CN102999728A - Data storage method and data storage device based on secure desktop - Google Patents
Data storage method and data storage device based on secure desktop Download PDFInfo
- Publication number
- CN102999728A CN102999728A CN2012104905333A CN201210490533A CN102999728A CN 102999728 A CN102999728 A CN 102999728A CN 2012104905333 A CN2012104905333 A CN 2012104905333A CN 201210490533 A CN201210490533 A CN 201210490533A CN 102999728 A CN102999728 A CN 102999728A
- Authority
- CN
- China
- Prior art keywords
- file
- data block
- data
- byte number
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a data storage method and a data storage device based on a secure desktop. The data storage method comprises the steps of partitioning a file to be stored by bytes according to the length of a preset block to obtain data blocks, confirming the storage position of each data block according to a preset strategy rule when the file is oriented again, and respectively storing the data blocks on a local terminal and a remote server. According to the method, the data storage device has the beneficial effect of being compatible with the data security in the condition of meeting bandwidth requirements, the data can be effectively prevented from leaking, and enhance the data security is enhanced.
Description
Technical field
The present invention relates to the data safe processing technical field, relate in particular to a kind of date storage method based on safety desktop and device.
Background technology
The safety desktop technology is mainly used in " virus isolation " and " anti-data are revealed " two main demand fields at present; In " anti-data reveal " solution, data are encrypted and stored strict requirement, wherein how data store to guarantee that its security is one of them major issue.
The safety desktop virtualized environment has local storage and service end storage dual mode in the file storage; With the document data saving in the virtual desktop in this locality, this mode takes full advantage of local resource, but because entity file is kept at this locality, affect the performance of system except needs use high-intensity cryptographic algorithm, also can have because entity file is kept at this locality the risk of leakage of data; File data in the virtual desktop is saved on the long-range remote server in real time, and this mode seriously relies on again the network bandwidth, and is very high to the network communication quality requirements, and for the mode of outer net access, the stability of system's operation and fluency also are difficult to guarantee.
Summary of the invention
Fundamental purpose of the present invention provides a kind of date storage method based on safety desktop and device, is intended to solve the data storage problem in the safety desktop virtualized environment, prevents the data leakage.
The invention discloses a kind of date storage method based on safety desktop, may further comprise the steps:
According to prediction block length, the file that need are stored carries out piecemeal according to byte number, obtains data block;
When described file is redirected, according to the memory location of presetting policing rule and determine each described data block, and described data block is stored in respectively on local terminal and the remote server.
Preferably, describedly determine that according to presetting policing rule the memory location of each described data block comprises:
If described preset policing rule for the restriction network bandwidth or data security require low, then with described data block store the local terminal than being stored in the many of remote server;
If described preset policing rule for limiting network bandwidth or data security require high, then with described data block store remote server than being stored in the many of local terminal.
Preferably, described according to prediction block length, the file of need storages is carried out piecemeal according to byte number comprise:
Offset address and byte number during according to described prediction block length and the storage of described file utilize Hook Function, and described file is carried out piecemeal.
Preferably, described according to prediction block length, the file of need storages is carried out piecemeal according to byte number comprise:
According to described prediction block length and byte number, by carrying out file filter to described file block.
The present invention also discloses a kind of data storage device based on safety desktop, comprising:
The data block acquisition module is used for according to prediction block length, and the file that need are stored carries out piecemeal according to byte number, obtains data block;
The data block store module is used for according to prediction block length, and the file that need are stored carries out piecemeal according to byte number, obtains data block;
Preferably, described data block store module also is used for:
Require when low for the restriction network bandwidth or data security at the described policing rule that presets, with described data block store the local terminal than being stored in the many of remote server;
Require when high for not limiting network bandwidth or data security at the described policing rule that presets, with described data block store remote server than being stored in the many of local terminal.
Preferably, described data block acquisition module also is used for:
Offset address and byte number during according to described prediction block length and the storage of described file utilize Hook Function, and described file is carried out piecemeal.
Preferably, described data block acquisition module also is used for:
According to described prediction block length and byte number, by carrying out file filter to described file block.
The present invention passes through according to prediction block length, and the file that need are stored carries out piecemeal according to byte number, obtains data block; When file is redirected, according to the memory location of presetting policing rule and determine each data block, and data block is stored in respectively method on local terminal and the remote server, has the beneficial effect of taking into account data security in the situation of bandwidth requirement satisfying, effectively prevent the data leakage, improved the security of data.
Description of drawings
Fig. 1 is a kind of concrete application scenarios structural representation of date storage method that the present invention is based on safety desktop;
Fig. 2 is the date storage method one embodiment schematic flow sheet that the present invention is based on safety desktop;
Fig. 3 the present invention is based in the date storage method of safety desktop file is carried out piecemeal one example structure synoptic diagram;
Fig. 4 the present invention is based in the date storage method of safety desktop to carry out data block store one example structure synoptic diagram based on the described piecemeal rule of Fig. 3;
Fig. 5 is the data storage device one example structure synoptic diagram that the present invention is based on safety desktop.
The realization of the object of the invention, functional characteristics and advantage are described further with reference to accompanying drawing in connection with embodiment.
Embodiment
Further specify technical scheme of the present invention below in conjunction with Figure of description and specific embodiment.Should be appreciated that specific embodiment described herein only in order to explain the present invention, is not intended to limit the present invention.
With reference to Fig. 1, Fig. 1 is a kind of concrete application scenarios structural representation of date storage method that the present invention is based on safety desktop; As shown in Figure 1, in the safety desktop virtualized environment, network design and safety desktop are disposed and are consistent, and mainly are made of security gateway, operation system remote server, file system remote server and terminal.The safety desktop virtual environment refers to the virtualized environment that utilization " Sandboxing " realizes in terminal, in this environment, the terminal user conducts interviews to the data file, mainly comprises the establishment of registration, file and modification etc., and these data files all can be encrypted and be carried out re-orientation processes; In addition, in this environment, can also the application programs behavior carry out management and control, forbid the various behaviors that may damage computer system, such as virus or wooden horse etc.Described Sandboxing is also referred to as " sandbox technology ", and it is a kind of Intel Virtualization Technology, processes by data redirection, the file that program generates and revises, is redirected in self file; The data of these changes comprise file data and registry data, and the function by this kind method realization isolation and protection system also realizes between virtual environment and the true environment and the isolation between virtual environment and the virtual environment.
Based on the described safety desktop virtualized environment of Fig. 1, please refer to Fig. 2; Fig. 2 is the date storage method one embodiment schematic flow sheet that the present invention is based on safety desktop; As shown in Figure 2, the date storage method that the present invention is based on safety desktop may further comprise the steps:
Step S01, according to prediction block length, the file of need storages is carried out piecemeal according to byte number, obtain data block;
The file of needs storage is carried out piecemeal according to byte number, and the block length of piecemeal can freely dispose as required; Such as, prediction block length is 8 bytes, needing the file of storage is A; With reference to Fig. 3, Fig. 3 the present invention is based in the date storage method of safety desktop file is carried out piecemeal one example structure synoptic diagram; File A is carried out piecemeal according to the block length of 8 bytes, and the file A behind the piecemeal divides block number with the data block that obtains behind the file A piecemeal with arabic numeral as shown in Figure 3, is convenient to follow-up memory location to this data block and is described.
In a preferred embodiment, the file of storing is carried out piecemeal carry out in different ways according to the different layers at this storage file place; Such as, can carry out piecemeal by writing Hook Function to the file of application layer, in the process of written document hook, according to written document skew and the byte number that writes, calculate and piecemeal; To driving the file of layer, the method that can adopt file filter is carried out piecemeal to the file of needs storage; To the file of bottom, the file that can adopt other modes that needs are stored carries out piecemeal.
It will be appreciated by those skilled in the art that, the date storage method that the present invention is based on safety desktop carries out the mode of piecemeal according to byte number to the file of need storage, can carry out concrete operations according to type and the residing applied environment of file of file, the concrete partitioned mode that the file that present embodiment is stored need carries out piecemeal is not construed as limiting.
Step S02, when described file is redirected, according to the memory location of presetting policing rule and determine each described data block, and described data block is stored in respectively on local terminal and the remote server.
When file is redirected, determine the memory location of each data block according to predefined policing rule.Such as, require most data block to be kept at the local terminal, in order to alleviate the pressure of switching network bandwidth in the low situation in limiting network bandwidth or data security; Network quality is good, bandwidth is abundant and to the high situation of data security requirement under, most data block can be kept on the remote server, thereby guarantee the high security of data, prevent that data message from revealing; Also can be according to actual conditions, set policing rule, such as some certain data block in the file is stored in remote server, and with other a part of data block store in the local terminal.
Data block behind the Divide File is carried out the description of embodiment of separate type storage please in the lump with reference to Fig. 3 and Fig. 4, Fig. 4 the present invention is based in the date storage method of safety desktop to carry out data block store one example structure synoptic diagram based on the described piecemeal rule of Fig. 3; As shown in Figure 3, file A carried out piecemeal after, the data block that obtains is data block 1, data 2 etc.; If the policing rule that sets in advance will be for will be numbered the data block store of odd number in the local terminal, to be numbered the data block store of even number on remote server, then preset policing rule according to this, the data block of correspondence is stored in respectively local terminal and remote server, and final realization design sketch namely as shown in Figure 4.
Those skilled in the art will appreciate that presetting policing rule can set according to concrete application scenarios; Also can set according to the concrete application scenarioss such as degree of secrecy of current network quality, current network bandwidth, file.In addition, data block store to the storage mode on the remote server that need are stored on the remote server can be realized by the file-sharing read-write mode that system self provides, also can realize by other means, the present invention is based on the date storage method of safety desktop the setting means of the partitioned mode of need storage file, policing rule and the data block store storage mode to remote server is not construed as limiting.
Present embodiment passes through according to prediction block length, and the file that need are stored carries out piecemeal according to byte number, obtains data block; When file is redirected, according to the memory location of presetting policing rule and determine each data block, and data block is stored in respectively method on local terminal and the remote server, has the beneficial effect of taking into account data security in the situation of bandwidth requirement satisfying, effectively prevent the data leakage, improved the security of data.
With reference to Fig. 5, Fig. 5 is the data storage device one example structure synoptic diagram that the present invention is based on safety desktop.As shown in Figure 5, the data storage device that the present invention is based on safety desktop comprises: data block acquisition module 01 and data block store module 02.
Data block acquisition module 01 is used for according to prediction block length, and the file that need are stored carries out piecemeal according to byte number, obtains data block.
The file that data block acquisition module 01 will need to store carries out piecemeal according to byte number, and the block length of piecemeal can freely dispose as required; Such as, prediction block length is 8 bytes, needing the file of storage is A; With reference to Fig. 3, Fig. 3 the present invention is based in the date storage method of safety desktop file is carried out piecemeal one example structure synoptic diagram; 01 couple of file A of data block acquisition module carries out piecemeal according to the block length of 8 bytes, file A behind the piecemeal as shown in Figure 3, divide block number with the data block that obtains behind the file A piecemeal with arabic numeral, be convenient to follow-up memory location to this data block and be described.
In a preferred embodiment, the file of 01 pair of storage of data block acquisition module carries out piecemeal and carries out in different ways according to the different layers at this storage file place; Such as, the file of 01 pair of application layer of data block acquisition module can carry out piecemeal by writing Hook Function, in the process of written document hook, according to the byte number that written document is offset and writes, calculates and piecemeal; 01 pair of data block acquisition module drives the file of layer, and the method that can adopt file filter is carried out piecemeal to the file of needs storage; The file of 01 pair of bottom of data block acquisition module, the file that can adopt other modes that needs are stored carries out piecemeal.
It will be appreciated by those skilled in the art that, the present invention is based in the data storage device of safety desktop, 01 pair of data block acquisition module needs the file of storage to carry out the mode of piecemeal according to byte number, can carry out concrete operations according to type and the residing applied environment of file of file, the concrete partitioned mode that the file that present embodiment is stored need carries out piecemeal is not construed as limiting.
Data block store module 02 is used for according to prediction block length, and the file that need are stored carries out piecemeal according to byte number, obtains data block.
Data block store module 02 is determined the memory location of each data block according to predefined policing rule when file is redirected.Such as, requiring in the low situation in limiting network bandwidth or data security, data block store module 02 can be kept at the local terminal with most data block, in order to alleviate the pressure of switching network bandwidth; Network quality is good, bandwidth is abundant and to the high situation of data security requirement under, data block store module 02 can be kept at most data block on the remote server, thereby guarantees the high security of data, prevents that data message from revealing; Data block store module 02 also can be according to actual conditions, set policing rule, such as some certain data block in the file is stored in remote server, and with other a part of data block store in the local terminal.
Data block behind the Divide File is carried out the description of embodiment of separate type storage please in the lump with reference to Fig. 3 and Fig. 4, Fig. 4 the present invention is based in the date storage method of safety desktop to carry out data block store one example structure synoptic diagram based on the described piecemeal rule of Fig. 3; As shown in Figure 3, after 01 couple of file A of data block acquisition module carried out piecemeal, the data block that obtains was data block 1, data 2 etc.; If the policing rule that sets in advance will be for will be numbered the data block store of odd number in the local terminal, to be numbered the data block store of even number on remote server, then data block store module 02 presets policing rule according to this, the data block of correspondence is stored in respectively local terminal and remote server, and final realization design sketch namely as shown in Figure 4.
Those skilled in the art will appreciate that presetting policing rule can set according to concrete application scenarios; Also can set according to the concrete application scenarioss such as degree of secrecy of current network quality, current network bandwidth, file.In addition, data block store module 02 can realize data block store to the storage mode on the remote server that need are stored on the remote server by the file-sharing read-write mode that system self provides, can realize by other means that also the present invention is based on 01 pair of data block acquisition module in the data storage device of safety desktop needs the setting means of partitioned mode, 02 pair of policing rule of data block store module of storage file and data block store to the storage mode of remote server to be not construed as limiting.
Present embodiment passes through according to prediction block length, and the file that need are stored carries out piecemeal according to byte number, obtains data block; When file is redirected, according to the memory location of presetting policing rule and determine each data block, and data block is stored in respectively on local terminal and the remote server, has the beneficial effect of taking into account data security in the situation of bandwidth requirement satisfying, effectively prevent the data leakage, improved the security of data.
Those skilled in the art will appreciate that based on the date storage method of safety desktop and device also can be used in other application programs that need to store data, be not limited only to the virtualized environment of safety desktop.
The above only is the preferred embodiments of the present invention; be not so limit its claim; every equivalent structure or equivalent flow process conversion that utilizes instructions of the present invention and accompanying drawing content to do; directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.
Claims (8)
1. the date storage method based on safety desktop is characterized in that, may further comprise the steps:
According to prediction block length, the file that need are stored carries out piecemeal according to byte number, obtains data block;
When described file is redirected, according to the memory location of presetting policing rule and determine each described data block, and described data block is stored in respectively on local terminal and the remote server.
2. the method for claim 1 is characterized in that, describedly determines that according to presetting policing rule the memory location of each described data block comprises:
If described preset policing rule for the restriction network bandwidth or data security require low, then with described data block store the local terminal than being stored in the many of remote server;
If described preset policing rule for limiting network bandwidth or data security require high, then with described data block store remote server than being stored in the many of local terminal.
3. the method for claim 1 is characterized in that, and is described according to prediction block length, the file of need storages carried out piecemeal according to byte number comprise:
Offset address and byte number during according to described prediction block length and the storage of described file utilize Hook Function, and described file is carried out piecemeal.
4. such as claim 1 or 3 described methods, it is characterized in that, described according to prediction block length, the file of need storages is carried out piecemeal according to byte number comprise:
According to described prediction block length and byte number, by carrying out file filter to described file block.
5. the data storage device based on safety desktop is characterized in that, comprising:
The data block acquisition module is used for according to prediction block length, and the file that need are stored carries out piecemeal according to byte number, obtains data block;
The data block store module is used for according to prediction block length, and the file that need are stored carries out piecemeal according to byte number, obtains data block.
6. device as claimed in claim 5 is characterized in that, described data block store module also is used for:
Require when low for the restriction network bandwidth or data security at the described policing rule that presets, with described data block store the local terminal than being stored in the many of remote server;
Require when high for not limiting network bandwidth or data security at the described policing rule that presets, with described data block store remote server than being stored in the many of local terminal.
7. device as claimed in claim 5 is characterized in that, described data block acquisition module also is used for:
Offset address and byte number during according to described prediction block length and the storage of described file utilize Hook Function, and described file is carried out piecemeal.
8. such as claim 5 or 7 described devices, it is characterized in that described data block acquisition module also is used for:
According to described prediction block length and byte number, by carrying out file filter to described file block.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210490533.3A CN102999728B (en) | 2012-11-27 | 2012-11-27 | Based on date storage method and the device of safety desktop |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210490533.3A CN102999728B (en) | 2012-11-27 | 2012-11-27 | Based on date storage method and the device of safety desktop |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102999728A true CN102999728A (en) | 2013-03-27 |
| CN102999728B CN102999728B (en) | 2016-01-20 |
Family
ID=47928283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210490533.3A Active CN102999728B (en) | 2012-11-27 | 2012-11-27 | Based on date storage method and the device of safety desktop |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102999728B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008330B (en) * | 2014-05-23 | 2017-06-27 | 武汉华工安鼎信息技术有限责任公司 | Based on file is centrally stored and anti-data-leakage system of isolation technology and its method |
| CN113378202A (en) * | 2021-06-29 | 2021-09-10 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
| US11606432B1 (en) * | 2022-02-15 | 2023-03-14 | Accenture Global Solutions Limited | Cloud distributed hybrid data storage and normalization |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299960A (en) * | 2011-08-22 | 2011-12-28 | 盛乐信息技术(上海)有限公司 | Peer-to-peer (P2P) technology-based network file system and method |
| US20120226869A1 (en) * | 2010-03-31 | 2012-09-06 | Hitachi Solutions, Ltd. | File server apparatus, management method of storage system, and program |
-
2012
- 2012-11-27 CN CN201210490533.3A patent/CN102999728B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120226869A1 (en) * | 2010-03-31 | 2012-09-06 | Hitachi Solutions, Ltd. | File server apparatus, management method of storage system, and program |
| CN102299960A (en) * | 2011-08-22 | 2011-12-28 | 盛乐信息技术(上海)有限公司 | Peer-to-peer (P2P) technology-based network file system and method |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008330B (en) * | 2014-05-23 | 2017-06-27 | 武汉华工安鼎信息技术有限责任公司 | Based on file is centrally stored and anti-data-leakage system of isolation technology and its method |
| CN113378202A (en) * | 2021-06-29 | 2021-09-10 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
| CN113378202B (en) * | 2021-06-29 | 2022-05-03 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
| US11606432B1 (en) * | 2022-02-15 | 2023-03-14 | Accenture Global Solutions Limited | Cloud distributed hybrid data storage and normalization |
| US11876863B2 (en) * | 2022-02-15 | 2024-01-16 | Accenture Global Solutions Limited | Cloud distributed hybrid data storage and normalization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102999728B (en) | 2016-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9098325B2 (en) | Persistent volume at an offset of a virtual block device of a storage server | |
| CN107038128B (en) | Virtualization of execution environment, and access method and device of virtual execution environment | |
| CN102402487B (en) | Zero copy message reception method and system | |
| US9946467B2 (en) | Data storage method and electronic device | |
| US20140223576A1 (en) | Method and System for Improving the Data Security of Cloud Computing | |
| US10877903B2 (en) | Protected memory area | |
| CN110837479B (en) | Data processing method, related equipment and computer storage medium | |
| CN106326751B (en) | One kind can channel system and its implementation | |
| CN101520743A (en) | Data storage method, system and device based on copy-on-write | |
| CN104035891A (en) | Android mobile terminal data security protection system | |
| AU2018391625A1 (en) | Re-encrypting data on a hash chain | |
| CN103425605A (en) | Solid-state disk power failure protection and quick start method and system | |
| CN102999728B (en) | Based on date storage method and the device of safety desktop | |
| CN104463020A (en) | Method for protecting data integrity of memory | |
| CN103309819A (en) | Embedded system and safety managing method for internal storage thereof | |
| US10474570B2 (en) | Flashware usage mitigation | |
| WO2017114103A1 (en) | Method and apparatus for processing cloud encryptor | |
| CN107562514B (en) | Physical memory access control and isolation method | |
| JP2010055548A (en) | Switching device and copy control method | |
| CN105512091A (en) | Memory allocation method and device | |
| CN104954452A (en) | Dynamic cipher card resource control method in virtualization environment | |
| CN104123371A (en) | Transparent Windows kernel file filtering method based on hierarchical file system | |
| CN102495987A (en) | Method and system for local confidence breach preventing access to electronic information | |
| CN105262796A (en) | Cloud platform storage resource management system and disposition framework thereof | |
| CN104408377A (en) | Evidence data hidden storage method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: Nanshan District Xueyuan Road in Shenzhen city of Guangdong province 518000 No. 1001 Nanshan Chi Park building A1 layer Patentee after: SINFOR Polytron Technologies Inc Address before: 518052 room 410-413, science and technology innovation service center, No. 1 Qilin Road, Shenzhen, Guangdong, China Patentee before: Shenxinfu Electronics Science and Technology Co., Ltd., Shenzhen |
|
| CP03 | Change of name, title or address |