CN101493866A - Controlled storage apparatus and access operation software - Google Patents
Controlled storage apparatus and access operation software Download PDFInfo
- Publication number
- CN101493866A CN101493866A CNA2008100091363A CN200810009136A CN101493866A CN 101493866 A CN101493866 A CN 101493866A CN A2008100091363 A CNA2008100091363 A CN A2008100091363A CN 200810009136 A CN200810009136 A CN 200810009136A CN 101493866 A CN101493866 A CN 101493866A
- Authority
- CN
- China
- Prior art keywords
- storage apparatus
- controlled storage
- open state
- access
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a controlled memory device and an accessing operation software and relates to the technical field of a mobile memory device, computer software and network information safety. The controlled memory device is connected with a host computer for accessing data, comprises a control unit, a host computer interface unit, a memory unit or a slave computer interface unit, is particularly configured with a manual trigger switch or a switch interface, is in a protected status under normal conditions and refuses accessing, is in an open status under transient conditions and permitted being accessed, enters the open status when being manually triggered, and automatically restores to the protected status when every batch of accessing operation is completed. Fingerprint collection and comparison is the embodiment of the manual trigger. The accessing operation software manages the accessing process of the controlled memory device. The survival time of an exclusive data channel built for every batch of accessing operation basically covers three phases that are requesting users to manually trigger and wait for the controlled memory device to enter the open status, accessing such a batch of data and assuring that the controlled memory device restores to the protected status. The controlled memory device and the accessing operation software effectively protect the mobile memory device from secret stealing and damage by malicious programs.
Description
Technical field
The present invention relates to movable storage device, computer software and network information security technology field.
Background technology
Along with the scale of development of technology and production and marketing, movable storage device (as portable hard drive, USB flash disk, usb key) widely uses.This kind equipment have be convenient for carrying, insert at any time, the characteristics of plug and play, providing for the user greatly easily simultaneously, also bring the potential safety hazard that can not be ignored.Rogue program (referring to computer virus, trojan horse program, spy's program etc.) after the user inserts computer with movable storage device, can hiddenly easily carry out accessing operation.Its result, the confidential data that the user preserves may be in being stolen unconsciously, distorting and even destroying.Movable storage device also may be used to reconditely to be implemented " ferry-boat is attacked ", in transmitted virus program between the different computers, between the heterogeneous networks with steal confidential data.USB flash disk commonly used all has write-protect switch basically, is provided for forbidding writing information, but can not protection information avoid being stolen (reading); Moreover such switch is a freeze mode, normally writes fashionablely in case need open, and rogue program also has enough chances to avail oneself of the opportunity to get in implement to attack.In order to prevent the malice access, people have also found out many ways." USB unidirectional physical insulation network gap " (Chinese invention patent application number 200610021310.7) proposes a kind of isolation with switching controls switch, write-protect switch and USB storage and switches hardware; take turns change-over switch with software control, guarantee that data are through USB storage one-way transmission between the network host of different security level.The weak point of this method is, the rogue program control operation of still having an opportunity to simulate is snugly along equidirectional copy transmissions malicious code and data." a kind of credible USB flash disk, realize credible USB flash disk security and with the method for Computer Data Communication " (Chinese invention patent application number 200710000330.0) propose mainly to encrypt and authentication by strengthening; and by destroying program certainly; protect USB flash disk institute canned data to be unlikely to be divulged a secret; its weak point is that rogue program still can carry out write operation to USB flash disk snugly.Existing technical method, all mainly depend on software (main frame or memory device in) automatically handle, fail to get rid of effectively the hidden possibility of carrying out accessing operation of potential rogue program.
Existing various application management softwares; accessing operation process to movable storage device; basically it is simple to scheme, automatic and convenient only to pay attention to device independence, and does not give appropriate cooperation aspect information safety protection, and this also is the major reason that causes rogue program to be had an opportunity to take advantage of.In the Windows of Microsoft series operating system, on movable storage device, make when writing generic operation (comprise newly-built, duplicate, move and deleted file or file) of explorer, be in the write-protect state if meet memory device, then just simply point out and withdraw from, the user opens write-protect switch with after the permission write operation, must reselect again and do same operation; And writing after generic operation finishes, explorer also just directly returns immediately, and is indifferent to the write-protect state of memory device.Obviously, explorer does not assist to protect movable storage device, during write-protect switch is opened, write that generic operation is actual and carry out before and finish after, the rogue program access movable storage device of all having an opportunity.Other application programs, such as word processor, notepad, board etc., also all like this.
Summary of the invention
Movable storage device and access operation software are to complement each other, be mutually related.The present invention slave unit hardware and function software two aspects respectively starts with, and solves the information safety protection problem of movable storage device.
The present invention at first proposes a kind of controlled storage apparatus, establishes a cover protection mechanism with the slave unit hardware aspect.Designed controlled storage apparatus, its basic comprising has comprised the composition of existing movable storage device, is the storage unit of medium, the interface unit (as USB connector) that is used to connect main frame such as a control module (microprocessor and deposit admittedly system operation program), one with disk or semiconductor (as the FLASH storer), and alternatively, can also be useful on the pilot lamp or the display screen of show state.A kind of variant of described controlled storage apparatus is that itself does not contain described storage unit, but alternatively, comprises that but at least one is used for connecting the interface unit of the equipment (as existing movable storage device) that comprises described storage unit.This interface unit is called the next interface unit, and correspondingly, the aforementioned interface unit that is used to connect main frame is called upper interface unit.A variant special case of this controlled storage apparatus is as controlled hub (HUB).Existing movable storage device one is when inserting main frame; through enumerating after (comprise and power up, reset, discern, address, dispose) process; promptly continue to be in to accessing operation opened state (being so for read operation at least) if write-protect switch is opened then also like this for depositing write operation.This default, out-of-control open state causes unsafe root just.The present invention is designed controlled storage apparatus, defines two states generally, i.e. guard mode and open state.Wherein, guard mode is a normality, and promptly default attitude also is through the initial state after the main frame enumeration process; Open state is transient state (state of promptly temporarily keeping), only just enters open state when needs carry out accessing operation, and, must wait for that also controlled storage apparatus enters after the open state, main frame could the actual accessing operation of finishing.When wanting access data, must make controlled storage apparatus be converted to open state from guard mode.This state exchange operation originally can be finished by the programmed control of main frame, but opens convenience will for so again the hidden accessing operation of rogue program.Therefore, the present invention from the ultimate control of guard mode to the open state conversion, gives user's (being the operator) from outside own initiatively control with controlled storage apparatus fully.For this reason, especially for an artificial manual trigger switch of controlled storage apparatus configuration or connect the interface of described trigger switch, when the user triggers this switch with hand, controlled storage apparatus promptly enters open state, and main frame can carry out data access operation.The time that open state continues to keep, depend primarily on the data volume of access and the speed of access.The said accessing operation of the present invention, comprised deposit write (writing) operate and read (reading) operation, under the particular case (as to usb key) have only read operation, perhaps (as to some demo plant) be write earlier the back read operation.Main frame is to the accessing operation of controlled storage apparatus, be in batch (a collection of) as the many bags of a collection of, the big file of a plurality of files partition or one by one (as fixed length block of usb key) carry out access, the present invention is collectively referred to as one batch of access, is the operating unit that the user controls access on application.This means whether main frame all need be allowed by user's control decision each batch access request of controlled storage apparatus, be then manual triggers it, although otherwise ignore it (promptly refusing it).The each time manual triggers of user on controlled storage apparatus also only allows controlled storage apparatus to accept the current batch of accessing operation that main frame is asked, and without manual triggers, then memory storage is ignored the accessing operation of main frame.The user is the clearest, and when oneself needs access, the also the most qualified grand access that whether oneself determines.Manual triggers is not to make an unnecessary move, and on the contrary, lifts a finger thus, and what bring but is the controllability of memory storage and got rid of the chance of the hidden access of rogue program, obviously sharp much larger than fraud.Controlled storage apparatus is under open state; main frame continues to carry out same batch of accessing operation; finish or abandon midway or hinder overtime termination for some reason until access; then; controlled storage apparatus is the reduction protection state in time; the time window that makes open state continue reasonably minimizes as far as possible, just is unlikely to stay opportunity to rogue program.Controlled storage apparatus need not the artificial foreign intervention of user by the action of open state reduction protection state, but finish automatically.The mode of automatic reduction protection state specifically can have two kinds of situations: the one, and by the controller of controlled storage apparatus, after finishing, predetermined access promptly disposes initiatively reduction voluntarily; The 2nd, after this batch access is finished, pass on message again or send instruction by main frame, make the driven reduction of controller of controlled storage apparatus.Before a kind of situation be applicable to that the data volume of access can predict the occasion of (as the usb key data), the data volume that a kind of situation in back is applicable to access when access request also inconvenience determine the occasion of (one group of file on as main frame or on the USB flash disk).The duty of controlled storage apparatus and the conversion of state, pilot lamp or display screen that can be by its configuration clearly show with the form of light or literal, make the user come into plain view, know what's what.
The arrangement of trigger mechanism manually, the external controllable of having established controlled storage apparatus has been introduced the user and has independently been observed the factor of judging with outside manually control operation.For fear of maloperation, also for the ease of cooperating with the interaction of the access operation software that moves on the main frame, special guard mode with controlled storage apparatus refinement is again isolated a solicited status.This solicited status is a transition state, and when one batch of access request took place, controlled storage apparatus promptly changed solicited status over to by guard mode, and waits for user's manual triggers.For the wait under the solicited status, can set the duration restriction (as 10 seconds) of a reasonable length.Be in the controlled storage apparatus under the solicited status, follow-up developments have two state exchange directions: the one, if the user selected again to abandon, or wait timeout do not trigger or triggers invalid, then returns guard mode; The 2nd, if user's manual triggers then enters open state immediately.
The trigger switch manually that controlled storage apparatus of the present invention disposed, be meant the trigger switch of broad sense, be not limited to specific physical form, concrete size and installation site, and the data of its state or generation must be picked up the Be Controlled unit, as the criterion of manual triggers action.Touch-button is a kind of simplified example of manual trigger switch, its touched by after let go immediately and to restore, finish and this switching value signal represents promptly that manual triggers moves.Stolen in order to prevent controlled storage apparatus, the special fingerprint recognition parts that adopt by means of fingerprint identification technology, strengthen the confidentiality and the security of controlled storage apparatus as manual trigger switch.Prestore in the controlled storage apparatus inside finger print data of authorized user is as target fingerprint; When user's manual triggers, with target fingerprint comparison consistance, only just make controlled storage apparatus enter open state when judgement is consistent by gathering user fingerprints.Configuration finger-print type trigger switch makes that also controlled storage apparatus has personalization features.Consider the scale production and marketing of controlled storage apparatus corresponding product and the facility of application, can make initial removing of target fingerprint data of product be vacancy; Again the special work of the program curing of its control module is so arranged, promptly checked target fingerprint if vacancy then will be worked as time user fingerprints of collection and save as target fingerprint.Although the finger-print type trigger switch is complicated, has very important value for the level security that ensures controlled storage apparatus.
The present invention also proposes a kind of access operation software, runs on main frame to manage or to control the process to connected controlled storage apparatus access data.Usually, during the access operation software operation, realize an operation interface, by the user for each batch accessing operation, elder generation collects the title or the catalogue of the data object of required access on the control window in advance, opens controlled storage apparatus (as equipment) afterwards, implement accessing operation, finish and promptly close controlled storage apparatus.In particular cases, function software is embodied as a component software, no operation interface own, and be called to controlled storage apparatus is implemented access.Such component software, to open earlier too, after close controlled storage apparatus.Access operation software has promptly been set up the data channel between main frame and the controlled storage apparatus by opening controlled storage apparatus.Access operation software is taked non-sharing or exclusive unfolding mode especially, makes that what set up is to monopolize data channel.This means, (before closing) during this period, other processes comprise potential rogue program, all can not repeat the same period to open or the concurrent access controlled storage apparatus.Access operation software detects company's machine state of identification controlled storage apparatus; when controlled storage apparatus is in guard mode (it is preceding usually so to implement accessing operation); access operation software is not abandoned; but prompting asks user's manual triggers so that controlled storage apparatus enters open state, and poll is waited for then.At this moment, in case user's manual triggers, and controlled storage apparatus enters open state, and access operation software is implemented the access of this lot data then, finishes (comprise normally finish or fault is overtime or the user cancels) midway until access.The access operation software access also must be sure of controlled storage apparatus reduction protection state after finishing, and just removes then and monopolizes data channel (being closing device).So; the process of access operation software access controlled storage apparatus; can be divided into three phases: the one, submit user's manual triggers to and wait for that controlled storage apparatus enters open state, the 2nd, implement this lot data of access, the 3rd, be sure of controlled storage apparatus reduction protection state.In the phase one, the wait of access operation software this moment also can the predetermined lasting time restriction, if manual triggers or controlled storage apparatus do not enter open state and then stop this batch accessing operation overtime user; Access operation software can also allow the user directly to select to abandon this batch accessing operation.In subordinate phase, the whole operations and the process of this lot data of access are finished through monopolizing data channel, also can allow the user to select to end in advance access therebetween.In the phase III,,, then give tacit consent to controlled storage apparatus and can guarantee reduction protection state voluntarily for initiatively reduction corresponding to the dual mode of controlled storage apparatus reduction protection state; For driven reduction, then pass on message informing or send instruction control to controlled storage apparatus, finish open state, its reduction protection state of test wait then to indicate it.It is essential,, the survival time of monopolizing data channel that access operation software is set up, covered the three phases of above-mentioned access controlled storage apparatus process in fact substantially for each batch accessing operation.So, access operation software moves as the trusted process, with realized close seamless cooperating between the controlled storage apparatus: during the normal accessing operation of each batch, set up at access operation software and to monopolize under the protection of data channel, it is safe that controlled storage apparatus enters open state; And in all the other times of no normal accessing operation, although have the hidden access of potential rogue program, it also is safe and reliable that controlled storage apparatus then stably is in guard mode.The user uses access operation software, when the needs access data, then presses the prompting manual triggers of access operation software, access smoothly; For not being that access operation software but the prompting of not clear process (trustless, as to be suspected to be rogue program) trigger,, promptly refuse it although then ignore.
The controlled storage apparatus and the access operation software of the present invention's design are introduced the user and are participated in judging that controlling is outside manual triggers, have worked up the effective safety protecting mechanism of a cover, can make movable storage device avoid by the harm of the hidden access of rogue program.
Description of drawings
Fig. 1 is the overall status transition diagram of controlled storage apparatus of the present invention. Controlled storage apparatus is initially in guard mode (1), and is autonomous for coming Each of machine batch access request (11) maintains guard mode (1). And after user's manual triggers (12), controlled storage apparatus namely advances Enter open state (2), main frame can continue to carry out with batch accessing operation (22) immediately. Complete or fault is overtime or the user when this batch of access Gave up halfway (21), controlled storage apparatus are automatic reduction guard mode (1).
Fig. 2 is the finely divided state transition diagram of controlled storage apparatus of the present invention. Controlled storage apparatus is initially in guard mode (1), whenever as from One batch of access request (12) of main frame then enters solicited status (2), waits for user's manual triggers. If user selection is abandoned or overtime triggering (21), then controlled storage apparatus returns guard mode (1). After user's manual triggers (23), controlled storage apparatus namely enters open state (3), main frame can continue to carry out with batch accessing operation (33) immediately. Access is complete or fault is overtime or user's gave up halfway (31) when this batch, Then controlled storage apparatus is automatic reduction guard mode (1).
Fig. 3 is the flow chart of access operation software of the present invention. Operate each batch access that decision is carried out for the user, access operation software is done earlier Prepare well (1), clearly want the data object of access, between main frame and controlled storage apparatus, attempt setting up then monopolizing data channel (2), judge Success or not (3). If unsuccessful (N) then turns to end (13); If a lot data access request (4) is then sent in success (Y), comprise The alerting users manual triggers, and the on line state that detects controlled storage apparatus is to judge manual triggers whether (5). If do not trigger (N), then declare again Disconnected whether overtime (6) and whether abandon (7). If overtime (Y) or user have determined to abandon (Y), then turn to remove and monopolize data channel (12) And end (13); Otherwise (N), continue to detect judge manual triggers whether (5), namely continue to wait for user's manual triggers. If trigger (Y), Then carry out this lot data accessing operation (8), judge access whether complete (9). If not complete (N) then continues with the lot data accessing operation (8); If complete (also comprising the overtime and user's gave up halfway of fault) is (Y), then controlled storage apparatus is sent message informing or order termination (10), Detect then reduction protection state whether (11) of controlled storage apparatus. If not reduction (N) then continues to detect to wait for; If reduce (Y), then Data channel (12) is monopolized in dismounting, finishes then (13).
Embodiment
[embodiment 1] a kind of controlled storage apparatus is designed to have the USB flash disk that trigger switch is controlled defencive function.On the basis of existing USB flash disk, improved design from hardware and software two aspects.
1, USB flash disk hardware design.Main devices comprises that microprocessor adopts the AT89C5131 chip, and storer adopts the nonvolatile memory K9F5608U chip of 1 NAND FLASH type, constitutes the USB flash disk that memory capacity is 32MB, also has the USB interface plug of 1 standard.On shell, except keeping existing write-protect switch extremely the function, set up one especially the soft-touch control that can restore (reinstatement of to rebound voluntarily of letting go after promptly pressing).The two poles of the earth place in circuit plate of soft-touch control is as the keyboard signal pin KIN[7 of microprocessor] the interruption input source.
2, software design.Comprise system operation program that USB flash disk is deposited admittedly and supporting for USB flash disk, with the device driver of installation and operation in main frame.
1) system operation program realizes according to the design of the mass storage class MSC that defines in the usb bus agreement (Mass Storage Class) standard.Wherein, ordering norms adopts UFI, and host-host protocol adopts SCSI.Especially, distribute a byte fetch logic value, as the triggering sign of reflection soft-touch control, initial remove (clear 0); Corresponding to the interruption that response is produced by soft-touch control, an interrupt handling routine augments the staff.This interrupt handling routine is only done something, be exactly according to checking the USB flash disk current working state, if be in the solicited status (the accessing operation request that comes from main frame is promptly arranged, and the USB flash disk master routine is being waited for manual triggers) of the present invention's definition, then will trigger flag set (putting 1), and interrupt then returning; Otherwise directly interrupt returning.The system operation program is for enumeration process, as usual power up, reset, to identification, addressing, the configuration operation that comes from main frame, also still response execution as usual comprises response SET_ADDRESS, SET_CONFIGRATION, GET_DESCRIPTOR and the request of GET_STATUS bus standard.The part that changes mainly is, to receiving the CBW order of autonomous machine, therefrom parse between main frame and the USB flash disk equipment quantity that transmits data (byte number of representing by the dCBWDataTransferLength field) and direction (by the sign of bmCBWFlag field most significant digit setting), and according to the operational order (given) of SCSI normalized definition by the CBWCB field, do such processing: for parameter and the relevant operational order of state, comprise inquiry (Inquiry), start and stop (Start/Stop), (Prevent/Allow Medium Removal) shifted out in protection, read capacity (ReadCapacity), read formatted capacity (Read Format Capacity), result of query execution (Request Sense), diagnosis (SendDiagnostic) resets, test ready (Test Unit Ready), return zero track (Rexero Unit), tracking addressing (Seek 10) etc. are let pass as usual and are carried out; For every operational order (bmCBWFlag field extreme higher position 0) of writing class of depositing, comprise format (Format Unit), checking data (Verify), write data (Write 10), write and checking data (Write and Verify) etc., must detect earlier and trigger whether set of sign, be that (promptly manual triggers) then carries out it, (promptly as yet not manual triggers) then do not refuse it; For the operational order that reads class (bmCBWFlag field extreme higher position 1), mainly be read data (Read 10), decide memory location according to data object, if only relate to the MBR data of 0 bunch of 0 sector or the data of alternative document directory area, then directly let pass and carry out, so that main frame need not wait user's manual triggers and promptly can discern the USB flash disk file system automatically and list wherein file directory tree, if relate to the in addition data of position, it then is the accessing file content-data, must detect earlier and trigger whether set of sign, be then to carry out it, otherwise refuse it.The result of CBW command execution all needs relative set CSW status word, by Bulk-In port loopback main frame.CSWStatus field in the CSW status word just often need put 0 as rreturn value; Guard mode for reflection the design defines numerical value 55h (wherein h represents sexadecimal number) especially as rreturn value.So for the situation of above-mentioned refusal execution command, the CSWStatus field of then putting in the CSW status word is a 55h value circular main frame.Strengthen SET_FEATURE bus standard request responding routine again, main frame is provided with the request (when the value of the bmRequestType field of Setup request package is 0h) of device characteristics, will trigger flag set.In addition; also strengthen GET_STATUS bus standard request responding routine; main frame is obtained the request (when the value of the bmRequestType field of Setup request package is 80h) of equipment state; with the most significant digit (b15) that keeps originally in the device status word that returns; reflect USB flash disk, the defined guard mode of the present invention: trigger flag set and then put 1, otherwise clear 0.This makes the application program of main frame, can initiatively know the current guard mode that whether is in of USB flash disk by device driver.
2) device driver realizes according to the design of WDM driver hierarchical model, comprises bus driver, function driver, and the filter drive program of corresponding level, and the object run environment is a Windows operating system.In the device driver of establishment, at IRP (I/O request package) control messages IRP_MJ_CREATE, IRP_MJ_READ, IRP_MJ_WRITE, IRP_MJ_CLOSE, IRP_MJ_DEVICE_CONTROL, routine is handled in the establishment response respectively, with the api function CreateFile of respective operations system, ReadFile, WriteFile, CloseFile, DeficeIoControl.Define a wrong code value ERROR_DEVICE_PROTECT=20000055h (wherein b29 put 1 the representative self-defined and unlikely and any system definition error code conflict), represent that USB flash disk is in guard mode.Special processing additional in the IRP_MJ_READ routine is, when USB flash disk is in guard mode, directly be ReadFile function return results value FALSE (0 value) with the failure of indication read operation, and call api function SetLastError (ERROR_DEVICE_PROTECT) error code is set; When USB flash disk is in the success of open state and read operation, return results value TRUE (non-0 value) and call api function SetLastError (0) removing error code then.Special processing additional in the IRP_MJ_WRITE routine is, when USB flash disk is in guard mode, directly for WriteFile function return results value FALSE deposits the write operation failure with indication, and call api function SetLastError (ERROR_DEVICE_PROTECT) error code is set; When USB flash disk is in open state and deposits write operation success, return results value TRUE and call api function SetLastError (0) and remove error code then.Special processing additional in the IRP_MJ_CLOSE routine is, by send the request of SET_FEATURE bus standard to USB flash disk, make it trigger flag set, send the request of GET_STATUS bus standard to USB flash disk again then, indicate set with its triggering of verification and validation.
[embodiment 2] a kind of controlled storage apparatus is designed to have the USB connector of trigger switch control defencive function.Itself is not used in the storage data, but is used for providing protectiveness to be connected between main frame and common U disk or portable hard drive.
1, hardware design.Main devices comprises: microprocessor adopts the S3C2410X chip that comprises ARM920T technology kernel; Storer adopts the nonvolatile memory SST39LV160 chip of 1 Nor Flash type, and capacity is 16Mb, is used for the storage system operation program code; The USB interface plug of 2 standards connects one of 2 usb host interfaces and 1 USB device interface of microprocessor in respectively, is used for external host computer (promptly as upper interface plug) and movable storage device (promptly as the next interface plug) respectively.On shell, set up a recoverable soft-touch control especially, its two poles of the earth place in circuit plate is as the external interrupt input source of microprocessor.
2, software design.The design of system operation program is substantially as described in the appropriate section of embodiment 1.The key distinction is, receives main frame standard request, CBW order and data from upper interface, transfers to memory device through the next interface; Receive CSW status word and the data that memory device returns from the next interface again, give main frame through upper interface loopback.Trigger preservation, renewal, check and the loopback of sign, all relevant and in this device, carry out with the external trigger action of the soft-touch control of this device.Actual effect is that this device through resolving and check, tackled the accessing operation that should protect, and directly loopback CSW status word is given main frame, thereby realized the access protection to memory device receiving the CBW order of autonomous machine.The design of device driver is also as described in the appropriate section of embodiment 1.
[embodiment 3] a kind of access operation software is designed to access management software.Copy the explorer of Windows operating system, be split as two parts in the main body of software interface: a tree control is arranged in the left side, is used for listing the file directory tree that movable storage device is stored; A list control is arranged on the right side, is used to list sub-directory or file object under the directory tree current directory of left side.The user can from other softwares (as explorer) interface, duplicate by drag and drop, shortcut or menu mode operation, mobile catalogue file object set is to this software interface, or reverse operating; Can also directly on this software interface, create, duplicate, move and the file that deltrees.For such each batch accessing operation, the processing of software at first is to open memory device with exclusive mode, and the memory device of being opened is closed in the access of being scheduled to then at last.When access,, then obtain error code by the api function GetLastError of system () if run into failure for the first time.If the value of error code equal ERROR_DEVICE_PROTECT (such as example 1 definition); show that memory device is controlled storage apparatus of the present invention and is in normal guard mode; then software is not abandoned this batch accessing operation; but submit user's manual triggers to; poll is waited for then, detection of stored equipment enters open state automatically, finishes this batch storage operation then.Submit in the dialog box of user's manual triggers, arranging has " cancellation " button, and the user can select to click it, abandons this batch storage operation to end to wait for.If the value of error code is not equal to ERROR_DEVICE_PROTECT, show that then memory device is not a controlled storage apparatus of the present invention, only need report operation failure and abort operation to get final product.Close the memory device of being opened, as described in the device driver part of embodiment 1 design, can be sure of the pairing IRP_MJ_CLOSE routine of shutoff operation, will cause memory device reduction protection state.So, software can be on accessing operation, realizes the compatibility of controlled memory device and common memory device.
[embodiment 4] a kind of access operation software is that the explorer to Windows operating system is improved.For each batch accessing operation, the treatment step of software carries out according to the way of embodiment 3, can make explorer can support to cooperate controlled storage apparatus of the present invention, thereby realizes the effectively effect of protection movable storage device information security.
Claims (10)
1; a kind of controlled storage apparatus; be used to connect main frame for access data; it comprises that a control module is connected the upper interface unit of main frame with one; comprise that also one is the storage unit of medium or the next interface unit of the equipment that at least one connection comprises described storage unit with disk or semiconductor; the interface that it disposes trigger switch manually especially or connects described trigger switch; its normality is in guard mode; transient state is in open state; main frame is each batch accessing operation to it; to wait for that all it enters open state and just can finish afterwards; it is characterized in that:, be automatic reduction protection state and finish when each batch accessing operation when being entered open state by manual triggers.
2, device according to claim 1, wherein said trigger switch is the fingerprint collecting parts, it is characterized in that, described manual triggers is to compare consistance by gathering user fingerprints with target fingerprint, when judging the consistent open state that just enters.
3, device according to claim 2 is characterized in that, described target fingerprint is as if vacancy, and then the user fingerprints when inferior collection promptly saves as target fingerprint.
4, device according to claim 1 and 2 is characterized in that, the action of described reduction protection state is disposed voluntarily initiatively by its control module and finished.
5, device according to claim 1 and 2 is characterized in that, message that the action of described reduction protection state is passed on by its control module response main frame or the instruction of sending and driven finishing.
6, device according to claim 1 and 2 is characterized in that, described open state and the reduction protection state of entering also expressed by the pilot lamp or the display screen of its configuration.
7, a kind of access operation software, run on main frame to manage or to control process to connected controlled storage apparatus access data, during each batch accessing operation, comprising set up between main frame and the controlled storage apparatus monopolize data channel, the identification controlled storage apparatus connects the step of machine state, and the step of submitting user's manual triggers to, it is characterized in that: after the described user's of submitting to manual triggers, also continue to wait for that controlled storage apparatus enters open state, then this lot data of access; And the described survival time of monopolizing data channel, the basic covering submitted user's manual triggers to and waited for that controlled storage apparatus enters open state, this lot data of access, be sure of this three phases of controlled storage apparatus reduction protection state.
8, software according to claim 7 is characterized in that, the described user's of submitting to manual triggers enters this stage of open state with the wait controlled storage apparatus, also allows the user to select to abandon this batch accessing operation.
9, software according to claim 7, it is characterized in that, the described user's of submitting to manual triggers enters this stage of open state with the wait controlled storage apparatus, predetermined time duration restriction is arranged, if manual triggers or controlled storage apparatus do not enter open state and then stop this batch accessing operation overtime user.
10, according to claim 7,8 or 9 described softwares, it is characterized in that, describedly be sure of this stage of controlled storage apparatus reduction protection state, also comprise indication earlier and wait for that controlled storage apparatus finishes open state, and then remove the step of monopolizing data channel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100091363A CN101493866A (en) | 2008-01-23 | 2008-01-23 | Controlled storage apparatus and access operation software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100091363A CN101493866A (en) | 2008-01-23 | 2008-01-23 | Controlled storage apparatus and access operation software |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101493866A true CN101493866A (en) | 2009-07-29 |
Family
ID=40924460
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008100091363A Pending CN101493866A (en) | 2008-01-23 | 2008-01-23 | Controlled storage apparatus and access operation software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101493866A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103544419A (en) * | 2012-07-17 | 2014-01-29 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN106339619A (en) * | 2016-08-26 | 2017-01-18 | 何颖 | Information security management method and device thereof |
| CN106844072A (en) * | 2016-11-21 | 2017-06-13 | 广州视源电子科技股份有限公司 | Method and system for detecting recovery protection state of computer operating system |
| TWI699668B (en) * | 2018-05-10 | 2020-07-21 | 華邦電子股份有限公司 | Intrinsic data generation device, semiconductor device and authentication system |
-
2008
- 2008-01-23 CN CNA2008100091363A patent/CN101493866A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103544419A (en) * | 2012-07-17 | 2014-01-29 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN106339619A (en) * | 2016-08-26 | 2017-01-18 | 何颖 | Information security management method and device thereof |
| CN106339619B (en) * | 2016-08-26 | 2019-01-18 | 上海恒能泰企业管理有限公司 | Information security management method and its device |
| CN106844072A (en) * | 2016-11-21 | 2017-06-13 | 广州视源电子科技股份有限公司 | Method and system for detecting recovery protection state of computer operating system |
| TWI699668B (en) * | 2018-05-10 | 2020-07-21 | 華邦電子股份有限公司 | Intrinsic data generation device, semiconductor device and authentication system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105809003B (en) | The terminal screen unlocking method and terminal of a kind of fingerprint recognition | |
| CN107885679A (en) | The automatic running of integrated circuit memory component | |
| CN104375836A (en) | Method and device for showing lock screen window | |
| CN1353365A (en) | Use method of safety cipher in nonsafety programming environment | |
| CN101593252B (en) | Method and system for controlling access of computer to USB equipment | |
| US20110082993A1 (en) | Hard ware data protection device | |
| CN100583119C (en) | Mobile memory and method for controlling data download of computer | |
| CN108885572A (en) | Safe driver platform | |
| CN102722663A (en) | Handheld smart device data security protection method | |
| CN102385671A (en) | Method and system for encrypting software | |
| CN101493866A (en) | Controlled storage apparatus and access operation software | |
| CN100419719C (en) | Method for automatic protection of U disc by using filtering driver and intelligent key device | |
| CN101420299B (en) | Method for enhancing stability of intelligent cipher key equipment and intelligent cipher key equipment | |
| CN108090341A (en) | Java card control method and java card | |
| CN101271507B (en) | File hiding method, system and device based on USB equipment | |
| CN100547546C (en) | A kind of software and hardware Intelligent Recognition and guard method | |
| CN1845072A (en) | Portable apparatus and automatic backup method thereof | |
| CN104427097B (en) | Terminal device and changing method | |
| CN100451999C (en) | Memory and method for protecting storage data | |
| CN101593117A (en) | A kind of method that improves intelligent key equipment easy applied performance | |
| CN100464276C (en) | Method and system for allocating and protecting subscriber software-hardware configuration information | |
| CN1581116B (en) | System and method for accessing the computer system to remote apparatus | |
| CN201523396U (en) | Interactive device of high safety information network | |
| CN201514637U (en) | High-safety information network equipment | |
| CN200976141Y (en) | Plug-and-play intelligent cipher key device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090729 |