CN100470487C - Method for exchanging data between main machine and equipment - Google Patents
Method for exchanging data between main machine and equipment Download PDFInfo
- Publication number
- CN100470487C CN100470487C CNB200410048629XA CN200410048629A CN100470487C CN 100470487 C CN100470487 C CN 100470487C CN B200410048629X A CNB200410048629X A CN B200410048629XA CN 200410048629 A CN200410048629 A CN 200410048629A CN 100470487 C CN100470487 C CN 100470487C
- Authority
- CN
- China
- Prior art keywords
- data
- underlying device
- packet
- applications
- upper layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The method of data exchange between host computer and peripheral equipment includes: for the upper software in the host computer to send command to connected peripheral equipment; for the equipment to execute the command and return state information to the upper software; to store command executing result in data package; and for the upper software to read the data package based on the state information to obtain the said execution result. The present invention makes it possible for the upper software under the non-user's authority to obtain the state value the bottom layer equipment returns and data other than the state value.
Description
Technical field
The present invention relates to the transmission and the treatment technology of data, especially relate to the method that a kind of main frame and underlying device are carried out exchanges data.
Background technology
For the consideration of security, the operating system of existing data processing system (as Windows system, linux system etc.) has been introduced the notion of administrator and non-administrative users.
The administrator has absolute control to the data disposal system, can change the various configurations of data handling system, can also realize the various functions that data handling system provides; And the operating right of non-administrative users is restricted, many configurations to the data disposal system, control etc. all can not be finished, wherein be presented as the upper layer software (applications) that moves under many non-administrative users patterns, can not be directly and underlying device (as various hardware and external unit etc.) communicate.
Seeing also Fig. 1, is the logic diagram that carries out data interaction between upper layer software (applications), operating system and the underlying device.Wherein, operating system is three's middle layer, and upper layer software (applications) all needs by the operating system transfer with communicating by letter of underlying device, and promptly upper layer software (applications) is not directly communicated by letter with underlying device.But first order is issued operating system with data by upper layer software (applications), hand to underlying device by operating system then; The return data of same underlying device also is to issue operating system, is transmitted to upper layer software (applications) by operating system again.
But if just situation shown in Figure 2 might occur under the non-administrative users authority, i.e. first of the upper layer software (applications) order is basic just also not to be arrived underlying device and just is operated system and has tackled.(certainly, not all non-administrative users does not have the authority of operation underlying device, and this point depends on different operating system and decides.Among the present invention, " non-administrative users " can be understood as " user who haves no right to operate underlying device ").
This has caused the specific function of many underlying device can't use under the non-administrative users pattern.One of them example be exactly the band encryption function flash disk under the non-administrative users pattern, can't finish the function of password authentification.Again for example, when some user uses flash disk to the requirement of security than higher, they do not wish that the flash disk of oneself drive can occur after inserting data handling system, if perhaps their flash disk divides several dishes, they do not wish to occur certain drive that is used to deposit the dish of confidential data.At this moment, their this dish that will operate has just become hiding dish.If under the non-administrative users authority of operating system,, just can't finish the operation that dish is hidden in visit this moment because operating system does not often provide interface to send first order to underlying device to upper layer software (applications).
See also Fig. 3, a kind of prior art adopts the mode of written document to break through this restriction.
At first upper layer software (applications) form according to a preconcerted arrangement becomes a file with first order with packing data; The written document function of call operation system by the mode of written document, is sent to underlying device with this first order and data then; The underlying device interception is also resolved these data, carries out corresponding operation (as carrying out corresponding password authentification); The state value that returns by underlying device (GOOD/BAD) is then judged the correctness of password authentification.
Yet, described prior art has the some shortcomings part: upper layer software (applications) is to obtain the data that underlying device is returned by the state value that underlying device is returned, be the rreturn value (state of GOOD or BAD) that upper layer software (applications) can only be obtained a two-value, and can't obtain more detailed data (as also remaining checking number of times after the authentication error etc.); And, limited the usable range of this method greatly because many more Useful Informations all can't be obtained, for example, use the prior art just can not visit and hide dish.
Summary of the invention
The technical matters that the present invention solves is to provide a kind of main frame and underlying device to carry out the method for exchanges data, makes upper layer software (applications) under the non-administrative users authority, can obtain state value that underlying device returns and the data outside the state value.
For this reason, the technical scheme of technical solution problem of the present invention is: provide a kind of main frame and underlying device to carry out the method for exchanges data, comprising:
1) upper layer software (applications) of described main frame sends first order to the underlying device that is connected with described main frame, and wherein, described upper layer software (applications) adds identifier with first order and data to be sent, sets up first packet; The written document order that described upper layer software (applications) starts the operating system is forwarded to described underlying device with first packet of aforementioned foundation;
2) described underlying device is carried out first order and to described upper layer software (applications) return state information, wherein, described underlying device receives aforementioned written document order, resolves first packet that receives; Described underlying device is carried out first order in first packet of aforementioned foundation; And described underlying device is to operating system return state value;
3) use second packet to deposit the first command execution results data;
4) upper layer software (applications) reads second packet according to described status information, obtains described execution result data.
Wherein, described second packet is the file that is based upon in the storage unit of described main frame, and described storage unit is easily to lose or non-volatile.
Wherein, before the described step 1) or in described step 2) before or before described step 3), set up described second packet.
Wherein, described status information value is fixed, and is used for sending signal to upper layer software (applications), represents that described execution result data have deposited in second packet, and described second packet can be kept supplying layer software and read.
Wherein, described status information value changes according to the described first command execution situation, is used for sending information to upper layer software (applications), represents the described first command execution situation and/or whether produces the execution result data;
Produced the execution result data conditions for carrying out described first order, described status information shows that described execution result data have left in second packet, and described second packet can read for main frame;
Do not produce the execution result data conditions for carrying out described first order, described status information shows not produce in second packet or second packet does not deposit the execution result data, and described main frame need not to read second packet.
Described step 3) comprises:
31) described underlying device is with the result of first command execution and/or the data of returning, the data exchange zone of write storage unit;
Described step 4) comprises:
41) described operating system is to upper layer software (applications) forwarding state value;
42) data exchange zone of described upper layer software (applications) reading cells obtains the result of first command execution and/or the data of returning.
Wherein, described step 42) specifically comprise: described upper layer software (applications) starts the operating system reads file command, adopts non-cache way to read the data exchange zone of described storage unit, obtains the result of first command execution and/or the data of returning.
Wherein, described step 42) specifically comprise: described upper layer software (applications) starts the operating system reads file command; Operating system is transmit status inquiry first order before file command is read in transmission; Underlying device report medium switches; Operating system reads the file system of underlying device again, upgrades the content of data exchange zone; Upper layer software (applications) obtains the result of first command execution and/or the data of returning.
Wherein, described step 21) in, also comprises when underlying device being resolved to when not having identifier in first packet, abandon this first packet.
Wherein, described step 23) in, second data of returning comprise identifier.
With respect to prior art, the invention has the beneficial effects as follows: owing to adopted first packet to deposit the first command execution results data in the inventive method; Underlying device is after privately owned first order that executes upper layer software (applications), the result of first command execution and/or the data of returning are write second packet, upper layer software (applications) reads second packet according to described status information, obtain described execution result data, therefore under the non-administrative users authority, also can obtain the extraneous information except that state value that underlying device is returned.
In addition, the present invention can be applied on the flash disk of present band encryption function, obtains the residue degree of authentication password under the non-administrative users authority.The present invention can also realize hiding the visit of dish.Perhaps under the non-administrative users authority, underlying device is transferred in the work of some data encryption carried out data operation, so just can reduce the tracked possibility that cracks, improve security greatly.In a word, it is a kind of under confined condition that this method provides, the method for exchanges data between upper layer software (applications) and the underlying device.
Description of drawings
Fig. 1 is the synoptic diagram that concerns between upper layer software (applications), operating system and the underlying device;
Fig. 2 is the synoptic diagram of the order of operating system interception upper layer software (applications) under the non-administrative users pattern;
Fig. 3 is the prior art software process flow diagram of communicating by letter with underlying device at the middle and upper levels;
Fig. 4 is the block diagram of an embodiment of underlying device of the present invention;
Fig. 5 is the process flow diagram of the inventive method.
Embodiment
The invention provides the method that a kind of main frame and equipment carry out exchanges data, make to send privately owned order to underlying device down, and obtain the mass data that underlying device is returned in non-administrator's authority (include but not limited in Windows system, the linux system non-administrative users etc. all can't send the occasion of privately owned order).
Main frame of the present invention and equipment carry out the method for exchanges data, comprising:
The upper layer software (applications) of described main frame is given an order to the equipment that is connected with described main frame;
Described equipment fill order and to described upper layer software (applications) return state information;
Use packet to deposit the command execution results data;
Upper layer software (applications) obtains described execution result data according to described status information read data packet.
See also Fig. 4, equipment described in the present invention comprises control module, read-write storage unit and other functional units, and described control module connects and control store unit and other functional units; Described other functional units can be the encrypted authentication unit or hide dish etc.; Described storage unit can occur with a disk form under operating system.Described equipment can also be compound equipment, compound etc. as the compound or disk of disk and password generator and electron key.
Seeing also Fig. 5, is the schematic flow sheet that main frame of the present invention and equipment carry out a kind of embodiment of method of exchanges data.
At first, set up a temporary file A in advance in the storage unit of underlying device.
Secondly, order that upper layer software (applications) will send and data add that some identifiers are packaged into the content of a file.
Then, upper layer software (applications) is write this packet to underlying device by the written document function of call operation system.
Underlying device is tackled all write orders, resolves the packet that receives.
If it is that upper layer software (applications) is given next order that underlying device is resolved to this packet, then according to the command execution corresponding operating of receiving; Otherwise just abandon this packet.
Need to prove that abandoning data one herein is to reduce workload, the 2nd, prevent that the maloperation of upper layer software (applications) from destroying file system.Receive order and return data if adopt storage area to be exclusively used in, abandoning gibberish this time has been suggestion.If storage area also must as one can xcopy the zone, that just must write data in the storage area, and when receiving data data is detected at every turn.Therefore, whether abandon data and depend on practical application, be necessary, just data are write in the underlying device, otherwise just abandon to raise the efficiency.
Underlying device with the situation of command execution and the packing data of returning, writes temporary file A after executing corresponding operation.
Then, the operation success or not of no matter carrying out, all return state GOOD.Certainly, also can return BAD, if but return BAD and can cause operating system to send REQUEST SENSE ordering the inquiry error reason, can influence efficient like this.
After upper layer software (applications) receives the state value that underlying device returns, go to read the content of temporary file A again, draw the real rreturn value of command execution.
Like this, finished the process that under the non-administrative users authority, sends privately owned order.
Be understandable that described temporary file A also can set up temporarily, is not limited to prior foundation in the process of operation.
In order to help better to understand the present invention, be described below in conjunction with embodiment.
One embodiment of the present of invention are under the non-administrative users authority, carry out the cryptographic check of underlying device.
The order of supposing the verification password is 0x11, and password is " 0x22 0x33 0x44 0x55 0x66 ", and the order that then needs to send is:
0x11?0x22?0x33?0x44?0x55?0x66
Upper layer software (applications) will be ordered and data add the identifier of appointing in advance, as:
0x55?0xaa?0x55?0xaa
In addition, can also add some data relevant of prior agreement, as the length of this order, 0x06 with order.
Upper layer software (applications) can will be ordered packing according to the form that realization is appointed:
0x55?0xaa?0x55?0xaa?0x06?0x11?0x22?0x33?0x44?0x55?0x66
Then, the function of upper layer software (applications) call operation system written document (as calling the WriteFile function), temporary file A is write in requirement, (because just passable as long as operating system forwards the data to underlying device, underlying device need not to know which file is operating system writing can certainly to write alternative document.The unattended operation system writes temporary file A and still writes alternative document, and underlying device can be intercepted and captured the data of being received, resolves these data then.)
Operating system is written to underlying device with above data as file content then.
This moment, underlying device will be received a series of write order and packet, comprised that system writes FAT, write the directory area, written document content (being the packet of upper layer software (applications)) etc.
Underlying device content of resolution data bag all after receiving each packet, if find to get over the identifier " 0x55 0xaa 0x55 0xaa " of agreement earlier, think that then this packet is the packing of upper layer software (applications), the content of the inside is order, then data " 0x11 0x22 0x33 0x44 0x55 0x66 " are thereafter resolved as order, carry out corresponding operation then.
After underlying device executes corresponding operation, need return execution result.This moment, equipment did not directly return execution result, because this moment, operating system thought that equipment carried out a write order, rather than a privately owned order, the result that underlying device is returned at this moment is the result of write order, rather than the result of privately owned order.So no matter whether privately owned command execution is correct, underlying device is all returned GOOD.
Before underlying device was returned the GOOD state, underlying device was written to the temporary file A that appoints in advance with the execution result of privately owned order (being password authentification) and extra return data (if any).(temporary file A is the data exchange zone that upper layer software (applications) and underlying device are appointed in advance.Certainly, as long as upper layer software (applications) can be known the zone of underlying device write data, and can read out, then the zone of underlying device write data is not limited to temporary file A)
As this cryptographic check mistake, cryptographic check number of times also remaining 10 times, equipment just can be write " 0x01,0x0a " in temporary file A, and equipment returns the GOOD state again.
Certainly, also might return BAD.For example underlying device is in write-protected the time, and operating system sends write order, and this moment, equipment just should return BAD, and reported write-protect in REQUEST SENSE subsequently.
What need further specify is, might not only before returning the GOOD state, just can write the execution result of privately owned order, as long as can guarantee before upper layer software (applications) is read temporary file A, to upgrade the content of temporary file A, so also can when operating system is sent out read command, just go to upgrade.
Then, because upper layer software (applications) is after the written document function (as writefile ()) of call operation system, function has and returns success or fail (GOOD/BAD), so operating system returns to upper layer software (applications) with the state of GOOD.
Upper layer software (applications) receives after the GOOD state, knows that underlying device handled privately owned order.This moment upper layer software (applications) again the function (as ReadFile) of reading of calling system remove to read temporary file A, will read data " 0x01,0x0a ".So upper layer software (applications) is just known this cryptographic check mistake, cryptographic check number of times also surplus 10 times.
What pay particular attention to is, because operating system has buffer memory to disk unit, so must when read temporary file A, specify and adopt non-cache way to read, otherwise the content that might read is the buffer memory of operating system, rather than real temporary file A.
, also have another kind of solution herein, even can be so that upper layer software (applications) does not adopt non-cache way to read, it be up-to-date also can guaranteeing to read temporary file A.Described solution executes privately owned order in underlying device exactly, and after the return state GOOD, switches to operating system report medium.
For example, during the scsi command in adopting USB Mass storage agreement bunch, operating system can send Test Unit Ready order earlier before sending read command, be ready to to guarantee underlying device, can operate.
Therefore underlying device can be after executing privately owned order and return state, report unripe (state position that is about to CSW is 1) when receiving first TestUnit Ready order, operating system receives that the mode bit of CSW is 1, will send Request Sense order, to obtain incorrect details, underlying device report this moment medium switches (Sense Code=0x02, Additional Sense Key=0x28), operating system will think that this medium is a new medium, will read the file system of underlying device again, also will upgrade the content of temporary file A.Even upper layer software (applications) does not adopt non-cache way to read like this, it is up-to-date also can guaranteeing to read temporary file A.
What need further specify is that the method for the packing of mentioning in the present embodiment and the form of data etc. all is for example, is not limited thereto in the practical operation.For example can in file of packing and the data of returning, add the identifier that indicates this order, upper layer software (applications) reads temporary file A and finds that identifier is not right like this, just know the not renewal of content of temporary file A, the data of temporary file A are not the return datas of actual this order now.So can not cause the dislocation of communicating by letter between upper layer software (applications) and the underlying device.
Temporary file A in the present embodiment is the passage that the underlying device of agreement is in advance communicated by letter with upper layer software (applications), and the content of file all can be upgraded later on executing privately owned order at every turn.But send privately owned order if not mode by written document, but send privately owned order by the SCSI standard channel, then upper layer software (applications) need not to read temporary file A and also can obtain return data, and this moment, underlying device just need not to have upgraded the content of temporary file A.
In addition, because can obtain the return data of a large amount of underlying device, so can also realize hiding the visit of dish, its principle is similar to the above embodiments owing to the inventive method, and this does not give unnecessary details.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1, a kind of main frame and underlying device are carried out the method for exchanges data, it is characterized in that, are used for upper layer software (applications) under the non-administrative users authority, obtain state value that underlying device returns and the data outside the state value, and this method comprises:
1) upper layer software (applications) of described main frame sends first order to the underlying device that is connected with described main frame, and wherein, described upper layer software (applications) adds identifier with first order and data to be sent, sets up first packet; The written document order that described upper layer software (applications) starts the operating system is forwarded to described underlying device with first packet of aforementioned foundation;
2) described underlying device is carried out first order and to described upper layer software (applications) return state information, wherein, described underlying device receives aforementioned written document order, resolves first packet that receives; Described underlying device is carried out first order in first packet of aforementioned foundation; And described underlying device is to operating system return state value;
3) use second packet to deposit the first command execution results data;
4) upper layer software (applications) reads second packet according to described status information, obtains described execution result data.
2, main frame according to claim 1 and underlying device are carried out the method for exchanges data, it is characterized in that: described second packet is the file that is based upon in the storage unit of described main frame, and described storage unit is easily to lose or non-volatile.
3, main frame according to claim 1 and underlying device are carried out the method for exchanges data, it is characterized in that: before the described step 1) or in described step 2) before or before described step 3), set up described second packet.
4, main frame according to claim 1 and underlying device are carried out the method for exchanges data, it is characterized in that: described status information value is fixed, be used for sending signal to upper layer software (applications), represent that described execution result data have deposited in second packet, described second packet can be kept supplying layer software and read.
5, main frame according to claim 1 and underlying device are carried out the method for exchanges data, it is characterized in that:
Described status information value changes according to the described first command execution situation, is used for sending information to upper layer software (applications), represents the described first command execution situation and/or whether produces the execution result data;
Produced the execution result data conditions for carrying out described first order, described status information shows that described execution result data have left in second packet, and described second packet can read for main frame;
Do not produce the execution result data conditions for carrying out described first order, described status information shows not produce in second packet or second packet does not deposit the execution result data, and described main frame need not to read second packet.
6, main frame according to claim 1 and underlying device are carried out the method for exchanges data, it is characterized in that:
Described step 3) comprises:
31) described underlying device is with the result of first command execution and/or the data of returning, the data exchange zone of write storage unit;
Described step 4) comprises:
41) described operating system is to upper layer software (applications) forwarding state value;
42) data exchange zone of described upper layer software (applications) reading cells obtains the result of first command execution and/or the data of returning.
7, main frame according to claim 6 and underlying device are carried out the method for exchanges data, it is characterized in that, described step 42) specifically comprise: described upper layer software (applications) starts the operating system reads file command, adopt non-cache way to read the data exchange zone of described storage unit, obtain the result of first command execution and/or the data of returning.
8, main frame according to claim 6 and underlying device are carried out the method for exchanges data, it is characterized in that, described step 42) specifically comprise: described upper layer software (applications) starts the operating system reads file command; Operating system is the transmit status querying command before file command is read in transmission; Underlying device report medium switches; Operating system reads the file system of underlying device again, upgrades the content of data exchange zone; Upper layer software (applications) obtains the result of first command execution and/or the data of returning.
9, main frame according to claim 1 and underlying device are carried out the method for exchanges data, it is characterized in that: described step 2), also comprise when underlying device being resolved to when not having identifier in first packet, abandon this first packet.
10, main frame according to claim 1 and underlying device are carried out the method for exchanges data, it is characterized in that: described step 2), the data of returning comprise identifier.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200410048629XA CN100470487C (en) | 2004-06-04 | 2004-06-04 | Method for exchanging data between main machine and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200410048629XA CN100470487C (en) | 2004-06-04 | 2004-06-04 | Method for exchanging data between main machine and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1707436A CN1707436A (en) | 2005-12-14 |
| CN100470487C true CN100470487C (en) | 2009-03-18 |
Family
ID=35581373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200410048629XA Active CN100470487C (en) | 2004-06-04 | 2004-06-04 | Method for exchanging data between main machine and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100470487C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106681818B (en) * | 2016-12-29 | 2021-06-18 | 北京奇虎科技有限公司 | Method and device for transmitting android underlying system events |
| CN107220133A (en) * | 2017-05-27 | 2017-09-29 | 郑州云海信息技术有限公司 | A kind of data interactive method, apparatus and system |
| CN107992372A (en) * | 2017-12-13 | 2018-05-04 | 郑州云海信息技术有限公司 | A kind of chassis information exchange method, system, equipment and computer-readable storage medium |
-
2004
- 2004-06-04 CN CNB200410048629XA patent/CN100470487C/en active Active
Non-Patent Citations (2)
| Title |
|---|
| Win2000之工具利器-事件查看器. 何广.电脑爱好者. 2000 |
| Win2000之工具利器-事件查看器. 何广.电脑爱好者. 2000 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1707436A (en) | 2005-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8301909B2 (en) | System and method for managing external storage devices | |
| CN100464313C (en) | Mobile memory device and method for accessing encrypted data in mobile memory device | |
| CN103942499B (en) | Data black hole processing method based on mobile storer and mobile storer | |
| CN103903042B (en) | Data flow encryption SD card | |
| JPH01500379A (en) | System for portable data carriers | |
| CN109726138A (en) | Data memory device and non-volatile formula memory operating method | |
| CN106708423A (en) | Multimode storage management system | |
| US20100122047A1 (en) | Systems and methods for enhancing a data store | |
| CN109726575B (en) | Data encryption method and device | |
| CN103299284A (en) | Method and apparatus for data security reading | |
| CN100401409C (en) | Entry point for digital rights management data | |
| CN109255262A (en) | Data guard method and solid state hard disk | |
| CN102184143B (en) | Data protection method, device and system for storage device | |
| CN102236609B (en) | Memory device and access method thereof | |
| CN105700830B (en) | A kind of solid state hard disc master control, solid state hard disc and the WORM storage methods of supporting WORM to store | |
| CN100470487C (en) | Method for exchanging data between main machine and equipment | |
| CN101154447A (en) | Flash memory and its control method | |
| CN100416517C (en) | Method in use for managing data access between storing devices and equipment of host computer | |
| CN104123371A (en) | Transparent Windows kernel file filtering method based on hierarchical file system | |
| CN105183660B (en) | Method for reading data, Memory Controller and storage device | |
| CN107085900B (en) | Data processing method, device, system and POS terminal | |
| JP4057858B2 (en) | File management method and memory card and terminal device using the same | |
| CN115357930A (en) | Data deleting method and electronic equipment | |
| CN107544751A (en) | A kind of method and apparatus for remotely accessing disk | |
| CN1959586B (en) | Fingerprint hard disc, and data process method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |