CN102999728B - Based on date storage method and the device of safety desktop - Google Patents
Based on date storage method and the device of safety desktop Download PDFInfo
- Publication number
- CN102999728B CN102999728B CN201210490533.3A CN201210490533A CN102999728B CN 102999728 B CN102999728 B CN 102999728B CN 201210490533 A CN201210490533 A CN 201210490533A CN 102999728 B CN102999728 B CN 102999728B
- Authority
- CN
- China
- Prior art keywords
- file
- data block
- stored
- byte number
- remote server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention discloses a kind of date storage method based on safety desktop and device, and the method comprises: according to prediction block length, and the file that need store carries out piecemeal according to byte number, obtains data block; When carrying out redirected to described file, determining the memory location of each described data block according to preset policing rule, and described data block is stored on local terminal and remote server respectively.The present invention passes through according to prediction block length, and the file that need store carries out piecemeal according to byte number, obtains data block; When carrying out redirected to file, the memory location of each data block is determined according to preset policing rule, and method data block is stored in respectively on local terminal and remote server, there is the beneficial effect taking into account data security when meeting bandwidth requirement, effectively prevent leaking data, improve the security of data.<!--1-->
Description
Technical field
The present invention relates to data safe processing technical field, particularly relate to a kind of date storage method based on safety desktop and device.
Background technology
Safety desktop technology is mainly used at present " virus isolation " and " anti-leaking data " two major demands fields; In " anti-leaking data " solution, to data encryption with store strict requirement, wherein how data store to ensure that its security is one of them major issue.
Safety desktop virtualized environment has local storage and service end to store two kinds of modes on file stores; By the document data saving in virtual desktop in this locality, this mode takes full advantage of local resource, but because entity file is kept at this locality, except needing the performance of the cryptographic algorithm influential system using high strength, the risk of leakage of data also can be there is because entity file is kept at this locality; File data in virtual desktop is saved on long-range remote server in real time, and this mode is the heavy dependence network bandwidth again, requires very high to network communications quality, and for the mode that outer net accesses, the stability of system cloud gray model and fluency are also difficult to ensure.
Summary of the invention
Fundamental purpose of the present invention is to provide a kind of date storage method based on safety desktop and device, is intended to solve the data storage problem in safety desktop virtualized environment, prevents leaking data.
The invention discloses a kind of date storage method based on safety desktop, comprise the following steps:
According to prediction block length, the file that need store carries out piecemeal according to byte number, obtains data block;
When carrying out redirected to described file, determining the memory location of each described data block according to preset policing rule, and described data block is stored on local terminal and remote server respectively.
Preferably, describedly determine that the memory location of each described data block comprises according to preset policing rule:
If described preset policing rule for restriction the network bandwidth or data security require low, then described data block is stored in local terminal than being stored in the many of remote server;
If described preset policing rule is that limiting network bandwidth or data security do not require high, then described data block is stored in remote server than being stored in the many of local terminal.
Preferably, described according to prediction block length, the file that need store carries out piecemeal according to byte number and comprises:
Offset address when storing according to described prediction block length and described file and byte number, utilize Hook Function, carry out piecemeal to described file.
Preferably, described according to prediction block length, the file that need store carries out piecemeal according to byte number and comprises:
According to described prediction block length and byte number, by carrying out file filter to described file block.
The present invention also discloses a kind of data storage device based on safety desktop, comprising:
Data block acquisition module, for according to prediction block length, the file that need store carries out piecemeal according to byte number, obtains data block;
Data block memory module, for when carrying out redirected to described file, determining the memory location of each described data block, and described data block being stored in respectively on local terminal and remote server according to preset policing rule.
Preferably, described data block memory module also for:
Described preset policing rule for restriction the network bandwidth or data security require low time, described data block is stored in local terminal than being stored in the many of remote server;
Be when limiting network bandwidth or data security do not require high at described preset policing rule, described data block is stored in remote server than being stored in the many of local terminal.
Preferably, described data block acquisition module also for:
Offset address when storing according to described prediction block length and described file and byte number, utilize Hook Function, carry out piecemeal to described file.
Preferably, described data block acquisition module also for:
According to described prediction block length and byte number, by carrying out file filter to described file block.
The present invention passes through according to prediction block length, and the file that need store carries out piecemeal according to byte number, obtains data block; When carrying out redirected to file, the memory location of each data block is determined according to preset policing rule, and method data block is stored in respectively on local terminal and remote server, there is the beneficial effect taking into account data security when meeting bandwidth requirement, effectively prevent leaking data, improve the security of data.
Accompanying drawing explanation
Fig. 1 is a kind of embody rule scene structure of the date storage method schematic diagram that the present invention is based on safety desktop;
Fig. 2 is the date storage method one embodiment schematic flow sheet that the present invention is based on safety desktop;
Fig. 3 carries out piecemeal one example structure schematic diagram to file in the date storage method that the present invention is based on safety desktop;
Fig. 4 carries out data block based on the piecemeal rule described in Fig. 3 in the date storage method that the present invention is based on safety desktop to store an example structure schematic diagram;
Fig. 5 is the data storage device one example structure schematic diagram that the present invention is based on safety desktop.
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
Technical scheme of the present invention is further illustrated below in conjunction with Figure of description and specific embodiment.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
It is a kind of embody rule scene structure of the date storage method schematic diagram that the present invention is based on safety desktop with reference to Fig. 1, Fig. 1; As shown in Figure 1, in safety desktop virtualized environment, network design and safety desktop are disposed and are consistent, and form primarily of security gateway, operation system remote server, file system remote server and terminal.Safety desktop virtual environment refers to the virtualized environment that utilization " Sandboxing " realizes in terminal, in this context, terminal user conducts interviews to data file, mainly comprises the establishment and amendment etc. of registration, file, and these data files all can be encrypted and carry out re-orientation processes; In addition, application programs behavior can also carry out management and control in this context, forbid the various behavior that may damage computer system, such as virus or wooden horse etc.Described Sandboxing, also referred to as " sandbox technology ", it is a kind of Intel Virtualization Technology, by data redirection process, the file of Program Generating and amendment, is redirected in own files folder; These data changed comprise file data and registry data, realized the function of isolation and protection system, also realize the isolation between virtual environment and true environment and between virtual environment and virtual environment by this kind of method.
Based on the safety desktop virtualized environment described in Fig. 1, please refer to Fig. 2; Fig. 2 is the date storage method one embodiment schematic flow sheet that the present invention is based on safety desktop; As shown in Figure 2, the date storage method that the present invention is based on safety desktop comprises the following steps:
Step S01, according to prediction block length, the file that need store carries out piecemeal according to byte number, obtains data block;
To the file stored be needed to carry out piecemeal according to byte number, the block length of piecemeal can freely configure as required; Such as, prediction block length is 8 bytes, needs the file stored to be A; , in the date storage method that the present invention is based on safety desktop, piecemeal one example structure schematic diagram is carried out to file with reference to Fig. 3, Fig. 3; Carry out piecemeal to file A according to the block length of 8 bytes, the data block arabic numeral obtained after file A piecemeal as shown in Figure 3, are carried out a point block number by the file A after piecemeal, are convenient to the follow-up memory location to this data block and are described.
In a preferred embodiment, carry out piecemeal to the file stored to carry out in different ways according to the different layers at this storage file place; Such as, piecemeal can be carried out by writing Hook Function to the file of application layer, in the process of written document hook, according to the byte number that written document offsets and writes, carrying out calculating and piecemeal; To the file driving layer, the method for file filter can be adopted to carry out piecemeal to needing the file stored; To the file of bottom, other modes can be adopted to carry out piecemeal to needing the file stored.
It will be appreciated by those skilled in the art that, the date storage method that the present invention is based on safety desktop carries out the mode of piecemeal according to byte number to the file that need store, can carry out concrete operations by applied environment residing for the type of file and file, the present embodiment is not construed as limiting the concrete partitioned mode that the file that need store carries out piecemeal.
Step S02, when carrying out redirected to described file, determining the memory location of each described data block according to preset policing rule, and described data block is stored on local terminal and remote server respectively.
When carrying out redirected to file, determine the memory location of each data block according to the policing rule preset.Such as, when limiting network bandwidth or data security require low, most data block can be kept at local terminal, in order to alleviate the pressure of switching network bandwidth; Good in network quality, bandwidth is abundant and high to data security requirement, most data block can be preserved on the remote server, thus ensure the high security of data, prevent data message from revealing; Also can according to actual conditions, setting policing rule, is such as stored in remote server by some certain data block in file, and other a part of data block is stored in local terminal.
Description data block after Divide File being carried out to the embodiment of separate type storage is carry out data block based on the piecemeal rule described in Fig. 3 in the date storage method that the present invention is based on safety desktop to store an example structure schematic diagram please with reference to Fig. 3 and Fig. 4, Fig. 4; As shown in Figure 3, after carrying out piecemeal to file A, the data block obtained is data block 1, data 2 etc.; If the policing rule pre-set is that the data block being numbered odd number is stored in local terminal, the data block being numbered even number is stored on the remote server, then according to this preset policing rule, the data block of correspondence is stored in local terminal and remote server respectively, and namely final realizes design sketch as shown in Figure 4.
Those skilled in the art will appreciate that preset policing rule can set according to embody rule scene; Also can set according to embody rule scenes such as the degree of secrecy of current network quality, current network bandwidth, file.In addition, the file-sharing read-write mode that the data block that need store on the remote server is stored to the storage mode on remote server can be provided by system self realizes, also can realize by other means, the date storage method that the present invention is based on safety desktop is not construed as limiting the storage mode needing the partitioned mode of storage file, the setting means of policing rule and data block to be stored to remote server.
The present embodiment passes through according to prediction block length, and the file that need store carries out piecemeal according to byte number, obtains data block; When carrying out redirected to file, the memory location of each data block is determined according to preset policing rule, and method data block is stored in respectively on local terminal and remote server, there is the beneficial effect taking into account data security when meeting bandwidth requirement, effectively prevent leaking data, improve the security of data.
Reference Fig. 5, Fig. 5 are the data storage device one example structure schematic diagram that the present invention is based on safety desktop.As shown in Figure 5, the data storage device that the present invention is based on safety desktop comprises: data block acquisition module 01 and data block memory module 02.
Data block acquisition module 01, for according to prediction block length, the file that need store carries out piecemeal according to byte number, obtains data block.
Data block acquisition module 01 carries out piecemeal by needing the file stored according to byte number, and the block length of piecemeal can freely configure as required; Such as, prediction block length is 8 bytes, needs the file stored to be A; , in the date storage method that the present invention is based on safety desktop, piecemeal one example structure schematic diagram is carried out to file with reference to Fig. 3, Fig. 3; Data block acquisition module 01 couple of file A carries out piecemeal according to the block length of 8 bytes, file A after piecemeal as shown in Figure 3, the data block arabic numeral obtained after file A piecemeal are carried out a point block number, is convenient to the follow-up memory location to this data block and is described.
In a preferred embodiment, data block acquisition module 01 carries out piecemeal carry out in different ways according to the different layers at this storage file place the file stored; Such as, the file of data block acquisition module 01 pair of application layer can carry out piecemeal by writing Hook Function, in the process of written document hook, according to the byte number that written document offsets and writes, carries out calculating and piecemeal; Data block acquisition module 01, to the file driving layer, can adopt the method for file filter to carry out piecemeal to needing the file stored; The file of data block acquisition module 01 pair of bottom, can adopt other modes to carry out piecemeal to needing the file stored.
It will be appreciated by those skilled in the art that, the present invention is based in the data storage device of safety desktop, data block acquisition module 01 carries out the mode of piecemeal according to byte number to the file that need store, can carry out concrete operations by applied environment residing for the type of file and file, the present embodiment is not construed as limiting the concrete partitioned mode that the file that need store carries out piecemeal.
Data block memory module 02, for according to prediction block length, the file that need store carries out piecemeal according to byte number, obtains data block.
Data block memory module 02, when carrying out redirected to file, determines the memory location of each data block according to the policing rule preset.Such as, when limiting network bandwidth or data security require low, most data block can be kept at local terminal by data block memory module 02, in order to alleviate the pressure of switching network bandwidth; Good in network quality, bandwidth is abundant and high to data security requirement, most data block can be preserved on the remote server by data block memory module 02, thus ensures the high security of data, prevents data message from revealing; Data block memory module 02 also can according to actual conditions, and setting policing rule, is such as stored in remote server by some certain data block in file, and other a part of data block is stored in local terminal.
Description data block after Divide File being carried out to the embodiment of separate type storage is carry out data block based on the piecemeal rule described in Fig. 3 in the date storage method that the present invention is based on safety desktop to store an example structure schematic diagram please with reference to Fig. 3 and Fig. 4, Fig. 4; As shown in Figure 3, after data block acquisition module 01 couple of file A carries out piecemeal, the data block obtained is data block 1, data 2 etc.; If the policing rule pre-set is that the data block being numbered odd number is stored in local terminal, the data block being numbered even number is stored on the remote server, then data block memory module 02 is according to this preset policing rule, the data block of correspondence is stored in local terminal and remote server respectively, and namely final realizes design sketch as shown in Figure 4.
Those skilled in the art will appreciate that preset policing rule can set according to embody rule scene; Also can set according to embody rule scenes such as the degree of secrecy of current network quality, current network bandwidth, file.In addition, the file-sharing read-write mode that data block memory module 02 data block that need store on the remote server is stored to the storage mode on remote server can be provided by system self realizes, also can realize by other means, the present invention is based on data block acquisition module 01 in the data storage device of safety desktop and the storage mode that the setting means and data block that need the partitioned mode of storage file, data block memory module 02 pair of policing rule are stored to remote server is not construed as limiting.
The present embodiment passes through according to prediction block length, and the file that need store carries out piecemeal according to byte number, obtains data block; When carrying out redirected to file, the memory location of each data block is determined according to preset policing rule, and data block is stored in respectively on local terminal and remote server, there is the beneficial effect taking into account data security when meeting bandwidth requirement, effectively prevent leaking data, improve the security of data.
Those skilled in the art will appreciate that also can be used in other based on the date storage method of safety desktop and device needs, in the application program stored data, to be not limited only to the virtualized environment of safety desktop.
The foregoing is only the preferred embodiments of the present invention; not thereby its scope of the claims is limited; every utilize instructions of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; directly or indirectly be used in the technical field that other are relevant, be all in like manner included in scope of patent protection of the present invention.
Claims (8)
1. based on a date storage method for safety desktop, it is characterized in that, comprise the following steps:
According to prediction block length, the file that need store carries out piecemeal according to byte number, obtain data block, carry out piecemeal carry out in different ways according to the different layers at this storage file place the file stored, described different layers comprises application layer, drives layer and bottom;
When carrying out redirected to described file, determining the memory location of each described data block according to preset policing rule, and described data block is stored on local terminal and remote server respectively.
2. the method for claim 1, is characterized in that, describedly determines that the memory location of each described data block comprises according to preset policing rule:
If described preset policing rule for restriction the network bandwidth or data security require low, then described data block is stored in local terminal than being stored in the many of remote server;
If described preset policing rule is that limiting network bandwidth or data security do not require high, then described data block is stored in remote server than being stored in the many of local terminal.
3. the method for claim 1, is characterized in that, described according to prediction block length, and the file that need store carries out piecemeal according to byte number and comprises:
Offset address when storing according to described prediction block length and described file and byte number, utilize Hook Function, carry out piecemeal to described file.
4. the method as described in claim 1 or 3, is characterized in that, described according to prediction block length, and the file that need store carries out piecemeal according to byte number and comprises:
According to described prediction block length and byte number, by carrying out file filter to described file block.
5. based on a data storage device for safety desktop, it is characterized in that, comprising:
Data block acquisition module, for according to prediction block length, the file that need store carries out piecemeal according to byte number, obtain data block, carry out piecemeal to the file stored to carry out in different ways according to the different layers at this storage file place, described different layers comprises application layer, drives layer and bottom;
Data block memory module, for when carrying out redirected to described file, determining the memory location of each described data block, and described data block being stored in respectively on local terminal and remote server according to preset policing rule.
6. device as claimed in claim 5, is characterized in that, described data block memory module also for:
Described preset policing rule for restriction the network bandwidth or data security require low time, described data block is stored in local terminal than being stored in the many of remote server;
Be when limiting network bandwidth or data security do not require high at described preset policing rule, described data block is stored in remote server than being stored in the many of local terminal.
7. device as claimed in claim 5, is characterized in that, described data block acquisition module also for:
Offset address when storing according to described prediction block length and described file and byte number, utilize Hook Function, carry out piecemeal to described file.
8. the device as described in claim 5 or 7, is characterized in that, described data block acquisition module also for:
According to described prediction block length and byte number, by carrying out file filter to described file block.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210490533.3A CN102999728B (en) | 2012-11-27 | 2012-11-27 | Based on date storage method and the device of safety desktop |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210490533.3A CN102999728B (en) | 2012-11-27 | 2012-11-27 | Based on date storage method and the device of safety desktop |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102999728A CN102999728A (en) | 2013-03-27 |
| CN102999728B true CN102999728B (en) | 2016-01-20 |
Family
ID=47928283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210490533.3A Active CN102999728B (en) | 2012-11-27 | 2012-11-27 | Based on date storage method and the device of safety desktop |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102999728B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008330B (en) * | 2014-05-23 | 2017-06-27 | 武汉华工安鼎信息技术有限责任公司 | Based on file is centrally stored and anti-data-leakage system of isolation technology and its method |
| CN113378202B (en) * | 2021-06-29 | 2022-05-03 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
| US11606432B1 (en) * | 2022-02-15 | 2023-03-14 | Accenture Global Solutions Limited | Cloud distributed hybrid data storage and normalization |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299960A (en) * | 2011-08-22 | 2011-12-28 | 盛乐信息技术(上海)有限公司 | Peer-to-peer (P2P) technology-based network file system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5400889B2 (en) * | 2010-03-31 | 2014-01-29 | 株式会社日立ソリューションズ | File server apparatus, storage system management method, and program |
-
2012
- 2012-11-27 CN CN201210490533.3A patent/CN102999728B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299960A (en) * | 2011-08-22 | 2011-12-28 | 盛乐信息技术(上海)有限公司 | Peer-to-peer (P2P) technology-based network file system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102999728A (en) | 2013-03-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20140223576A1 (en) | Method and System for Improving the Data Security of Cloud Computing | |
| EP3758274A1 (en) | Countermeasures against hardware side-channel attacks on cryptographic operations | |
| CN104503708B (en) | The method and device of data hash storage | |
| CN104852925A (en) | Method for leakproof, secure storage and backup of data of mobile smart terminal | |
| CN103944988A (en) | Repeating data deleting system and method applicable to cloud storage | |
| CN103440209A (en) | Solid state hard disk data encryption and decryption method and solid state hard disk system | |
| CN103259762A (en) | File encryption and decryption method and system based on cloud storage | |
| CN104239518A (en) | Repeated data deleting method and device | |
| US10686586B2 (en) | Re-encrypting data on a hash chain | |
| CN106326751B (en) | One kind can channel system and its implementation | |
| CN103607409A (en) | Method for protecting cloud storage data and cloud server | |
| WO2020034729A1 (en) | Data processing method, related device, and computer storage medium | |
| US20160253270A1 (en) | Protected memory area | |
| CN102999728B (en) | Based on date storage method and the device of safety desktop | |
| CN104463020A (en) | Method for protecting data integrity of memory | |
| CN104376122A (en) | Method and server for browser client side to acquire static files | |
| CN102346823A (en) | User logging method and system in internet | |
| WO2017114103A1 (en) | Method and apparatus for processing cloud encryptor | |
| CN205179098U (en) | Cloud computing system of high -efficient high security | |
| CN104679905B (en) | A kind of high-speed memory system based on cloud storage | |
| US11570153B2 (en) | Virtual machine perfect forward secrecy | |
| CN103530169B (en) | Method for protecting virtual machine files and user terminal | |
| CN104954452A (en) | Dynamic cipher card resource control method in virtualization environment | |
| CN108829340B (en) | Storage processing method, device, storage medium and processor | |
| CN109408085A (en) | Upgrade method, device, system and the storage medium of hardware wallet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: Nanshan District Xueyuan Road in Shenzhen city of Guangdong province 518000 No. 1001 Nanshan Chi Park building A1 layer Patentee after: SINFOR Polytron Technologies Inc Address before: 518052 room 410-413, science and technology innovation service center, No. 1 Qilin Road, Shenzhen, Guangdong, China Patentee before: Shenxinfu Electronics Science and Technology Co., Ltd., Shenzhen |