CN101877246A - U disk encryption method - Google Patents
U disk encryption method Download PDFInfo
- Publication number
- CN101877246A CN101877246A CN2009101358022A CN200910135802A CN101877246A CN 101877246 A CN101877246 A CN 101877246A CN 2009101358022 A CN2009101358022 A CN 2009101358022A CN 200910135802 A CN200910135802 A CN 200910135802A CN 101877246 A CN101877246 A CN 101877246A
- Authority
- CN
- China
- Prior art keywords
- disk
- hard drive
- portable hard
- key
- usb flash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a U disk (mobile hard disk) encryption method which monitors the USB Hey state in real time, carries out identity verification and obtains a key by authorized USB Key, wherein the protected U disk (mobile hard disk) is divided into a protective area and a non-protective area; the protective area is mapped into a virtual disk when the authorized verification is passed, data wrote into the disk is encrypted and the data read from the disk is decrypted; the non-protective area is still used as a common U disk (mobile hard disk). When the USB Key does not exist, the protective area cannot be accessed. The data stored in the protective area of the U disk (mobile hard disk) is encrypted forever, and is automatically decrypted in a memory when being used by a user. The invention supports the U disks (mobile hard disks) and file systems of all types, does not change the use habit of conventional data and the action of application programs of users, and does not require the users to buy new U disk (mobile hard disk) equipment.
Description
Affiliated technical field
The present invention relates to the implementation method of a kind of encrypted U disk (portable hard drive), mainly is the automatic encryption and decryption protection that realizes user's USB flash disk (portable hard drive) data.Make the user not need to increase new system hardware facility, not change the automatic encryption and decryption that reaches USB flash disk (portable hard drive) data on the basis of traditional data use habit, improve information security, prevent information leakage, the exchanges data and the sharing characteristic that have kept simultaneously USB flash disk (portable hard drive) again reach " dish is dual-purpose " on the basis of use cost that does not increase the user and burden.This method is obtained key and is carried out authentication from USB Key, use virtual disk technology to realize the transparent encryption and decryption of data in real time; This method goes up at USB flash disk (portable hard drive) and divides the protected data district, this district is invisible to the user, when USB Key exists, utilize virtual disk technology to become disk to use this spatial mappings to the user, the file data that is written in this disk is encrypted automatically, and the file data of reading in this disk is deciphered automatically; Non-protection area on the USB flash disk (portable hard drive) remains a common U (portable hard drive), the demand that satisfies the general data exchange and share; When USB Key did not exist, protected district was invisible to the user, and data also can't be visited.
Background technology
Along with the fast development of computer technology, the application of movable storage device is very general.These equipment when being convenient for people to use also to people with rice huge threat: information leakage.The product miscarriage that international and domestic because information leakage causes, customer churn, prestige is impaired, incidents such as the property loss end that appears in the newspapers repeatly.Therefore the information protection of movable storage device has become a visitor and has not allowed the topic that delays.
In order to tackle this demand, many equipment vendors have released multiple movable storage device information protection product one after another, and more common at present is exactly encrypted U disk (portable hard drive).User storage is encrypted to the data on the USB flash disk (portable hard drive), must import licencing key earlier in use.So just the information that can limit the disabled user is stolen.But there is following problem before this type order:
1: need realize encrypting in USB flash disk (portable hard drive) interface control chip one-level, therefore must depend on new hardware device.The user must buy new USB flash disk or portable hard drive box, and old equipment is not supported, and user's trace utilization cost is too high.
Data on the 2:U dish (portable hard drive) are all encrypted, without any differentiation.Cause USB flash disk (portable hard drive) can not carry out sharing of data more easily, reduced usage ratio of equipment, waste ample resources simultaneously.
3: data are encrypted in the hard disk chip level, and all data are all encrypted on the hard disk, in case damaging or fault appears in hard disk, can't deliver the third party and carry out the data recovery.
Summary of the invention
Fundamental purpose of the present invention is to provide a kind of confidential information with protection USB flash disk (portable hard drive) not to be stolen; do not influence simultaneously exchanges data and the sharing characteristic and the daily use of USB flash disk (portable hard drive) again; and can compatiblely fully have USB flash disk (portable hard drive) equipment, encrypted U disk (portable hard drive) implementation method of saving customer using cost in a large number now.
The present invention uses USB Key to realize authenticating user identification and key preservation, and key is write among the Key after adopting hardware to generate at random when producing, and need not user's memory; The HID equipment that this Key uses operating system to provide drives, so it does not need the user that driving additionally is installed, and has reduced the expense of user's drive installation and maintenance; The present invention uses virtual disk technology to realize encrypted U disk (portable hard drive), and compatible all USB flash disks (portable hard drive) needn't additionally be purchased new hardware device; The complete compatible user's of virtual disk legacy data use habit and mode have great convenience for the user; The present invention is divided into protected location and non-protection area with whole USB flash disk (portable hard drive); have only the data of protected location to be protected; non-protection area remains a common U (portable hard drive), makes the user still can normally utilize the exchanges data and the sharing characteristic of USB flash disk (portable hard drive).
This method hardware components is the USB Key of a common HID interface, directly uses the HID device drives to drive, and utilizes the equipment intercommunication of core layer to realize the control of this equipment and reading of verify data and key.The hardware components of this method also can an integrated common U, directly uses the USB memory device to drive.
Software section is a virtual disk driver, during in the Key existence and by authentication, this driving is responsible for that the protected location on the USB flash disk (portable hard drive) is mapped to disk and is used to the user, and the file data that writes this disk is encrypted, and the file data of reading from this disk is decrypted; The protected location is sightless to the user when Key does not exist, and guarantees that data are not by accidental damage; Whether non-protection area Key exists all is common U (portable hard drive), does not influence exchanges data and shared.
Owing to adopted above technical scheme, the present invention had:
The USB Key of 1:HID interface does not need extra the installation to drive, and reduces user's device drives maintenance costs;
2: USB flash disk (portable hard drive) and file system that virtual disk driver is compatible all, do not need the new equipment of the extra purchase of user, can directly support original USB flash disk (portable hard drive), save user's equipment use cost;
3: virtual disk provides transparent encrypting and decrypting process fully, complete compatible user's use habit;
4: selectively data encryption, not only significant data can be protected but also the data sharing and the function of exchange of USB flash disk (portable hard drive) can be brought into play;
5: the real-time device monitoring, in case USB Key does not exist, virtual disk just no longer exists, the protected location data are promptly protected, can't use, and make things convenient for the user.
6: support multiple encryption algorithms, can arbitrarily specify as required or upgrade, flexible;
7: key is formed and stored among the Key at random by hardware, need not the user and preserves, and avoids losing.
The non-protection area data of 8:U dish (portable hard drive) are not encrypted, remain common U (portable hard drive), and it is unaffected to guarantee that USB flash disk (portable hard drive) gets the data commutativity.
The protected district of 9:U dish (portable hard drive) is invisible to the user when Key does not exist, and prevents that data are by accidental damage.
These characteristics are better than existing any USB flash disk (portable hard drive) encipherment protection product on the market.
The invention has the beneficial effects as follows: can make the user on the basis that need not buy new USB flash disk (portable hard drive), mobile hard disc box, just can realize encrypted U disk (portable hard drive), effectively utilize existing resource to reduce user cost; Simultaneously fully transparent encryption and decryption effect can complete compatible original user data use habit and mode, and the user need not to do any special study and just can use, and alleviates user's use burden; The user can arbitrarily change the space size of protected location and non-protection area, can prevent that information-leakage from can make full use of the message exchange ability of USB flash disk (portable hard drive) again.
Description of drawings
The present invention is further described below in conjunction with drawings and embodiments.
Fig. 1 is software architecture figure of the present invention.
Fig. 2 is hardware structure figure of the present invention.
Fig. 3 is a HID monitoring of tools process flow diagram of the present invention
Fig. 4 is a virtual disk driver workflow diagram of the present invention
1. application programs among the figure, 2. user operation, 3. system file operation A PI, 4. core document service interface, 5. file system drives, 6. disk drive, 7. virtual disk driver, 8.HID device drives, 9.HID interface register, 10.HID equipment firmware.
Embodiment:
For the effect that describes structure of the present invention in detail and reached, existing following preferred embodiment of act and conjunction with figs. are described as follows:
Among Fig. 1, application program and user's operation and system file interactive interfacing, the system file interface changes into the request of kernel state file service to request.These requests at first are sent to file system and drive, and file system drives request is distributed to corresponding disk unit driving; Virtual disk driver is operated according to the state of present HID USB Key.If Key does not exist, virtual disk driver is just forbidden simulating disk unit and is given system, and this moment, the protected location of protected disk can not be visited; If existing and pass through, Key authenticates, virtual disk driver is given system with regard to mock disc, the protected location of protected disk is mapped to a disk, and write the file data of this disk and encrypted by virtual disk driver this moment, and be redirected to the protection zone of actual disk; By the protected location that virtual disk driver is redirected to actual disk, the file data of reading is decrypted, gives system's normal process then from the request of this disk reading of data; Data in the non-protection area remain common U (portable hard drive) directly by the system disk driven management, are not affected.
Among Fig. 2; virtual disk driver utilizes HID to drive and the USB Key of equipment room mechanics of communication and HID interface carries out communication; the USB Key that meets a series of identification sequences of virtual disk driver is exactly the Key through authorizing; virtual disk driver is obtained key from this Key; the user uses password, information such as the size in protected disk zone and position.
Among Fig. 3, the state of virtual disk driver monitoring HID USB Key, if find USB Key existence just the carrying out data interaction of HID interface, the Key that meets specific data interaction sequence is exactly our purpose Key, next the key and the user that obtain prior storage from Key use password, and notify the user to carry out password authentication, notify virtual disk driver Key existence behind the authentication success and provide key.If the HID interface USB Key by authentication is removed, just notify virtual disk driver Key not exist and empty key, cancel the disk space mapping simultaneously.
Among Fig. 4, virtual disk driver receives that according to the protected district that the parameter that obtains is redirected to actual disk with request, the data that write are encrypted after the file data request that system sends from Key, and the data that read are decrypted.
Claims (10)
1. an encrypted U disk (portable hard drive) implementation method has been added virtual disk driver and HID interfacing equipment watch-dog in system.It is characterized in that: a common system core service routine, when this kernel service program run, if have Key and shielded USB flash disk (portable hard drive) by authentication, can add a virtual disk in the system, this disk is mapped to the protected location of protected USB flash disk (portable hard drive), the file data that is written to this disk is encrypted automatically, is deciphered automatically from the file data that this disk is read; The file data of the non-protection area of protected USB flash disk (portable hard drive) is unaffected, remains a common U disk (portable hard drive); If there is no by the Key of authentication, the protected location of protected USB flash disk (portable hard drive) can not be visited.
2. kernel service program according to claim 1 is characterized in that: a service routine that operates in core layer, can add the state that virtual disk is also monitored HID interface USB Key in real time in system.
3. kernel service program according to claim 1 is characterized in that: support all types of USB flash disks (portable hard drive) and file system, need go up the size and the position of specifying the protected location at USB flash disk (portable hard drive), the protected location can't be visited when Key does not exist.
4. kernel service program according to claim 1; it is characterized in that: support all types of USB flash disks (portable hard drive) and file system; need go up the size and the position of specifying the protected location at USB flash disk (portable hard drive); non-protection area is not affected, and still can be used as a common U (portable hard drive) and uses.
5. kernel service program according to claim 1 is characterized in that: the protected location of protected USB flash disk (portable hard drive) can be become virtual disk for user capture, virtual disk is supported the All Files system.
6. kernel service program according to claim 1 is characterized in that: monitor the state of USB Key in real time, the prompting user carried out authentication when USB Key existed, the directly existing virtual disk mapping of cancellation when not existing.
7. kernel service program according to claim 1 is characterized in that: the USB Key of use is the HID interface, does not need to provide in addition driving, and Key is used for carrying out key storage and authentication.
8. kernel service program according to claim 1 is characterized in that: the mode with virtual disk provides the user access to the protected location of protected USB flash disk (portable hard drive), does not change any behavior of application program and user accesses data.
9. kernel service program according to claim 1 is characterized in that: extra any type of built-in function is not provided, does not change size and other any attributes of the file of handling.
10. kernel service program according to claim 1 is characterized in that: can load dynamically, operate in system core layer fully.All data-switching and processing all are to finish in core layer, do not need other support program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101358022A CN101877246A (en) | 2009-04-28 | 2009-04-28 | U disk encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101358022A CN101877246A (en) | 2009-04-28 | 2009-04-28 | U disk encryption method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101877246A true CN101877246A (en) | 2010-11-03 |
Family
ID=43019775
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101358022A Pending CN101877246A (en) | 2009-04-28 | 2009-04-28 | U disk encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101877246A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102184358A (en) * | 2011-04-28 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | USB (Universal Serial Bus) embedded trustworthiness private information processing device and system |
| CN102479296A (en) * | 2010-11-29 | 2012-05-30 | 公安部第一研究所 | Virus and Trojan prevention method for USB (Universal Serial Bus) flash disk data |
| CN102663323A (en) * | 2012-03-09 | 2012-09-12 | 无锡华御信息技术有限公司 | Encryption method supporting mobile media |
| WO2013040915A1 (en) * | 2011-09-22 | 2013-03-28 | 腾讯科技(深圳)有限公司 | File encryption method and device, file decryption method and device |
| CN103139366A (en) * | 2011-12-05 | 2013-06-05 | 希姆通信息技术(上海)有限公司 | Mobile terminal and data protection method thereof |
| CN103745170A (en) * | 2014-01-02 | 2014-04-23 | 浙江云巢科技有限公司 | Processing method and device for disk data |
| CN104571950A (en) * | 2014-12-24 | 2015-04-29 | 中国科学院信息工程研究所 | Command identifying method for external storage medium |
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN106911467A (en) * | 2015-12-23 | 2017-06-30 | 北京握奇智能科技有限公司 | A kind of data confidentiality storage and the method for transmission |
| CN107154848A (en) * | 2017-03-10 | 2017-09-12 | 深圳市盾盘科技有限公司 | A kind of data encryption based on CPK certifications and storage method and device |
| CN109117638A (en) * | 2018-07-13 | 2019-01-01 | 中国电子科技集团公司第三十研究所 | A kind of credible and secure mainboard of height and its control method based on physics switching |
| CN110096910A (en) * | 2019-05-14 | 2019-08-06 | 北京天地和兴科技有限公司 | A kind of credible USB flash disk implementation method based on filter Driver on FSD |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773994A (en) * | 2005-10-28 | 2006-05-17 | 广东省电信有限公司研究院 | Method for realizing data safety storing business |
| CN1866224A (en) * | 2005-05-20 | 2006-11-22 | 联想(北京)有限公司 | Mobile memory device and method for accessing encrypted data in mobile memory device |
| EP1836640A2 (en) * | 2004-12-21 | 2007-09-26 | SanDisk Corporation | Memory system with versatile content control |
| CN101350723A (en) * | 2008-06-20 | 2009-01-21 | 北京天威诚信电子商务服务有限公司 | USB Key equipment and method for implementing verification thereof |
-
2009
- 2009-04-28 CN CN2009101358022A patent/CN101877246A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1836640A2 (en) * | 2004-12-21 | 2007-09-26 | SanDisk Corporation | Memory system with versatile content control |
| CN1866224A (en) * | 2005-05-20 | 2006-11-22 | 联想(北京)有限公司 | Mobile memory device and method for accessing encrypted data in mobile memory device |
| CN1773994A (en) * | 2005-10-28 | 2006-05-17 | 广东省电信有限公司研究院 | Method for realizing data safety storing business |
| CN101350723A (en) * | 2008-06-20 | 2009-01-21 | 北京天威诚信电子商务服务有限公司 | USB Key equipment and method for implementing verification thereof |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102479296A (en) * | 2010-11-29 | 2012-05-30 | 公安部第一研究所 | Virus and Trojan prevention method for USB (Universal Serial Bus) flash disk data |
| CN102184358A (en) * | 2011-04-28 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | USB (Universal Serial Bus) embedded trustworthiness private information processing device and system |
| EP2759943B1 (en) * | 2011-09-22 | 2020-12-30 | Tencent Technology (Shenzhen) Co., Ltd | File encryption method and device, file decryption method and device |
| WO2013040915A1 (en) * | 2011-09-22 | 2013-03-28 | 腾讯科技(深圳)有限公司 | File encryption method and device, file decryption method and device |
| CN103020537A (en) * | 2011-09-22 | 2013-04-03 | 腾讯科技(深圳)有限公司 | Data encrypting method, data encrypting device, data deciphering method and data deciphering device |
| US9224002B2 (en) | 2011-09-22 | 2015-12-29 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for file encryption/decryption |
| CN103139366A (en) * | 2011-12-05 | 2013-06-05 | 希姆通信息技术(上海)有限公司 | Mobile terminal and data protection method thereof |
| CN103139366B (en) * | 2011-12-05 | 2014-09-24 | 希姆通信息技术(上海)有限公司 | Mobile terminal and data protection method thereof |
| CN102663323A (en) * | 2012-03-09 | 2012-09-12 | 无锡华御信息技术有限公司 | Encryption method supporting mobile media |
| CN103745170A (en) * | 2014-01-02 | 2014-04-23 | 浙江云巢科技有限公司 | Processing method and device for disk data |
| CN103745170B (en) * | 2014-01-02 | 2017-01-04 | 浙江云巢科技有限公司 | The processing method and processing device of data in magnetic disk |
| CN104571950A (en) * | 2014-12-24 | 2015-04-29 | 中国科学院信息工程研究所 | Command identifying method for external storage medium |
| CN104571950B (en) * | 2014-12-24 | 2018-03-23 | 中国科学院信息工程研究所 | A kind of password authentication method of peripheral hardware storage medium |
| CN106911467A (en) * | 2015-12-23 | 2017-06-30 | 北京握奇智能科技有限公司 | A kind of data confidentiality storage and the method for transmission |
| CN106682521B (en) * | 2016-11-28 | 2020-02-07 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN107154848A (en) * | 2017-03-10 | 2017-09-12 | 深圳市盾盘科技有限公司 | A kind of data encryption based on CPK certifications and storage method and device |
| CN109117638A (en) * | 2018-07-13 | 2019-01-01 | 中国电子科技集团公司第三十研究所 | A kind of credible and secure mainboard of height and its control method based on physics switching |
| CN110096910A (en) * | 2019-05-14 | 2019-08-06 | 北京天地和兴科技有限公司 | A kind of credible USB flash disk implementation method based on filter Driver on FSD |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101877246A (en) | U disk encryption method | |
| CN102053925A (en) | Realization method of data encryption in hard disk | |
| KR102176612B1 (en) | Secure subsystem | |
| US20210133334A1 (en) | Display method, apparatus, and storage medium | |
| CN104160407B (en) | Using storage control EBI guaranteeing the data transmission security between storage device and main frame | |
| CN100437618C (en) | Portable information safety device | |
| CN101587524B (en) | Method for encrypting data memory apparatus based on virtual system | |
| US10372628B2 (en) | Cross-domain security in cryptographically partitioned cloud | |
| CN104951409A (en) | System and method for full disk encryption based on hardware | |
| CN102945355A (en) | Sector map-based rapid data encryption policy compliance | |
| GB2387937B (en) | Secure cpu and memory management unit with cryptographic extensions | |
| JP2011048661A (en) | Virtual server encryption system | |
| CN102855452A (en) | Method for following quick data encryption strategy based on encryption piece | |
| CN102955745A (en) | Mobile storage terminal and data management method thereof | |
| WO2013096258A1 (en) | Method and system for frame buffer protection | |
| US20120124391A1 (en) | Storage device, memory device, control device, and method for controlling memory device | |
| CN103488919A (en) | Protection method and device for executable programs | |
| JP2009105737A (en) | Content data management system and method | |
| CN102184143A (en) | Data protection method, device and system for storage device | |
| CN101630292A (en) | File encryption-decryption method of USB removable storage device | |
| CN107749862A (en) | A kind of data encryption centrally stored method, server, user terminal and system | |
| US8086873B2 (en) | Method for controlling file access on computer systems | |
| CN103745170B (en) | The processing method and processing device of data in magnetic disk | |
| US20090119782A1 (en) | Method and device for digital rights protection | |
| CN100504829C (en) | Communication of information via a side-band channel, and use of same to verify positional relationship |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20101103 |