- Prior art keywords
- data
- data field
- header information
- password
- memory medium
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a double-factor shadow password protection method for mobile storage medium data safety. In the method, by utilizing the virtual disc technique of an operating system, a disc space in a mobile storage medium is reformatted so that different data saved in the mobile storage medium can be obtained by inputting different input passwords when the mobile medium is used, and therefore, a password violent cracking behavior for personal attack can be effectively resisted.
Description
Technical field
The invention belongs to information security field, be specifically related to a kind of mobile memory medium data security protection method based on virtual disk technology and dynamic encryption and decryption technology.
Background technology
Mobile memory medium comprises floppy disk, USB flash disk, portable hard drive and SD card etc., because of it uses flexibly, characteristics easily, obtains popularizing rapidly in government, army and enterprises and institutions.But the convenience that mobile memory medium uses has brought new problem also for security managements such as device security, data security.Mainly comprise:
The first, individual's USB flash disk, portable hard drive, floppy disk or CD can arbitrarily use on the computing machine of inside arbitrarily, cause computer virus infection easily and spread unchecked;
The second, arbitrarily use mobile memory medium, spiteful internal staff can be duplicated away inner important information, cause divulging a secret of responsive and confidential information easily.According to the investigation of IDC authoritative institution, 80% the leakage of a state or party secret is from the internal staff, comprising also having unintentionally of having a mind to, even collusion from both within and without arranged;
The 3rd, because the information in the mobile memory medium is all deposited with the plaintext form mostly, even encrypt, password is also very single, the internal staff can transfer to the computing machine that connects the internet by move media with the data on the concerning security matters terminal, and reveals classified information by the internet.Though computing machine has been taked information protection measures such as fire wall and intrusion detection, these information protection measures are merely able to stop outside invasion, can not detect internal staff's unlawful practice, promptly can not prevent inner steal information.
The 4th, in a single day mobile memory medium is lost, and perhaps the user of storage medium suffers that the third party coerces and says access code, and wherein a large amount of sensitive datas of storage may be out of control, brings great loss.
The data security protection of mobile memory medium and management have been experienced several important stages from beginning till now.Early stage each business and government department is in order to prevent the leakage of inner classified information, adopt the pattern of labor management mostly, forbid that by shutoff mobile memory medium device port the user uses mobile memory medium, perhaps distribute and the mode that reclaims mobile memory medium of coming off duty prevents that the interior employee is by move media leakage enterprise trade secret by every day working.Though this way to manage has been controlled the leakage of significant data to a certain extent, but brought very big inconvenience also for simultaneously office worker's work, USB interface is by shutoff, what limit is not only the use of mobile memory medium, also limited the use of other USB device, many PnP devices such as usb mouse, keyboard, printer for example, these measures make the business and government department inside and the external world be in the state of absolute isolation, therefore exchanges data is hindered, thereby causes work efficiency very low.Along with the continuous development of information security technology, the supvr of business and government department recognizes that gradually the mode of employing labor management not only causes workflow loaded down with trivial details, and because artificial origin's information leakage problem still can not obtain alleviation in essence.
Therefore people begin to adopt information security technology that mobile memory medium is managed, and mainly concentrate on the data encryption technology aspect.People utilize data encryption algorithm to ensure (comprising AES-256, Blowfish (448-bitkey), CAST5, Serpent, TripleDES and Twofish etc.) confidentiality, integrality and the availability of data in the storage medium usually.The control of traditional magnetic disk media encryption method granularity is dumb, or can only encrypt totally, or can only encrypt at certain file or folder, and the most key be that password is single, in case password is obtained by certain means, then enciphered message is completely exposed.
At above situation, the present invention proposes a kind of double factor shadow cipher code protection method towards the mobile memory medium data security, this method fully takes into account the various situations that the move media user faces, except that technology status, consider that especially the user is subjected to coercing the complex situations that require to provide password, introduce the double factor cipher mechanism innovatively, overcome the defective of traditional single password visit; In addition, introduce the data partition technology and the dynamic encryption and decryption technology of related different passwords, be the different different visit datas of access code mapping, can give full play to the powerful data protection ability of double factor password.Adopt method provided by the invention that move media is encrypted, can set the memory access zone flexibly, both embodied the thought of " branch level of confidentiality mandate memory access ", avoid unauthorized user to take the information leakage that causes after the password again according to the level of confidentiality of data.
Summary of the invention
The purpose of this invention is to provide a kind of double factor shadow cipher code protection method, utilize virtual disk technology and dynamic encryption and decryption technology effectively to protect the data security of mobile memory medium towards the mobile memory medium data security.
Above-mentioned purpose of the present invention is achieved by the following technical solution:
1) disk logical partitioning
Utilize virtual disk technology that mobile memory medium is divided into different function divisions, be used to store information such as user's confidential data and password.User's confidential data is kept at the data field, and self-defined informations such as password are kept at the header information district.As shown below:
| Header information | The data field |
2) double factor password and disk partition mapping
Based on virtual disk technology, utilize file partition mechanism, for the move media user sets the double factor password, wherein password KeyD is kept at header information district 1, the real machine ciphertext data that is used for visit data district 1, password KeyS is kept at header information district 2, is used for visiting the non-confidential data that is kept at data field 2.As shown below:
3) data message dynamic encryption and decryption
Utilize the dynamic encryption and decryption technology that the related data information in the mobile memory medium is read and write.
The present invention compares with background technology, and the beneficial effect that has is:
The present invention is a kind of double factor shadow cipher code protection method towards the mobile memory medium data security; its major function is based on virtual disk technology and dynamic encryption and decryption technology; mobile memory medium is carried out the secondary logical partitioning; be divided into different data fields and preserve the data of different security level; and provide the double factor cryptographic association that different visit views is provided; realize the theory of " dividing the level of confidentiality granted access "; both safety; protect the data of mobile memory medium flexibly; fully people-oriented again; take all factors into consideration the user the data that may face lose situation, have original technical concept.
(1) high security.
(2) high flexibility.
Description of drawings
Fig. 1 is a concrete protected data process of the present invention.
Claims (4)
1. double factor shadow cipher code protection method towards the mobile memory medium data security is characterized in that may further comprise the steps:
Step 1.1: mobile memory medium is mapped as a virtual disk, and virtual disk is divided into header information district 1 and data field two parts, contains the key and the extended formatting information of disk in the header information district 1, and the valid data in the disk are preserved in the data field;
Step 1.2: data field in the step 1.1 is divided into three parts: header information district 2, data field 1 and data field 2.This moment, this virtual disk was rendered as on logical view: (1+ data field, header information 1+ header information 2+ data field 2);
Step 1.3: shadow encrypted message Key
SBe kept in the header information district 2, be used for the true encrypted message Key of encryption and decryption confidential data
DBe kept in the header information district 1;
Step 1.4:, require input password (Key when the user capture mobile memory medium
SOr Key
D), this password is calculated, obtain the hash value of password, and with virtual disk header information district in the encrypted message preserved compare, if correct, then show corresponding data field; Otherwise, can not visit;
Step 1.5: when the user inputs password Key
S, can only see the data of data field 2; When the user inputs password Key
D, can only see the data in the data field 1;
Step 1.6: the user can put into some nonsensitive datas or junk data in advance in data field 2, and preserves real confidential data in data field 1.When the user is coerced and haves no alternative but say password, the shadow password can be said like this, then only can obtain nonsensitive data or junk data in the data field 2, thereby effectively guarantee the security of effective confidential data.
2. a kind of double factor shadow cipher code protection method towards the mobile memory medium data security as claimed in claim 1 is characterized in that, uses virtual disk technology to shine upon and divides 1.1 and 1.2 described file and data segments.
3. a kind of double factor shadow cipher code protection method as claimed in claim 1 towards the mobile memory medium data security; it is characterized in that, use the dynamic encryption and decryption technology to realize storage and the visit of 1.3,1.4 and 1.6 described passwords and data message in all data fields and header information district.
4. a kind of double factor shadow cipher code protection method towards the mobile memory medium data security as claimed in claim 1 is characterized in that, uses file partition mechanism to realize the related of 1.5 described passwords and data field.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010584677 CN102096641A (en) | 2010-12-13 | 2010-12-13 | Double-factor shadow password protection method for mobile storage medium data safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010584677 CN102096641A (en) | 2010-12-13 | 2010-12-13 | Double-factor shadow password protection method for mobile storage medium data safety |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102096641A true CN102096641A (en) | 2011-06-15 |
Family
ID=44129743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010584677 Pending CN102096641A (en) | 2010-12-13 | 2010-12-13 | Double-factor shadow password protection method for mobile storage medium data safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102096641A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108599953A (en) * | 2018-01-30 | 2018-09-28 | 天津大学 | Verifying dynamic password method for ensureing memory-safe and circuit |
| CN110826113A (en) * | 2018-08-09 | 2020-02-21 | 深圳市菲德越科技有限公司 | Data secure storage method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030204754A1 (en) * | 2002-04-26 | 2003-10-30 | International Business Machines Corporation | Controlling access to data stored on a storage device of a computer system |
| CN1461999A (en) * | 2002-06-01 | 2003-12-17 | 鑫创科技股份有限公司 | Mothed of dividing large volume storage stocking device |
-
2010
- 2010-12-13 CN CN 201010584677 patent/CN102096641A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030204754A1 (en) * | 2002-04-26 | 2003-10-30 | International Business Machines Corporation | Controlling access to data stored on a storage device of a computer system |
| CN1461999A (en) * | 2002-06-01 | 2003-12-17 | 鑫创科技股份有限公司 | Mothed of dividing large volume storage stocking device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108599953A (en) * | 2018-01-30 | 2018-09-28 | 天津大学 | Verifying dynamic password method for ensureing memory-safe and circuit |
| CN110826113A (en) * | 2018-08-09 | 2020-02-21 | 深圳市菲德越科技有限公司 | Data secure storage method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102254117B (en) | Virtualized technology-based data anti-disclosure system | |
| CN101853363B (en) | File protection method and system | |
| CN102402664B (en) | Data access control device and data access control method | |
| CN103106372A (en) | Lightweight class privacy data encryption method and system for Android system | |
| CN104951409A (en) | System and method for full disk encryption based on hardware | |
| CN101017525A (en) | Divulging secrets prevention system of USB storage device date based on certificate and transparent encryption technology | |
| CN101923678A (en) | Data security protection method of enterprise management software | |
| CN102508792B (en) | Method for realizing secure access of data in hard disk | |
| CN103218575A (en) | Host file security monitoring method | |
| CN104573441A (en) | Computer with data privacy function and data encryption and hiding method thereof | |
| US20180309785A1 (en) | Electronic security keys for data security based on quantum particle states that indicates type of access | |
| CN105740725A (en) | File protection method and system | |
| CN109376543A (en) | A kind of database encryption method based on aes algorithm | |
| Balogun et al. | Privacy impacts of data encryption on the efficiency of digital forensics technology | |
| CN102129540A (en) | File dynamic transparent encryption and decryption method | |
| CN1794210A (en) | Data safety storage and processing method of mobile storage equipment | |
| CN106203130B (en) | A kind of transparent encipher-decipher method based on Intelligent Dynamic driving layer | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN102752112A (en) | Authority control method and device based on signed message 1 (SM1)/SM2 algorithm | |
| Yu | Encryption technology for computer network data security protection | |
| CN103177224A (en) | Data protection method and device used for terminal external storage card | |
| CN102096641A (en) | Double-factor shadow password protection method for mobile storage medium data safety | |
| CN107153793B (en) | Important data storage anti-deciphering method | |
| CN105205405A (en) | Novel electronic file safe management system | |
| Liu et al. | A file protection scheme based on the transparent encryption technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110615 |