CN100447765C - Mapping method for mobile memory device - Google Patents

Mapping method for mobile memory device Download PDF

Info

Publication number
CN100447765C
CN100447765C CN 200510073654 CN200510073654A CN100447765C CN 100447765 C CN100447765 C CN 100447765C CN 200510073654 CN200510073654 CN 200510073654 CN 200510073654 A CN200510073654 A CN 200510073654A CN 100447765 C CN100447765 C CN 100447765C
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
partition
encrypted
user
storage device
letter
Prior art date
Application number
CN 200510073654
Other languages
Chinese (zh)
Other versions
CN1866225A (en )
Inventor
李高强
杨宇光
王元成
Original Assignee
联想(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本发明公开了一种移动存储设备的映射方法,在包含加密分区的移动存储设备中设置分区管理程序,当计算机操作系统检测到有移动存储设备插入时,映射出该移动存储设备的物理盘符,并将所述的分区管理程序拷贝到该计算机中并运行;所述分区管理程序映射出该移动存储设备的加密分区盘符,并隐藏映射出的所述物理盘符。 The present invention discloses a method for mapping a mobile storage device, partition management program provided in the mobile storage device contains the encrypted partition, the operating system when the computer detects that a mobile storage device is inserted, the mobile storage device maps the physical letter and the partition management program copied into the computer and run; the partition management program encrypted partition map illustrating the letter of the removable storage device, and the hide of the mapped physical letter. 拷贝到计算机中的分区管理程序进一步可以对移动存储设备中的加密分区进行分区管理、用户管理、访问控制、读写控制、取消加密分区功能以及恢复出厂设置等管理操作。 Copied to the partition management program of the computer is further encrypted partition manager can partition the mobile storage device, user management, access control, write control, cancel the encryption function, and partition management operations such as restore factory settings. 使用本发明可明显提高数据安全性,提高用户满意度。 The present invention can significantly improve the data security, improving user satisfaction.

Description

一种移动存#*备的映射方法技术领域本发明涉及移动存储设备领域,具体涉及一种移动存储设备的映射方法。 # * A mobile storage apparatus mapping TECHNICAL FIELD The present invention relates to the field of mobile storage devices, particularly relates to a mapping method for a mobile storage device. 背景技术目前,移动存储设备正在被广泛应用,如:移动硬盘等.将移动存储设备插到计算机上后,用户可以通过计算机对移动存储设备进行数据读写採作。 BACKGROUND Currently, mobile storage devices are widely used, such as: mobile hard disk after the mobile storage device into the computer, the user can read and write data on a removable storage device for mining by a computer. 为了保证移动存储设备中数据的安全性,通常要对移动存储设备中的数据加密,加密的方式有多种,目前通常应用虚拟磁盘技术对数据进行加密. 对移动存储设备中的数据加密前,先要在计算机上安装专业的虚拟磁盘软件,用户可以应用该虚拟磁盘软件对移动存储设备中的文件夹加密并设置用户口令。 In order to ensure the security of mobile data storage device, usually To encrypt data on removable storage devices, there are a variety of ways to encrypt, virtual disk technology now commonly applied to encrypt data before the data is encrypted removable storage devices, first install professional virtual disk software on your computer, you can use the virtual disk software for mobile storage device folder encryption and set password. 并且,该虚拟磁盘软件将移动存储设备中的文件夹映射为盘符并显示在计算机屏幕上;所述计算机的操作系统则映射出该移动存储设备的物理盘符并显示在计算机屏幕上。 Then, the virtual disk software in the mobile storage device maps is the letter of the folder and displayed on the computer screen; operating system of the computer is a physical map showing the letter of the removable storage device and displayed on the computer screen. 用户后续对加密的所述文件夹中的加密数据进行读写时,所述虚拟磁盘软件会在计算机从该文件夹中读出数据时,先对该数据进行解密,之后再将完成解密的数据显示在计算机屏幕上;同样,所述虚拟磁盘软件会在计算机向所述加密文件夹中写入数据时,先对该数据进行加密,之后再将完成加密的数据写入该文件夹。 For subsequent data encryption the encrypted folder to read and write software in the virtual disk, the first data is decrypted when the data is read from the folder in a computer, and then after the completion of the data decryption displayed on the computer screen; Similarly, the virtual disk in the computer software to write data to the encrypted folder, first encrypts the data, and then after the completion of the encrypted data is written to the folder. 可见,只要用户对加密的所述文件夹中的加密数据进行读写操作,就要保证所述虚拟磁盘软件处于开启状态,以保证该文件夹能被映射为盘符并正常显示在计算机屏幕上,以及保证所述数据读写搮作过程中的数据加解密搮作能正常进行。 It is seen, as long as a user of the encrypted data encrypted file folder read and write operations, it is necessary to ensure that the software is on a virtual disk, to ensure that the folder can be mapped to a drive letter and a normal display on the computer screen , and to ensure that the data read and write data as Li Li encryption and decryption process can be performed as normal. 再有,当用户要对移动存储设备中某个加密文件夹中的加密数据进行读写操作时,就要先选中该文件夹在计算机屏幕上显示的盘符并且向计算机输入用户口令。 Further, when the user wants to encrypt the data in a removable storage device encrypted folder read and write operations, it is necessary to select the folder on the computer screen and the letter input user password to the computer. 如果输入的用户口令正确,用户则可以登陆该盘符所对应的文件夹,进而可以对该文件夹中的加密数据进行读写操作;否则,用户无法登陆该盘符所对应的文件夹,也就不能对该文件夹中的加密数据进行读写搮作。 If the user entered the correct password, the user can log in letter corresponding folders, in turn, can read and write the encrypted data folder; otherwise, the user can not log in the folder corresponding to the letter, also Li can not read and write data for the encrypted folder. 由以上所述可见,目前应用的虚拟磁盘技术比较专业,用户必须对该技术有一定程度的理解,才能应用该技术对移动存储设备中的加密数据进行读写操作。 Seen from the above, the current application technique more professional virtual disk, the user must have some degree of understanding of the technology, to apply the technique of the encrypted data in the mobile storage device reading and writing. 而实际上,大多数用户并不了解该技术,这使得用户很难使用该技术对移动存储设备中的加密数据进行读写搮作,即使用户可以使用该技术对移动存储设备中的加密数据进行读写搮作,也经常会在读写操作过程中操作出错,甚至对移动存储设备中的数据造成破坏。 In fact, most users do not understand the technology, which makes it difficult for the user to use the technique of moving the encrypted data storage device for reading and writing Li, even though the user may use the technique of the encrypted data is performed in the mobile storage device Li for literacy, often will operate error occurred during read and write operations, and even damage to the mobile data storage device. 再有,由于计算机的操作系统为移动存储设备映射出物理盘符并显示在计算机屏幕上,使得用户可以通过选择该物理盘符以对下一级目录中的内容进行操作,而该目录中的内容则包含移动存储设备中的加密文件夹.如果用户忘记该加密文件夹是其为了保证数据安全而加密的文件夹,则很有可能在整理移动存储设备的内容时将该加密文件夹删除.这会导致用户在无意中删除了自己要保护的数据。 Further, since the computer's operating system to the mobile storage device maps the physical drive letter and displayed on the computer screen so that the user can operate the contents of a directory by selecting the physical drive letter, and the directory the contents of the file that contains the encrypted removable storage devices in the folder. If the user forgets to encrypt a folder in order to ensure their data is secure and encrypted folder, it is likely the encrypted folder deleted when the content of the discussion removable storage devices. this causes users to delete their data to be protected inadvertently. 比如:用户将移动存储设备插入计算机后,计算机的操作系统映射出移动存储设备的物理盘符I,并将物理盘符I显示在计算机屏幕上。 For example: the user mobile storage device into the computer, the computer's operating system maps the physical storage device of the mobile letter I, and the physical letter I displayed on the computer screen. 当用户使用虚拟磁盘软件对该移动存储设备中的文件夹A和文件夹B进行数据加密操作时,该虚拟磁盘软件将文件夹A、文件夹B分别映射为盘符A、盘符B, 并将盘符A、盘符B显示在计算机屏幕上。 When the user uses the mobile software virtual disk storage device Folder A and Folder B data encryption operation is performed, the virtual disk software folder A, folder B are mapped to the letter A, letter B, and the letter A, letter B displayed on the computer screen. 这样,计算机屏幕上就同时显示有物理盘符I、盘符A以及盘符B,当用户以鼠标双击等方式选中物理盘符I时,计算机屏幂上则显示出物理盘符I的下一级目录中的内容,而该目录中的内容则包含文件夹A和文件夹B.如果用户忘记文件夹A和文件夹B是为了保证数据安全而加密的文件夹,则很有可能在整理移动存储设备的内容时将文件夹A或文件夹B删除,导致用户在无意中误删除了自己要保护的数据。 Thus, simultaneously displaying on a computer screen with a physical letter I, the letter A and the letter B, when the user double-clicking etc. to select a physical letter I, the next physical letter is displayed on the computer screen the power I content-level directory, and the contents of the directory contains folder a and folder B. If a user forgets the folder a and folder B is to ensure data security and an encrypted folder, it is likely to move in consolidation when the contents of the storage device or folder a folder delete B, cause users to inadvertently accidentally deleted their data to be protected. 可见,目前应用的移动存储设备映射方法,除了将移动存储设备中的文件夹映射为盘符并显示在计算机屏幕上以外,还为移动存储设备映射物理盘符并显示在计算机屏幕上,导致用户很有可能在无意中误删除要保护的数据,降低了数据安全性,也降低了用户满意度。 Be seen, the mobile storage device mapping method currently used, except that the removable storage device drive letter folder mapped to and displayed on a computer screen, it also maps the physical storage device of the mobile drive letter and displayed on the computer screen, causing the user It is likely to inadvertently accidentally deleted data to be protected, reduces data security, but also reduces user satisfaction. 发明内容有鉴于此,本发明的主要目的在于提供一种移动存储设备的映射方法,以提高数据安全性,提高用户满意度.为达到上述目的,本发明的技术方案是这样实现的: 本发明公开了一种移动存储设备的映射方法,该方法在包含加密分区的移动存储设备中设置分区管理程序,映射过程包括以下步骤:a. 计算机搮作系统检测到有移动存储设备插入时,映射出该移动存^i殳备的物理盘符,并将所述的分区管理程序拷贝到该计算机中并运行;b. 所迷分区管理程序映射出该移动存储i文备的加密分区盘符,并隐藏步骤a中映射出的所述物理盘符。 SUMMARY OF THE INVENTION Accordingly, the main object of the present invention is to provide a mapping method for a mobile storage device, in order to improve data security, improve customer satisfaction to achieve the above object, the technical solution of the present invention is implemented as follows: The present invention discloses a mapping method for a mobile storage device, the method provided in the hypervisor partition removable storage devices containing the encrypted partition, the mapping process comprises the following steps:. a computer system detects that Li as a mobile storage device when inserted, the mapping the mobile storage physical letter i ^ Shu prepared, and a copy of the partition management program into the computer and run;. b the fan partition management program encrypted partition map illustrating the removable storage drive letter i prepared text, and the hidden step a physical letter mapped out. 所述分区管理程序基于自动运行Autorun程序编写,将该分区管理程序拷贝到所述计算机中的方法是:计算机自动运行Autorun程序,将基于该程序编写的分区管理程序拷贝到计算机自身的数据存储装置中。 The partition management program based on the automatic programming the Autorun, the copy management program to the partition of the computer method are: the Autorun program the computer automatically, based on the partition copy management program written in the computer program itself to the data storage means in. 映射所述加密分区盘符的过程包括:所述分区管理程序查找所述加密分区数据结构中的加密分区名称,映射出具有该名称的加密分区盘符。 Mapping the encrypted partition letter process comprises: partitioning the encrypted partition management program to find a name of the data structure of the encrypted partition mapping the encrypted partition letter with that name. 隐藏映射出的所述物理盘符的方法是:所述分区管理程序在计算机的注册表中查找移动存储设备盘符显示表項,将该表项的值由原来的显示盘符所对应的值修改为隐藏盘符所对应的值。 Hiding the letter of the mapped physical method is: find the partition management program letter removable storage devices in the registry of the computer display the entry, the value of the value from the original entry corresponding to display letter modified to a value corresponding to the hidden letter. 该方法进一步包括:当所述计算机操作系统检测到所述移动存^K殳备已拔除,则删除曾映射的所述物理盘符,并由所述分区管理程序删除曾映射的所述加密分区盘符。 The method further comprising: detecting when said computer operating system to the mobile storage apparatus unplugged ^ K Shu, delete the letter had physical mapping, by the partition management program deletes the encrypted partition mapping was letter. 该方法进一步包括:所述的分区管理程序在有移动存储设备插入时,判断该移动存储设备是否为加密设备,如果是,该分区管理程序则映射出该移动存储设备的加密分区盘符并显示,再隐藏计算M作系统映射出的该移动存储设备的物理盘符。 The method further comprising: the hypervisor partition when the mobile storage device is inserted, the mobile storage device determines whether the encryption device, and if so, the hypervisor partition map illustrating the encryption of the mobile partition letter display and storage device , and then hide the physical computing system letter M for the mobile storage device mapped out. 所述分区管理程序至少包含分区虚拟模块、检索子程序和物理盘符隐藏棋块;所述计算机在拷贝分区管理程序时,进一步将检索子程序加入该计算机的自动运行程序组中;所述计算机启动时运行自动运行程序组中的检索子程序,该检索子程序判断插入到计算机的移动存储设备是否为加密设备,如果是,则由分区虚拟模块映射出该移动存储设备的加密分区盘符并显示,再由物理盘符隐藏模块隐藏计算机操作系统映射出的该移动存储设备的物理盘符。 The partition management program module comprising at least a virtual partition, the subroutine retrieves the hidden letters and move the physical block; the computer in the copy partition management program, a subroutine added to further retrieve automatically run the computer program group; the computer run retrieval subroutine program group automatic operation start, the subroutine determines the search into the computer's storage device is a mobile encryption device, if it is, by partitioning the encrypted module mapping virtual partition letter of the mobile storage device and show, then concealed by a physical letter letter physical concealment module of the mobile storage device of the computer operating system mapped out. 检索子程序进行所述判断的方法是:检索子程序在所述移动存储设备中查找加密分区数据结构,如果查找到加密分区数据结构,检索子程序则确定该移动存^i殳备是加密设备;否则,检索子程序则确定该移动存储设备不是加密设备.所述的分区管理程序进一步包含分区管理模块,该方法进一步包括:所述分区管理模块接收包含加密分区数据结构的创建命令,判断该数据结构包含的加密分区大小是否超过了所述移动存储设备的可用空间,如果超过,计算机則发出错误警告;如果没超过,分区管理模块则根据接收到的所述数据结构在该移动存储设备中创建加密分区;分区管理模块在接收到的各个数据结构之间建立对应关系并保存于该移动存储设备中,还由所述的分区虚拟模块映射出创建的加密分区的盘符并显示;或,所述分区管理模块接收包含加密分区 The method of retrieval is the determination subroutine: Subroutine retrieves the encrypted partition data structure lookup in the mobile storage device, if the data structure to find the encrypted partition, retrieving the subroutine it is determined that the mobile storage device is a ^ i Shu encrypting device ; otherwise, it is determined that the retrieval subroutine is not a removable storage device according to the encryption device further comprises a partitioning hypervisor partition management module, the method further comprising: a partition manager module receiving a command to create an encrypted partition data structure, the determination. the encrypted data structure comprising a partition size exceeds the available space in the mobile storage device, if exceeded, the computer error warning; if not, the partition management module according to the data structure is received at the mobile storage device Create encrypted partition; partition management module establishes a correspondence between various data structures received and stored in the removable storage device, but also by the virtual partition map module according to a drive letter encrypted partition created and displayed; or, the partition management module receives encrypted partition comprising 户名以及加密分区用户密码的删除加密分区命令,获取移动存储设备中存储的与该命令包含的加密分区用户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区用户密码与收到的所述加密分区用户密码是否相同,如果不同,分区管理模块则发出错误警告;如果相同,分区管理模块则删除所述移动存储设备中具有所述用户名的加密分区,还删除该移动存储设备中存储的所述加密分区用户名以及该用户名对应的数据结构,并将映射出的该加密分区的盘符删除。 Username and encrypted partition the user password to delete encrypted partition command, acquires encrypted partition the user password removable storage device storing encrypted partition the user name included in the command same encrypted partition username corresponding to, and determines whether the encrypted partition user password said encryption password is received from the user partition same, if different, the partition management module error warning; if the same, then the partition management module deletes the encrypted partition of the mobile storage device having a user name, but also remove the mobile the letter of the storage device encrypted partition partitioning the encrypted user name and user name stored in the corresponding data structure, and mapping out the deletion. 所述的分区管理程序进一步包含用户管理模块,该方法进一步包括: 所述用户管理模块接收修改加密分区用户密码命令,该命令包含加密分区用户名、加密分区当前的用户密码以及加密分区的新用户密码;该用户管t诏的加密分区用户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区用户密码与收到的所述加密分区用户密码是否相同,如果不同,用户管理模块则发出错误警告;如果相同,用户管理模块则将该移动存储设备中的所述加密分区用户密码更新为所述加密分区的新用户密码;或, 所述用户管理模块接收包含加密分区用户名以及加密分区用户密码的删除用户命令,获取所述移动存储设备存储的与该删除用户命令包含的加密分区用户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区用户密码与收到 The partition management program further includes the user management module, the method further comprising: modifying the user management module receives the user password encrypted partition command, encrypted partition contains the user name, encrypted partition the new user password and the user's current encrypted partition password; the user the user password encrypted partition tube t encrypted partition same username Chao encrypted partition corresponding to the user name, the encrypted partition and determines whether the same user password with the encrypted password received by the user partition, if different, the user management the error warning module; if the same, then the user management module of the user password encrypted partition update the mobile storage device the encrypted password for the new user partition; or, the user management module receives the encrypted partition containing the user name and the encrypted partition user password to delete user command, acquires the mobile storage device stores the encrypted partition username same encrypted partition the user name included in the delete user command corresponding to the encrypted partition the user password, and determines whether the encrypted partition user password Roger that 所述加密分区用户密码是否相同,如果不同,用户管理模块则发出错误警告;如果相同,用户管理;f莫块则将该移动存储设备中的所述加密分区用户名及对应的加密分区用户密码删除;或,所述用户管理模块接收包含加密分区名称、加密分区用户名以及加密分区用户密码的新建用户命令,在所述移动存储设备中查找与该新建用户命令包含的加密分区名称相同的加密分区名称,并在找到的加密分区名称、该加密分区名称对应的数据结构与新建用户命令包含的加密分区用户名以及加密分区用户密码之间建立对应关系,再将该加密分区用户名以及加密分区用户密码保存于所述移动存储设备中。 Partitioning the encrypted user password is the same, if different, the user management module error warning; if the same user management; F Mo is the block encryption of the user name of the mobile partition of the storage device and the corresponding user password encrypted partition delete; or, the user management module comprises receiving encrypted partition name, the new user command and encrypted partition username user password encrypted partitions, partition name lookup comprising the same encrypted with the new encryption user command at the mobile storage device, partition name, and to establish a correspondence between the encrypted partition to find the name, user name encrypted partition partition name corresponding to the encrypted data structure and a new user command and encrypted partition that contains the user's password, then the user name and encrypted partition encrypted partition mobile user password stored in the storage device. 所述的分区管理程序进一步包含访问控制模块、读写控制模块、取消加密分区功能模块以及恢复出厂设置模块,该方法进一步包括:所述访问控制模块收到显示盘符内容命令后发出登陆提示,并在收到加密分区用户名以及加密分区用户密码后,获取所述移动存储设备中与收到的加密分区用户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区用户密码与收到的所述加密分区用户密码是否相同,如果不同,访问控制模块则发出错误警告;如果相同,则由分区虚拟模块映射出所述加密分区下一级目录中的内容;或,所述读写控制模块将计算机搮作系统由所述加密分区读出的数据解密, 再显示完成解密的数据;还将计算机操作系统要写入所述加密分区的数据加密,再将完成加密的数据写入该加密分区;或,所述取消加密分区功能模块 The partition management program further includes an access control module, reading and writing control module, cancel the encryption module and partitioning factory reset module, the method further comprising: the access control module receives the display contents of the letter command issued login prompt, and after receiving the encrypted user name and the encrypted partition partitions the user password, the user password encrypted partition acquiring removable storage devices with the same encryption encrypted partition partitions the received user name corresponding to the user name, and judges whether the user password encrypted partition said encryption password is the same as the received user partition, if different, the access control module error warning; if the same, by partitioning module mapping virtual partition for the encrypted contents in a directory; or a Li write control module for the computer system partition data read out by said encryption and decryption, the decrypted data is completed display; also computer operating system to encrypt data to be written to the encrypted partition, and then write the encrypted data is completed into the encrypted partition; or cancel the encrypted partition function module 接收取消加密分区命令,删除所述移动存储设备中的所有加密分区数据结构;或,所述恢复出厂设置模块接收恢复出厂设置命令,删除所述移动存储设备中的所有加密分区以及对应的加密分区数据结构;恢复出厂设置模块还查找自身预先设置的加密分区数据结构,根据该数据结构在该移动存储设备中创建加密分区。 Receiving encrypted partition cancel command, deleting all encrypted partition data structure of the mobile storage device; or a factory reset module receives a factory reset command, deleting all the encrypted partition removable storage devices and the corresponding encrypted partition data structure; factory reset module is further encrypted partition data structure to find a preset itself, created in the mobile storage device data structure based on the encrypted partition. 与现有技术相比,本发明所提供的移动存储设备的映射方法,在包含加密分区的移动存储设备中设置分区管理程序,当计算机操作系统检测到有移动存储设备插入时,映射出该移动存储设备的物理盘符,并将所述的分区管理程序拷贝到该计算机中并运行;所述分区管理程序映射出该移动存储设备的加密分区盘符,并隐藏映射出的所述物理盘符.本发明可明显提高数据安全性,提高用户满意度。 Compared with the prior art, the mobile storage device mapping method provided by the present invention, partition management program provided in the mobile storage device contains the encrypted partition, the operating system when the computer detects that a mobile storage device is inserted, the mobile mapping out letter physical storage device, and the partition management program copied into the computer and run; the partition management program encrypted partition map illustrating the letter of the removable storage device, and to hide the letter of the mapped physical The present invention can significantly improve the data security, improving user satisfaction. 附图说明图1为本发明一较佳实施例的移动存储设备映射流程困; 图2为本发明另一较佳实施例的移动存储设备映射流程图。 1 shows a mobile storage device of the present invention a preferred embodiment of the mapping process trapped; FIG. 2 is a flowchart of another mobile storage apparatus mapping a preferred embodiment of the present invention. 具体实施方式下面结合附图及具体实施例对本发明详细说明。 Specific embodiments of the present invention is described in detail in conjunction with the accompanying drawings and the following embodiments. 本发明方法的重点在于:在包舍加密分区的移动存储设备中设置分区管理程序,当计算机操作系统检测到有移动存储设备插入时,映射出该移动存储设备的物理盘符,并将所述的分区管理程序拷贝到该计算机中并运行;所述分区管理程序映射出该移动存储设备的加密分区盘符,并隐藏映射出的所述物理盘符.另外,拷贝到计算机中的分区管理程序进一步可以对移动存储设备中的加密分区进行分区管理、用户管理、访问控制、读写控制、取消加密分区功能以及恢复出厂设置等管理操作。 The method of the invention is that the focus: partition management program provided in the mobile storage device package rounding of the encrypted partition, the operating system when the computer detects that a mobile storage device is inserted, the mobile storage device maps the physical letter, and the the partition management program copied into the computer and run; the partition management program encrypted partition map illustrating the letter of the removable storage device, and to hide the letter of the mapped physical Further, partition management program copied to the computer. It may be further partitioned encrypted mobile storage device partition management, user management, access control, write control, cancel the encryption function, and partition management operations such as restore factory settings. 参见图1,图1为本发明一较佳实施例的移动存储设备映射流程图,该流程包括以下步骤:步骤101:在移动存储设备中预先设置有要保护的加密分区、加密分区信息以及分区管理程序,该分区管理程序中保存有该移动存储设备出厂时创建的加密分区出厂信息。 Referring to FIG. 1, FIG. 1 is a flowchart of storage map apparatus according to a preferred embodiment of the invention, which comprises the following steps: Step 101: the mobile storage device is provided in advance to be protected encrypted partition, partition information and the encrypted partition management program, the partition management program is stored in an encrypted partition is created at the factory information factory of the mobile storage device. 所述加密分区信息是用于对所述移动存储设备中设置的加密分区进行描述的数据结构,该数据结构通常以加密分区列表的形式保存在该移动存储设备中;所述加密分区出厂信息则是用于对移动存储设备刚出厂时所设置的加密分区进行描述的数据结构,该数据结构通常以加密分区初始列表的形式保存在所述分区管理程序中。 The partition information is used to encrypt the encrypted mobile partition of the storage device provided in a data structure described, the data structure is typically stored in the mobile storage device in the form of a list of encrypted partitions; the factory information is encrypted partition a partition is provided encrypted mobile storage device a data structure factory just described, the data structure is typically stored in the partition management program in the form of an initial list of encrypted partition. 所述分区管理程序中还包含分区虚拟模块、物理盘符隐藏模块、分区管理模块、用户管理模块、访问控制模块、读写控制模块、取消加密分区功能模块以及恢复出厂设置模块等软件模块。 The partition management program module further comprises a virtual partition, the physical letter concealment module, partition management module, the user management module, the access control module, reading and writing control module, cancel the encryption module and partitioning module restore factory settings software module. 该分区管理程序是用于对所述加密分区进行管理的软件,不同的移动存储设备中的加密分区信息有可能不同, 但不同的移动存储设备中的分区管理程序通常都是相同的。 The partition manager is a program for the encrypted partition management software, the encrypted partition information different mobile storage devices may be different, but the different mobile storage device partition management program is usually the same. 所述的加密分区通常以加密文件形式存在,设置该加密分区的方式通常是在所述移动存储设备中创建至少一个文件,可以认为每个文件就是一个加密分区.如前所述,加密分区信息以及加密分区出厂信息都是用于对加密分区进行描述的数据结构,比如:加密分区的大小、加密分区名称、加密分区在所述移动存储设备中的路径、加密分区的用户名以及加密分区的用户密码等数据结构。 The encrypted partition is typically present in the form of an encrypted file, the encrypted partition disposed manner usually creating at least one file in said mobile storage device, each file can be considered that an encrypted partition. As described above, the encrypted partition information and factory partition information is used to encrypt the encrypted partition structure description data, such as: the size of the encrypted partition encrypted partition name, partition path encryption in the mobile storage device, the user name and the encrypted partition encrypted partition user password data structure. 加密分区名称通常与计算机映射出的该加密分区盘符相一致。 Name is usually encrypted partition map illustrating the computer the encrypted partition letter consistent. 针对以加密文件形式设置的加密分区而言,该加密分区信息包括:加密文件的大小、加密文件名称、加密文件在所述移动存储设备中的路径、加密文件用户名以及加密文件的用户密码等数据结构。 For purposes of encrypted partition arranged in a form of an encrypted file, the encrypted partition information includes: the size of the encrypted file, the encrypted file name, the file path encryption in the mobile storage device, the user name and user password encrypted file encrypted file, etc. data structure. 当将所述移动存储设备插入一台计算机的对外接口上时,该接口状态会由原来的未连接状态变为连接状态.由于该计算机时刻检查自身的对外接口状态,所以计算机可以通过上述的状态变化检测到有移动存储设备插入。 When the mobile storage device into the computer external interface that is not connected to the original status state to a connected state. Since the computer itself time to check the state of external interfaces, the computer through the above-described state detects a change in the mobile storage device is inserted. 这时,计算机将插入的移动存储设备中的分区管理程序拷贝到计算机中的硬盘等数据存储装置中。 In this case, the computer hypervisor partition insertion of removable storage devices is copied to the hard disk of the computer data storage device. 拷贝的方式有多种,通常为:将所述分区管理程序基于目前Windows等操作系统支持的自动运行(Autorun)程序编写,当所述移动存储设备插入计算机时,该计算机自动执行该移动存储设备中的Autorun程序,将基于该Autorun程序编写的所述分区管理程序拷贝到计算机的数据存储装置中.所述分区管理程序还包含检索子程序,计算机在拷贝该分区管理程序时,还将该检索子程序添加到计算机操作系统的自动运行程序组中,以保证该计算机每次开机时都会将该检索子程序调入内存,以运行该检索子程序, 该检索子程序用于支持计算机判断插入的移动存储设备是否为加密设备。 There are multiple copies of ways, typically: the current Windows operating systems to run automatically based on the preparation of the support partition management program (Autorun) program, when the mobile storage device into the computer, the computer automatically executes the removable storage device the Autorun program, copy management program based on the partition of the Autorun program written to a data storage apparatus of a computer. the partition management program further comprises a subroutine to retrieve, when a copy of the computer hypervisor partition, the search will subroutine added to the set of computer program automatically runs the operating system, to ensure that when each boot computer subroutine call to retrieve the memory, to run the search subroutine, the search routine is used to support computer determines whether the inserted mobile storage device is a device encryption. 步骤102:计算机的操作系统映射出所述移动存储设备的物理盘符,所述分区管理模块中的分区虚拟模块则查找该移动存储设备的加密分区数据结构中的加密分区名称,并映射出具有该名称的相应加密分区盘符.并且, 计算机还将映射出的所述物理盘符和加密分区盘符显示在计算机屏幕上.映射所述物理盘符的方法与映射所述加密分区盘符的方法相同.实际上,映射所述物理盘符这一搮作是目前的计算机操作系统自动执行的一项操作,即:当获知自身的对外接口插入了移动存储设备时,计算机的操作系统映射出该移动存储设备的物理盘符。 Step 102: the operating system of the computer maps the physical storage device of the mobile drive letter, the partition management module in the virtual partition is searched encryption module encrypting the partition name partition data structure in the removable storage device, and maps having encrypted partition respective letter of the name. Further, a computer will also mapped out of the physical letter and the encrypted partition letter displayed on a computer screen. the method of mapping the physical mapping the letter and the encrypted partition letter in fact the same manner, mapping the physical letter Li as the current operation is a computer operating system automatically, namely: when the inserted external interface itself known mobile storage device, the computer's operating system mapping the physical letter removable storage device. 步骧103:计算机将映射出的移动存储设备的物理盘符隐藏起来。 Xiang Step 103: The computer letter physical mapping of the mobile storage device hidden. 隐藏所述物理盘符的方法有多种,通常为:所述分区管理程序中的物理盘符隐藏模块在计算机的注册表中查找移动存储设备盘符显示表项,将该表项的值由原来的显示盘符所对应的值修改为隐藏盘符所对应的值,如:将显示盘符所对应的l修改为隐藏盘符所对应的O。 There are many hidden letter of the physical process is generally: the partition management program to find the physical concealment module letter letter mobile storage device in the registry of the computer display the entry, the entry by the value letter corresponding to the original display values ​​modified to a value corresponding to the hidden letter, such as: the display letter l corresponding modification to conceal the corresponding letter O. 这样,映射出的所述物理盘符就不会显示在计算机屏幕上。 Thus, a mapping of the physical letter will not show on the computer screen. 完成了上述操作后,由于计算机屏幕最终只显示出了所述移动存储设备的加密分区盘符,所以用户只能对该加密分区盘符进行操作,而无法对已经隐藏的所述物理盘符或该物理盘符的下一级目录中的内容进行操作,这使得所述加密分区中的数据内容得到了保护,数据安全性有了明显提高。 After completion of the above operation, since the computer screen displays only the final letter of the partition of the encrypted mobile storage device, the user can only operate the encrypted partition letter, the letter can not have the physical or hidden a directory of the contents of the letter physical operation, which makes the content data encrypted partition is protected, data security has been significantly improved. 比如:用户将移动存储设备插入计算机后,计算机的搮作系统映射出移动存储设备的物理盘符I,并将物理盘符I显示在计算机屏幕上;并且所述分区管理程序对该移动存储设备中预先创建的加密分区A和加密分区B分别映射为盘符A、盘符B,并将盘符A、盘符B显示在计算机屏幕上;同时, 所述分区管理程序将映射出的物理盘符I隐藏起来。 For example: the user after the mobile storage device into the computer, the computer system for Li mapping the physical storage device of the mobile letter I, and the physical letter I displayed on a computer screen; and the partition management program to the mobile storage device encrypted partition a and partition B encryption are created in advance mapped to letter a, letter B, and letter a, letter B is displayed on the computer screen; the same time, the partitioning hypervisor maps the physical disk symbol I hide. 这样,计算机屏幕上就显示有盘符A以及盘符B,而不会显示物理盘符I;并且,由于物理盘符I从最初显示在计算机屏幕上到被隐藏起来之间的时间极短,所以用户不会有机会看到物理盘符I。 Thus, displayed on a computer screen with a letter A and the letter B, the letter will not show physical I; and, due to the physical I from the initial letter displayed on the computer screen is hidden between the time is extremely short, so users will not have the opportunity to see the physical letter I. 这时,用户只能对计算机屏幕上显示的盘符A以及盘符B进行操作,而无法对已经隐藏的物理盘符I 进行任何搮作。 At this time, the user can only display the letter A and the letter B on the computer screen to operate, and can not have a physical letter I hidden for any Li. 当然,由于计算机屏幕上显示出了所述移动存储设备的加密分区盘符, 所以用户可以对该盘符以及该盘符的下一级目录中的内容进行操作。 Of course, since the computer screen on the encrypted partition letter said mobile storage device, the user can perform an operation on the contents of the directory and the letter in the letter. 这时用户对加密分区内容进行的修改、删除等操作都是有意识的数据管理操作,而与前述的误删除搮作具有不同的性质。 In which case, the user of the encrypted content partition, or delete the data management operations are all consciousness, and Li and the accidentally deleted as having different properties. 计算机时刻检查自身的对外接口状态,如杲所述移动存储设备被从计算机上拔除,计算机则获知自身的对外接口状态由原来的连接状态变为未连接状态。 Computer always check its external interface state, Gao as the mobile storage device is unplugged from the computer, the computer itself is known from the original state of the external interface connected state to the unconnected state. 这时,计算机中的存储的分区管理程序删除映射出的所述加密分区盘符。 In this case, the computer hypervisor partition deleting the stored encrypted partition letter mapped out. 以上描述的是第一次将所述移动存储设备插入计算机的情形,如果从所述计算机上拔除了该移动存储设备后,又将该移动存储设备插入该计算机,则会出现如图2所示的情况,图2为本发明另一较佳实施例的移动存储设备映射流程图,该流程包括以下步骤:步骤201:当所述移动存储设备插入计算机的对外接口时,该计算机检测到有移动存储设备插入。 Described above is the case where the first mobile storage device into the computer, if the removal of the removable storage device from the computer, and the removable storage device into the computer, shown in Figure 2 occurs case, FIG. 2 of the present invention, another preferred embodiment of a mobile storage apparatus mapping a flowchart of the embodiment, which comprises the following steps: step 201: when the mobile storage device into the computer of the external interface, the computer detects a movement storage device inserted. 步骤202:计算机判断插入的移动存储设备是否为加密设备,如果是加密设备,则进入步骤204;如果不是加密设备,则进入步骤203。 Step 202: Insert the computer determines whether the removable storage device encryption device, if the device is encrypted, the process proceeds to step 204; if the device is not encrypted, the process proceeds to step 203. 所述判断的方法有多种,通常为:计算机调用自身存储的检索子程序查找插入的移动存储设备中的加密分区标识,如果计算机查找到所述加密分区标识,则确定所述移动存储设备是加密设备;如果计算机没有查找到所述加密分区标识,则确定所述移动存储设备不是加密设备。 There are various methods of the determination, typically: Computer search of subroutine calls themselves stored encrypted lookup partition identification inserted in the mobile storage device, if the computer to find the encrypted partition identifier, determining that the mobile storage device is a encrypting device; if the computer does not find the encrypted partition identifier, determining that the mobile device is not encrypted storage device. 通常将保存于所述移动存储设备中的加密分区列表作为所述加密分区标识。 It is typically stored in the mobile storage device as the encrypted encryption partition table partition ID. 步骤203:计算机的操作系统将移动存储设备作为普通存储设备处理, 映射出该移动存储设备的物理盘符并显示在计算机屏幕上,结束本流程。 Step 203: the operating system of a computer to a mobile storage device into the storage device processing, the letter of the mobile mapping the physical storage device and displayed on the computer screen, the process ends. 步骤204:计算机的操作系统映射出所述移动存储设备的物理盘符并显示在计算机屏幕上,所述分区管理程序中的分区虚拟模块则映射出移动存储设备中的加密分区的盘符并显示在计算机屏幕上。 Step 204: the operating system of the computer maps the physical storage drive letter of the mobile device and displayed on a computer screen, the partition management program module is a virtual partition map illustrating the partitioning drive letter encrypted removable storage devices and display on the computer screen. 步骤205:所述分区管理程序中的物理盘符隐藏模块将步骤204中映射出的所述物理盘符隐藏起来。 Step 205: the physical partition management program module hiding the physical letter drive letter of the mapped step 204 hidden. 步骤206:计算机判断自身是否存储有完整的分区管理程序,如果存储有完整的分区管理程序,则结束本流程;否则,进入步骤207。 Step 206: judging whether the computer stores a complete partition management program, if there is a complete storage partition management program, the end of the process; otherwise, the process proceeds to step 207. 所述判断方法通常为:计算机查找自身存储的分区管理程序包含的所有程序模块,比较找到的程序模块的名称与自身预先设置的所有程序模块名称,如果找到的程序模块的名称分别与设置的程序模块名称相同,计算机则确定自身存储有完整的分区管理程序;否则,计算机则确定自身存储的分区管理程序不完整。 The method generally determined as follows: Find all the computer programs stored in the module itself comprises a partition management program, the name of the program names of all the program modules found in compare module itself is set in advance, if the name of the program modules provided are found program the same module name, the computer determines that it has a complete storage partition management program; otherwise, it is determined that its own computer storage partition management program is not complete. 步骤207:计算机拷贝所述移动存储设备中的分区管理程序,并用拷贝的分区管理程序以覆盖等方式更新自身存储的所述分区管理程序。 Step 207: The computer copy of the mobile storage device partition management program, and the like manner as to cover the partition update their storage management program copies the partition management program. 可见,图2中所示的流程同样可以保证计算机屏幕最终只显示出所述移动存储设备的加密分区盘符,所以用户只能对该加密分区盘符进行搮作,而无法对已经隐藏的所述物理盘符或该物理盘符的下一级目录中的内容进行操作,这使得所述加密分区中的数据内容得到了保护,数据安全性有了明显提高。 Seen in the flow shown in FIG. 2 can also ensure the computer screen shows only the final letter of the encrypted partition mobile storage device, the user can only be the encrypted partition letter Li, and can not have the hidden said directory contents a physical letter or letter in the physical operation, such that the encrypted content data is protected partition, data security has been significantly improved. 除了所述的隐藏移动存储设备物理盘符的操作以外,计算机还可以应用曾拷贝的分区管理程序对所述移动存储设备中的加密分区进行分区管理、用户管理、访问控制、读写控制、取消加密分区功能以及恢复出厂设置等管理搮作。 In addition to the operation of the physical storage of hidden letter mobile device, the computer may also have copies of the application program to encrypt partition management partition of the mobile storage device partition management, user management, access control, write control, cancel encrypted partition function and restore factory settings management for Li. 对于所述分区管理操作而言,该分区管理操作可以分为创建加密分区和删除加密分区。 For the partition management operations, the partition management operations can be divided to create an encrypted partition and delete the encrypted partition. 要创建加密分区时,用户向计算机输入包含加密分区数据结构的创建命令,该数据结构通常为:加密分区的大小、加密分区名称、加密分区在所述移动存储设备中的路径、加密分区的用户名以及加密分区的用户密码等。 Encrypted user partition size, partition name encryption, the encrypted partition path in the mobile storage device, the encrypted partition: To create an encrypted partition, the user command includes creating a data structure of encrypted partitions input to the computer, the data structure is generally user names and passwords encrypted partition. 计算机中的分区管理程序包含的分区管理模块收到创建命令后,判断输入的所述加密分区大小是否超过了移动存储设备的可用空间,如果超过,分区管理模块则以对话框或警告音等方式向用户发出错误警告,进一步还可以弹出提示框,要求用户重新输入要创建的加密分区的数据结构;如果没超过,设备中创建加密分区,之后以对话框等方式向用户发出创建成功提示。 After the computer hypervisor partition comprising partition management module receives the Create command, determining whether the inputted encrypted partition size exceeds the available storage space of the mobile device, and if it exceeds, the partition management module places a dialog box or warning sound, etc. issued a warning to user error, and may further prompt pop-up box that asks the user to re-enter data structure of encrypted partitions to be created; if not, the device creates an encrypted partition, then in a box, etc. issued to prompt the user to create success. 当然,分区管理模块还要对加密分区列表中存储的加密分区数据结构进行更新,具体更新方法为:在接收到的要创建的所述加密分区的数据结构之间建立对应关系并保存于该加密分区列表中。 Of course, the encrypted partition management module also encrypted partition partition data structure stored in the list to be updated, updating the specific method: to establish a correspondence between the encrypted data structure received partition to be created and stored in the encrypted partition list. 并且,还要由所述分区管理模要删除加密分区时,用户向计算机输入包含加密分区用户名以及加密分区用户密码的删除加密分区命令,计算机中的分区管理程序包含的分区管理模块收到该删除加密分区命令后,以读取等方式获取移动存储设备中存储的与该删除加密分区命令包含的加密分区用户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区用户密码与收到的所述加密分区用户密码是否相同,如果不同,分区管理模块则以对话框或警告音等方式向用户发出错误警告;如果相同,分区管理模块则删除所述移动存储设备中具有所述用户名的加密分区,之后以对话框等方式向用户发出删除成功提示,当然,分区管理模块还要对加密分区列表中存储的加密分区数据结构进行更新,具体更新方法为:删除加密分区列表中存储的所述加密 Further, even when the mold by the partition manager to delete the encrypted partition, user name and user encrypted partition comprising partition encrypted user password encrypted partition delete command to the computer input, the computer hypervisor partition comprising partition management module receives the Removing the encryption partition commands to read the other way to obtain the encrypted partition the user password removable storage device storing encrypted partition the user name included in the deleted encrypted partition command same encrypted partition username corresponding to, and determines whether the encrypted partition user password said encryption password is the same as the received user partition, if different, the partition management module places a dialog box or warning sound, etc. issue an error message to a user; if the same, deleting the partition management module in the mobile storage device having encrypted partition said user name, and then sent to the dialog box, etc. to prompt the user to delete success, of course, the partition management module also encrypted partition data structure stored in the encrypted partition list is updated, the specific update methods are: delete the encrypted partition list stored in the encrypted 区用户名以及该用户名对应的其它数据结构。 Area user name, and other data structures corresponding to the user name. 并且,分区管理模块将已删除的该加密分区所映射出的盘符删除,对于所述用户管理操作而言,该用户管理操作可以分为修改加密分区用户密码、删除用户以及新建用户。 Then, the encrypted partition partition management module deleted letter mapped by deletion operation for the user management, user management operations can be divided into partitions modify the encrypted user password, delete users and new users. 要修改加密分区用户密码时,用户向计算机输入修改加密分区用户密码命令,该命令包含加密分区用户名、加密分区当前的用户密码以及加密分区的新用户密码,计算机中的分区管理程序包含的用户管理模块收到该修改加密分区用户密码命令后,以读取等方式获取移动存储设备的加密分区列表中存储的与该命令包含的加密分区用户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区用户密码与收到的所述加密分区用户密码是否相同,如果不同,用户管理棋块则以对话框或警告音等方式向用户发出错误警告;如果相同,用户管理棋块则将加密分区列表中存储的所述加密分区用户密码更新为所述加密分区的新用卢密码,之后以对话框等方式向用户发出《务改用户密码成功提示,要删除用户时,用户向计算机输入包含加密分区用户名 To modify the encrypted partition user passwords, user input to modify the encrypted partition user password commands to the computer, the command contains an encrypted partition user names, encrypted partition current user password and encrypted partition new user password, the user's computer partition management program included management module after receiving the user password encrypted partition modification commands to read the other way to get the list of removable storage devices encrypted partition stored in the same encrypted partition username encrypted partition containing the user name and the command corresponding to the user password encrypted partition and determines whether the password is the user password encrypted partition the same as the user receives the encrypted partition, if different, the user places the dragon management dialog warning sound, etc., or issue an error message to a user; if the same user management dragon the list will be encrypted partition encrypted partition to store the user's password is updated to the new encrypted partition with password Lu, then to box, etc. issued to the user "business success prompted to change the user's password, when you want to delete a user, the user enter the computer user name contains an encrypted partition 及加密分区用户密码的删除用户命令,计算机中的分区管理程序包含的用户管理模块收到该删除用户命令后,以读取等方式获取移动存储设备的加密分区列表中存储的加密分区用户密码,并判断该加密分区用户密码与收到的所述加密分区用户密码是否相同,如果不同,用户管理模块则以对话框或警告音等方式向用户发出错误警告;如果相同,用户管理模块则将加密分区列表中存储的所述加密分区用户名及对应的加密分区用户密码删除,之后以对话框等方式向用户发出删除用户成功提示。 Stored in the encrypted partition user password and user password encrypted partition delete user command, the user management module in the computer program contains a partition management received the command to delete user to read other ways to obtain the list of removable storage device partition encryption, and determines whether the password is the user password encrypted partition the same as the user receives the encrypted partition, if different, the user management module places a dialog box or warning sound, etc. error warning to a user; if the same, then the encrypted user management module the list of partitions encrypted partition to store user name and password corresponding to the user deletes the encrypted partition, then sent to the dialog box, etc. delete user successfully presented to the user. 这样,该加密分区就不再对应任何一个用户。 In this way, the encrypted partition will no longer correspond to any user. 要对没有对应任何用户的加密分区新建用户时,用户向计算机输入包含加密分区名称、加密分区用户名以及加密分区用户密码的新建用户命令,计算机中的分区管理程序包含的用户管理模块收到该新建用户命令后,在移动存储设备的加密分区列表中查找与该新建用户命令包含的加密分区名称相同的加密分区名称,并在找到的加密分区名称、该加密分区名称对应的数据结构与新建用户命令包含的加密分区用户名以及加密分区用户密码之间建立对应关系,再将该加密分区用户名以及加密分区用户密码保存于所述加密分区列表中,之后以对话框等方式向用户发出新建用户成功提示。 New user commands when you want to create a new user, the user name contains the encrypted partition to the computer input does not correspond to any user's encrypted partitions, encrypted partition user name and password of an encrypted partition user, user management module in the computer partition management program included the receipt after the new user command, to find the same encrypted partition name encrypted partition name included in the new user command is encrypted partition list of the mobile storage device, and the encrypted partition name found, the encrypted partition name corresponding to the data structure and the new user establishing a correspondence between the user name and the encrypted partition encrypted partition command includes the user password, and then the encrypted user name and the encrypted partition partitioning the encrypted user password stored in the partition list, then sent to the dialog box, etc. new user to a user success tips. 对于所述访问控制搮作而言,用户可以通过鼠标双击加密分区盘符等方式选择映射出的加密分区盘符,这时,计算机中的分区管理程序包含的访问控制模块会接收到显示盘符内容命令,访问控制模块则以对话框等方式向用户发出登陆提示,用户根据登陆提示榆入加密分区用户名以及加密分区用户密码。 For Li for the access control, the user can choose to encrypt partition letter of the mapped Double-encrypted partition letter by a mouse, etc. In this case, the computer program comprising a partition management access control module receives the display letter contents of the command, the access control module places box, etc. issued login prompt to the user, the user prompts elm encrypted partition user name and password encrypted partitions according to user login. 访问控制模块收到该加密分区用户名以及加密分区用户密码后,以读户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区块则以对话框或警告音等方式向用户发出错误警告;如果相同,则由所述分区虚拟模块映射并显示出所述加密分区下一级目录中的内容.当计算机显示出所述加密分区下一级目录中的内容之后,用户就可以通过计算机对该目录中的内容进行修改、删除等读写操作。 After the access control module receives the encrypted user name and the encrypted partition partitions the user password, the user password to read the encrypted partition encrypted partition the same user name corresponding to the user name, and determines the encrypted partition block places a dialog box or the warning sound, etc. error warning the user; if the same, by the virtual partition map module shows the contents and the encrypted partition for a directory when the computer shows the contents of a directory in the partition after the encryption, the user. can be modified by the contents of the computer directory, delete read and write operations. 由于加密分区中的数据内容都是经过加密的,所以计算机中的分区管理程序包含的读写控制模块就要对该加密分区进行读写控制,进行读写控制的方式通常为:计算机从加密分区读出数据时,读写控制模块先对该数据进行解密,之后再将完成解密的数据显示在计算机屏幕上;同样,计算机要向加密分区写入数据时,读写控制模块先对该数据进行加密,之后再将完成加密的数据写入加密分区。 Since the data content encryption mode partition is encrypted, the write control module computer hypervisor partition will contain the encrypted partition read and write control, read and write control is typically: computer from the encrypted partition when reading data, the read-write control module to decrypt the data, then after the completion of the decrypted data is displayed on the computer screen; Also, a computer writes data encrypted partition would like, for reading and writing the data to the control module encryption, then after the completion of writing encrypted data encrypted partition. 对于取消加密分区功能而言,用户向计算机输入取消加密分区功能命令,计算机中的分区管理程序包含的取消加密分区功能模块收到该取消加密分区功能命令后,删除移动存储设备中的加密分区列表。 For cancellations after the encrypted partition function, the user cancels the encrypted partition function input commands to the computer, cancel the encrypted partition function modules in the computer partition management program included the cancellation is received encrypted partition function command, delete encrypted partition in the list of removable storage devices . 这样,分区管理程序后续对该移动存储设备进行任何操作时,都会因无法找到加密分区列表而确定该移动存储设备是一个普通的存储设备。 In this way, the partition management program follow-up anything with the removable storage device will not be found because the encrypted partition table to determine the mobile storage device is a common storage device. 对于恢复出厂设置而言,用户向计算机输入恢复出厂设置命令,计算机中的分区管理程序包含的恢复出厂设置模块收到该恢复出厂设置命令后,删除所述移动存储设备中的所有加密分区以及对应的加密分区列表中的所有数据结构,并查找分区管理程序中的加密分区初始列表,根据该列表包含的加密分区出厂数据结构在该移动存储设备中创建相应的加密分区。 For restore factory settings, the user factory reset input commands to the computer, restore factory settings module computer hypervisor partition comprising, after receiving the factory reset command to delete all the encrypted partition removable storage devices and the corresponding All the data structure of the encrypted partition list, and find the original encrypted partition partition management program listing, created in the encrypted partition respective removable storage devices according to the data structure of the encrypted partition factory list contains. 这里应用的创建加密分区的方法与前述的创建加密分区时应用的方法相同。 The method applied here to create the encrypted partition same method applied when creating the encrypted partition. 具体而言,所述加密分区初始列表通常设置于恢复出厂设置模块中。 Specifically, the initial list is typically encrypted partition disposed in the factory reset module. 再有,恢复出厂设置模块还要将加密分区初始列表中的数据结构保存于所述加密分区列表中。 Further, restore factory settings module also encrypt the initial list data structure stored in said partition encrypted partition list. 当然,由于所述恢复出厂设置搮作要删除所述移动存储设备中的加密分区,所以有可能使用户数据受损,因此当计算机收到所述恢复出厂设置命令后,可以进一步以弹出对话框等方式请求用户确认,如果用户通过点击确认按钮等方式向计算机发送确认消息,恢复出厂设置模块则在收到该消息后进行上述的刪除加密分区、创建加密分区操作,可见,用户可以通过计算机对所迷移动存储设备中的加密分区进行分区管理、用户管理、访问控制、读写控制、取消加密分区功能以及恢复出厂设置等多种管理操作,使得用户可以灵活自如地管理加密分区中的数据;并且, 用户对加密分区中的数据进行读写搮作时,不再需要应用专业的虚拟磁盘软件,这使得所述数据读写搮作变得非常简单,进而可以明显提高用户满意度.由以上所述可以看出,本发明所提供的移 Of course, since the Li restore factory settings for encrypted partition to be deleted in the mobile storage device, it is possible to cause damage to user data, so when the computer receives a command to restore factory settings, the pop-up dialog box may further be等方式请求用户确认,如果用户通过点击确认按钮等方式向计算机发送确认消息,恢复出厂设置模块则在收到该消息后进行上述的刪除加密分区、创建加密分区操作,可见,用户可以通过计算机对所迷移动存储设备中的加密分区进行分区管理、用户管理、访问控制、读写控制、取消加密分区功能以及恢复出厂设置等多种管理操作,使得用户可以灵活自如地管理加密分区中的数据;并且, 用户对加密分区中的数据进行读写搮作时,不再需要应用专业的虚拟磁盘软件,这使得所述数据读写搮作变得非常简单,进而可以明显提高用户满意度.由以上所述可以看出,本发明所提供的移 存储设备的映射方法,提高了数据安全性,提高了用户满意度。

Claims (11)

  1. 1、一种移动存储设备的映射方法,其特征在于,该方法在包含加密分区的移动存储设备中设置分区管理程序,映射过程包括以下步骤: a.计算机操作系统检测到有移动存储设备插入时,映射出该移动存储设备的物理盘符,并将所述的分区管理程序拷贝到该计算机中并运行; b.所述分区管理程序映射出该移动存储设备的加密分区盘符,并隐藏步骤a中映射出的所述物理盘符。 A mapping method of a mobile storage device, wherein the method is provided in a mobile partition management program storage device containing the encrypted partition, the mapping process comprises the following steps:. A computer operating system detects when the mobile storage device into the mapping the physical storage device of the mobile drive letter, and the partition management program copied into the computer and run;. b the partition management program encrypted partition map illustrating the removable storage device drive letter, and the step of hiding the physical mapping out a letter.
  2. 2、 如权利要求l所述的方法,其特征在于,所述分区管理程序基于自动运行Autorun程序编写,将该分区管理程序拷贝到所述计算机中的方法是:计算机自动运行Autorun程序,将基于该程序编写的分区管理程序拷贝到计算机自身的数据存储装置中。 2. The method of claim l, wherein the partition management program based on the automatic programming the Autorun, the copy management program to the partition of the computer method are: the Autorun program the computer automatically, based on the program written to the copy computer hypervisor partition own data storage means.
  3. 3、 如权利要求1所述的方法,其特征在于,映射所述加密分区盘符的过程包括:所述分区管理程序查找所述加密分区数据结构中的加密分区名称,映射出具有该名称的加密分区盘符。 3. The method of claim 1, wherein mapping the encrypted partition letter process comprising: a partition management program looks for the encrypted data structure of the encrypted partition partition name, map having the name encrypted partition letter.
  4. 4、 如权利要求1所述的方法,其特征在于,隐藏映射出的所述物理盘符的方法是:所述分区管理程序在计算机的注册表中查找移动存储设备盘符显示表项,将该表项的值由原来的显示盘符所对应的值修改为隐藏盘符所对应的值。 4. The method of claim 1, wherein the hidden letter of the mapped physical method is: the partition management program looks for the removable storage device drive letter displayed entries in the registry of the computer, the the letter of the original value entry display corresponding to a value modified to a value corresponding to the hidden letter.
  5. 5、 如权利要求l所述的方法,其特征在于,该方法进一步包括:当所述计算M作系统检测到所述移动存储设备已拔除,则删除曾映射的所述物理盘符,并由所述分区管理程序删除曾映射的所述加密分区盘符。 5. The method according to claim l, characterized in that, the method further comprising: computing M as when the system detects that the mobile storage device has been unplugged delete the letter had physical mapping, by the partition management program to delete the encrypted partition letter was mapped.
  6. 6、 如权利要求5所迷的方法,其特征在于,该方法进一步包括:所迷的分区管理程序在有移动存^i殳备插入时,判断该移动存^i殳备是否为加密设备, 如果是,该分区管理程序则映射出该移动存储设备的加密分区盘符并显示,再隐藏计算机操作系统映射出的该移动存储设备的物理盘符, 6, claim 5 fans method, characterized in that, the method further comprising: when the fan partition management program with a mobile storage ^ i Shu drive is inserted, it is determined that the mobile memory ^ i Shu whether the device is an encryption device, If so, the hypervisor partition map illustrating the partitioning letter of the encrypted mobile storage device and display, and then hide the letter of the physical storage device of the mobile computer's operating system of the mapped,
  7. 7、 如权利要求6所述的方法,其特征在于,所述分区管理程序至少包舍分区虚拟模块、检索子程序和物理盘符隐藏模块;所述计算机在拷贝分区管理程序时,进一步将检索子程序加入该计算机的自动运行程序组中;所述计算机启动时运行自动运行程序组中的检索子程序,该检索子程序判断插入到计算机的移动存储设备是否为加密设备,如果是,则由分区虚拟模块映射出该移动存储设备的加密分区盘符并显示,再由物理盘符隐藏模块隐藏计算机操作系统映射出的该移动存储设备的物理盘符。 7. The method as claimed in claim 6, wherein said partition includes at least rounded partition hypervisor virtual modules, subroutines, and retrieves a physical letter concealment module; when copying the computer hypervisor partition, further retrieves subroutine added automatically run the computer program group; retrieving the subroutine run in automatic operation program group when the computer starts, the search determination subroutine into the computer's storage device is a mobile encryption device, if so, by partitioning the encrypted virtual partition letter mapping module of the mobile storage device and display, and then hidden by a physical letter letter physical concealment module of the mobile storage device of the computer operating system mapped out.
  8. 8、 如权利要求7所述的方法,其特征在于,检索子程序进行所述判断的方法是:检索子程序在所述移动存储设备中查找加密分区数据结构,如果查找到加密分区数据结构,检索子程序则确定该移动存储设备是加密设备;否则,检索子程序则确定该移动存储设备不是加密设备. 8. A method as claimed in claim 7, characterized in that the determination method of retrieving subroutine is: Find subroutine retrieves the encrypted partition data structure in the mobile storage device, if the data structure to find the encrypted partition, determining routine retrieves the encryption device is a mobile storage device; otherwise, it is determined that the retrieval subroutine is not a removable storage device encryption device.
  9. 9、 如权利要求8所述的方法,其特征在于,所述的分区管理程序进一步包含分区管理模块,该方法进一步包括:所述分区管理模块接收包含加密分区数据结构的创建命令,判断该数据结构包含的加密分区大小是否超过了所述移动存储设备的可用空间,如果超过,计算机则发出错误警告;如果没超过,分区管理模块则根据接收到的所述数据结构在该移动存储设备中创建加密分区;分区管理模块在接收到的各个数据结构之间建立对应关系并保存于该移动存储设备中,还由所述的分区虚拟模块映射出创建的加密分区的盘符并显示;或,所述分区管理模块接收包含加密分区用户名以及加密分区用户密码的删除加密分区命令,获取移动存储设备中存储的与该命令包含的加密分区用户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区用户 9. A method as claimed in claim 8, wherein said partition further comprises a hypervisor partition management module, the method further comprising: a partition manager module receiving a command to create an encrypted partition data structure, the data determined encrypted partition structure including whether the size exceeds the available storage space of the mobile device, if exceeded, the computer error warning; if not, the partition management module is created in the mobile storage device according to the data structure received encrypted partition; partition management module is established between respective data structures corresponding relationship between the received and stored in the removable storage device, said partition further mapped by a virtual module letter encrypted partition created and displayed; or, as said partition management module receives a encrypted partition username and encrypted partition the user password to delete encrypted partition command, acquires the mobile storage device, encrypted partition username same encrypted partition the user name included in the command corresponding to the encrypted partition user password, Analyzing the user partition and encrypt 码与收到的所述加密分区用户密码是否相同,如果不同,分区管理模块则发出错误警告;如果相同,分区管理棋块则删除所述移动存储设备中具有所述用户名的加密分区,还删除该移动存储设备中存储的所述加密分区用户名以及该用户名对应的数据结构,并将映射出的该加密分区的盘符删除. Partitioning the encrypted user code and password is received the same, if different, the partition management module error warning; if the same, partition manager deletes the dragon encrypted partition of the mobile storage device having a user name, but also remove the mobile storage device, partitions the encrypted user name and the user name corresponding to the data structure, and deleting the encrypted partition letter mapped out.
  10. 10、如权利要求8所述的方法,其特征在于,所述的分区管理程序进一步包含用户管理模块,该方法进一步包括:所迷用户管理模块接收修改加密分区用户密码命令,该命令包含加密分区用户名、加密分区当前的用户密码以及加密分区的新用户密码;该用户管',并判断该加密分区用户密码与收到的所述加密分区用户密码是否相同,如果不同,用户管理模块则发出错误警告;如果相同,用户管理模块则将该移动存所述用户管理模块接收包含加密分区用户名以及加密分区用户密码的删除用户命令,获取所述移动存储设备存储的与该删除用户命令包含的加密分区用户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区用户密码与收到的所述加密分区用户密码是否相同,如果不同,用户管理模块则发出错误警告;如果相同,用户管理模块 10. A method as claimed in claim 8, wherein said partition management program further includes the user management module, the method further comprising: a user management module receives the modified fan of the user password encrypted partition command that contains encrypted partition the new user password user name, encrypted password and a user partition is currently encrypted partition; the user tube ', the encrypted partition and determines whether the same user password with the encrypted password received by the user partition, if different, the user management module is issued error warning; if the same, then the user management module commands the mobile user to delete the stored encrypted user management module receives a user name, and the encrypted partition partitions the user password, the mobile storage device stores acquired with the deletion of the user command comprises encrypted partition same user name corresponding to the user name encrypted partition partitions the user password encrypted, and the encrypted partition is determined whether the user password is the same as the password encrypted partition the user receives, if different, the user management module error warning; if the same , user management module 则将该移动存储设备中的所述加密分区用户名及对应的加密分区用户密码删除;或,所迷用户管理模块接收包含加密分区名称、加密分区用户名以及加密分区用户密码的新建用户命令,在所述移动存储设备中查找与该新建用户命令包含的加密分区名称相同的加密分区名称,并在找到的加密分区名称、该加密分区名称对应的数据结构与新建用户命令包含的加密分区用户名以及加密分区用户密码之间建立对应关系,再将该加密分区用户名以及加密分区用户密码保存于所述移动存储设备中. The partitions then the encrypted user name and a removable storage device corresponding to the user password encrypted partition deleted; or, the fan comprising a user management module receives the encrypted partition name, the new user command and encrypted partition username user password encrypted partition, searching the storage device in the same mobile encrypted partition encrypted partition name contains the name of the new user command, and to find the name of the encrypted partition, partition name corresponding to the encrypted data structure comprising a new user command encrypted partition username and establishing a correspondence between the user password encrypted partition, then partition the encrypted user name and user password stored in encrypted partition the mobile storage device.
  11. 11、如权利要求8所述的方法,其特征在于,所迷的分区管理程序进一步包含访问控制模块、读写控制模块、取消加密分区功能模块以及恢复出厂设置模块,该方法进一步包括:所述访问控制模块收到显示盘符内容命令后发出登陆提示,并在收到加密分区用户名以及加密分区用户密码后,获取所述移动存储设备中与收到的加密分区用户名相同的加密分区用户名所对应的加密分区用户密码,并判断该加密分区用户密码与收到的所述加密分区用户密码是否相同,如果不同,访问控制模块则发出错误警告;如果相同,则由分区虚拟模块映射出所述加密分区下一级目录中的内容;或,再显示完成解密的数据;还将计算机操作系统要写入所述加密分区的数据加密,再将完成加密的数据写入该加密分区;或,所述取消加密分区功能模块接收取消加密分区命令,删 11. A method as claimed in claim 8, characterized in that the fan partition management program further includes an access control module, reading and writing control module, cancel the encryption module and partitioning factory reset module, the method further comprising: access control module receives the login prompt command sent the letter display contents, and after receiving the encrypted user name and the encrypted partition partitions the user password, the mobile storage device acquires encrypted partitions with the same user name received encrypted user partition the partition name corresponding encrypted user password, and determines whether the password is the user password encrypted partition the same as the user receives the encrypted partition, if different, the access control module error warning; if the same, by the virtual partition map illustrating the module a partition for said encrypted content directory; or, then display the decrypted data is completed; computer operating system will encrypt data to be written to the encrypted partition, then the data is written to encrypt the encrypted partition; or, the cancel function receives encrypted partition encrypted partition cancel command, delete 所述移动存储设备中的所有加密分区数据结构;或,所迷恢复出厂设置模块接收恢复出厂设置命令,删除所述移动存储设备中的所有加密分区以及对应的加密分区数据结构;恢复出厂设置模块还查找自身预先设置的加密分区数据结构,根据该数据结构在该移动存储设备中创建加密分区。 All encrypted partition data structure of the mobile storage device; or, restore factory settings of the fan module receives the command to restore factory settings, all encrypted partition and corresponding partition data structure deleting the encrypted mobile storage device; factory reset module also find itself encrypted partition data structure is set in advance, to create the encrypted partition removable storage devices based on the data structure.
CN 200510073654 2005-05-20 2005-05-20 Mapping method for mobile memory device CN100447765C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200510073654 CN100447765C (en) 2005-05-20 2005-05-20 Mapping method for mobile memory device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200510073654 CN100447765C (en) 2005-05-20 2005-05-20 Mapping method for mobile memory device

Publications (2)

Publication Number Publication Date
CN1866225A true CN1866225A (en) 2006-11-22
CN100447765C true CN100447765C (en) 2008-12-31

Family

ID=37425250

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510073654 CN100447765C (en) 2005-05-20 2005-05-20 Mapping method for mobile memory device

Country Status (1)

Country Link
CN (1) CN100447765C (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4842353B2 (en) * 2009-08-24 2011-12-21 株式会社バッファロー The method of the external storage device, a computer device, a control method of an external storage device, and a computer program
CN102662797A (en) * 2012-04-11 2012-09-12 无锡华御信息技术有限公司 Virtualization-based software backup method
CN103677675A (en) * 2013-12-30 2014-03-26 深圳市维信联合科技有限公司 Data input method, data input device and data input system
CN103823730A (en) * 2014-02-27 2014-05-28 山东超越数控电子有限公司 Drive detecting method based on domestic disc array
CN104778954B (en) * 2015-02-06 2018-06-08 北京北信源软件股份有限公司 Kinds of CD partition encryption method and system
CN105488436A (en) * 2015-12-25 2016-04-13 北京奇虎科技有限公司 Mobile storage equipment access method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1417689A (en) 2001-11-08 2003-05-14 联想(北京)有限公司 Fixed disk data enciphering back-up and restoring method
US6681304B1 (en) 2000-06-30 2004-01-20 Intel Corporation Method and device for providing hidden storage in non-volatile memory
JP2005115636A (en) 2003-10-07 2005-04-28 Ankoku Kokusai Kagi Kofun Yugenkoshi Portable information storage device and method for dynamically setting format of magnetic disk thereof
CN1661573A (en) 2004-02-24 2005-08-31 深圳市朗科科技有限公司 Method for managing notations of disks of mobile storage device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6681304B1 (en) 2000-06-30 2004-01-20 Intel Corporation Method and device for providing hidden storage in non-volatile memory
CN1417689A (en) 2001-11-08 2003-05-14 联想(北京)有限公司 Fixed disk data enciphering back-up and restoring method
JP2005115636A (en) 2003-10-07 2005-04-28 Ankoku Kokusai Kagi Kofun Yugenkoshi Portable information storage device and method for dynamically setting format of magnetic disk thereof
CN1661573A (en) 2004-02-24 2005-08-31 深圳市朗科科技有限公司 Method for managing notations of disks of mobile storage device

Also Published As

Publication number Publication date Type
CN1866225A (en) 2006-11-22 application

Similar Documents

Publication Publication Date Title
US7024549B1 (en) Disk drive having a protected partition configured to load an operating system for performing a user-selected function
US7380140B1 (en) Providing a protected volume on a data storage device
US7219257B1 (en) Method for boot recovery
US6795835B2 (en) Migration of computer personalization information
US20100005531A1 (en) Isolated multiplexed multi-dimensional processing in a virtual processing space having virus, spyware, and hacker protection features
US20030191938A1 (en) Computer security system and method
US20080141029A1 (en) Digital content protection
US6249866B1 (en) Encrypting file system and method
US20070011445A1 (en) System and method for loading programs from HDD independent of operating system
US20040268079A1 (en) Method and system for providing a secure rapid restore backup of a raid system
US7392541B2 (en) Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments
US20060075228A1 (en) Method and apparatus for recognition and real time protection from view of sensitive terms in documents
US20060253620A1 (en) Data structure of flash memory having system area with variable size in which data can be updated, USB memory device having the flash memory, and method of controlling the system area
US20120011354A1 (en) Boot loading of secure operating system from external device
US5884026A (en) Personal computer having a security function, a method of implementing the security function, and methods of installing and detaching a security device to/from a computer
US20020078026A1 (en) Method and apparatus for bulk data remover
US6430663B1 (en) Methods for selecting a boot partition and hiding a non-selected partition
US6718446B1 (en) Storage media with benchmark representative of data originally stored thereon
US20030028765A1 (en) Protecting information on a computer readable medium
US20040199779A1 (en) Method with the functions of virtual space and data encryption and invisibility
US6405265B1 (en) Device driver for accessing computer files
US20060107071A1 (en) Method and system for updating firmware stored in non-volatile memory
US20060224794A1 (en) Using USB memory device to recover operating system
US20060130004A1 (en) Portable applications
US20040268070A1 (en) Method and apparatus for backing up data in virtual storage medium

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted