CN117951761A - USB flash disk safe access method based on storage data block management and control - Google Patents
USB flash disk safe access method based on storage data block management and control Download PDFInfo
- Publication number
- CN117951761A CN117951761A CN202311651298.8A CN202311651298A CN117951761A CN 117951761 A CN117951761 A CN 117951761A CN 202311651298 A CN202311651298 A CN 202311651298A CN 117951761 A CN117951761 A CN 117951761A
- Authority
- CN
- China
- Prior art keywords
- disk
- usb
- usb flash
- flash disk
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 241000700605 Viruses Species 0.000 claims abstract description 41
- 230000008569 process Effects 0.000 claims description 12
- 238000001914 filtration Methods 0.000 claims description 6
- 238000005192 partition Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 5
- 238000004519 manufacturing process Methods 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims description 4
- 238000003780 insertion Methods 0.000 claims description 3
- 230000037431 insertion Effects 0.000 claims description 3
- 230000015572 biosynthetic process Effects 0.000 claims description 2
- 238000002955 isolation Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000704 physical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The invention discloses a USB flash disk safe access method based on storage data block management and control, which comprises the following steps that virtual USB storage equipment created by a USB protection special device is mapped to a connected target host computer through OTG, and class storage equipment can be displayed on the target host computer; after a USB flash disk with a security tag is accessed to a USB protection special device, the USB protection special device performs virus scanning on the USB flash disk and records a data block where a virus file is located, virus scanning and file marking are completed, the USB flash disk with the security tag is bound to a virtual USB storage device, and data in the accessed USB flash disk with the security tag is accessed to a target host; when the problem data block is accessed, the access is forbidden; the invention realizes the management and control of the inserted USB flash disk by adopting the form of the virtual USB storage device; the virus file in the U disk is marked with the physical storage data block, so that the read-write mode of the problem data block is limited, and the isolation access to the virus file is realized.
Description
Technical Field
The invention relates to the technical field of mobile storage equipment safety, in particular to a USB flash disk safety access method based on storage data block management and control.
Background
With the continuous expansion and wide use of the capacity of USB mobile storage devices, USB mobile storage devices are one of the main storage media for transmitting data such as files.
In the face of increasingly severe network attack by utilizing USB mobile storage equipment, various industrial enterprises need to establish a clear security control strategy of the USB mobile storage equipment, establish a security protection system and use scientific and secure means to ensure the use security of the USB mobile storage equipment, thereby ensuring the service security and avoiding unnecessary loss caused to the enterprises by abuse of the USB mobile storage equipment.
In order to cope with the security threat of the usb disk, the industry has proposed various types of security management and control technologies for the usb disk, for example, patent publication nos.: CN115809487a discloses a method, a system and a device for safely isolating a USB mobile storage medium, which also realize the safety isolation of mobile storage files through the access form of multiple security policies, thereby having the advantages of convenient management and authorization for the running state of an isolation box and the ready reference of operation records; the patent publication number is: CN115952566a discloses a secure access method for USB mobile storage media, electronic equipment and a data ferry system, which are added to the data ferry system in the form of a USB peripheral management module for executing the secure access method for USB mobile storage media, and the data ferry system is applied to a network structure of an electric power system, so that precious system internal resources of the existing electric power system are not required to be occupied, and the secure and stable operation of an internal core service system is facilitated. However, these methods change the usage flow of the usb disk more or less, and the user cannot directly browse and operate the files on the usb disk like using a common usb disk, which brings great learning cost to the user. At the same time, the isolation of the rights and the security of the data transmitted on the network are provided, and the management and use cost is increased.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a USB flash disk safe access method based on storage data block management and control, which aims to connect a target host through a special USB protection device, display a card reader-like device on the target host, access the USB flash disk to the USB protection device, and after virus detection and problem data block marking, a user can see the USB flash disk mapped by OTG, see all catalogues and files on the common USB flash disk, and the localized operation, like the use mode of the common USB flash disk, can not change the daily use habit of the user; meanwhile, the original virus file is not deleted, and the problem that the user data is lost possibly caused by deleting the potential virus misjudgment is avoided.
In order to achieve the above purpose, the present invention provides the following technical solutions: a USB flash disk safety access method based on storage data block management and control comprises the following steps:
Step S1: creating a virtual USB storage device through a USB protection special device, connecting the virtual USB storage device with a target host through an OTG line, and displaying a class storage device on the target host;
Step S2: the USB protection special device monitors USB flash disk access in real time, monitors the USB flash disk access, reads USB flash disk data, verifies whether the USB flash disk is provided with a security tag or not, and whether the security tag is valid or not; for the USB flash disk without the security tag or with the security tag invalid, the USB protection special device refuses to use;
Step S3: for the USB flash disk with the effective security tag, the USB protection special device reads the data of the USB flash disk, carries out virus detection on the data, analyzes out the virus word patterns of the data blocks where viruses are located in the data according to different data types, and sets a problem data block list according to the marked data blocks where the viruses are located through the storage block filtering module;
Step S4: binding the U disk scanned and marked by the virus in the step S3 into the class memory device in the step S1, checking the data in the U disk by the target host through the USB protection special device, and prohibiting access when accessing the data block where the marked virus in the data is located, so as to prohibit access to the virus file in the U disk, wherein the target host user can know the reason of refusing access through the data name marked with the virus word;
Step S5: after the use is completed, the target host ejects the USB flash disk or pulls the USB flash disk out of the target host, and the virtual USB storage device created by the target host is restored to a state without USB flash disk insertion and waits for accessing a new USB flash disk.
Further, the manufacturing process of the security tag of the USB flash disk is as follows: extracting physical information of the U disk; calculating a hash value according to the extracted physical information; encrypting the calculated hash value by adopting an asymmetric encryption algorithm; and writing the encrypted hash value into a head fixed idle sector of the U disk.
Further, the process of verifying whether the USB flash disk is provided with a security tag is as follows: reading whether the encrypted hash value exists in the fixed idle sector of the U disk head, and if the encrypted hash value does not exist, checking the signature fails; if the encrypted hash value exists in the fixed idle sector of the U disk head, decrypting the hash value by adopting an asymmetric algorithm to obtain the decrypted hash value; extracting physical information in the decrypted hash value; calculating a hash value according to the extracted physical information in the decrypted hash value; comparing whether the decrypted hash value is consistent with the calculated hash value, if so, verifying the USB flash disk successfully as a legal security tag, if not, and if not, verifying the USB flash disk as an invalid tag, and if so, failing.
Further, the problem data block list forming process is as follows: loading an effective security tag U disk; a virus checking and killing engine is adopted to detect malicious codes of the data in the USB flash disk with the effective security tag; recording basic information such as the path, the size and the like of the identified malicious code file; unloading the USB flash disk with the effective security tag; scanning partition table data of the USB flash disk with the effective security tag; the catalog area data of the effective security tag U disk are scanned according to the partition table information; identifying file information according to a data area pointed by a directory area of the effective security tag U disk; and scanning the effective security tag USB flash disk data area file and the block equipment information, and if the malicious code file is not found, continuing scanning.
Further, the specific process of step S4 is as follows: the target host checks the data in the USB flash disk through a USB protection special device; sending a read-write request for storing the data block to the U disk; after obtaining the request, the virtual USB storage device forwards the request to the bound U disk; the storage block filtering module detects a data block read-write by the U disk; inquiring whether the data block is recorded in the U disk problem block data list, recording, returning rejection, and reading and writing the data block to the bound U disk; feeding back the access prohibition or read-write operation result to the virtual USB storage device; obtaining a read/write result of the USB flash disk data block; and the target host prompts a user or ends the operation according to the result of the OTG mapping U disk.
Compared with the prior art, the invention has the following beneficial effects: the invention realizes the management and control of the inserted USB flash disk by adopting the form of the virtual USB storage device; the method has the advantages that the physical storage data blocks of the virus files in the U disk are marked, so that the read-write mode of the problem data blocks is limited, and isolation access to the virus files is realized; for a virus file, a virus word is added in the file name of the virus file in a renaming mode, so that a user can know the reason of refusing access in the using process conveniently; and an asymmetric encryption algorithm is adopted, and the physical properties of the USB flash disk are combined, so that the access authentication of the USB flash disk is realized, and the use of illegal USB flash disk is stopped.
Drawings
FIG. 1 is a schematic overall flow chart of the present invention.
FIG. 2 is a diagram illustrating a security tag manufacturing process of a USB flash disk according to the present invention.
FIG. 3 is a process diagram of verifying whether a USB flash disk is provided with a security tag according to the present invention.
Fig. 4 is a diagram showing a problem data block list forming process according to the present invention.
FIG. 5 is a diagram illustrating a process for managing and controlling a U-disk storage data block according to the present invention.
Detailed Description
As shown in fig. 1, the present invention provides the following technical solutions: a USB flash disk safety access method based on storage data block management and control comprises the following steps:
Step S1: creating a virtual USB storage device through a USB protection special device, connecting the virtual USB storage device with a target host through an OTG line, and displaying a class storage device on the target host;
The USB protection special device is hardware for connecting the USB flash disk equipment and the target host, after the USB flash disk is inserted into the equipment, the device equipment detects a USB flash disk label according to a preset action, carries out virus detection and marking on files in the USB flash disk, and maps the USB flash disk to the target host by creating a virtual USB storage device;
Step S2: the USB protection special device monitors USB flash disk access in real time, monitors the USB flash disk access, reads USB flash disk data, verifies whether the USB flash disk is provided with a security tag or not, and whether the security tag is valid or not; for the USB flash disk without the security tag or with the security tag invalid, the USB protection special device refuses to use;
Step S3: for the USB flash disk with the effective security tag, the USB protection special device reads the data of the USB flash disk, carries out virus detection on the data, analyzes out the virus word patterns of the data blocks where viruses are located in the data according to different data types, and sets a problem data block list according to the marked data blocks where the viruses are located through the storage block filtering module;
Step S4: binding the U disk scanned and marked by the virus in the step S3 into the class memory device in the step S1, checking the data in the U disk by the target host through the USB protection special device, and prohibiting access when accessing the data block where the marked virus in the data is located, so as to prohibit access to the virus file in the U disk, wherein the target host user can know the reason of refusing access through the data name marked with the virus word;
Step S5: after the use is completed, the target host ejects the USB flash disk or pulls the USB flash disk out of the target host, and the virtual USB storage device created by the target host is restored to a state without USB flash disk insertion and waits for accessing a new USB flash disk.
As shown in fig. 2, the security tag manufacturing process of the U disc is as follows:
1. extracting physical information of devices such as VID, PID, serial number, description and the like of the U disk;
2. Calculating a hash value according to the extracted physical information; (the calculation method adopts a hash algorithm, and the hash algorithm can be MD5, SM3 and the like);
3. Encrypting the calculated hash value by adopting an asymmetric encryption algorithm;
4. and writing the encrypted hash value into a head fixed idle sector of the U disk.
As shown in fig. 3, the process of verifying whether the usb disk is provided with a security tag is as follows:
1. Reading whether the encrypted hash value exists in the fixed idle sector of the U disk head, and if the encrypted hash value does not exist, checking the signature fails;
2. If the encrypted hash value exists in the fixed idle sector of the U disk head, decrypting the hash value by adopting an asymmetric algorithm to obtain the decrypted hash value;
3. Extracting physical information of devices such as VID, PID, serial number, description and the like of the U disk in the decrypted hash value;
4. Calculating a hash value according to the extracted physical information of the devices such as VID, PID, serial number, description and the like of the U disk in the decrypted hash value;
5. Comparing whether the decrypted hash value is consistent with the calculated hash value, if so, verifying the USB flash disk successfully as a legal security tag, if not, and if not, verifying the USB flash disk as an invalid tag, and if so, failing.
As shown in fig. 4, the problem data block list formation process is as follows:
1. Loading an effective security tag U disk;
2. A virus checking and killing engine is adopted to detect malicious codes of the data in the USB flash disk with the effective security tag;
3. recording basic information such as the path, the size and the like of the identified malicious code file;
4. unloading the USB flash disk with the effective security tag;
5. scanning partition table data of the USB flash disk with the effective security tag;
6. the catalog area data of the effective security tag U disk are scanned according to the partition table information;
7. identifying file information according to a data area pointed by a directory area of the effective security tag U disk;
The file information is a file stored on the U disk by a user, can be a data file, can be a text file or an executable file and the like, is not limited in specific type, and can be popularized to a specific suffix file or a specific type file for identification or standard by describing malicious code file scanning of the file stored on the U disk by the user;
8. Scanning the effective security tag USB flash disk data area file and block equipment information, if no malicious code file is found, continuing scanning;
9. Recording file information of scanned malicious code files and corresponding stored data block information; in operating systems such as Windows and Linux, access to files is performed by a file system, such as an NTFS file system, a FAT file system, etc., which stores file data in disk sectors in a certain organization form, and has sectors in which the file size is recorded, sectors in which the file path is recorded, and sectors in which the file content is recorded, which constitute a storage data block. The user reads and writes the files in the special USB protection device, namely reads and writes the stored data blocks on the disk at the level of the special USB protection device, and the USB flash disk device also comprises OTG mapping USB flash disk equipment
10. If malicious code file data information still exists in the USB flash disk with the effective security tag, continuing to scan in a seventh step;
11. and forming a problem data block list of malicious code files in the USB flash disk with the effective security tag.
As shown in fig. 5, the specific procedure of step S4 is as follows:
The first step: the target host checks the data in the USB flash disk through a USB protection special device;
And a second step of: sending a read-write request for storing the data block to the U disk;
and a third step of: after obtaining the request, the virtual USB storage device forwards the request to the bound U disk;
Fourth step: the storage block filtering module detects a data block read-write by the U disk;
fifth step: inquiring whether the data block is recorded in the U disk problem block data list, and if so, returning a rejection; if not, reading and writing the data block to the bound U disk;
sixth step: feeding back the access prohibition or read-write operation result to the virtual USB storage device;
Seventh step: obtaining a read/write result of the USB flash disk data block;
eighth step: and the target host prompts a user or ends the operation according to the result of the OTG mapping U disk.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (5)
1. The USB flash disk safety access method based on storage data block management and control is characterized by comprising the following steps:
Step S1: creating a virtual USB storage device through a USB protection special device, connecting the virtual USB storage device with a target host through an OTG line, and displaying a class storage device on the target host;
Step S2: the USB protection special device monitors USB flash disk access in real time, monitors the USB flash disk access, reads USB flash disk data, verifies whether the USB flash disk is provided with a security tag or not, and whether the security tag is valid or not; for the USB flash disk without the security tag or with the security tag invalid, the USB protection special device refuses to use;
Step S3: for the USB flash disk with the effective security tag, the USB protection special device reads the data of the USB flash disk, carries out virus detection on the data, analyzes out the virus word patterns of the data blocks where viruses are located in the data according to different data types, and sets a problem data block list according to the marked data blocks where the viruses are located through the storage block filtering module;
Step S4: binding the U disk scanned and marked by the virus in the step S3 into the class memory device in the step S1, checking the data in the U disk by the target host through the USB protection special device, and prohibiting access when accessing the data block where the marked virus in the data is located, so as to prohibit access to the virus file in the U disk, wherein the target host user can know the reason of refusing access through the data name marked with the virus word;
Step S5: after the use is completed, the target host ejects the USB flash disk or pulls the USB flash disk out of the target host, and the virtual USB storage device created by the target host is restored to a state without USB flash disk insertion and waits for accessing a new USB flash disk.
2. The method for securely accessing a usb disk based on storage data block management according to claim 1, wherein: the manufacturing process of the security tag of the USB flash disk is as follows: extracting physical information of the U disk; calculating a hash value according to the extracted physical information; encrypting the calculated hash value by adopting an asymmetric encryption algorithm; and writing the encrypted hash value into a head fixed idle sector of the U disk.
3. The method for securely accessing a usb disk based on storage data block management according to claim 2, wherein: the process of verifying whether the USB flash disk is provided with a security tag is as follows: reading whether the encrypted hash value exists in the fixed idle sector of the U disk head, and if the encrypted hash value does not exist, checking the signature fails; if the encrypted hash value exists in the fixed idle sector of the U disk head, decrypting the hash value by adopting an asymmetric algorithm to obtain the decrypted hash value; extracting physical information in the decrypted hash value; calculating a hash value according to the extracted physical information in the decrypted hash value; comparing whether the decrypted hash value is consistent with the calculated hash value, if so, verifying the USB flash disk successfully as a legal security tag, if not, and if not, verifying the USB flash disk as an invalid tag, and if so, failing.
4. The method for securely accessing a usb disk based on storage data block management according to claim 3, wherein: the problem data block list formation process is as follows: loading an effective security tag U disk; a virus checking and killing engine is adopted to detect malicious codes of the data in the USB flash disk with the effective security tag; recording basic information such as the path, the size and the like of the identified malicious code file; unloading the USB flash disk with the effective security tag; scanning partition table data of the USB flash disk with the effective security tag; the catalog area data of the effective security tag U disk are scanned according to the partition table information; identifying file information according to a data area pointed by a directory area of the effective security tag U disk; and scanning the effective security tag USB flash disk data area file and the block equipment information, and if the malicious code file is not found, continuing scanning.
5. The method for securely accessing a usb disk based on storage data block management according to claim 4, wherein: the specific process of step S4 is as follows: the target host checks the data in the USB flash disk through a USB protection special device; sending a read-write request for storing the data block to the U disk; after obtaining the request, the virtual USB storage device forwards the request to the bound U disk; the storage block filtering module detects a data block read-write by the U disk; inquiring whether the data block is recorded in the U disk problem block data list, recording, returning rejection, and reading and writing the data block to the bound U disk; feeding back the access prohibition or read-write operation result to the virtual USB storage device; obtaining a read-write result of the USB flash disk data block; and the target host prompts a user or ends the operation according to the result of the OTG mapping U disk.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311651298.8A CN117951761A (en) | 2023-12-05 | 2023-12-05 | USB flash disk safe access method based on storage data block management and control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311651298.8A CN117951761A (en) | 2023-12-05 | 2023-12-05 | USB flash disk safe access method based on storage data block management and control |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117951761A true CN117951761A (en) | 2024-04-30 |
Family
ID=90797258
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311651298.8A Pending CN117951761A (en) | 2023-12-05 | 2023-12-05 | USB flash disk safe access method based on storage data block management and control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117951761A (en) |
-
2023
- 2023-12-05 CN CN202311651298.8A patent/CN117951761A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6711594B2 (en) | Distributed data archive device and system | |
| CN103065102B (en) | Data encryption mobile storage management method based on virtual disk | |
| US6345360B1 (en) | Apparatus method and computer readable storage medium with recorded program for managing files with alteration preventing/detecting functions | |
| US8887295B2 (en) | Method and system for enabling enterprises to use detachable memory devices that contain data and executable files in controlled and secure way | |
| CN113312676B (en) | Data access method and device, computer equipment and readable storage medium | |
| US20060188093A1 (en) | Contents management method, contents management apparatus, and recording medium | |
| CN101430700B (en) | File management device and storage device | |
| US20060200414A1 (en) | Methods of copy protecting software stored on portable memory | |
| KR101468258B1 (en) | Portable data storage device for protecting illegal replica | |
| CN102053925A (en) | Realization method of data encryption in hard disk | |
| CN113553006A (en) | Secure encrypted storage system for realizing data writing to read-only partition | |
| CN103473512B (en) | A kind of mobile memory medium management method and device | |
| KR100420444B1 (en) | External storage device | |
| US20020138747A1 (en) | Restricted data access | |
| CN108287988B (en) | Security management system and method for mobile terminal file | |
| US8776232B2 (en) | Controller capable of preventing spread of computer viruses and storage system and method thereof | |
| CN100518061C (en) | Disk memory system with once written and multiple read and design method thereof | |
| CN1707440A (en) | Data backup recovery and authority control method for hard disk linux document system | |
| CN117951761A (en) | USB flash disk safe access method based on storage data block management and control | |
| US20010044887A1 (en) | Record medium and method of controlling access to record medium | |
| CN113051533A (en) | Safety management method of terminal equipment | |
| AU2008344947B2 (en) | System and method for securely storing information | |
| US20060195654A1 (en) | Hard disk drive with write-only region | |
| US20130173851A1 (en) | Non-volatile storage device, access control program, and storage control method | |
| JP2002007263A (en) | Method and system for input/output information management of digital contents, and recording medium with program recorded for input/output management of digital contents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |