CN105701408A - FatFs based encrypted file system and implementation method thereof - Google Patents
FatFs based encrypted file system and implementation method thereof Download PDFInfo
- Publication number
- CN105701408A CN105701408A CN201511014210.7A CN201511014210A CN105701408A CN 105701408 A CN105701408 A CN 105701408A CN 201511014210 A CN201511014210 A CN 201511014210A CN 105701408 A CN105701408 A CN 105701408A
- Authority
- CN
- China
- Prior art keywords
- data
- storage device
- fatfs
- check value
- field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention discloses a FatFs based encrypted file system and an implementation method thereof. The implementation method of the FatFs based encrypted file system comprises the steps of encrypting data while being stored through an encryption and decryption layer, calculating check values of the encrypted data and writing the check values and the encrypted data into a storage device, wherein each data block corresponds to one check value; and taking the encrypted data out of the storage device while reading the data and decrypting the encrypted data through the encryption and decryption layer to obtain a plaintext. According to the FatFs based encrypted file system and the implementation method thereof, risks caused by tampering of the data can be avoided.
Description
Technical field
The present invention relates to FatFs file system, particularly relate to the FatFs file system of application in android terminal。
Background technology
Android system intelligent terminal applies FatFs file system and preserves the resource of payment application, data, referring to Fig. 1, if stored with clear-text way, that is, storage device 12 is directly written and read operation by FatFs module 11, and these data exist the risk being stolen and distorting in storage device 12。
Summary of the invention
The technical problem to be solved in the present invention is in that, based on the drawbacks described above of prior art, it is proposed to a kind of encrypted file system based on FatFs and its implementation, it is possible to avoid data to be tampered and the risk that causes。
The technical solution adopted for the present invention to solve the technical problems is: what provide a kind of encrypted file system based on FatFs realizes method, comprising: make data when storage, encrypt through encryption and decryption layer, and calculate the check value adding ciphertext data, the corresponding check value of each data block, by check value with add ciphertext data write storage device in the lump;Make data when reading, take out from storage device and add ciphertext data, obtain expressly after encryption and decryption layer is deciphered。
In certain embodiments, also including: make the data field of storage device be divided into data field and check field, wherein, all of data block correspondence leaves this data field in, and all of check value leaves this check field in。
In certain embodiments, when the write of each data block, calculated check value will be written to corresponding check field position。
In certain embodiments, the size of this check field can static adjust according to the quantity of data block。
In certain embodiments, each check value is 4 bytes。
In certain embodiments, also include: the ciphertext data that adds in storage device can once be verified before loading by file system, once verification is not passed through, then empty all data contents。
In certain embodiments, the process once verified includes: each data block preserved on a storage device carries out check value calculating, and mates with each check value preserved on a storage device respectively, mate underproof, it is judged that do not pass through for verification。
In certain embodiments, should be applied in Android system intelligent terminal based on the encrypted file system of FatFs。
The technical solution adopted for the present invention to solve the technical problems is still: provide a kind of encrypted file system based on FatFs, including: FatFs module and storage device;Also include: DEU data encryption unit, for make from this FatFs module data storage in, be just saved in this storage device after being encrypted;Calculate check value unit, for calculating the check value adding ciphertext data and being saved in this storage device;And data decryption unit, for making data when reading, take out from storage device and add ciphertext data, after being decrypted process, just send this FatFs module to form expressly。
In certain embodiments, the data field of this storage device is divided into data field and check field, and wherein, all of data block correspondence leaves this data field in, and all of check value leaves this check field in。
The beneficial effects of the present invention is, by arranging encryption and decryption layer dexterously between FatFs and storage device so that preserve data on a storage device for adding ciphertext data, and, when writing data blocks, write corresponding check value in the lump, it is possible to avoid data to be tampered and the risk that causes。
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the structure of block diagram of existing FatFs file system。
Fig. 2 is the structure of block diagram of the encrypted file system based on FatFs of the present invention。
Fig. 3 be the present invention based on the partition structure of storage device in the encrypted file system of FatFs。
Fig. 4 is the loading flow process signal of the encrypted file system based on FatFs of the present invention。
Detailed description of the invention
In conjunction with accompanying drawing, presently preferred embodiments of the present invention is elaborated。
What the present invention proposed a kind of encrypted file system based on FatFs realizes method, comprising: make data when storage, encrypt through encryption and decryption layer, and calculate the check value adding ciphertext data, the corresponding check value of each data block, by check value with add ciphertext data write storage device in the lump;Make data when reading, take out from storage device and add ciphertext data, obtain expressly after encryption and decryption layer is deciphered;The data field making storage device is divided into data field and check field, and wherein, all of data block correspondence leaves this data field in, and all of check value leaves this check field in;And the ciphertext data that adds in storage device once can be verified before file system loading, once verification is not passed through, then empty all data contents。
Wherein, the process once verified includes: each data block preserved on a storage device carries out check value calculating, and mates with each check value preserved on a storage device respectively, mate underproof, it is judged that do not pass through for verification。When the write of each data block, calculated check value will be written to corresponding check field position。
Structure of block diagram referring to the encrypted file system based on FatFs that Fig. 2, Fig. 2 are the present invention。The present invention proposes a kind of encrypted file system based on FatFs, comprising: FatFs21 module (FatFs is a general file system module, for realizing FAT file system in small embedded systems);Storage device 22;DEU data encryption unit 23, for make from this FatFs module 21 data storage in, be just saved in this storage device 22 after being encrypted;Calculate check value unit 24, for calculating the check value adding ciphertext data and being saved in this storage device 22;And data decryption unit 25, for making data when reading, take out from storage device 22 and add ciphertext data, after being decrypted process, just send this FatFs module 21 to form expressly。In the present embodiment, should be applied in Android system intelligent terminal based on the encrypted file system of FatFs, pay the resource of application, data for preserving。
Referring to Fig. 3, Fig. 3 be the present invention based on the partition structure of storage device in the encrypted file system of FatFs。The data field of this storage device is divided into data field 32 and check field 31, and the size of this check field 31 can static adjust according to the quantity of data block。Wherein, all of data block 321 correspondence leaves this data field 32 in, and all of check value 311 leaves this check field 31 in。The corresponding check value 311 of each data block 321, each check value is 4 bytes。
Loading flow process referring to the encrypted file system based on FatFs that Fig. 4, Fig. 4 are the present invention is illustrated。This loading flow process generally comprises following steps:
401, initialization data block index;
402, read block;
403, check value is calculated;
404, check value is read;
405, judge whether check value mates, be, go to step 406;Otherwise, 411 are gone to step;
406, data directory adds one;
407, judge whether effective index, be go to step 402;Otherwise, 408 are gone to step;
408, load document system, depends on needs, goes to step 409 process being read out data, and/or, go to step 410 process reading data;
411, verify unsuccessfully;
412, empty all data, terminate。
Wherein, step 409 specifically includes following sub-step: 4091, read storage device;4092, data block deciphering;4093, solution ciphertext data is returned。Step 410 specifically includes following sub-step: 4101, deblocking to be written;4102, encryption of blocks of data;4103, check value is calculated;4104, write storage device。
The beneficial effects of the present invention is, by arranging encryption and decryption layer (being realized by DEU data encryption unit 23 and data decryption unit 25) dexterously between FatFs module 21 and storage device 22, make the data being saved in storage device 22 for adding ciphertext data, and, when writing data blocks, write corresponding check value (realizing by calculating check value unit 24) in the lump, it is possible to avoid data to be tampered and the risk that causes。
It should be appreciated that above example is only in order to illustrate technical scheme, it is not intended to limit, it will be understood by those skilled in the art that the technical scheme described in above-described embodiment can be modified, or its partial technical characteristic is carried out equivalent replacement;And these amendments and replacement, all should belong to the protection domain of claims of the present invention。
Claims (10)
1. the encrypted file system based on FatFs realize method, it is characterised in that including: make data storage in, encrypt through encryption and decryption layer, and calculate and add the check value of ciphertext data, the corresponding check value of each data block, by check value with add ciphertext data write storage device in the lump;Make data when reading, take out from storage device and add ciphertext data, obtain expressly after encryption and decryption layer is deciphered。
2. according to claim 1 realize method, it is characterised in that: also including: make the data field of storage device be divided into data field and check field, wherein, all of data block correspondence leaves this data field in, and all of check value leaves this check field in。
3. according to claim 2 realize method, it is characterised in that: every time when data block write, calculated check value will be written to corresponding check field position。
4. according to claim 2 realize method, it is characterised in that: the size of this check field can static adjust according to the quantity of data block。
5. according to claim 2 realize method, it is characterised in that: each check value is 4 bytes。
6. according to claim 1 realize method, it is characterised in that: also include: the ciphertext data that adds in storage device can once be verified before loading by file system, once verification is not passed through, then empty all data contents。
7. according to claim 6 realize method, it is characterized in that: the process once verified includes: each data block preserved on a storage device is carried out check value calculating, and mate with each check value preserved on a storage device respectively, mate underproof, it is judged that do not pass through for verification。
8. according to claim 1 realize method, it is characterised in that: should be applied in Android system intelligent terminal based on the encrypted file system of FatFs。
9. based on an encrypted file system of FatFs, including: FatFs module and storage device;It is characterized in that, also include: DEU data encryption unit, for make from this FatFs module data storage in, be just saved in this storage device after being encrypted;Calculate check value unit, for calculating the check value adding ciphertext data and being saved in this storage device;And data decryption unit, for making data when reading, take out from storage device and add ciphertext data, after being decrypted process, just send this FatFs module to form expressly。
10. the encrypted file system based on FatFs according to claim 9, it is characterised in that: the data field of this storage device is divided into data field and check field, and wherein, all of data block correspondence leaves this data field in, and all of check value leaves this check field in。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511014210.7A CN105701408A (en) | 2015-12-31 | 2015-12-31 | FatFs based encrypted file system and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511014210.7A CN105701408A (en) | 2015-12-31 | 2015-12-31 | FatFs based encrypted file system and implementation method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105701408A true CN105701408A (en) | 2016-06-22 |
Family
ID=56226789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511014210.7A Pending CN105701408A (en) | 2015-12-31 | 2015-12-31 | FatFs based encrypted file system and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105701408A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107358119A (en) * | 2017-07-06 | 2017-11-17 | 成都睿胜科技有限公司 | Secure file system implementation method in embedded system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1272718C (en) * | 2003-08-13 | 2006-08-30 | 国际商业机器公司 | Safety storage application |
| CN101667162A (en) * | 2008-09-02 | 2010-03-10 | 英业达股份有限公司 | System and method for encrypting and decrypting file |
| CN104156451A (en) * | 2014-08-18 | 2014-11-19 | 深圳市一五一十网络科技有限公司 | Data storage managing method and system |
| CN105095767A (en) * | 2015-07-27 | 2015-11-25 | 四川长虹电器股份有限公司 | System and method for secure startup checked based on file data block |
-
2015
- 2015-12-31 CN CN201511014210.7A patent/CN105701408A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1272718C (en) * | 2003-08-13 | 2006-08-30 | 国际商业机器公司 | Safety storage application |
| CN101667162A (en) * | 2008-09-02 | 2010-03-10 | 英业达股份有限公司 | System and method for encrypting and decrypting file |
| CN104156451A (en) * | 2014-08-18 | 2014-11-19 | 深圳市一五一十网络科技有限公司 | Data storage managing method and system |
| CN105095767A (en) * | 2015-07-27 | 2015-11-25 | 四川长虹电器股份有限公司 | System and method for secure startup checked based on file data block |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107358119A (en) * | 2017-07-06 | 2017-11-17 | 成都睿胜科技有限公司 | Secure file system implementation method in embedded system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200372503A1 (en) | Transaction messaging | |
| CN101488860B (en) | File ciphering, deciphering method | |
| US20160117518A1 (en) | File Encryption/Decryption Device And File Encryption/Decryption Method | |
| CN104380652A (en) | Multi-issuer secure element partition architecture for NFC enabled devices | |
| CN101800811B (en) | Mobile phone data security protection method | |
| CN104462965A (en) | Method for verifying integrity of application program and network device | |
| CN103065082A (en) | Software security protection method based on Linux system | |
| CN104156672B (en) | data encryption protection method and system based on LINUX | |
| CN103684786A (en) | Method and system for storing digital certificate and binding digital certificate to hardware carrier | |
| CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
| CN104901810A (en) | Data encrypted storage method based on domestic cryptographic algorithm | |
| CN103294969A (en) | File system mounting method and file system mounting device | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| CN107609428A (en) | Date safety storing system and method | |
| CN104517061A (en) | Method for encrypting file system and method for mounting encrypted file system | |
| US20100077230A1 (en) | Protecting a programmable memory against unauthorized modification | |
| CN102542319A (en) | Method for protecting keys of purchase secure access module (PSAM) card | |
| CN100462988C (en) | Method for setting customer flag information | |
| CN103347017A (en) | Data processing method and system on chip | |
| CN108416224A (en) | A kind of data encryption/decryption method and device | |
| CN101989321A (en) | Electronic book offline reading copyright protection system and method thereof | |
| CN101174941A (en) | Off-line digital copyright protection method and device for mobile terminal document | |
| CN105701408A (en) | FatFs based encrypted file system and implementation method thereof | |
| CN104504309A (en) | Data encryption method and terminal for application program | |
| CN101751279B (en) | Chip and method for downloading on-chip operation system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160622 |