CN112487429A - Verification method and device of external storage equipment - Google Patents
Verification method and device of external storage equipment Download PDFInfo
- Publication number
- CN112487429A CN112487429A CN202011383634.1A CN202011383634A CN112487429A CN 112487429 A CN112487429 A CN 112487429A CN 202011383634 A CN202011383634 A CN 202011383634A CN 112487429 A CN112487429 A CN 112487429A
- Authority
- CN
- China
- Prior art keywords
- external storage
- file
- storage device
- identifier
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000012795 verification Methods 0.000 title claims abstract description 13
- 238000012545 processing Methods 0.000 claims description 2
- 241000700605 Viruses Species 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a verification method and a verification device for an external storage device, which can firstly acquire a device identifier of the external storage device, and then determine a device trusted tag corresponding to the device identifier of the external storage device according to the corresponding relation between the device identifier and the device trusted tag, wherein the device trusted tag is used for determining whether the external storage device is trusted. After a file copying request including a file identifier is received, if an equipment credible label corresponding to the equipment identifier is credible, copying a file corresponding to the file identifier from the external storage equipment; if the device identifications correspond. And if the equipment credible label is not credible, rejecting the file copying request. Therefore, any external storage device can be set as a trusted device, file copying is not required to be carried out by a specific safe storage device, and the use cost is reduced while the safety is ensured.
Description
Technical Field
The present application relates to the field of computer security technologies, and in particular, to a method and an apparatus for verifying an external storage device.
Background
In order to facilitate the transfer and copy of files, various removable storage devices such as a removable hard disk, a USB flash drive, and the like are widely used. For computers, removable storage devices may be referred to as add-on storage devices. The user can connect the external storage device to the computer, copy the files stored in the external storage device to the local storage space of the computer, or directly use the computer to run the application program stored in the removable storage device.
For the case of strict network security requirements, in order to ensure the security of the computer, data transmission is usually allowed only between the secure external storage device and the computer. Many manufacturers also produce corresponding secure storage devices. The safe storage device can effectively prevent viruses from entering the storage device and also can prevent the viruses from entering a computer from the storage device by means of encrypting the stored files, monitoring the network state of the storage device and the like.
But the price of the secure storage device is high due to the limitation of production cost. For application scenarios requiring a large amount of external storage devices, such as the field of industrial control, the use of secure storage devices for file transfer and copy can significantly increase the production cost.
Disclosure of Invention
In view of this, embodiments of the present application provide a method and an apparatus for verifying an external storage device, which aim to enable any external storage device to be used as a secure storage device through setting of computer software, so that the use cost is reduced and the use security of a computer is ensured.
A method of verifying an external storage device, the method comprising:
acquiring an equipment identifier of an external storage device, wherein the equipment identifier comprises any one or more of a manufacturer identifier, a model identifier, a serial number and a version number of the external storage device;
determining an equipment trusted label corresponding to the equipment identifier according to the corresponding relation between the equipment identifier and the equipment trusted label, wherein the equipment trusted label is used for indicating whether the external storage equipment is trusted or not, and the corresponding relation between the equipment identifier and the equipment trusted label is generated by application software;
receiving a file copying request, wherein the file copying request comprises a file identifier;
when the equipment credible label corresponding to the equipment identification is credible, copying a file corresponding to the file identification from the external storage equipment;
and when the equipment credible label corresponding to the equipment identification is not credible, rejecting the file copying request.
Optionally, the correspondence between the device identifier and the device trusted tag is obtained by the following method when receiving the access message of the external storage device for the first time:
receiving an equipment identifier sent by the external storage equipment;
sending the device identification to application software;
receiving a device trusted label sent by the application software, wherein the device trusted label is determined by the application software according to a device identifier;
and storing the corresponding relation between the equipment identification and the equipment credible label.
Optionally, before receiving the device identifier sent by the external storage device, the method further includes:
receiving an access request sent by the external storage equipment;
sending a type obtaining request to the external storage device, wherein the type obtaining request is used for obtaining a device type corresponding to the external storage device;
receiving a device type corresponding to the external storage device;
and when the device type corresponding to the external storage device is the storage device, determining that the external storage device is the external storage device.
Optionally, after determining the device trusted tag corresponding to the device identifier, the method further includes:
receiving a file operation request, wherein the file operation request comprises a file identifier of a file to be operated, and the file to be operated is stored in the external storage device;
and when the equipment credible label corresponding to the equipment identification is credible, operating the file to be operated corresponding to the file identification.
Optionally, when the device trusted tag corresponding to the device identifier is trusted, running the to-be-run file includes:
and determining that the file to be operated corresponding to the file identification belongs to the file recorded in the file white list.
An authentication apparatus of an external storage device, the apparatus comprising:
the device comprises an identification acquisition module, a storage module and a storage module, wherein the identification acquisition module is used for acquiring a device identification of an external storage device, and the device identification comprises any one or more of a manufacturer identification, a model identification, a serial number and a version number of the external storage device;
the device comprises a tag determining module, a tag determining module and a processing module, wherein the tag determining module is used for determining a device trusted tag corresponding to a device identifier according to a corresponding relation between the device identifier and the device trusted tag, the device trusted tag is used for indicating whether the external storage device is trusted, and the corresponding relation between the device identifier and the device trusted tag is generated by application software;
the device comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a file copying request which comprises a file identifier;
the first execution module is used for copying a file corresponding to the file identifier from the external storage device when the equipment credible tag corresponding to the equipment identifier is credible; and when the equipment credible label corresponding to the equipment identification is not credible, rejecting the file copying request.
Optionally, the correspondence between the device identifier and the device trusted tag is obtained by the following method when receiving the access message of the external storage device for the first time:
receiving an equipment identifier sent by the external storage equipment;
sending the device identification to application software;
receiving a device trusted label sent by the application software, wherein the device trusted label is determined by the application software according to a device identifier;
and storing the corresponding relation between the equipment identification and the equipment credible label.
Optionally, the method for obtaining the correspondence between the device identifier and the device trusted tag further includes:
receiving an access request sent by the external storage equipment;
sending a type obtaining request to the external storage device, wherein the type obtaining request is used for obtaining a device type corresponding to the external storage device;
receiving a device type corresponding to the external storage device;
and when the device type corresponding to the external storage device is the storage device, determining that the external storage device is the external storage device.
Optionally, the apparatus further comprises:
the second receiving module is used for receiving a file operation request, wherein the file operation request comprises a file identifier of a file to be operated, and the file to be operated is stored in the external storage device;
and the second execution module is used for operating the file to be operated corresponding to the file identifier when the equipment credible label corresponding to the equipment identifier is credible.
Optionally, the second execution module includes:
and the white list determining module is used for determining that the file to be operated corresponding to the file identifier belongs to the file recorded in the file white list.
The embodiment of the application provides a verification method and a verification device for an external storage device, which can be used for firstly acquiring a device identifier of the external storage device, and then determining a device trusted tag corresponding to the device identifier of the external storage device according to the corresponding relation between the device identifier and the device trusted tag, wherein the device trusted tag is used for determining whether the external storage device is trusted. After a file copying request including a file identifier is received, if an equipment credible label corresponding to the equipment identifier is credible, copying a file corresponding to the file identifier from the external storage equipment; and if the equipment credible label corresponding to the equipment identification is not credible, rejecting the file copying request. Wherein, the correspondence between the device identification and the device trusted label can be generated by application software. The application software can set the external storage device as a trusted device or an untrusted device according to actual requirements. Therefore, when the external storage device is accessed, whether the external storage device is a trusted device can be judged according to the device identifier of the external storage device, and then file copying is allowed or prohibited. Therefore, any external storage device can be set as a trusted device, file copying is not required to be carried out by a specific safe storage device, and the use cost is reduced while the safety is ensured.
Drawings
To illustrate the technical solutions in the present embodiment or the prior art more clearly, the drawings needed to be used in the description of the embodiment or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for verifying an external storage device according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of an authentication apparatus for an external storage device according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an authentication apparatus for an external storage device according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an authentication apparatus for an external storage device according to an embodiment of the present disclosure.
Detailed Description
With the development of networks, the requirements on network security are higher and higher. Therefore, secure storage devices such as secure usb disks are widely used. The secure storage device may encrypt the stored data file. In addition, the secure storage device can also automatically detect the network state, so that data leakage can be effectively prevented even if the network is cut off in an unsafe network environment. Because the safety storage device has the characteristics of safety and portability, the safety storage device is widely applied to many fields.
However, since the stored data needs to be encrypted and the network state needs to be monitored, the structure of the secure storage device is more complex compared with the conventional mobile storage device, and the production cost of the secure storage device is greatly increased. In addition, if the file itself stored in the secure storage device is problematic, such as the presence of viruses or trojan horse software, the security of the data cannot be guaranteed even with the secure storage device.
Based on the above disadvantages, in industrial control or other application scenarios requiring the use of a large amount of storage devices, the use cost is greatly increased by using the existing secure storage devices, the security of data cannot be guaranteed, and the risk of virus invading the computer exists.
In order to provide a technical scheme for realizing the safe copying of data and the safe operation of a file without a special safe storage device on the basis of ensuring the safety of a computer, the application provides a verification method of an external storage device, and a preferred embodiment of the application will be described from the perspective of a driver. The driver may be software installed in the operating system of the computer, and may be, for example, a Minifilter driver. In addition, the verification method of the external storage device provided by the embodiment of the application can also be operated in an embedded driver.
Referring to fig. 1, fig. 1 is a flowchart of a method for verifying an external storage device according to an embodiment of the present application, where the method includes:
s101: and acquiring the equipment identifier of the external storage equipment.
When the external storage device is accessed into the computer, the driver can acquire the device identifier of the external storage device through the interface. The device identifier of the external storage device may include any one or more of a manufacturer identifier, a model identifier, a serial number, a version number, and the like of the external storage device, or a combination of other numbers or letter sequences capable of uniquely identifying the external storage device.
Taking the external storage device as a USB disk as an example, when the USB disk is accessed to the computer through a Universal Serial Bus (USB) interface of the computer, the driver may obtain a Serial number of the USB disk through the USB interface as a device identifier, so as to continue the subsequent verification step.
S102: and determining the equipment trusted label corresponding to the equipment identification according to the corresponding relation between the equipment identification and the equipment trusted label.
After the device identifier of the external storage device is obtained, the driver may search for the device trusted tag corresponding to the device identifier of the external storage device according to a pre-stored correspondence between the device identifier and the device trusted tag. The device trusted tag may indicate the trustworthiness of the storage device, for example, the device trusted tag may include both trusted and untrusted tags. If the device credible tag of the external storage device is a credible tag, the external storage device is indicated to belong to the credible external storage device, and the driving program can allow the computer and the external storage device to mutually transmit data; if the device credible tag of the external storage device is an untrusted tag, the external storage device is indicated to belong to the untrusted external storage device, and then the driver can prohibit the mutual data transmission between the computer and the external storage device.
In this embodiment of the present application, the correspondence between the device identifier and the device trusted tag may be generated by application software. The application software is an application program installed in the computer, and whether the external storage device is trusted can be determined according to the device identifier. For example, a worker may set a device identifier interval of the external storage device that is trusted in the application software, and then after receiving the device identifier, the application software may determine whether the device identifier is located in the device identifier interval, so as to determine a device trusted tag corresponding to the device identifier.
For example, the application software may generate the correspondence between the device identifier and the device trusted tag when the computer is accessed to the external storage device for the first time. Specifically, when the external storage device is accessed to the computer for the first time, the external storage device may send a device identifier to the driver. After receiving the device identifier of the external storage device, the driver may forward the device identifier of the external storage device to the application software. The application software can determine whether the external storage device is a trusted external storage device according to the device identifier of the external storage device, and send a device trusted tag of the external storage device to the driver. After receiving the device trusted tag of the external storage device, the driver may store the device identifier of the external storage device and the device trusted tag, and determine a correspondence between the device identifier and the device trusted tag. Therefore, when the external storage device is accessed into the computer for the first time, the application software can determine whether the external storage device is trusted according to the device identifier of the external storage device, and further determine the device trusted tag of the external storage device. Therefore, the device credible tag can be freely set by the application software, namely whether the external storage device has safety risks or not is determined according to the actual application condition of the application software. Therefore, the credibility of the external storage device can be determined according to actual conditions, so that any external storage device can be used as a safe storage device.
Further, considering that the computer may have a plurality of external devices, and the external storage device is only a special external device, after the external device is connected to the computer, before determining whether the external device is safe, the driver may determine whether the external device is the external storage device.
For example, when the computer is accessed for the first time, the external storage device may send an access message to the driver. After receiving the access request, the driver may send a device type obtaining request to the external storage device, where the device type obtaining request may be used to obtain a device type of the external storage device. The external storage device may obtain the request based on the received device type. And sending the device type corresponding to the device to a driver. Thus, before determining the device trusted tag of the external device, the driver may determine the type of the external device, so as to continue subsequent operations.
S103: a file copy request is received.
If the computer needs to copy files from the external storage device or needs to copy files stored locally in the computer to the external storage device, the driver may receive a file copy request from the external storage device or the computer, and request the driver to allow data transmission between the external storage device and the computer. The file copy request may include a file identifier of the file to be copied, and is used to determine the file to be copied.
It should be noted that step S103 may be executed after step S102, or may be executed before step S101 or step S102, and this is not limited in this application.
S104: when the equipment credible label corresponding to the equipment identification is credible, copying a file corresponding to the file identification from the external storage equipment; and when the equipment credible label corresponding to the equipment identification is not credible, rejecting the file copying request.
After receiving the file copy request, the driver may determine whether the file copy request can be executed according to the device trusted tag corresponding to the external storage device, that is, determine whether the external storage device is trusted by using the device trusted tag corresponding to the device identifier of the external storage device, so as to allow or reject the file copy request.
If the device trusted label corresponding to the device identifier is trusted, it indicates that the external storage device is a trusted storage device, and there is no security risk, then the driver may allow the file copy request based on the result that the external storage device is trusted, so that the computer may obtain the data file stored by the external storage device, or the external storage device may obtain the data file from the local storage space of the computer. If the device trusted tag corresponding to the device identifier is not trusted, it indicates that the external storage device is an untrusted storage device, and there is a greater security risk, then the driver may reject the file copy request based on the conclusion that the external storage device is not trusted, thereby interrupting data transmission between the external storage device and the computer and ensuring the security of the file stored in the computer and the external storage device.
The embodiment of the application provides a verification method of an external storage device, which can firstly acquire a device identifier of the external storage device, and then determine a device trusted tag corresponding to the device identifier of the external storage device according to a corresponding relation between the device identifier and the device trusted tag, wherein the device trusted tag is used for determining whether the external storage device is trusted. After a file copying request including a file identifier is received, if an equipment credible label corresponding to the equipment identifier is credible, copying a file corresponding to the file identifier from the external storage equipment; and if the equipment credible label corresponding to the equipment identification is not credible, rejecting the file copying request. Wherein, the correspondence between the device identification and the device trusted label can be generated by application software. The application software can set the external storage device as a trusted device or an untrusted device according to actual requirements. Therefore, when the external storage device is accessed, whether the external storage device is a trusted device can be judged according to the device identifier of the external storage device, and then file copying is allowed or prohibited. Therefore, any external storage device can be set as a trusted device, file copying is not required to be carried out by a specific safe storage device, and the use cost is reduced while the safety is ensured.
In some possible implementations, a user may wish to directly open certain files stored in the external storage device, such as executable (exe) files, Dynamic Link Library (DLL) files, stored in the external storage device. For this case, the driver may allow or intercept the user's action of opening the file according to the device trusted tag of the external storage device. The following takes an example that the user needs to open the executable file, that is, the file to be run is an exe file as an example.
When a user needs to run an executable file stored in an external storage device, the user can send a command for running the executable file to the computer by double-clicking an icon of the executable file or in other ways. Because the executable file is stored in the external storage device and can be operated only through the driver, the computer can send a file operation request to the driver, and the file operation request can comprise a file identifier of the executable file and is used for determining the storage position of the executable file in the external storage device. After receiving the file operation request, the driver may parse the file operation request, extract a file identifier of the executable file from the file operation request, and determine a storage location of the executable file in the external storage device.
Similar to step S204, if the device trusted tag corresponding to the device identifier is trusted, it indicates that the external storage device is a trusted storage device, and the driver runs the executable file corresponding to the file identifier. If the device trusted label corresponding to the device identifier is not trusted, it indicates that the external storage device is an untrusted storage device, and the driver may not allow the computer to run the executable file based on the result that the external storage device is not trusted, so as to prevent an attacker from attacking the computer through the unsecure external storage device.
It should be noted that the driver may obtain the device trusted tag of the external storage device first, and then receive the file operation request, or may obtain the device trusted tag of the external storage device after receiving the file operation request, which is not limited in this embodiment of the present application.
In order to further ensure the security of the computer, when the file to be operated stored in the external storage device is operated, the driver program can also judge whether the file to be operated belongs to the file recorded in the file white list. The file white list may include file names or hash values of one or more files for recording trusted secure files. If the file to be run belongs to the files recorded in the file white list, the file to be run is stated to be trustable, and then the driver program can allow the computer to run the file to be run. Thus, the safety of the computer can be further improved by combining with the white list technology.
The foregoing provides some specific implementation manners of the verification method for the external storage device in the embodiment of the present application, and based on this, the present application also provides a corresponding apparatus. The above-mentioned device provided by the embodiments of the present application will be described in terms of functional modularity.
Referring to fig. 2, a schematic structural diagram of an authentication apparatus for an external storage device is shown, where the apparatus 200 includes:
the identifier obtaining module 210 is configured to obtain an apparatus identifier of an external storage device, where the apparatus identifier includes any one or more of a manufacturer identifier, a model identifier, a serial number, and a version number of the external storage device.
The tag determining module 220 is configured to determine, according to a correspondence between a device identifier and a device trusted tag, the device trusted tag that is used to indicate whether the external storage device is trusted, where the correspondence between the device identifier and the device trusted tag is generated by application software.
The first receiving module 230 is configured to receive a file copy request, where the file copy request includes a file identifier.
A first executing module 240, configured to copy, when the device trusted tag corresponding to the device identifier is trusted, a file corresponding to the file identifier from the external storage device; and when the equipment credible label corresponding to the equipment identification is not credible, rejecting the file copying request.
The embodiment of the application provides a verification device of an external storage device, which can firstly acquire an equipment identifier of the external storage device, and then determine an equipment trusted label corresponding to the equipment identifier of the external storage device according to the corresponding relation between the equipment identifier and the equipment trusted label, wherein the equipment trusted label is used for determining whether the external storage device is trusted. After a file copying request including a file identifier is received, if an equipment credible label corresponding to the equipment identifier is credible, copying a file corresponding to the file identifier from the external storage equipment; and if the equipment credible label corresponding to the equipment identification is not credible, rejecting the file copying request. Wherein, the correspondence between the device identification and the device trusted label can be generated by application software. The application software can set the external storage device as a trusted device or an untrusted device according to actual requirements. Therefore, when the external storage device is accessed, whether the external storage device is a trusted device can be judged according to the device identifier of the external storage device, and then file copying is allowed or prohibited. Therefore, any external storage device can be set as a trusted device, file copying is not required to be carried out by a specific safe storage device, and the use cost is reduced while the safety is ensured.
Optionally, in some possible implementations, the correspondence between the device identifier and the device trusted tag stored in the tag determining module 220 is obtained by the following method when receiving an access message of the external storage device for the first time:
and receiving the equipment identifier sent by the external storage equipment.
And sending the device identification to application software.
And receiving a device credible label sent by the application software, wherein the device credible label is determined by the application software according to the device identification.
And storing the corresponding relation between the equipment identification and the equipment credible label.
Therefore, when the external storage device is accessed into the computer for the first time, the application software can determine whether the external storage device is trusted according to the device identifier of the external storage device, and further determine the device trusted tag of the external storage device. Therefore, the device credible tag can be freely set by the application software, namely whether the external storage device has safety risks or not is determined according to the actual application condition of the application software. Therefore, the credibility of the external storage device can be determined according to actual conditions, so that any external storage device can be used as a safe storage device.
Optionally, in some possible implementations, the method of obtaining a correspondence between the device identifier and a device trusted tag further includes:
and receiving an access request sent by the external storage equipment.
And sending a type obtaining request to the external storage equipment, wherein the type obtaining request is used for obtaining the equipment type corresponding to the external storage equipment.
And receiving the device type corresponding to the external storage device.
And when the device type corresponding to the external storage device is the storage device, determining that the external storage device is the external storage device.
Considering that the computer may have a plurality of external devices, and the external storage device is only a special external device, after the external device is connected to the computer, before determining whether the external device is safe, the driver may determine whether the external device is the external storage device.
Optionally, referring to fig. 3, on the basis of the apparatus shown in fig. 2, the apparatus 200 further includes:
a second receiving module 250, configured to receive a file operation request, where the file operation request includes a file identifier of a file to be operated, and the file to be operated is stored in the external storage device.
And the second executing module 260 is configured to execute the file to be executed corresponding to the file identifier when the device trusted tag corresponding to the device identifier is trusted.
If the device credible label corresponding to the device identifier is credible, the external storage device is a credible storage device, and the driver runs the executable file corresponding to the file identifier. If the device trusted label corresponding to the device identifier is not trusted, it indicates that the external storage device is an untrusted storage device, and the driver may not allow the computer to run the executable file based on the result that the external storage device is not trusted, so as to prevent an attacker from attacking the computer through the unsecure external storage device.
Optionally, referring to fig. 4, on the basis of the apparatus shown in fig. 3, the second executing module 260 includes:
and a white list determining module 261, configured to determine that the file to be operated corresponding to the file identifier belongs to a file recorded in a file white list.
If the file to be run belongs to the files recorded in the file white list, the file to be run is stated to be trustable, and then the driver program can allow the computer to run the file to be run. Thus, the safety of the computer can be further improved by combining with the white list technology.
As can be seen from the above description of the embodiments, those skilled in the art can clearly understand that all or part of the steps in the above embodiment methods can be implemented by software plus a general hardware platform. Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a read-only memory (ROM)/RAM, a magnetic disk, an optical disk, or the like, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network communication device such as a router) to execute the method according to the embodiments or some parts of the embodiments of the present application.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only an exemplary embodiment of the present application, and is not intended to limit the scope of the present application.
Claims (10)
1. A verification method of an external storage device is characterized by comprising the following steps:
acquiring an equipment identifier of an external storage device, wherein the equipment identifier comprises any one or more of a manufacturer identifier, a model identifier, a serial number and a version number of the external storage device;
determining an equipment trusted label corresponding to the equipment identifier according to the corresponding relation between the equipment identifier and the equipment trusted label, wherein the equipment trusted label is used for indicating whether the external storage equipment is trusted or not, and the corresponding relation between the equipment identifier and the equipment trusted label is generated by application software;
receiving a file copying request, wherein the file copying request comprises a file identifier;
when the equipment credible label corresponding to the equipment identification is credible, copying a file corresponding to the file identification from the external storage equipment;
and when the equipment credible label corresponding to the equipment identification is not credible, rejecting the file copying request.
2. The method according to claim 1, wherein the correspondence between the device identifier and the device trusted tag is obtained by the following method when an access message of the external storage device is received for the first time:
receiving an equipment identifier sent by the external storage equipment;
sending the device identification to application software;
receiving a device trusted label sent by the application software, wherein the device trusted label is determined by the application software according to a device identifier;
and storing the corresponding relation between the equipment identification and the equipment credible label.
3. The method of claim 2, wherein before receiving the device identifier sent by the external storage device, the method further comprises:
receiving an access request sent by the external storage equipment;
sending a type obtaining request to the external storage device, wherein the type obtaining request is used for obtaining a device type corresponding to the external storage device;
receiving a device type corresponding to the external storage device;
and when the device type corresponding to the external storage device is the storage device, determining that the external storage device is the external storage device.
4. The method of claim 1, wherein after determining the device trusted tag corresponding to the device identifier, the method further comprises:
receiving a file operation request, wherein the file operation request comprises a file identifier of a file to be operated, and the file to be operated is stored in the external storage device;
and when the equipment credible label corresponding to the equipment identification is credible, operating the file to be operated corresponding to the file identification.
5. The method of claim 4, wherein when the device trusted tag corresponding to the device identifier is trusted, executing the to-be-executed file comprises:
and determining that the file to be operated corresponding to the file identification belongs to the file recorded in the file white list.
6. An authentication apparatus for an external storage device, the apparatus comprising:
the device comprises an identification acquisition module, a storage module and a storage module, wherein the identification acquisition module is used for acquiring a device identification of an external storage device, and the device identification comprises any one or more of a manufacturer identification, a model identification, a serial number and a version number of the external storage device;
the device comprises a tag determining module, a tag determining module and a processing module, wherein the tag determining module is used for determining a device trusted tag corresponding to a device identifier according to a corresponding relation between the device identifier and the device trusted tag, the device trusted tag is used for indicating whether the external storage device is trusted, and the corresponding relation between the device identifier and the device trusted tag is generated by application software;
the device comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a file copying request which comprises a file identifier;
the first execution module is used for copying a file corresponding to the file identifier from the external storage device when the equipment credible tag corresponding to the equipment identifier is credible; and when the equipment credible label corresponding to the equipment identification is not credible, rejecting the file copying request.
7. The apparatus of claim 6, wherein the correspondence between the device identifier and the device trusted tag is obtained by, when an access message of the external storage device is received for the first time:
receiving an equipment identifier sent by the external storage equipment;
sending the device identification to application software;
receiving a device trusted label sent by the application software, wherein the device trusted label is determined by the application software according to a device identifier;
and storing the corresponding relation between the equipment identification and the equipment credible label.
8. The apparatus of claim 6, wherein the method of obtaining the correspondence between the device identifier and the device trusted tag further comprises:
receiving an access request sent by the external storage equipment;
sending a type obtaining request to the external storage device, wherein the type obtaining request is used for obtaining a device type corresponding to the external storage device;
receiving a device type corresponding to the external storage device;
and when the device type corresponding to the external storage device is the storage device, determining that the external storage device is the external storage device.
9. The apparatus of claim 6, further comprising:
the second receiving module is used for receiving a file operation request, wherein the file operation request comprises a file identifier of a file to be operated, and the file to be operated is stored in the external storage device;
and the second execution module is used for operating the file to be operated corresponding to the file identifier when the equipment credible label corresponding to the equipment identifier is credible.
10. The apparatus of claim 9, wherein the second execution module comprises:
and the white list determining module is used for determining that the file to be operated corresponding to the file identifier belongs to the file recorded in the file white list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011383634.1A CN112487429A (en) | 2020-12-01 | 2020-12-01 | Verification method and device of external storage equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011383634.1A CN112487429A (en) | 2020-12-01 | 2020-12-01 | Verification method and device of external storage equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112487429A true CN112487429A (en) | 2021-03-12 |
Family
ID=74938382
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011383634.1A Pending CN112487429A (en) | 2020-12-01 | 2020-12-01 | Verification method and device of external storage equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112487429A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103646669A (en) * | 2013-11-29 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for detecting reliability of removable storage device |
| CN103677668A (en) * | 2013-11-29 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for detecting mobile storage equipment |
| CN105141614A (en) * | 2015-09-07 | 2015-12-09 | 北京北信源软件股份有限公司 | Method and device for controlling access permission of mobile storage device |
| CN109858289A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | The mobile storage device management method and device used suitable for corporate intranet |
-
2020
- 2020-12-01 CN CN202011383634.1A patent/CN112487429A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103646669A (en) * | 2013-11-29 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for detecting reliability of removable storage device |
| CN103677668A (en) * | 2013-11-29 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for detecting mobile storage equipment |
| CN105141614A (en) * | 2015-09-07 | 2015-12-09 | 北京北信源软件股份有限公司 | Method and device for controlling access permission of mobile storage device |
| CN109858289A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | The mobile storage device management method and device used suitable for corporate intranet |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9596257B2 (en) | Detection and prevention of installation of malicious mobile applications | |
| US8505069B1 (en) | System and method for updating authorized software | |
| RU2568295C2 (en) | System and method for temporary protection of operating system of hardware and software from vulnerable applications | |
| RU2680736C1 (en) | Malware files in network traffic detection server and method | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| US20100306851A1 (en) | Method and apparatus for preventing a vulnerability of a web browser from being exploited | |
| KR20160055725A (en) | Security policies for loading, linking, and executing native code by mobile applications running inside of virtual machines | |
| US10867049B2 (en) | Dynamic security module terminal device and method of operating same | |
| CN110138731B (en) | Network anti-attack method based on big data | |
| US10339307B2 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| US9430638B2 (en) | Authentication method, authentication apparatus and authentication device | |
| KR20160039234A (en) | Systems and methods for enhancing mobile security via aspect oriented programming | |
| CN103970540A (en) | Method and device for safely calling key function | |
| CN110348180B (en) | Application program starting control method and device | |
| CN102158480A (en) | Method, system and device for controlling system service recovery | |
| CN105791221B (en) | Rule issuing method and device | |
| JP2017187963A (en) | Electronic apparatus and system | |
| CN112487429A (en) | Verification method and device of external storage equipment | |
| CN111479273B (en) | Method, device, equipment and storage medium for detecting network access security | |
| CN116340929A (en) | Method and device for controlling software installation, storage medium and computer equipment | |
| Hei et al. | From hardware to operating system: a static measurement method of android system based on TrustZone | |
| KR101349807B1 (en) | Security system for mobile storage and method thereof | |
| KR101805444B1 (en) | Method for interworking with trustzone between normal domain and secure domain and recodable medium stroing the method | |
| JP2009169868A (en) | Storage area access device and method for accessing storage area | |
| Achuthan et al. | Android Defense in Depth Strategy in an Automobile Ecosystem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210312 |
|
| RJ01 | Rejection of invention patent application after publication |