Background technology
USB flash disk (USB Flash Disk), full name USB flash memory driver, be a kind of miniature high power capacity mobile storage product without phisical drive that uses USB interface, by USB interface, with computer, is connected, and realizes plug and play.Because USB flash disk has small and exquisite portable, the characteristics such as memory capacity is large, speed is fast, volume is little, in daily life and work, obtain applying more and more widely.
Common U disk is a transparent mobile memory medium equipment, to the access of data, without any access control, as long as have the access side of USB interface, can unhinderedly use.Therefore USB flash disk, bringing to people easily simultaneously, has also brought a major issue: information-leakage.
The reason of USB flash disk information-leakage mainly comprises: because the user arbitrarily copies by USB flash disk the leakage that software, file or other data cause individual or enterprise's confidential information, and the one of the main reasons of information-leakage Internet era that this mode having become.
Also there are at present some solutions or product to solve these problems; such as the modes such as encrypted U disk, fingerprint, password, authority are protected data message by secure way; but these solutions are after the illegal user of USB flash disk obtains legal password or authority; or can be copied the data in USB flash disk and be shifted, still can be caused the leakage of data message.
Encrypted U disk, encrypted U disk comprises hardware encipher and two kinds of technology of software cryptography, and hardware-based cryptographic generally is encrypted by the main control chip of USB flash disk, and level of security is high, is not easy to be cracked, cost is higher; Software is by external service end or embedded software operation, and the USB flash disk file is encrypted, and security is different because of work, and cost is relatively low.
The USB flash disk encryption lock of Elite series is safe U disc encryption lock products of deep thinking Lip river, Beijing gram research and development; corresponding network address is http://www.sense.com.cn/product_4.html, wherein discloses in detail design parameter performance and the principle of work of the Elite series USB flash disk encryption lock software protecting equipment of the applicant's exploitation.This series USB flash disk encryption lock is the security product of integrated flash memory function on the basis of smart card techniques, the USB flash disk encryption lock had both possessed the repertoire of encryption lock, simultaneously integrated a large amount of memory functions, be equivalent to an encryption lock and USB flash disk are packaged together, there is strong security, rapid communication, do not interfere with each other, the feature that reliability is high.The core security chip that the USB flash disk encryption lock adopts is based on the high safety grade CC EAL5+ design in the whole world, and the USB flash disk part can realize minute Division of difference in functionality, for example: virtual CDROM, password memory block, API Calls private area.Products characteristics: hardware is not reproducible; The programming of support standard C language, software code can " be transplanted " in encryption lock; The telesecurity of safe and convenient is controlled function, fast data in the remote update encryption lock; The security algorithm of built-in standard (RSA, AES, DES and 3DES, SHA-1); USB flash disk can be realized the flexible Application of the multi partitions such as CDROM, password area, hidden area, general memory area.
USB flash disk in the USB flash disk encryption lock partly comprises four subregions:
The CD-ROM:CD-ROM subregion is mainly used in depositing system data (file), or is used for software publishing by this subregion substitute disc;
Public area: the similar common U disk in open memory block has memory function;
Hidden area: do not show on computers drive, can't directly access the data that read wherein, for the protection of private data.
Executable program/file (EXE File) is a kind of program that can directly move of the location of can floating in operating system space.In MS-DOS and MS-Windows operating system, executable program refers to that file suffixes is called the file of .exe .com .bat.
In other operating systems, the file suffixes name of executable program can be different, but it does not affect the application of USB flash disk encryption lock in these operating systems, because this instructions is only the exemplary description to content of the present invention, rather than restriction, those skilled in the art is content according to the present invention, can the executable program in other operating system similarly be operated and process fully, its implementation procedure and MSDOS, implementation procedure in the WINDOWS system is similar, for for simplicity, because this instructions is described in detail process of the present invention and device, therefore the application for the USB flash disk encryption lock under other operating system no longer is described in greater detail.
Summary of the invention
In view of this, the invention provides the method and system of executable program anti-copy in a kind of USB flash disk encryption lock, to solve the security hidden trouble that in memory device, data message is easily revealed.
The invention provides the system of executable program anti-copy in a kind of USB flash disk encryption lock, described system comprises:
Setting device and USB flash disk encryption lock,
Described setting device, be arranged in main frame, and described main frame is connected with described USB flash disk encryption lock by interface; Described setting device is for being set to the data content of executable program the hidden area of USB flash disk encryption lock, and mapping icon that will be corresponding with described executable program is set in the public area of USB flash disk encryption lock;
Described USB flash disk encryption lock, at least comprise public area and hidden area, for the data content of stores executable programs and the mapping icon corresponding with described executable program, and for the executive software defencive function.
According to an aspect of the present invention, in described USB flash disk encryption lock, also comprise:
Supervising device, for monitoring described in the USB flash disk encryption lock corresponding with described the executable program double-click of mapping graph target or "enter" key", operate the public area in, and, according to double-clicking or executable program data content corresponding with described mapping icon in hidden area is read described in the USB flash disk encryption lock in the "enter" key" operation, load also and carry out executable program in the debugger mode.
According to an aspect of the present invention, described in the executable program data content of hidden area described in described USB flash disk encryption lock and described USB flash disk encryption lock between the mapping icon of public area, be mapping relations one to one.
According to an aspect of the present invention, described setting device has the shell of adding function, after described executable program is added to shell, again the data content of executable program is set in the hidden area of USB flash disk encryption lock, and mapping icon that will be corresponding with described executable program is set in the public area of USB flash disk encryption lock.
According to an aspect of the present invention, described setting device has encryption function, for the some or all of critical data to executable program or described executable program, by cryptographic algorithm, be encrypted, and then write the hidden area in the USB flash disk encryption lock, when reading, the more described executable program through encryption or the some or all of critical data in described executable program are decrypted.
According to an aspect of the present invention, described cryptographic algorithm comprises symmetric encipherment algorithm or rivest, shamir, adelman, and wherein cryptographic algorithm comprises AES, DES, TDES; Asymmetric arithmetic comprises RSA, ECC.
According to an aspect of the present invention, when the USB flash disk encryption lock is connected by interface with main frame, described supervising device moves automatically.
According to another aspect of the present invention, the method of executable program anti-copy in a kind of USB flash disk encryption lock is provided, be provided with setting device in main frame, described main frame is connected with described USB flash disk encryption lock by interface, there is hidden area and public area in described USB flash disk encryption lock, have supervising device in described public area, described method comprises the steps:
Step 1: by described setting device, executable program is write to the hidden area in the USB flash disk encryption lock, generate the mapping icon corresponding with executable program in the public area of USB flash disk encryption lock;
Step 2: the USB flash disk encryption lock set is connected with main frame, automatically moves the supervising device in the USB flash disk encryption lock;
Step 3: described supervising device automatic monitoring user is double-clicked for described mapping icon or the operation of "enter" key";
Step 4: described supervising device according to described mapping icon and with it the mapping relations of corresponding executable program read the data content of executable program corresponding with described mapping icon in described hidden area;
Step 5: described supervising device loads the data content of described executable program, then in the debugger mode, moves described executable program.
The present invention is stored in routine data in USB flash disk encryption lock hidden area, the mapping icon is only deposited in public area, while double-clicking the public area icon, supervising device is from the hidden area reading out data, then with the debud mode operation, Program data of the present invention are stored in hidden area and rely on supervising device and carry out, and can't outwards copy, and supervising device moves with debud mode, can prevent internal memory DUMP.By method provided by the present invention, the program that can prevent the caused leakage of data that is copied, increase debugging and crack difficulty, improves security.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
Fig. 1 is the device cut-away view according to a preferred embodiment of the present invention.
As shown in Figure 1, in order more clearly to show content of the present invention, the USB flash disk encryption lock in Fig. 1 has only shown public area and hidden area, does not draw CDROM subregion and executable program/file.
As shown in Figure 1, stored the icon of a plurality of programs in public area.In Fig. 1, with the form mark of program 1 icon, program 2 icons, program 3 icons, program N icon, it corresponds respectively to program 1, program 2, program N.
In addition, also there is supervising device in public area.
According to one embodiment of present invention, supervising device is that software form realizes.The software program that supervising device is built-in USB flash disk encryption lock, for the self-starting state, just be connected with main frame when the USB flash disk encryption lock and automatically start, be mainly used in monitoring the action of mouse double-click or keyboard "enter" key" USB flash disk encryption lock public area program icon, and reading corresponding USB flash disk encryption lock hidden area executable program data content according to the mapping relations of the program icon of user operation, the loading data content is also moved executable program in the debugger mode.As shown in Figure 1, program 1 icon and hidden area Program 1 data content in public area have the mapping corresponding relation, supervising device monitors double-click or the "enter" key" action of program 1 icon, according to mapping relations, read hidden area Program 1 data content, load module 1 data content, and move executable program 1 in the debugger mode.
But those skilled in the art is appreciated that fully, supervising device fully can be according to actual user demand, realize the function of supervising device with various ways such as hardware chip, hardware integration circuit, embedded chip, firmwares, it pays performing creative labour without those skilled in the art, therefore the form that supervising device is realized as software module is only a kind of exemplary embodiment of the present invention, and is not to a kind of restriction of the present invention.The supervising device of the implemented in many forms such as above-mentioned hardware chip, hardware integration circuit, embedded chip, firmware is all in protection scope of the present invention.
As shown in Figure 1, stored the data content of a plurality of programs in hidden area.In Fig. 1, with the form mark of program 1 data content, program 2 data contents, program 3 data contents, program N data content, it corresponds respectively to program 1, program 2, program N.
The invention provides the method and system of executable file anti-copy in a kind of USB flash disk encryption lock.At first the present invention is separately positioned on program and program mapping icon (form with program icon in Fig. 1 is indicated) in USB flash disk encryption lock hidden area and public area by setting device, supervising device in the USB flash disk encryption lock with main frame (such as, the PC or the server host that by USB interface, with the USB flash disk encryption lock, are connected) just operation automatically while being connected, the double-click of the program icon of the inner public area of monitoring USB flash disk encryption lock or press the "enter" key" Action Events, after monitoring double-click or "enter" key" Action Events, read the corresponding executable program data content in hidden area according to program icon and the mapping relations of program, then load the executable program data content by supervising device, after loading completes, supervising device is carried out executable program in the debugger mode.
According to one embodiment of present invention, described setting device is Software tool module (wherein meaning so that instrument to be set in Fig. 2-Fig. 4), and it is arranged in PC or server host.Described setting device comprises write-in functions; at first it select the executable program that will protect; then the executable program that will protect is written in the hidden area of USB flash disk encryption lock; generate program icon corresponding to executable program simultaneously in the USB flash disk encryption lock, between the executable program data of wherein depositing in program icon and hidden area, corresponding relation is arranged.
As shown in Figure 2, Fig. 2 is the overall flow schematic diagram according to a preferred embodiment of the present invention.
Step 1: setting device writes USB flash disk encryption lock hidden area by executable program, generates the program icon of executable program mapping in USB flash disk encryption lock public area;
Step 2: the USB flash disk encryption lock set is connected with user's PC or server host, automatically the supervising device in the operation lock;
Supervising device automatic monitoring user in step 3:U dish encryption lock double-clicks or presses the operation of "enter" key" program icon;
Step 4: supervising device monitor double-click or the "enter" key" operation after, read according to the mapping relations of program icon and program that program icon in hidden area shines upon the executable program data message;
Step 5: supervising device loads the executable program data message, and after having loaded, supervising device is carried out executable program in the debugger mode.
Program of the present invention and program mapping icon have one-to-one relationship, and the setting of corresponding relation at least comprises following several method:
1. after setting device writes the hidden area of USB flash disk encryption lock by program, an icon can be set in USB flash disk encryption lock public area, this icon is one to one with the routine data that writes hidden area, icon class is like shortcut, and in icon path or reference position mapping hidden area the particular location path of executable program data.When the user double-clicks this icon, supervising device can read corresponding executable program data content by the mapping path of icon in hidden area;
2. setting device, in setting program and program icon, can generate the mapping relations table of a program and program icon, the correspondence mappings relation that title, path of having listed program and program icon in the mapping relations table etc. can identify.This mapping table can be stored in public area or hidden area.After supervising device monitors the double-click event or "enter" key" operation of program icon, read mapping table, according to routine data positional information corresponding to information searching such as program icon title or paths, then read and load the corresponding executable program data content in hidden area.
According to an aspect of the present invention, when in said method 2, mapping table is stored in public area and/or hidden area, for security consideration, can adopt cryptographic algorithm to be encrypted data, be decrypted when reading out data.
According to an embodiment of the invention, described encryption lock algorithm comprises symmetry algorithm or asymmetric arithmetic, and wherein symmetry algorithm comprises AES, DES, TDES; Asymmetric arithmetic comprises RSA, ECC etc.
In the present invention, supervising device is positioned at USB flash disk encryption lock inside, for monitoring double-click or the "enter" key" operational motion of executable program icon in USB flash disk encryption lock public area, and read the corresponding executable program data of shining upon in hidden area according to double-click action or "enter" key" operation, load and carry out executable program.
According to an embodiment of the invention, described supervising device is automatic running status, just operation automatically when the USB flash disk encryption lock inserts host interface.
In the present invention, write the executable program data message of hidden area with block storage separately separately.
In the present invention, setting device can also integratedly add the shell instrument or have the shell of adding function, setting device is when arranging executable program and program icon, data itself to program are added shell, and then the program that will add after shell writes in the hidden area of USB flash disk encryption lock, can improve security.For a person skilled in the art, encryption technology belongs to known technology, without describing in detail again.
In the present invention, for improving security, can also carry out the encryption and decryption operation to program or program critical data by setting device.
In the present invention, setting device Lookup protocol program and program icon, the user also can arrange manually voluntarily, according to an embodiment of the invention, such as the icon of setting program voluntarily.
Embodiment 1
The executable program that will protect in the present embodiment is the file of suffix with the .exe ending, and memory device is the USB flash disk encryption lock.According to content of the present invention, a kind of method of anti-copy of executable program is provided, as shown in Figure 3, wherein in Fig. 3, setting device means so that instrument to be set, concrete steps comprise:
1. by setting device, executable program information is written to USB flash disk encryption lock hidden area automatically;
2. generate the program icon of executable program position, path mapping in USB flash disk encryption lock public area;
3. while using, the USB flash disk encryption lock set is inserted to the main frame USB interface, the supervising device in lock starts operation automatically;
4. supervising device comes supervisory user double-click or hit program icon by "enter" key" by monitoring mouse or keyboard action;
5. supervising device reads the executable program data message of hidden area internal program icon mapping according to the program icon of double-click or "enter" key" and mapping position, the path relation of program;
6. supervising device loads the executable program data message, with debud mode operation executable program.
Embodiment 2
The executable program that will protect in the present embodiment is the file of suffix with the .bat ending, and memory device is the USB flash disk encryption lock.According to content of the present invention, a kind of method of anti-copy of executable program is provided, as shown in Figure 4, wherein in Fig. 4, setting device means so that instrument to be set, concrete steps comprise:
1. search the executable program of .bat by setting device, executable program is write to USB flash disk encryption lock hidden area;
2. setting device generates the program icon of a similar shortcut at USB flash disk encryption lock public area correspondence executable program;
3. setting device generates an executable program data content position and program icon mapping table one to one in hidden area, in mapping table, can search the Data Position in corresponding hidden area, program place according to identification information (as Custom Number, title or position);
4. the USB flash disk encryption lock set is inserted to the main frame USB interface, the supervising device in lock starts operation automatically;
5. the double-click of supervising device supervisory user or hit program icon are pressed the "enter" key" operation;
6. supervising device is searched corresponding with it routine data information position according to the identification informations such as program icon title of double-click or "enter" key" from mapping table;
7. supervising device reads the executable program data message that icon is corresponding according to mapping table in hidden area;
8. supervising device loads the executable program data message, with debud mode operation executable program.
In addition, according to one embodiment of present invention, the usb protocol that the USB flash disk encryption lock adopts is USB 2.0.But those skilled in the art is clear, usb protocol comprises a lot of versions, and the present invention is equally applicable to the usb protocol of other versions, includes but not limited to USB 1.1, USB 2.5, USB 3.0.
In addition, in other operating systems, the file suffixes name of executable program can be different, but it does not affect the application of USB flash disk encryption lock in these operating systems, because this instructions is only the exemplary description to content of the present invention, rather than restriction, those skilled in the art is content according to the present invention, can the executable program in other operating system similarly be operated and process fully, its implementation procedure and MSDOS, implementation procedure in the WINDOWS system is similar, can't be for for simplicity, because this instructions is described in detail process of the present invention and device, therefore this instructions no longer is described in greater detail for processing and the use-pattern of the USB flash disk encryption lock under other operating system.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.