CN103729601B

CN103729601B - The safe interacted system of data and data safety mutual contact construction in a systematic way cube method

Info

Publication number: CN103729601B
Application number: CN201210384083.XA
Authority: CN
Inventors: 汪家祥; 杨潇
Original assignee: Zhongtian Aetna (beijing) Information Technology Co Ltd
Current assignee: The safe and sound Information Technology Co., Ltd in sky in Beijing
Priority date: 2012-10-11
Filing date: 2012-10-11
Publication date: 2016-08-03
Anticipated expiration: 2032-10-11
Also published as: CN103729601A

Abstract

The present invention provides the method for building up of the safe interacted system of a kind of data, including: step 1, calculating equipment send registration request to registrar；Step 2, registrar send inquiry message to the equipment of calculating, inquire whether this calculating equipment agrees to the data taken over operated by this calculating equipment by safety storage apparatus and access, or inquire whether this calculating equipment is agreed to dispose secure storage method of data and data safe reading method；Step 3, the equipment that calculates send response message to registrar；Described response message is checked with step 4, registrar；If this response is for disagreeing adapter, registrar refuses the registration request of this calculating equipment, terminates method for building up；If this response is for agreeing to adapter, registrar disposes secure storage method of data and read method on the computing device, and registrar is this calculating deployed with devices safety storage apparatus, and is added in the register list on registrar by this calculating equipment.

Description

The safe interacted system of data and data safety mutual contact construction in a systematic way cube method

Technical field

The present invention relates to computer safety field, particularly relate to a kind of safe interacted system of data and method for building up thereof.

Background technology

Existing electronic information security field includes security of system, data safety and three sub-fields of equipment safety.

In data security arts, general following three technology is used to guarantee data safety: (1) data content safe practice, including data ciphering and deciphering technology and end-to-end data encryption technology, ensure that data content in storage and transmitting procedure is not illegally read；(2) data safe transfer technology, including preventing from illegally copying, printing or other output, ensures that data are in the safety used and in transfer process；(3) network interrupter technique, blocks including network physical and arranges the technology such as network barrier.

According to correlation analysis, all harm currently for computer the most effectively detect ability at most about 50%；Due to above-mentioned technology scarce capacity when tackling computer inner core virus, wooden horse, Loopholes of OS, system backdoor and artificially divulging a secret, the most any calculating equipment (such as computer, handheld communication devices etc.) all there may be malicious code.Once malicious code enters terminal system, and above-mentioned encryption technology, anti-copy technology and network interrupter technique are in this case by ineffective.Existing hacking technique can utilize system vulnerability or system backdoor penetrate above-mentioned safe practice and implant malicious code, and utilizes malicious code to obtain user data.Above-mentioned technology more cannot take precautions against actively or passively divulging a secret of concerning security matters personnel, and such as, internal staff can carry storage device, downloads required data and takes away storage device, cause inside to be divulged a secret from internal network or terminal；The most such as, calculating equipment can directly be taken away by internal staff.

To sum up, anti-copy technology cannot ensure that classified information is not illegally stored in terminal.Cannot guarantee that classified information is not lost based on network filtering.Concerning security matters personnel can be caused divulged a secret by malicious code or malice instrument, it is also possible to because secrecy-involved apparatus or out of control the causing of storage medium are divulged a secret.

Summary of the invention

It is an object of the invention to provide a kind of safe interacted system of data and method for building up thereof, improve Information Security.

According to one aspect of the invention, it is provided that the method for building up of the safe interacted system of a kind of data, including:

Step 1, calculating equipment send registration request to registrar；

Step 2, registrar send inquiry message to the equipment of calculating, inquire whether this calculating equipment agrees to the data taken over operated by this calculating equipment by safety storage apparatus and access, or inquire whether this calculating equipment is agreed to dispose secure storage method of data and data safe reading method；

Step 3, the equipment that calculates send response message to registrar；With

Step 4, registrar check described response message；

If this response is for disagreeing adapter, registrar refuses the registration request of this calculating equipment, terminates method for building up；

If this response is for agreeing to adapter, registrar disposes secure storage method of data and read method on the computing device, and registrar is this calculating deployed with devices safety storage apparatus, and is added in the register list on registrar by this calculating equipment；

Wherein, secure storage method of data includes:

Step a1, reception hardware instruction；

Step a2, analyze described hardware instruction；

If the described hardware instruction of step a3 is storage instruction, the destination address revised in described storage instruction is the corresponding storage address on described safety storage apparatus；With

Step a4, amended storage instruction is sent to hardware layer；

Wherein, data safe reading method includes:

Step b1, reception hardware instruction；

Step b2, analyze described hardware instruction；

If the described hardware instruction of step b3 is to read instruction, obtain the source address read in instruction；

Step b4, search the first mapped bitmap, and read the reading address in instruction according to the data modification of the first mapped bitmap；Described first mapped bitmap is for representing whether the data of locally stored address are dumped to described safety storage apparatus；With

Step b5, amended reading instruction is sent to hardware layer.

Optionally, after step a3, secure storage method of data also includes:

Update the position that described in the first mapped bitmap, destination address is corresponding；

The first mapped bitmap being updated over is synchronized to described safety storage apparatus, saves as the second mapped bitmap；Described second mapped bitmap is for representing whether the data of locally stored address are dumped to described safety storage apparatus.

Optionally, before step a1, secure storage method of data also includes:

Set up the communication of calculating equipment and described safety storage apparatus；

The second mapped bitmap on described safety storage apparatus is synchronized to described calculating equipment, saves as the first mapped bitmap.

Optionally, before step b4, data safe reading method also includes:

Optionally, in step a1 and b1, described hardware instruction is from hardware mapping layer.

Optionally, in step 4, instruction recombination method when registrar disposes operation the most on the computing device, during this operation, instruction recombination method includes:

Step c1, cache instruction running environment；

Step c2, obtain machine instruction fragment to be scheduled；Before the last item instruction of the machine instruction fragment of described acquisition, insert the second jump instruction, the entry address of described second jump instruction directional order restructuring platform, generate restructuring instruction fragment；The value of the address register in the instruction operation environment of described caching is revised as the address of restructuring instruction fragment；

Step c3, recover described instruction operation environment；The value of the address register in described instruction operation environment is amended value.

Step d1, cache instruction running environment；

Step d2, from first storage position read destination address, according to destination address obtain machine instruction fragment to be scheduled；The last item instruction of machine instruction fragment to be scheduled is the first jump instruction；

Step d3, preserve the destination address of the first jump instruction in the first storage position；

Step d4, the first jump instruction is replaced with the second jump instruction, generate and there is two address restructuring instruction fragment；The entry address of described second jump instruction directional order restructuring platform；With

Step d5, recover described instruction operation environment, and jump to the second address and continue executing with.

Step e1, cache instruction running environment；

Step e2, the address obtaining the jump instruction preserved in stack and parameter, calculate next instruction address that will run, and this address is the first address；

Step e3, according to the first address acquisition machine instruction to be dispatched fragment；Wherein, the last item instruction of machine instruction fragment to be dispatched is the first jump instruction；

Step e4, to replace the first jump instruction be pop down instruction, records address and the operand of the first jump instruction in pop down instructs；

Step e5, after pop down instructs, add the second jump instruction, generate and there is two address restructuring instruction fragment；The entry address of described second jump instruction directional order restructuring platform；With

Step e6, recover described instruction operation environment, and jump to the second address and continue executing with.

According to a further aspect of the present invention, it is provided that a kind of be applied to the data access method of the safe interacted system of data that said method is set up, including:

Step 1, the first calculating equipment calculate equipment to second and send access request；

Step 2, the second calculating equipment send secure address inquiry message to registrar, inquire whether described first calculating equipment is secure address；

Step 3, registrar calculate equipment to second and send secure address response message, inform whether this first calculating equipment is secure address；

If step 4 obtains the response message of affirmative, second calculates equipment reads corresponding data according to access request, and reading process is described data safe reading method；If obtaining the response message of negative, the second calculating equipment ignores described access request；With

Step 5, the second calculating equipment calculate equipment to first and send access response.

Optionally, described data access method the most also includes:

If step 6 first calculating equipment needs to preserve data, then preserve data according to described secure storage method of data.

According to a further aspect of the present invention, it is provided that a kind of data safety mutual contact construction in a systematic way is vertical and data access method, including:

Step 2, the second calculating equipment calculate equipment to first and send deployment inquiry, whether the first calculating equipment of inquiring agrees to dispose secure storage method of data and data safe reading method, or whether inquiry the first calculating equipment is agreed to take over operated by this first calculating equipment by safety storage apparatus and the data of access；

Step 3, the first calculating equipment calculate equipment to second and send deployment response；

Step 4, the second calculating equipment check described deployment response；

If disposing response is to disagree deployment, second calculates the access request of equipment refusal the first calculating equipment, terminates described method；

If disposing response is to agree to dispose, second calculates equipment calculates its upper side administration's secure storage method of data and read method first, second calculating equipment is first calculating deployed with devices the first safety storage apparatus, and is added in the register list of the second calculating equipment by the first calculating equipment；

Step 5, the second calculating safe read method of equipment utilization read, from the second safety storage apparatus of its correspondence, the data that the first calculating equipment needs；With

Step 6, the second calculating equipment calculate equipment to first and send access response；

Wherein, secure storage method of data includes:

Step a1, reception hardware instruction；

Step a2, analyze described hardware instruction；

If the described hardware instruction of step a3 is storage instruction, the destination address revised in described storage instruction is the corresponding storage address on safety storage apparatus；With

Step a4, amended storage instruction is sent to hardware layer；

Wherein, data safe reading method includes:

Step b1, reception hardware instruction；

Step b2, analyze described hardware instruction；

Step b5, amended reading instruction is sent to hardware layer.

Optionally, described data safety mutual contact construction in a systematic way is vertical and data access method also includes after step 6:

If step 7 first calculating equipment needs to preserve data, first calculates equipment utilization secure storage method of data is saved in the access data obtained in the first safety storage apparatus of its correspondence.

Optionally, after step a3, secure storage method of data also includes:

Optionally, before step a1, secure storage method of data also includes:

Optionally, before step b4, data safe reading method also includes:

Optionally, in step 4, second calculates equipment also calculates instruction recombination method when its upper side administration runs first, and during this operation, instruction recombination method includes:

Step c1, cache instruction running environment；

Step d1, cache instruction running environment；

Step e1, cache instruction running environment；

Optionally, described data safety mutual contact construction in a systematic way is vertical and data access method also includes between step 1 and step 2:

Step f1, the second computing terminal send to dispose to the first computing terminal and check message, and this message has deployed secure storage method of data and data safe reading method for checking on the first computing terminal；

Step f2, the first computing terminal send to dispose to the second computing terminal and check feedback message；With

According to this deployment, step f3, the second computing terminal check that feedback message determines the deployable state of the first computing terminal: if be deployed, be then added on by the first calculating equipment in the register list of the second calculating equipment and perform step 5；If not yet disposed, continue executing with step 2.

According to another aspect of the present invention, it is provided that a kind of data safety mutual contact construction in a systematic way is stood and data access method, including:

Step 2, the first calculating equipment calculate equipment to second and send deployment advertisement message, and this message has deployed secure storage method of data and data safe reading method for expression on the first calculating equipment；

Step 3, the second calculating equipment, based on disposing advertisement message, determine that the deployable state of the first calculating equipment is for be deployed；

Step 4, the second calculating safe read method of equipment utilization read, from the second safety storage apparatus of its correspondence, the data that the first calculating equipment will access；With

Step 5, the second calculating equipment calculate equipment to first and send access response；

Wherein, secure storage method of data includes:

Step a1, reception hardware instruction；

Step a2, analyze described hardware instruction；

Step a4, amended storage instruction is sent to hardware layer；

Wherein, data safe reading method includes:

Step b1, reception hardware instruction；

Step b2, analyze described hardware instruction；

Step b5, amended reading instruction is sent to hardware layer.

Optionally, described data safety mutual contact construction in a systematic way is vertical and data access method the most also includes:

If step 6 first calculating equipment needs to preserve data, first calculates equipment utilization secure storage method of data is saved in the access data obtained in the first safety storage apparatus of its correspondence.

Optionally, after step a3, secure storage method of data also includes:

Optionally, before step a1, secure storage method of data also includes:

Optionally, before step b4, data safe reading method also includes:

Optionally, described deployment advertisement message is additionally operable to represent instruction recombination method when having deployed row on the first calculating equipment, and during this operation, instruction recombination method includes:

Step c1, cache instruction running environment；

Step d1, cache instruction running environment；

Step e1, cache instruction running environment；

Optionally, in step 3, if the second calculating equipment is not received by disposing advertisement message, or based on disposing advertisement message, the second calculating equipment not can determine that the deployable state of the first calculating equipment for be deployed, then ignores described access request.

According to a further aspect of the present invention, it is provided that a kind of safe interacted system of data, including: calculate equipment, safety storage apparatus and registrar；

Wherein, described registrar is suitable to register calculating equipment, and distributes safety storage apparatus for calculating equipment；Described calculating equipment is suitable to save the data on safety storage apparatus by secure storage method of data and data safe reading method or read data from safety storage apparatus；

Wherein, secure storage method of data includes: step a1, reception hardware instruction；Step a2, analyze described hardware instruction；If the described hardware instruction of step a3 is storage instruction, the destination address revised in described storage instruction is the corresponding storage address on described safety storage apparatus；With step a4, amended storage instruction is sent to hardware layer；

Wherein, data safe reading method includes: step b1, reception hardware instruction；Step b2, analyze described hardware instruction；If the described hardware instruction of step b3 is to read instruction, obtain the source address read in instruction；Step b4, search the first mapped bitmap, and read the reading address in instruction according to the data modification of the first mapped bitmap；Described first mapped bitmap is for representing whether the data of locally stored address are dumped to described safety storage apparatus；With step b5, amended reading instruction is sent to hardware layer.

Optionally, described registrar is suitable to:

Receive the registration request from the equipment of calculating；

Send inquiry message to the equipment of calculating, inquire whether this calculating equipment agrees to the data taken over operated by this calculating equipment by safety storage apparatus and access, or inquire whether this calculating equipment is agreed to dispose secure storage method of data and data safe reading method；

Receive and check the response message from the equipment of calculating；If response is for disagreeing adapter, refuse the registration request of this calculating equipment；If response is for agreeing to adapter, dispose secure storage method of data and read method on the computing device, for this calculating deployed with devices safety storage apparatus, and this calculating equipment is added in the register list on registrar.

Optionally, instruction recombination method when described registrar is further adapted for disposing operation on the computing device, during this operation, instruction recombination method includes:

Step c1, cache instruction running environment；

Step d1, cache instruction running environment；

Step e1, cache instruction running environment；

According to another aspect of the present invention, it is provided that a kind of safe interacted system of data, including: first calculates equipment, the second calculating equipment and safety storage apparatus；Wherein, described first calculating equipment and the second calculating equipment are suitable to mutually register, and save the data on safety storage apparatus by secure storage method of data and data safe reading method or read data from safety storage apparatus；

Optionally, instruction recombination method when described first calculating equipment or the second calculating equipment are further adapted for being deployed operation, during this operation, instruction recombination method includes:

Step c1, cache instruction running environment；

Step d1, cache instruction running environment；

Step e1, cache instruction running environment；

According to another aspect of the present invention, it is provided that a kind of safe interacted system of data, including:

It is positioned at the first calculating equipment and first safety storage apparatus of the first LAN；

It is positioned at the second calculating equipment and second safety storage apparatus of the second LAN；With

Virtual secure storage server, is positioned at the first LAN and the second LAN；

Wherein, described virtual secure storage server is suitable to register the first and second calculating equipment, and is that the first and second calculating equipment are respectively allocated the first and second safety storage apparatus；Described first and second calculating equipment are suitable to be saved on the first and second safety storage apparatus or data respectively from the first and second safety storage apparatus reading data respectively by secure storage method of data and data safe reading method；

Step c1, cache instruction running environment；

Step d1, cache instruction running environment；

Step e1, cache instruction running environment；

According to a further aspect of the present invention, it is provided that a kind of safe interacted system of data, including:

It is positioned at the first calculating equipment of the first LAN；

It is positioned at the second calculating equipment of the second LAN；With

Centralized safety storage server, is positioned at the first LAN and the second LAN, including the first safety storage apparatus and the second safety storage apparatus；

Wherein, described centralized safety storage server is suitable to register the first and second calculating equipment, and is that the first and second calculating equipment are respectively allocated the first and second safety storage apparatus；Described first and second calculating equipment are suitable to be saved on the first and second safety storage apparatus or data respectively from the first and second safety storage apparatus reading data respectively by secure storage method of data and data safe reading method；

Step c1, cache instruction running environment；

Step d1, cache instruction running environment；

Step e1, cache instruction running environment；

According to a further aspect of the present invention, it is provided that a kind of computing terminal/calculating equipment, including:

I/O interface, is suitable to set up with registrar be connected and communicate；

Registering unit, couples with I/O interface, is suitable to register on registrar and/or accept the deployment inspection of registrar；

Black hole unit, couples with I/O interface, is suitable to receive the data black hole system that registrar is disposed；With

Query unit, is suitable to send inquiry message to registrar, inquires that the second calculating equipment has been registered；

Wherein, data black hole system includes data safe reading method and secure storage method of data；

Wherein, secure storage method of data includes:

Step a1, reception hardware instruction；

Step a2, analyze described hardware instruction；

Step a4, amended storage instruction is sent to hardware layer；

Wherein, data safe reading method includes:

Step b1, reception hardware instruction；

Step b2, analyze described hardware instruction；

Step b5, amended reading instruction is sent to hardware layer.

Optionally, instruction recombination method when described data black hole system also includes running, during this operation, instruction recombination method includes:

Step c1, cache instruction running environment；

Step c2, obtain machine instruction fragment to be scheduled；Before the last item instruction of the machine instruction fragment of described acquisition, insert the second jump instruction, the entry address of described second jump instruction directional order restructuring platform, generate restructuring instruction fragment；The value of the address register in the instruction operation environment of described caching is revised as the address of restructuring instruction fragment；With

Step d1, cache instruction running environment；

Step e1, cache instruction running environment；

According to another aspect of the present invention, it is provided that a kind of registrar, including:

I/O interface, is suitable to be connected with calculating equipment and communicate；

Dispose inspection unit, couple with I/O interface, be suitable to send to dispose to calculating equipment check message, check that calculating equipment has deployed data black hole system；

Dispose inquiry unit, couple with I/O interface, be suitable to send inquiry message to calculating equipment, inquire whether this calculating equipment agrees to the data taken over operated by this calculating equipment by safety storage apparatus and access；With

Program deployment unit, couples with I/O interface, is suitable to calculating deployed with devices data black hole system, after deployment terminates, is further adapted for adding this calculating equipment entering in register list.

Optionally, if disposing inspection unit inspection to find that described calculating equipment has deployed data black hole system, disposing inspection unit and being further adapted for updating register list, this calculating equipment is added to be entered in register list；If disposing inspection unit to find that this calculating equipment not yet disposes data black hole system, starting and disposing inquiry unit.

Optionally, the response message if from the equipment of calculating represents and disagrees adapter, disposes inquiry unit and is suitable to refuse the registration request of this calculating equipment；If this response is for agreeing to adapter, disposes inquiry unit and be suitable to caller deployment unit deployment data black hole system.

Optionally, described registrar also includes:

Trade mark enquiries unit, couples with I/O interface, is suitable to receive the inquiry from computing terminal, checks that certain specific computing terminal has been registered by inquiry register list, and to calculating equipment feedback query result.

According to a further aspect of the present invention, it is provided that a kind of computing terminal, including:

Registering unit, is suitable to register on registrar and/or accept the deployment inspection of registrar；

Black hole unit, is suitable to receive the data black hole system that registrar is disposed；With

Query unit, is suitable to send inquiry message to registrar, inquires that certain calculating equipment has been registered.

According to a further aspect of the present invention, it is provided that a kind of registrar, including:

Dispose inquiry unit, be suitable to send inquiry message to calculating equipment, inquire whether this calculating equipment agrees to the data taken over operated by this calculating equipment by safety storage apparatus and access；With

Program deployment unit, is suitable to calculating deployed with devices data black hole system, after deployment terminates, is further adapted for adding this calculating equipment entering in register list.

Optionally, this registrar also includes: dispose inspection unit, is suitable to send to dispose to calculating equipment check message, checks that calculating equipment has deployed data black hole system；

Compared with prior art, apparatus and method of the present invention improves the safety of data.By instruction recombination method, under instruction operation state, monitor the instruction of calculating equipment；Data safe reading method coordinates secure storage method of data to make data be present in all the time in controlled safety range；Owing to this locality will no longer be saved in any data under concerning security matters state, therefore prevent the active of concerning security matters personnel to divulge a secret and passively divulge a secret.

Accompanying drawing explanation

Fig. 1 is the system level schematic diagram calculating equipment in prior art；

The flow chart of instruction recombination method when Fig. 2 is the operation provided in one embodiment of the invention；

Fig. 3 is the generation process schematic of the restructuring instruction fragment provided in one embodiment of the invention；

Fig. 4 is the flow chart of step S102 in the Fig. 2 provided in another embodiment of the present invention；

The flow chart of instruction recombination method when Fig. 5 is the operation provided in another embodiment of the present invention, utilizes address correspondence table to preserve the instruction fragment recombinated；

The flow chart of instruction recombination method when Fig. 6 is the operation provided in another embodiment of the present invention, individually opens up storage position and preserves the destination address of the first jump instruction；

When Fig. 7 is the operation provided in another embodiment of the present invention, the flow chart of instruction recombination method, carries out dis-assembling and compilation process for on-fixed length instruction collection；

The flow chart of instruction recombination method when Fig. 8 is the operation provided in another embodiment of the present invention, substitutes with pop down instruction or record the first jump instruction；

The flow chart of instruction recombination method when Fig. 9 a is the operation provided in another embodiment of the present invention, the feature in multiple embodiments before instruction recombination method is comprehensive during operation therein；

Operating process schematic diagram when instruction recombination method is run on X86 system processor when Fig. 9 b-9d is the operation in Fig. 9 a；

Instruction recombination apparatus structure schematic diagram when Figure 10 is the operation provided in one embodiment of the invention；

Instruction recombination apparatus structure schematic diagram when Figure 11 is the operation provided in another embodiment of the present invention；

Figure 12 is the instruction recombination cellular construction schematic diagram provided in another embodiment of the present invention；

Instruction recombination apparatus structure schematic diagram when Figure 13 is the operation provided in another embodiment of the present invention；

Instruction recombination apparatus structure schematic diagram when Figure 14 is the operation provided in another embodiment of the present invention；

Figure 15 is the system level schematic diagram calculating equipment in one embodiment of the invention；

Figure 16 is the flow chart of the initialization procedure during the data secure access provided in one embodiment of the invention；

Figure 17 is the Bitmap schematic diagram in one embodiment of the invention；

Figure 18 is the flow chart of the secure storage method of data provided in one embodiment of the invention；

Figure 19 is the flow chart of the data safe reading method provided in one embodiment of the invention；

Figure 20 is the flow chart of the data safety access method provided in one embodiment of the invention；

Figure 21 is the flow chart of the data safe transmission method provided in one embodiment of the invention；

Figure 22 is network environment schematic diagram in one embodiment of the invention；

Figure 23 is the structural representation of the data safety storage device provided in one embodiment of the invention；

Figure 24 is the structural representation of the data security readers provided in one embodiment of the invention；

Figure 25 is that the data provided in one embodiment of the invention store safely the structural representation with reading device；

Figure 26 is that the data provided in another embodiment of the present invention store safely the structural representation with reading device；

Figure 27 is the network environment in one embodiment of the invention；

Figure 28 a is the sequential chart of the method for building up of the safe interacted system of data provided in one embodiment of the invention；

Figure 28 b is the sequential chart of data access method of calculating equipment in the safe interacted system of data provided in one embodiment of the invention；

Figure 28 c is the sequential chart of data access method of calculating equipment in the safe interacted system of data provided in another embodiment of the present invention；

Figure 28 d is the sequential chart of data access method of calculating equipment in the safe interacted system of data provided in another embodiment of the present invention；

Figure 28 e is the sequential chart of data access method of calculating equipment in the safe interacted system of data provided in another embodiment of the present invention；

Figure 28 f is the structural representation of the computing terminal provided in one embodiment of the invention；

Figure 28 g is the structural representation of the registrar provided in one embodiment of the invention；

Figure 28 h is the structural representation of the computing terminal provided in another embodiment of the present invention；

Figure 28 i is the structural representation of the computing terminal provided in another embodiment of the present invention；

Figure 29 is the structural representation of the safe interacted system of wide area network data provided in one embodiment of the invention；

Figure 30 is the structural representation of the safe interacted system of wide area network data provided in another embodiment of the present invention；

Figure 31 is the structural representation of the safe interacted system of network payment provided in one embodiment of the invention.

Detailed description of the invention

In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing, the present invention is described in more detail.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.

Analyze

Being illustrated in figure 1 in prior art the system level schematic diagram of the equipment that calculates, from top to bottom, calculating equipment includes: user interface layer 101, application layer 102, operating system nucleus layer 103, hardware mapping layer 104 and hardware layer 105.

Wherein, user interface layer 101 is the interface between user and equipment, and user is interacted by this layer and equipment (i.e. other levels of equipment, such as application layer 102).Application layer 102 refers to application software layer.

Operating system nucleus layer 103 is a kind of logical layer based on software, it is made up of software data and software code in general, compared to boundary layer 101 and application layer 102, the code of operating system nucleus layer 103 has higher authority, the various software and hardware resources in computer system can be carried out complete operation.

Hardware mapping layer 104 is a kind of logical layer based on software, and it is generally operational in operating system nucleus layer, has the authority identical with inner nuclear layer.Hardware mapping layer, primarily to solve the operator scheme of different types of hardware is mapped as a kind of unified high-level interface, upwards shields the particularity of hardware.In general, hardware mapping layer is mainly used by operating system nucleus layer 103, completes the operation to various hardware.

Hardware layer 105 refers to constitute all hardware parts of computer system.

This calculating equipment is operated by user interface layer 101 (being i.e. in the user interface of user interface layer 101) and obtains graphical or non-patterned feedback by user.As a example by the operation preserving data, its process includes:

(1) user interface 101 that user is provided by certain application program, selects " preservation " function；

(2) application layer 102 calls corresponding code, and above-mentioned user operation is converted into the interface function that one or more operating system provides, and i.e. " preserves " operation and transforms into calling the interface function that sequence of operations system kernel layer 103 provides；

(3) each operating system interface function is converted into the interface function that one or more hardware mapping layer 104 provides by operating system nucleus layer 103；I.e. " preserve " operation and transform into calling the interface function that a series of hardware mapping layers 104 provide；

(4) interface function that hardware mapping layer 104 provides each oneself is converted into one or more hardware instruction and calls；Finally,

(5) hardware layer 105 (such as CPU) receives above-mentioned hardware instruction and calls and perform hardware instruction.

For this calculating equipment, after it is invaded by malicious code, malicious code can obtain desired data from calculating equipment, and after stealing data, its behavioral pattern includes:

(1) storage behavior: target data content is saved in certain storage position；

(2) transport behavior: the data stolen directly are transferred to by network the destination address specified.

It addition, the behavioral pattern using the personnel of above-mentioned calculating equipment or information equipment to carry out divulging a secret inside includes:

(1) actively divulge a secret: concerning security matters personnel by actively copy, penetrated security system by maliciously instrument, insert the means such as wooden horse and directly obtain confidential data, and divulge a secret；

(2) passively divulge a secret: the computer of concerning security matters librarian use or storage medium are not good at losing because of keeping or improper use (such as concerning security matters equipment being directly accessed Internet) causes divulges a secret.

The above-mentioned multiple mode of divulging a secret makes the data of this calculating equipment cannot ensure safely.

Inventor it has been investigated that, in computer running, cpu address depositor preserves the address of next machine instruction that will run, the address that such as pc (programcounter, program counter) points to；Obtain the data in this depositor, and the address pointed to according to these data, the one or more of machine instructions that will run under reading, it is possible to achieve during operation, capture the purpose of machine instruction.

And, treated that dispatch command fragment (inserts extra jump instruction the most wherein by what described one or more machine instruction of amendment formed, herein referred as instruction recombination), make to regain CPU right of execution before this section of instruction operation is complete, and the capture next one treats dispatch command fragment again, it is possible to achieve capture the purpose of machine instruction during operation continuously.

Further, getting after dispatch command fragment, it is also possible to machine instruction therein is analyzed and processes, thus instruction capture, restructuring when being possible not only to realize running, it is also possible to realize the management to predetermined target instruction target word.

Instruction recombination or instruction tracing

Based on above-mentioned analysis and discovery, a kind of instruction recombination method when providing operation in one embodiment of the present of invention, the method is referred to as instruction recombination platform when running.As in figure 2 it is shown, the method S100 includes:

S101, cache instruction running environment；Described instruction operation environment includes that address register, address register preserve the address of next machine instruction that will run, and this address is the first address；

S102, obtains machine instruction fragment to be scheduled；Wherein, the last item instruction of machine instruction fragment to be scheduled is the first jump instruction；

S103, before described first jump instruction, inserts the second jump instruction, generates and have two address restructuring instruction fragment；The entry address of described second jump instruction directional order restructuring platform, after i.e. performing this second jump instruction, performs step S101；

S104, is revised as the second address by the first address in described address register；With

S105, recovers described instruction operation environment.

In the present embodiment, during above-mentioned operation, instruction recombination method performs on the CPU of X86-based；In other embodiments of the invention, during above-mentioned operation, instruction recombination method can also perform on MIPS processor or processor based on ARM framework.It will appreciated by the skilled person that said method can perform in the instruction process unit of any other type in calculating equipment.

Wherein, in step S101, described cache instruction running environment may include that

In caching stack, it is pressed into CPU machine instruction runs relevant register data.

In other embodiments of the invention, cache or preserve instruction operation environment can also that specify, acquiescence other caching data structure and address in carry out.

In step S101, described address register can be cpu address depositor.

In step s 102, in machine instruction fragment to be scheduled, the last item instruction is the first jump instruction, an only jump instruction in machine instruction fragment to be scheduled, machine instruction fragment to be scheduled includes described first jump instruction and the machine instruction all to be scheduled before it.

In step s 103, it is front that the last item in described machine instruction fragment to be scheduled instructs (the i.e. first jump instruction JP1), insert the second jump instruction JP2, the entry address of described JP2 directional order restructuring platform, generate and there is the second address A " restructuring instruction fragment.

Inserting the second jump instruction is in order to when CPU runs described machine instruction fragment to be scheduled, before JP1 runs, restart to run described instruction recombination platform, so, instruction recombination platform just can continue to analyze next section of machine instruction fragment to be scheduled, thus completes the restructuring of instruction during all operation by repeating this method.

In step S105, recover described instruction operation environment and may include that

Eject, from caching stack, the register data that instruction operation is relevant；Wherein the destination address of the jump instruction that address register preserves has been modified to the second address A " the new machine instruction fragment as entry address.

After step S105 performs, having recovered described instruction operation environment, instruction recombination platform completes once to run, and CPU performs described restructuring instruction fragment, i.e. CPU and will perform with the second address A " machine instruction fragment as entry address.When restructuring instruction fragment goes to the second jump instruction JP2, described instruction recombination platform retrieves CPU control (i.e. performing step S101), now the destination address of the first jump instruction has obtained, this destination address is the first new address, then re-executes step S101～step S105.

Below in conjunction with Fig. 3, further illustrate instruction recombination process and the generation process of restructuring instruction fragment.

Fig. 3 includes machine instruction set 401 (such as already loaded into the machine instruction of certain program in internal memory) to be scheduled, wherein instruction 4012 is the first jump instruction, if the destination address of instruction 4012 is variable, then assume initially that instruction 4012 sensing machine instruction 4013；The machine instruction all to be scheduled including the first jump instruction 4012 before the first jump instruction 4012 constitutes machine instruction fragment 4011.

(instruction recombination platform 411), first cache instruction running environment after instruction recombination method is run；Then (such as copy) machine instruction fragment 4011 is obtained；Instruction recombination platform inserts the second jump instruction 4113 before the first jump instruction 4012, the second jump instruction 4113 directional order restructuring platform 411 itself, thus generates restructuring instruction fragment 4111, and the address of restructuring instruction fragment is A "；Value A of the address register in the instruction operation environment of described caching is revised as address A "；Finally recover described instruction operation environment.

After instruction recombination platform 411 terminates to run, CPU performs with A, and " the restructuring instruction fragment as address, when going to the second jump instruction 4113, instruction recombination platform 411 can regain CPU control.Now, the destination address 4013 of the first jump instruction 4012 has generated, this destination address is the first new address, instruction recombination platform restarts to perform step S101～step S105 according to this destination address, the machine instruction to be scheduled that continuation analysis is follow-up, thus the method for instruction recombination when completing operation.

According to a further embodiment of the invention, as shown in Figure 4, in step s 102, obtain machine instruction fragment to be scheduled may include that

S1021, reads machines instruction address to be scheduled from address register (such as cpu address depositor)；

S1022, with jump instruction as searched targets, retrieves machine instruction and subsequent instructions thereof that described machines instruction address points to, until finding first jump instruction (the referred to as first jump instruction)；Described jump instruction is referred to change machine instruction order and performs the machine instruction of flow process, including Jump instruction, Call instruction, Return instruction etc.；

S1023, using described first jump instruction and the machine instruction all to be scheduled before it as a machine instruction fragment to be scheduled；This machine instruction fragment is saved in instruction recombination platform, or the storage position that other instruction recombination platforms can read.

In other embodiments of the invention, obtaining machine instruction fragment to be scheduled can also be with non-jump instruction (such as write instruction, reading instruction etc.) as searched targets, further cutting machine instruction fragment.Due in such embodiments, it is also desirable to ensure that instruction recombination platform still is able to obtain CPU control or right of execution after performing until scheduling jump instruction, so jump instruction needs as the second searched targets, thus obtains the machine instruction fragment that granularity is less.

According to a further embodiment of the invention, between step S102 and S103, during described operation, instruction recombination method can also include:

Utilize instruction set to mate described machine instruction fragment to be scheduled, obtain target machine instructions；Described instruction set includes X86, MIPS and ARM instruction set；With

In a predetermined manner, described target machine instructions is revised.

Instruction monitoring when being possible not only to run, it is also possible to carrying out other processing procedures, related embodiment will be described in detail below.

Further, in order to improve the efficiency of instruction recombination method, can will treat that dispatch command obtains the most in the lump pointed by the jump instruction of fixing address.

According to a further embodiment of the invention, it is provided that a kind of instruction recombination method during operation, the method S300 includes:

S301, cache instruction running environment；Described instruction operation environment includes that address register, address register preserve the address of next machine instruction that will run, and this address is the first address；

S302, obtains machine instruction fragment to be scheduled；Wherein, the last item instruction of machine instruction fragment to be scheduled is the first jump instruction；

S303, before described first jump instruction, inserts the second jump instruction, generates and have two address restructuring instruction fragment；The entry address of described second jump instruction directional order restructuring platform, after i.e. performing this second jump instruction, performs step S301；

S304, is revised as the second address by the first address in described address register；

S305, recovers described instruction operation environment.

Compared with the method provided in embodiment before, difference is: in step s 302, can include a plurality of jump instruction in machine instruction fragment to be scheduled；An only argument address jump instruction, the referred to as first jump instruction in jump instruction.

It should be noted that, jump instruction can include two classes, argument address jump instruction and constant address jump instruction, wherein, the jump address of constant address jump instruction is constant (i.e. immediate), and is calculated in the typically machine instruction before jump instruction of the argument address in argument address jump instruction.

Similarly, the last item instruction of machine instruction fragment to be scheduled is the first jump instruction；Machine instruction fragment to be scheduled includes described first jump instruction and the machine instruction all to be scheduled before it.

Further, owing to the machine instruction generated in program operation process has the highest repeatability, in order to improve the efficiency of instruction recombination method, save the calculating resource (cpu resource) of calculating equipment, it is possible to use a small amount of memory space preserves restructuring instruction fragment.

According to a further embodiment of the invention, it is provided that a kind of instruction recombination method during operation.As it is shown in figure 5, the method S200 includes:

S201, cache instruction running environment；Described instruction operation environment includes address register (such as cpu address depositor) (in general, instruction operation environment refers to all depositors of CPU, including general register, status register, address register etc.), address register preserves the address of next machine instruction that will run, and this address is the first address；

S202, utilizes described first address search address correspondence table；For what expression the first address A pointed to, described address correspondence table treats whether dispatch command fragment has the restructuring instruction fragment preserved, the data of address correspondence table are address pair；

S203, if finding corresponding record, is revised as the address A ' of the restructuring instruction fragment preserved by described first address A (i.e. value A of address register)；

S204, without finding corresponding record, obtains machine instruction fragment to be scheduled；Wherein, the last item instruction of machine instruction fragment to be scheduled is the first jump instruction；

S205, before described first jump instruction, inserts the second jump instruction, generates and have two address restructuring instruction fragment；The entry address of described second jump instruction directional order restructuring platform, after i.e. performing this second jump instruction, performs step S201；

S206, is revised as the second address by the first address in described address register；

S207, recovers described instruction operation environment.

Further, step S206 also includes: utilize the second address A " sets up address to (or a record) in the corresponding table in described address with the first address A.There is address A " restructuring instruction fragment be stored in restructuring instruction platform in, for reusing.

This method utilizes address correspondence table, saves and calculates resource, improves the efficiency of instruction recombination when running.

Above-mentioned recombination method is typically by treating that inserting required jump instruction among dispatch command fragment completes, in other embodiments of the present invention, it is also possible to complete the generation of restructuring instruction fragment by other means.It is discussed in detail below in conjunction with embodiment.

According to a further embodiment of the invention, it is provided that a kind of instruction recombination method, individually open up storage position and preserve the destination address of the first jump instruction.As shown in Figure 6, the method S110 includes:

S111, cache instruction running environment；

S112, reads destination address from the first storage position, obtains the machine instruction fragment waiting to dispatch (the most pending) according to destination address；Wherein, the last item instruction of machine instruction fragment to be dispatched is the first jump instruction；

S113, preserves the destination address of the first jump instruction in the first storage position；

S114, replaces with the second jump instruction by the first jump instruction, generates and has two address restructuring instruction fragment；The entry address of described second jump instruction directional order restructuring platform, after i.e. performing this second jump instruction, performs step S111；

S115, recovers described instruction operation environment, and jumps to the second address and continue executing with.

Wherein, in step S112, obtain machine instruction fragment to be scheduled and may include that

S1121, with jump instruction as searched targets, retrieve described machines instruction address point to machine instruction and subsequent instructions, until find first jump instruction (the referred to as first jump instruction)；

Described jump instruction is referred to change machine instruction order and performs the machine instruction of flow process, including Jump instruction, Call instruction, Return instruction etc.；

S1122, using described first jump instruction and the machine instruction all to be scheduled before it as a machine instruction fragment to be scheduled；This machine instruction fragment is saved in instruction recombination platform, or the storage position that other instruction recombination platforms can read.

In step S113, the destination address parameter of the i.e. jump instruction of destination address, it can be immediate or variable parameter, preserves its value for immediate, preserves its address/quote for variable parameter.When processor will perform certain jump instruction, its jump target addresses has been computed complete.

According to a further embodiment of the invention, it is provided that a kind of instruction recombination method, dis-assembling and compilation process are carried out for on-fixed length instruction collection.As it is shown in fig. 7, the method includes:

S121, cache instruction running environment；

S122, reads destination address from the first storage position, obtains according to destination address and treat dispatch command fragment:

From the beginning of destination address, obtain one section of machine instruction to be scheduled, this section of machine instruction is carried out dis-assembling, and carry out processing and mating wherein comprising jump instruction by a lexical analyzer by dis-assembling result, if not comprising, continuing to obtain next section of machine instruction to be scheduled and repeating aforesaid operations, until matching jump instruction, this jump instruction is the first jump instruction；First jump instruction and all instruction compositions before treat dispatch command fragment；

S123, preserves the destination address of the first jump instruction in the first storage position；

S124, replaces with the second jump instruction by the first jump instruction, generates and has two address restructuring instruction fragment；The entry address of described second jump instruction directional order restructuring platform；In the present embodiment, this first jump instruction and the second jump instruction are all assembly instruction；

S125, the assembly code after the restructuring that will generate generates corresponding machine code by assembler；With

S126, recovers described instruction operation environment, and jumps to the second address and continue executing with.

According to a further embodiment of the invention, it is provided that a kind of instruction recombination method, substitute with pop down instruction or record the first jump instruction.As shown in Figure 8, the method S130 includes:

S131, cache instruction running environment；

S132, obtains address and the parameter of the jump instruction preserved in stack, calculates next instruction address that will run, and this address is the first address；

S133, treats the machine instruction fragment of scheduling/execution according to the first address acquisition；Wherein, the last item instruction of machine instruction fragment to be dispatched is the first jump instruction；

S134, replacing the first jump instruction is pop down instruction, records address and the operand of the first jump instruction in pop down instructs；

S135, adds the second jump instruction after pop down instructs, and generates and has two address restructuring instruction fragment；The entry address of described second jump instruction directional order restructuring platform；With

S136, recovers described instruction operation environment, and jumps to the second address and continue executing with.

It will appreciated by the skilled person that the function provided in each embodiment above-mentioned or feature can be superimposed upon in same embodiment according to the actual needs, combination is given the most one by one, the most only gives one example illustrative.

According to a further embodiment of the invention, it is provided that a kind of instruction recombination method, as illustrated in fig. 9, including:

(1) cache instruction running environment, described instruction operation environment includes whole CPU environment and memory environment；Obtain address and the parameter of the jump instruction preserved in stack, calculate the instruction address (zero-address) that next article will run, the first address is set to zero-address；

(2) utilize the first address to search address correspondence table (also referred to as address search table), if finding record, recover the instruction operation environment cached, and the corresponding address (address in the correspondence table of address is internal) jumping to find continues executing with；

(3) without finding record, starting to obtain pending machine instruction fragment from the first address, the ending of instruction fragment is jump instruction (jump instruction address is the 3rd address)；

(4) from the beginning of the first address, machine code is carried out dis-assembling, and dis-assembling result is processed by a lexical analyzer, generate the assembly code after restructuring, until the 3rd address；

(5) judge whether the code at the 3rd address can process further, the destination address of the jump instruction at the i.e. the 3rd address be known quantity (such as, immediate), if it is permissible, first address is set to the 3rd address (or destination address of the 3rd address), restarts to perform (3)；

(6) if cannot, assembly code after the restructuring generated is last, add pop down instruction and record original address position (value of the i.e. the 3rd address) and the operand of current 3rd address, and after pop down instructs, addition jumps to the instruction that restructuring platform starts, and step (1) i.e. can be made to start again at execution；

(7) assembly code after the restructuring that will generate generates corresponding machine code by assembler, and be stored in restructuring address space the address (the second address) distributed, and the second address is stored in the corresponding table in address with the form of corresponding address pair with zero-address；

(8) recover environment, and jump to the second address and continue executing with.

Understanding for convenience, the method that now running this embodiment with X86 system processor provides illustrates, and with reference to Fig. 9 b-9d, an instantiation procedure of instruction recombination is as follows:

(1) after restructuring platform is started working, first caching present instruction running environment；Obtaining address and the parameter of the jump instruction preserved in stack, calculate next instruction address that will run, this address is the first address.

(2) utilize the first address to search address correspondence table, if finding record, recover the instruction operation environment cached, and the corresponding address jumping to find continues executing with (Fig. 9 b)；Without finding record, proceed as follows (Fig. 9 c).

(3) machine code, from the beginning of the first address, is carried out dis-assembling, and dis-assembling result is processed by a lexical analyzer by-(6), generates restructuring code；

This paragraph assembly code is retrieved, checks whether and comprise jump instruction；

Being analyzed first jump instruction, it is judged that whether its jump target addresses is known quantity, if known quantity, then continually looks for, until finding Article 1 argument address jump instruction, the referred to as first jump instruction, the address of this instruction is the 3rd address；

It is eventually adding pop down instruction at the assembly code (from the first address to the machine instruction of the 3rd address, do not include the first jump instruction) generated and records the first original address position redirected and operand of current 3rd address；

Add after pop down instructs and jump to the instruction (the second jump instruction) that restructuring platform starts.

(7) assembly code generated is generated corresponding machine code by assembler, and be stored in restructuring address space the address (the second address) distributed；

Second address is stored in the corresponding table in address with the form of corresponding address pair with zero-address.

(Fig. 9 d) processor starts to perform two address instruction, and the jump instruction in instruction fragment to be reorganized before has replaced with pop down instruction and redirected the instruction of duplicate removal group platform, and it is to provide input parameter to restructuring platform that pop down instructs main purpose.(Fig. 9 d) is when going to the second jump instruction, restructuring platform retrieves execution, carries out above-mentioned step (1), by checking address and the parameter of the jump instruction preserved in pop down instruction, calculating next instruction address that will run, this address is the first address.

The process afterwards i.e. circulation of said process.

Further, in order to i.e. perform instruction monitoring when running after system start-up, realize instruction full monitoring during the operation of calculating equipment operation phase, in another embodiment of the present invention, load instruction during amendment computer starting, call, before load instruction performs, the instruction recombination platform that the present invention provides, perform instruction recombination method during above-mentioned operation, owing to load instruction jump address is known fixing address, instruction recombination platform can establish address correspondence table and this Article 1 record in advance, and establishes first restructuring instruction fragment.

Further, according to a further embodiment of the invention, it is provided that a kind of computer-readable medium, wherein, in described computer-readable recording medium, storage has the executable program code of computer, the step of instruction recombination method when described program code is for performing the operation provided in above-described embodiment.

Further, according to a further embodiment of the invention, it is provided that a kind of computer program, wherein, the step of instruction recombination method when described computer program comprises the operation provided in above-described embodiment.

Instruction recombination for data safety

During above-mentioned operation, instruction recombination method provides the foundation for further application.The following examples provide various instruction recombination method when carrying out, for different machines instruction, the operation processed, including storage/read instruction, I/O instruction, and network transmission instruction:

(1) storage/reading instruction refers to all instructions storing External memory equipment (including but not limited to disk, mobile storage, optical storage)/read or instruction combination in computer system.

(2) instruction of the address space of all operations peripheral hardware during I/O refers to computer system, these instructions eventually affect peripheral hardware input/output state, data, signal etc..Here I/O Address space includes but not limited to (I/O address space, memory-mapped I/O device address space).

(3) network transmission refers to the instruction of the had an impact network equipment in computer system, and these instructions eventually affect all correlation properties such as the transmission of computer system network equipment, state, data, signal.

Wherein, storage/common factor can be there is between reading instruction with I/O instruction.

According to one embodiment of the invention, it is provided that a kind of for storage/read instruction operation time instruction recombination method S400, including:

S401, cache instruction running environment；Described instruction operation environment includes that address register, address register preserve the address of next machine instruction that will run, and this address is the first address；

S402, utilizes described first address search address correspondence table；

S403, if finding corresponding record, is revised as the address A ' of the restructuring instruction fragment preserved by described first address A；

S404, without finding corresponding record, the generation method of restructuring instruction fragment includes:

S4041, obtains machine instruction fragment to be dispatched；Wherein, the last item instruction of machine instruction fragment to be scheduled is the first jump instruction；Identical with step S102；

S4042, machine instruction fragment to be dispatched described in dis-assembling, obtain assembly instruction fragment；

S4043, searched targets assembly instruction, described target assembly instruction is storage/reading instruction；

S4044, if retrieval obtains the storage in described assembly instruction fragment/reading instruction, revises storage therein and reading address is the address on safety storage apparatus；Amendment mode can be the direct mapping between home address space and safety storage apparatus address space；

S4045, before described first jump instruction JP1, inserts the second jump instruction JP2, the entry address of described JP2 directional order restructuring platform；

S4046, the assembly instruction fragment revised of compilation, generates and has address A " restructuring machine instruction fragment；

S4047, the utilize restructuring machine instruction fragment address A restructuring instruction fragment of " setting up a record (or address to) in the corresponding table in described address with the first address A, have address A " is stored in recombinate and instructs in platform；

S4048, is revised as the second address A by the first address A "；

S405, recovers described instruction operation environment.

The present embodiment carries out instruction process after dis-assembling step；In other embodiments, it is also possible to omit dis-assembling and corresponding compilation step, direct handling machine instructs.

In step S4044, operate for storage and reading instruction, revise target therein and source address, to realize storage reorientation/redirection, it is ensured that data safety.The following examples that the method for more specifically safety storage/reading will provide in the present invention are introduced.

According to one embodiment of the invention, it is provided that a kind of for I/O instruction operation time instruction recombination method S500, including:

S501, cache instruction running environment；Described instruction operation environment includes that address register, address register preserve the address of next machine instruction that will run, and this address is the first address；

S502, utilizes described first address search address correspondence table；

S503, if finding corresponding record, is revised as the address A of the restructuring instruction fragment preserved by described first address A

S504, without finding corresponding record, the generation method of restructuring instruction fragment includes:

S5041, obtains machine instruction fragment to be dispatched；Wherein, the last item instruction of machine instruction fragment to be scheduled is the first jump instruction；Identical with step S102；

S5042, machine instruction fragment described in dis-assembling, obtain assembly instruction fragment；

S5043, searched targets assembly instruction, described target assembly instruction is I/O instruction；

S5044, if retrieval obtains the I/O instruction in described assembly instruction fragment, the input instruction in being instructed by described I/O all stops；

S5045, before described first jump instruction JP1, inserts the second jump instruction JP2, the entry address of described JP2 directional order restructuring platform；

S5046, the assembly instruction fragment revised of compilation, generates and has address A " restructuring machine instruction fragment；

S5047, the utilize restructuring machine instruction fragment address A restructuring instruction fragment of " setting up a record (or address to) in the corresponding table in described address with the first address A, have address A " is stored in recombinate and instructs in platform；

S5048, is revised as the second address A by the first address A "；

S505, recovers described instruction operation environment.

In step S5044, operating for I/O instruction, the input instruction in being instructed by described I/O all stops, to realize thoroughly blocking the write operation to local hardware device；Processing procedure is instructed, it is also possible to realize the prevention to the input instruction in addition to storage instruction, the Information Security in calculating equipment can be improved in conjunction with the storage in a upper embodiment.

According to one embodiment of the invention, it is provided that a kind of for network transmission instruction operation time instruction recombination method S600, including:

S601, cache instruction running environment；Described instruction operation environment includes that address register, address register preserve the address of next machine instruction that will run, and this address is the first address；

S602, utilizes described first address search address correspondence table；

S603, if finding corresponding record, is revised as the address A of the restructuring instruction fragment preserved by described first address A

S604, without finding corresponding record, the generation method of restructuring instruction fragment includes:

S6041, obtains machine instruction fragment to be dispatched；Wherein, the last item instruction of machine instruction fragment to be scheduled is the first jump instruction；Identical with step S102；

S6042, machine instruction fragment to be dispatched described in dis-assembling, obtain assembly instruction fragment；

S6043, searched targets assembly instruction, described target assembly instruction is network transmission instruction；

S6044, if retrieval obtains the network transmission instruction in described assembly instruction fragment, whether the remote computing devices checking the destination address in the transmission instruction of described network corresponding is secure address (i.e. accessible address), if it is not, stop the transmission instruction of described network；

S6045, before described first jump instruction JP1, inserts the second jump instruction JP2, the entry address of described JP2 directional order restructuring platform；

S6046, the assembly instruction fragment revised of compilation, generates and has address A " restructuring machine instruction fragment；

S6047, the utilize restructuring machine instruction fragment address A restructuring instruction fragment of " setting up a record (or address to) in the corresponding table in described address with the first address A, have address A " is stored in recombinate and instructs in platform；

S6048, is revised as the second address A by the first address A "；

S605, recovers described instruction operation environment.

In step S6044, transmission instruction own can be replaced with " instruction cancelling current operation " or directly replace with illegal command, depending on the difference of hardware to be regarded by inserting one in code in the reassembled to a plurality of instruction by prevention/refusal network transmission instruction.

In step S6044, operating for network transmission instruction, whether the remote computing devices checking the destination address in the transmission instruction of described network corresponding is secure address；If it is not, stop the transmission instruction of described network, to realize Security Data Transmission.

Address correspondence table in above-mentioned multiple embodiment is set up by instruction recombination platform and safeguards, can be the structure of arrays of regular length, it is also possible to be the list structure of variable-length, it is also possible to be the suitable data structure of other storage binary datas.Preferably, its adjustable in length, and it takes up room releasably.The operation of release address correspondence table can be carried out at random, it is also possible to the cycle is carried out.In certain embodiments, described address correspondence table can also include that time field set up in record, for when Free up Memory deletion record, according to the length deletion record of the time of setting up.In certain embodiments, described address correspondence table can also include recording access times field, in searching address correspondence table step, if it is found, the value that this field will be changed；Described record access times field is also used for when Free up Memory deletion record, according to how many deletion records of access times.

It addition, it will be understood to those skilled in the art that above-mentioned instruction recombination method (instruction recombination method when i.e. running) can use the method for software or hardware to realize:

(1) if implemented in software, then the step that said method is corresponding stores on a computer-readable medium with the form of software code, becomes software product；

(2) if realized with hardware, the step that then said method is corresponding describes with hardware identification code (such as Verilog), and solidifies (through processes such as physical Design/placement-and-routing/fab flows) and become chip product (such as processor products).It is described in detail below.

Instruction recombination device

Corresponding, according to one embodiment of the invention with instruction recombination method S100 during above-mentioned operation, it is provided that instruction recombination device during a kind of operation.As shown in Figure 10, instruction recombination device 500 includes:

Instruction operation environment caching and recovery unit 501, be suitable to caching and recover instruction operation environment；Described instruction operation environment includes address register, and this address register preserves the address of next machine instruction that will run, and this address is the first address；

Instruction acquiring unit 502, is suitable to, after unit 501 cache instruction running environment, obtain machine instruction fragment to be scheduled；Wherein, the last item instruction of machine instruction fragment to be scheduled is the first jump instruction；

Instruction recombination unit 503, is suitable to resolve, revise described machine instruction fragment to be scheduled, including: before the first jump instruction, insert the second jump instruction, generate and there is the second address A " restructuring instruction fragment；Described second jump instruction indicator device 500, after i.e. performing this second jump instruction, the instruction operation environment caching of device 500 and recovery unit 501 process next time；With

Address replacement unit 504, is suitable to be revised as the value of the address register in the instruction operation environment of described caching the address of restructuring instruction fragment.

Described instruction operation environment caching and recovery unit 501 couple with instruction acquiring unit 502 and address replacement unit 504 respectively, and described instruction acquiring unit 502, instruction recombination unit 503 and address replacement unit 504 couple successively.

It is as follows that device 500 performs process:

First, instruction operation environment caching and recovery unit 501 cache instruction running environment, such as it is pressed into, in caching stack, the register data that instruction operation is relevant；

Then, described instruction acquiring unit 502 reads machines instruction address to be scheduled from cpu address depositor 511, and instructs fragment from described machines instruction address read machine, and the instruction of described machine instruction fragment the last item is jump instruction；

Such as, instruction acquiring unit 502 reads machines instruction address to be scheduled from cpu address depositor 511；With jump instruction as searched targets, retrieve the machine instruction that described machines instruction address is corresponding, until finding first jump instruction；Described jump instruction includes such as Jump instruction and Call instruction etc.；Using described first jump instruction and all machine instructions before thereof as a machine instruction fragment to be scheduled；This machine instruction fragment is saved in device 500, or the storage position that other device 500 can read；

Then, instruction recombination unit 503, before the last item of the machine instruction fragment of described acquisition instructs, inserts the second jump instruction, and the entry address of described second jump instruction indicator device 500 generates and has address A " restructuring instruction fragment；

Then, value A of the address register in the instruction operation environment of described caching is revised as address A by address replacement unit 504 "；

Finally, instruction operation environment caching and recovery unit 501 recover described instruction operation environment, such as, eject, from caching stack, the register data that instruction operation is relevant.

Corresponding with instruction recombination method S300 during above-mentioned operation, described instruction acquiring unit 502 can be using first non-constant address jump instruction as the first jump instruction.To improve the execution efficiency of reconstruction unit.

Corresponding, according to a further embodiment of the invention with instruction recombination method S200 during above-mentioned operation, it is provided that instruction recombination device during a kind of operation, it is possible to instruction repeatability when making full use of operation, improve efficiency, save calculating resource.

As shown in figure 11, instruction recombination device 600 includes:

Instruction operation environment caching and recovery unit 601, be suitable to caching and recover instruction operation environment；Described instruction operation environment includes that address register, address register preserve the address of next machine instruction that will run, and this address is the first address；

Instruction acquiring unit 602, is suitable to obtain machine instruction fragment to be scheduled；Wherein, the last item instruction of machine instruction fragment to be scheduled is the first jump instruction；

Instruction recombination unit 603, is suitable to machine instruction fragment to be dispatched described in parsing, amendment, including: before the first jump instruction, insert the second jump instruction, to generate, there is two address restructuring instruction fragment；Described second jump instruction indicator device 600, after i.e. performing this second jump instruction, the instruction operation environment caching of device 600 and recovery unit 601 process next time；

Address replacement unit 604, is suitable to be revised as the value of the address register in the instruction operation environment of described caching the address of restructuring instruction fragment；With

Instruction retrieval unit 605, is suitable to utilize described first address search address correspondence table；For what expression the first address A pointed to, described address correspondence table treats whether dispatch command fragment has the restructuring instruction fragment preserved, the data of address correspondence table are address pair；

If finding corresponding record, instruction retrieval unit 605 is suitable to call address replacement unit 604, and described first address A (i.e. value A of address register) is revised as the address A ' of the restructuring instruction fragment preserved；Without finding corresponding record, instruction retrieval unit is suitable to utilize the second address A " sets up a record with address A in the corresponding table in described address.

Described instruction operation environment caching and recovery unit 601 couple with instruction retrieval unit 605 and address replacement unit 604 respectively, described instruction retrieval unit 605 respectively with instruction acquiring unit 602, instruction recombination unit 603 and address replacement unit 604 couple, and described instruction acquiring unit 602, instruction recombination unit 603 and address replacement unit 604 couple successively.

The execution process of device 600 is as follows:

First, instruction operation environment caching and recovery unit 601 cache instruction running environment, such as it is pressed into, in caching stack, the register data that instruction operation is relevant；

Then, value A of the address register during instruction retrieval unit 605 utilizes the instruction operation environment of described caching searches address correspondence table；

If finding corresponding record, instruction retrieval unit 605 call address replacement unit 604, value A of described address register is revised as value A in record by address replacement unit 604 '；Address replacement unit 604 call instruction running environment caching and recovery unit 602, to recover described instruction operation environment, i.e. eject, from caching stack, the register data that instruction operation is relevant, and this reorganization operation terminates；

Without finding corresponding record, described instruction acquiring unit 602 reads machines instruction address to be scheduled from cpu address depositor, and instructs fragment from described machines instruction address read machine, and the instruction of described machine instruction fragment the last item is jump instruction.Concrete, instruction acquiring unit 602 reads machines instruction address to be scheduled from cpu address depositor；With jump instruction as searched targets, retrieve the machine instruction that described machines instruction address is corresponding, until finding first jump instruction；Described jump instruction includes Jump instruction and Call instruction etc.；Using described first jump instruction and all machine instructions before thereof as a machine instruction fragment to be scheduled；This machine instruction fragment is saved in device 600, or the storage position that other device 600 can read；

Then, instruction recombination unit 603, before the last item of the machine instruction fragment of described acquisition instructs, inserts the second jump instruction, and the entry address of described second jump instruction indicator device 600 generates and has address A " restructuring instruction fragment；

Then, instruction recombination unit 603 is by address A " is sent to instruction retrieval unit 605, instruction retrieval unit 605 utilizes address A and " sets up a record with the corresponding table in address A address wherein；In case subsequent instructions is reused；

Then, value A of the address register in the instruction operation environment of described caching is revised as address A by address replacement unit 604 "；

Finally, instruction operation environment caching and recovery unit 601 recover described instruction operation environment, i.e. eject, from caching stack, the register data that instruction operation is relevant.

With continued reference to Figure 11, wherein, instruction recombination unit 603 can also include:

Instruction resolution unit 6031, is suitable to utilize instruction set to mate described machine instruction fragment, obtains pending target machine instructions (i.e. utilizing target instruction target word to retrieve machine instruction fragment to be scheduled)；Described instruction set includes X86, MIPS and ARM instruction set；

Instruction modification unit 6032, is suitable in a predetermined manner, revises described target machine instructions.

Such as, if described target instruction target word is storage/reading instruction, described instruction resolution unit 6031 will be responsible for the storage/reading instruction obtaining in machine instruction fragment to be scheduled, and described instruction modification unit 6032 revises storage therein and reading address is the address on safety storage apparatus.Its effect is identical with above-mentioned corresponding embodiment of the method S400 with effect, repeats no more here.

The most such as, if described target instruction target word is I/O instruction, described instruction resolution unit 6031 will be responsible for the I/O instruction obtaining in machine instruction fragment to be scheduled, and the input instruction during described I/O is instructed by described instruction modification unit 6032 all stops.Its effect is identical with above-mentioned corresponding embodiment of the method S500 with effect, repeats no more here.

The most such as, if described target instruction target word is network transmission instruction, described instruction resolution unit 6031 will be responsible for the network transmission instruction obtaining in machine instruction fragment to be scheduled, and whether the remote computing devices that described instruction modification unit 6032 checks the destination address in the transmission instruction of described network corresponding is secure address；If it is not, described instruction modification unit is suitable to stop the transmission instruction of described network.Its effect is identical with above-mentioned corresponding embodiment of the method S600 with effect, repeats no more here.

According to a further embodiment of the invention, above-mentioned instruction recombination unit can also include dis-assembling unit and assembly unit.As shown in figure 12, instruction recombination unit 703 includes: the dis-assembling unit 7031 coupled successively, instructs resolution unit 7032, instruction modification unit 7033 and assembly unit 7034.

Wherein, dis-assembling unit 7031 is suitable to before resolving, revising described machine instruction fragment to be scheduled, and machine instruction fragment to be scheduled described in dis-assembling generates assembly instruction fragment to be scheduled；It is sent to instruct resolution unit 7032.

Assembly unit 7034 is suitable to after resolving, revising described machine instruction fragment to be scheduled, the assembly instruction fragment after compilation restructuring, obtains the restructuring instruction fragment that machine code represents；It is sent to instruct replacement unit.

In this embodiment, described instruction resolution unit 7032 and instruction modification unit 7033 will operate assembly instruction fragment to be scheduled.

Corresponding, according to a further embodiment of the invention with instruction recombination method S110 during above-mentioned operation, it is provided that instruction recombination device during a kind of operation.As shown in figure 13, instruction recombination device 800 includes:

Instruction operation environment caching and recovery unit 801, be suitable to cache instruction running environment；

Instruction acquiring unit 802 and the first storage position 803, wherein, instruction acquiring unit 802 is suitable to read destination address from the first storage position 803, and obtains the machine instruction fragment waiting to dispatch/perform according to destination address；Wherein, the last item instruction of machine instruction fragment to be dispatched is the first jump instruction；And

Instruction recombination unit 804, is suitable to preserve in the first storage position 803 destination address of the first jump instruction, the first jump instruction replaces with the second jump instruction, generates and have two address restructuring instruction fragment；The entry address of described second jump instruction indicator device 800.

Wherein, instruction operation environment caching and recovery unit 801 are further adapted for after instruction recombination unit 804 replacement instruction, recover described instruction operation environment, and jump to the second address and continue executing with.

The execution process of device 800 is as follows:

First, instruction operation environment caching and recovery unit 801 cache instruction running environment；

Then, instruction acquiring unit 802 reads destination address (treating dispatch command address) from the first storage position 803, obtains machine instruction fragment to be dispatched according to destination address；Wherein, the last item instruction of machine instruction fragment to be dispatched is the first jump instruction；

Then, instruction recombination unit 804 preserves the destination address of the first jump instruction in the first storage position 803；Its value is preserved for immediate, its address/quote is preserved for variable parameter；

Then, the first jump instruction is replaced with the second jump instruction by instruction recombination unit 804, generates and has two address restructuring instruction fragment；

Finally, instruction operation environment caching and recovery unit 801 recover described instruction operation environment, and jump to the second address and continue executing with.

According to a further embodiment of the invention, it is provided that instruction recombination device during a kind of operation, corresponding with said method S130, and the feature of the device provided in some embodiment above-mentioned is provided.As shown in figure 14, this device 900 includes:

Instruction operation environment caching and recovery unit 901, be suitable to caching and recover instruction operation environment；

Instruction acquiring unit 902, is suitable to obtain next instruction address that will run by the way of input parameter calculating, and this address is the first address；It is further adapted for treating the machine instruction fragment of scheduling/execution according to the first address acquisition；Wherein, the last item instruction of machine instruction fragment to be dispatched is the first jump instruction；

Instruction recombination unit 903, being suitable to replace the first jump instruction is pop down instruction, records address and the operand of the first jump instruction in pop down instructs；It is further adapted for after pop down instructs adding the second jump instruction, generates and there is two address restructuring instruction fragment；The entry address of described second jump instruction indicator device 900；It is further adapted for the first address, the second address of restructuring instruction fragment is set up in the corresponding table in address a record；

Instruction retrieval unit 904, is suitable to utilize described first address search address correspondence table；What described address correspondence table pointed to for expression the first address treats whether dispatch command fragment has the restructuring instruction fragment preserved, and the data of address correspondence table are address pair；

If finding corresponding record, instruction retrieval unit 904 is suitable to the instruction operation environment that call instruction running environment caching is cached with recovery unit 901 recovery, and the corresponding address jumping to find continues executing with (reorganization operation completes)；

Without finding corresponding record, call instruction recomposition unit 903 carries out reorganization operation.

Wherein, instruction recombination unit 903 can also include dis-assembling unit 9031, instructs resolution unit 9032, instruction modification unit 9033, and assembly unit 9034.

Wherein, after instruction recombination unit 903 completes restructuring, be suitable to the instruction operation environment that call instruction running environment caching is cached with recovery unit 901 recovery, and the address jumping to restructuring instruction fragment continues executing with (this reorganization operation completes).

According to a further embodiment of the invention, above-mentioned dis-assembling unit 9031 may be located among instruction acquiring unit 902, is carried out dis-assembling when obtaining instruction fragment to be scheduled by it and operates.

It will be appreciated by those skilled in the art that, the arrow of the data stream in the accompanying drawing of said apparatus embodiment is only to facilitate the concrete operations flow process explained in above-described embodiment, do not limit in figure the data flow between unit or closure, for coupling relation between unit in device.

Above with instruction recombination method and apparatus when describing operation that some embodiments are detailed, it compared with prior art has the advantage that

By instruction recombination method, the instruction of calculating equipment can be monitored under instruction operation state；

Utilize address correspondence table, improve instruction recombination efficiency, save calculating resource；

Operate for storage and reading instruction, revise target therein and source address, to realize storage reorientation/redirection, it is ensured that data safety；

Operating for I/O instruction, the input instruction in being instructed by described I/O all stops, to realize thoroughly blocking the write operation to local hardware device；The prevention to the input instruction in addition to storage instruction can also be realized, the Information Security in calculating equipment can be improved；

Operating for network transmission instruction, whether the remote computing devices checking the destination address in the transmission instruction of described network corresponding is secure address；If it is not, stop the transmission instruction of described network, to realize Security Data Transmission.

Data secure access process

Figure 15 is the system level schematic diagram calculating equipment in one embodiment of the invention.

Wherein, calculate equipment (such as terminal system) 200 to include: user interface layer 201, application layer 202, operating system nucleus layer 203, hardware mapping layer 204, safe floor 205, and hardware layer 206.

Wherein, hardware layer 206 farther includes CPU2061, hard disk 2062 (i.e. local memory device) and network interface card 2063.

Couple it addition, calculate equipment 200 with storage device 10 (being also called safety storage apparatus).

In the present embodiment, storage device 10 is remote disk array, by the network interface card 2063 of network connection hardware layer 206, exchanges data with calculating equipment 200.In other embodiments of the invention, storage device 10 can also be other known or storage devices of UNKNOWN TYPE.

Wherein, hard disk 2062 can also replace with other kinds of local memory device, such as u dish and CD etc., merely just illustrates, not for purposes of limitation.

In conjunction with above-mentioned hierarchical structure, the data secure access process that the present embodiment provides includes:

S1000, initializes；

S2000, data write；With

S3000, digital independent.

Include with reference to Figure 16, above-mentioned initialization procedure S1000:

S1010, sets up the communication of terminal system 200 and safety storage apparatus 10；

S1020, from safety storage apparatus 10, synchronization map bitmap (Bitmap) is to current computer terminal system 200, such as, be saved in terminal system 200 internal memory；Described mapped bitmap is for representing whether the data of local memory device are stored on safety storage apparatus；

S1030, if the simultaneously operating failure of step S1020, sets up Bitmap on safety storage apparatus 10 and initializes, then synchronizing to terminal system 200.

Wherein, in order to distinguish Bitmap and the Bitmap in storage device 10 on terminal 200, hereinafter, except as otherwise noted, Bitmap in terminal system 200 (being referred to as calculating equipment) is referred to as mapped bitmap or the first mapped bitmap, the Bitmap on safety storage apparatus 10 is referred to as the second mapped bitmap.

In step S1020, if synchronizing the second mapped bitmap from storage device 10 to the operation failure of current computer terminal system 200, illustrate between storage device 10 and terminal system 200 it is First Contact Connections.

Wherein, step S1030 may include that

Being mapped in storage device 10 in locally stored space in terminal system 200, mapping relations are with 1 sector the ultimate units of storage (or other) mapping one by one as unit, and set up mapped bitmap (Bitmap).

In other embodiments of the invention, it is possible to use other basic capacities are that unit sets up the locally stored space Bitmap to storage device 10.

Figure 17 is the Bitmap schematic diagram in one embodiment of the invention.Figure includes the storage medium 3000 on local memory device (hard disk 2062 in such as Figure 15), the storage medium 4000 in storage device 10 being connected with local memory device network.

The process prescription setting up Bitmap is as follows.To storage medium 3000, storage medium 4000 is set up the memory space 4010 identical with its size, as mapping space one by one.Bitmap4020 is preserved in memory space 4010, Bitmap4020 is a bitmap, wherein 1 represents 1 sector, sector corresponding on data (0 or the 1) mark/instruction storage medium 3000 of each whether dump or correspondence are stored in the memory space 4010 on storage medium 4000, so mapped bitmap is referred to as dump list.Bitmap4020 in storage device 10 has set up and has been synchronized to afterwards in terminal system 200.

The process prescription updating Bitmap is as follows.In Bitmap4020, the sector mark of dump is 1, and the sector of non-dump does not has labelling (labelling that dump sector and non-dump sector are used can be with unrestricted choice).When application program or operating system preserve a data (such as during file), file system within operating system will open up a certain amount of memory space on the storage medium 3000 of local memory device, such as sector 3040 and sector 3050, and distribute to this document use, and rewrite the file allocation table of this locality.During this document dump (when the data of write sector 3040 and sector 3050 are stored in storage device 10), distribution sector, position 4040 and 4050 identical on storage medium 4000, and preserve dump data wherein, finally change the bit data of sector in Bitmap4020 3040 and sector 3050 correspondence into 1.

Farther include in conjunction with Figure 15, above-mentioned data writing process S2000:

S2010, application layer 202 sends operating writing-file by the file system of operating system nucleus layer 203 and asks, or operating system nucleus layer 203 directly sends operating writing-file request；Or

Application layer 202 directly sends data writing operation request to hardware mapping layer 204, or operating system nucleus layer 203 directly sends data writing operation request to hardware mapping layer 204；

S2020, written document request analysis is become hardware port to instruct (i.e. hardware instruction), is issued to hardware mapping layer 204 by operating system nucleus layer 203, and wherein port command comprises needs to write the position of storage device (such as sector)；

It should be noted that then this request instructs for hardware port if step S2010 is directly to send data writing operation request to hardware mapping layer 204；

S2030, the hardware port that safe floor 205 receives from hardware mapping layer 204 instructs, and the writing position (i.e. sector) in port command is rewritten as the corresponding storage address being positioned in storage device 10, then the first mapped bitmap is updated, such as bit data corresponding for described sector is revised as 1, represents the dump of this sector；Amended port command is sent to hardware layer 206 by safe floor 205.

After ablation process has performed, the data of terminal system 200 not storage write, the reorientation of corresponding data is stored on safety storage apparatus 10.

In another embodiment of the present invention, if writing local hard drive instruction itself, instruction is different from writing network hard disc, then not only need change of address, in addition it is also necessary to change storage instruction.

According to a further embodiment of the invention, ablation process S2000 can also include:

S2040, is synchronized to the first mapped bitmap in storage device 10, saves as the second mapped bitmap, so that it is guaranteed that the first mapped bitmap in terminal system 200 is consistent with the second mapped bitmap in storage device.

In other embodiments of the invention, in order to save system resource, S2040 can also unified before local terminal system 200 is shut down be carried out once.

In conjunction with Figure 15, above-mentioned data read process S3000 farther includes:

S3010, is synchronized to the second mapped bitmap in storage device 10 in terminal system 200, saves as the first mapped bitmap；

S3020, application layer 202 sends reading file operation requests by the file system of operating system nucleus layer 203, or operating system nucleus layer 203 directly sends reading file operation requests；Or

Application layer 202 directly sends reading data operation request to hardware mapping layer 204, or operating system nucleus layer 203 directly sends reading data operation request to hardware mapping layer 204；

S3030, safe floor 205 receives the data read command from hardware mapping layer 204, obtain reading address (source address) therein, search the first mapped bitmap, if the bit data in the first mapped bitmap represents that described reading address is dump address, it is the address in storage device 10 that safe floor 205 revises the address of reading of port command；Amended port command is sent to hardware layer 206 by safe floor 205.

This reading process does not affect the operator scheme that user is existing, it is achieved that for the reading of the data of dump on safety storage apparatus (i.e. storage device 10).

In step S3010, from storage device 10 synchronize the second mapped bitmap to local process be in order to restart in terminal system 200 after, keep the concordance of local data and the data on safety storage apparatus.

It will be understood by those skilled in the art that for above-mentioned data write, reading process and initialization procedure, perform required process or step according to actual needs.

Data safety access method

Based on above-mentioned data writing process and the process of reading, the data that the present invention is described below in detail to be provided store safely and read method.

It will be understood by those skilled in the art that above in conjunction with Figure 15 so that the reading of data and storing process to be described it is to understand for convenience, be not to limit, in other embodiments of the present invention, each step described above can be performed on the applicable level of the equipment of calculating.

According to one embodiment of the invention, it is provided that a kind of secure storage method of data；As shown in figure 18, the method comprises the steps:

S4010, receives hardware instruction；

S4020, analyzes and judges whether this hardware instruction is storage instruction；

S4030, if this hardware instruction is storage instruction, the destination address in amendment storage instruction is the storage address in corresponding storage device (i.e. safety storage apparatus)；

S4040, is sent to hardware layer by amended storage instruction.

In step S4010, described hardware instruction can be from the hardware instruction of hardware mapping layer.Receiving the hardware instruction from hardware mapping layer can be with all hardware instruction (interface instruction) being sent to the processors such as CPU of examination of 100%.

Wherein, in terminal system, can run Windows operating system, the hardware abstraction layer HAL in Windows system is hardware mapping layer.In other embodiments, terminal can also run other operating systems, such as Linux, Unix or embedded OS etc., and hardware mapping layer is Linux or Unix or hardware mapping layer corresponding to embedded OS.

In step S4010, in conjunction with instruction recombination method during above-mentioned operation, the process receiving hardware instruction may include that when employing runs, instruction recombination method (such as S101-S105) obtains hardware instruction.It is said differently, it is simply that storage can be processed and read instruction (such as S404, S504, or S604) time operationally instruction recombination method gets machine instruction.Instruction recombination method during by running, not only can store safety storage apparatus by calculating final result reorientation, additionally it is possible to the pilot process (including the pilot process that operating system produces) calculated all reorientations are stored safety storage apparatus.

In step S4010 and S4020, hardware instruction can be the types such as X86 instruction, ARM instruction, MIPS instruction, can in computing terminal built-in analysis mechanisms, to process different types of cpu instruction.

According to a further embodiment of the invention, after step S4040, it is also possible to including:

S4050, update the first mapped bitmap, " position " that destination address (sector) is corresponding in the first mapped bitmap is set to dump labelling, such as " 1 "；Further, the mapped bitmap being updated over is synchronized to described safety storage apparatus, saves as the second mapped bitmap.

In the present embodiment, dump operation is fully transparent for upper layer application and user, does not affect active computer operation, the workflow of application system.

The said method that the present embodiment provides is possible not only in terminal system use, can be applied in any comprising on application layer, operating system nucleus layer, the calculating equipment of hardware layer and intelligent terminal, before hardware layer performs instruction, it is achieved instruction-level storage reorientation/redirection (i.e. based on hardware store instruction storage reorientation/redirection).

According to one embodiment of the invention, it is provided that a kind of data safe reading method；With reference to Figure 19, the method includes:

S5010, receives hardware instruction；

S5020, analyzes and judges whether this hardware instruction is to read instruction；

S5030, if reading instruction, obtains the source address read in instruction, searches the first mapped bitmap, and reads the reading address in instruction according to the data modification of mapped bitmap；With

S5040, is sent to hardware layer by amended hardware instruction.

Before step S5010, the method can also include S5000: is synchronized in terminal system 200 by the second mapped bitmap in storage device, saves as the first mapped bitmap.

In step S5010, described hardware instruction can come from hardware mapping layer.

In step S5010, in conjunction with instruction recombination method during above-mentioned operation, the process receiving hardware instruction may include that when employing runs, instruction recombination method (such as S101-S105) obtains hardware instruction.It is said differently, it is simply that storage can be processed and read instruction (such as S400) time operationally instruction recombination method gets machine instruction.

In step S5020, if this hardware instruction is not to read instruction, then directly hardware instruction can be sent to hardware layer and go to perform.

Step S5030 can also be further broken into two steps:

S5031, if reading instruction, obtains the source address read in instruction, it is judged that whether described source address is the address in storage device；

S5032, if described source address is not the address in storage device, searches the first mapped bitmap, and reads the reading address in instruction according to the data modification of mapped bitmap.

In step S5031, if the source address of this reading instruction has been the address in storage device, then calculate equipment (safe floor 205 in such as Figure 15) and need not again search the data in the first mapped bitmap, directly hardware instruction can be sent to hardware layer and go to perform.

Further, in order to save Internet resources, in some embodiments of the invention, safety storage apparatus 10 can be as the shared resource of multiple terminal systems.

Have been mentioned above data to be stored safely and be combined with instruction recombination method with read method, understand for convenience, be discussed in detail below by embodiment.

According to one embodiment of the invention, it is provided that a kind of data safety access method.As shown in figure 20, the method S6000 includes:

S6010, cache instruction running environment；

S6011, reads destination address from the first storage position, obtains the machine instruction fragment treating scheduling/execution according to destination address；Wherein, the last item instruction of machine instruction fragment to be dispatched is the first jump instruction；

S6012, preserves the destination address of the first jump instruction in the first storage position；

S6013, analyzes and whether each instruction judging in machine instruction to be dispatched is access instruction；

S6014, if access instruction:

For storage instruction, the destination address in amendment storage instruction is the storage address in corresponding storage device (i.e. safety storage apparatus)；And revise the first mapped bitmap；

For reading instruction, obtain the source address read in instruction, search the first mapped bitmap, and read the reading address in instruction according to the data modification of mapped bitmap；

If to write local hard drive instruction itself different from instruction of writing network hard disc or read local hard drive instruction itself with to read network hard disc instruction different, then not only need modified address, in addition it is also necessary to corresponding amendment storage instruction or reading instruct；

S6015, replaces with the second jump instruction by the first jump instruction, generates and has two address restructuring instruction fragment；The entry address of described second jump instruction directional order restructuring platform；

S6016, recovers described instruction operation environment, and jumps to the second address and continue executing with.

It will be appreciated by those skilled in the art that, this embodiment simply to illustrate that and illustrate, be not limiting as safe read method, method for secure storing and the compound mode of instruction recombination method, the various safe read method of above-mentioned introduction, method for secure storing and instruction recombination method can by various required in the way of be applied in combination.

Storage and reading generally are directed to the data exchange that the storage device of this locality is carried out；The data that transmission generally refers to by the network equipment is carried out exchange.

Further, one embodiment of the invention provides a kind of data safe transmission method.

As shown in figure 21, the method includes:

S7010, receives (such as from hardware mapping layer) hardware instruction；

S7020, analyzes and judges whether this hardware instruction is network transmission instruction；

S7030, if this hardware instruction is transmission instruction, reads destination address；

S7040, it is judged that whether destination address is secure address；

S7050, if secure address, is sent to hardware layer by hardware instruction；If not secure address, refuse this instruction；

S7060, hardware layer sends the transmission instruction and data terminal system to destination address；

S7070, the terminal system of destination address receives and utilizes secure storage method of data to preserve data.

In step S7040, it is judged that whether destination address is that the method for secure address is as follows.With reference to Figure 22, security server 820 is connected with terminal system 800,810 by network, during the data safe transmission method that terminal system 800,810 provides in disposing the above embodiment of the present invention, has the most carried out registration operation to security server 820.One secure address table of security server 820 internal maintenance, have recorded the most chartered all terminal systems.

When secure address table has change when, the secure address table of renewal is sent to each terminal by security server 820 automatically, and the framework of terminal system 800 includes application layer 801, operating system nucleus layer 802, safe floor 803 and hardware layer 804, safe floor 803 is responsible for safeguarding this secure address table.

Whether safe floor 803 will be according to destination address in secure address table, it is judged that whether destination address is secure address.I.e. in step S7040, if destination address has listed secure address table in, then destination address is secure address.

The enforcement of above-mentioned safe transmission method, even if making wooden horse or malice instrument achieve classified information and also cannot transmit acquired information.Safe transmission method will launch to introduce in following safe interconnection portion in conjunction with the embodiments.

Although the main body of the method provided using terminal system as the application present invention in some embodiments of the invention, but, the electronic equipment that any handheld device, intelligent terminal etc. can provide file or data edition, preserve or transmit, can become data secure access and the carrier of transmission method that the application present invention provides.

It addition, it will be understood to those skilled in the art that above-mentioned secure storage method of data, read method and transmission method can use the form of software or hardware to realize:

(2) if realized with hardware, the step that then said method is corresponding describes with the form of hardware identification code (such as Verilog), and solidifies (through processes such as physical Design/placement-and-routing/fab flows) and become chip product (such as processor products).

Data secure access device

Corresponding with above-mentioned secure storage method of data, according to one embodiment of the invention, it is provided that a kind of data safety storage device.

It should be noted that data safety storage device refers in the present invention: be implemented in hardware the device of secure storage method of data；Safety storage apparatus refers in the present invention: for dump information or the storage entity of data, such as disk etc..

With reference to Figure 23, data safety storage device 7100 includes: receive unit 7110, instruction analysis unit 7120, instruction modification unit 7130 and transmitting element 7140.Described reception unit 7110 couples with instruction analysis unit 7120, and instruction analysis unit 7120 couples with instruction modification unit 7130 and transmitting element 7140 respectively, and transmitting element 7140 also couples with instruction modification unit 7130.

Wherein, receiving unit 7110 and be suitable to receive hardware instruction, described hardware instruction can come from hardware mapping layer；

Instruction analysis unit 7120 is suitable to analyze described hardware instruction and judge whether described hardware instruction is storage instruction；If storage instruction, instruction analysis unit 7120 is further adapted for sending it to instruction modification unit 7130, and if not storage instruction, instruction analysis unit 7120 is further adapted for sending it to transmitting element 7140；

The destination address that instruction modification unit 7130 is suitably modified in described storage instruction is the corresponding storage address on safety storage apparatus, then amended storage instruction is sent to transmitting element 7140；

Transmitting element 7140 is suitable to the instruction received is transmitted to hardware layer 7200.

Further, this data safety storage device can also include: updating block 7150 and lock unit 7160.Wherein, updating block 7150 couples with instruction modification unit 7130；Lock unit 7160 couples with updating block 7150.

Described updating block 7150 is suitable to, after instruction modification unit 7130 revises described storage instruction, update the position that described in mapped bitmap, destination address is corresponding.In the present embodiment, sector " position " data set of correspondence in the first mapped bitmap that storage instruction target address is comprised, represent dump.

Described lock unit 7160 is adapted to set up the communication of computing terminal system and described safety storage apparatus, and is synchronized between described computing terminal system and described safety storage apparatus by mapped bitmap.

Concrete, when computing terminal system start-up, lock unit 7160 sets up the communication of computing terminal system and described safety storage apparatus, and the second mapped bitmap on described safety storage apparatus is synchronized to described computing terminal system, saves as the first mapped bitmap.

If the second mapped bitmap on described safety storage apparatus is synchronized to described computing terminal thrashing, represent that computing terminal system and safety storage apparatus are communications for the first time, locally stored space in terminal system is mapped on described safety storage apparatus by lock unit 7160, and sets up mapped bitmap and the second mapped bitmap.The most in the present embodiment, first on safety storage apparatus, set up the second mapped bitmap, then synchronize to this locality, become the first mapped bitmap.

When updating block 7150 have updated the position that described in the first mapped bitmap (i.e. mapped bitmap), destination address is corresponding, lock unit 7160 will be sent to safety storage apparatus the first mapped bitmap after renewal, and saves as the second mapped bitmap on safety storage apparatus.

Described safety storage apparatus can be remote storage device or local memory device, and described remote storage device can be one and calculate device service, it is also possible to by multiple calculating collaborative share.

Described hardware instruction can be hardware port I/O instruction.

Corresponding with above-mentioned data safe reading method, according to a further embodiment of the invention, it is provided that a kind of data security readers.

With reference to Figure 24, data security readers 8100 includes:

Receive unit 8110, instruction analysis unit 8120, instruction modification unit 8130 and transmitting element 8140.Wherein, receiving unit 8110 and couple with instruction analysis unit 8120, instruction analysis unit 8120 couples with instruction modification unit 8130 and transmitting element 8140 respectively, and instruction modification unit 8130 also couples with transmitting element 8140.Transmitting element 8140 couples with hardware layer 8200.

Described reception unit 8110 is suitable to receive hardware instruction, and in the present embodiment, described hardware instruction is from hardware mapping layer.

Described instruction analysis unit 8120 is suitable to analyze described hardware instruction and judge whether described hardware instruction is to read instruction, if described hardware instruction is to read instruction, obtains and read the source address of instruction and judge whether described source address is the address on safety storage apparatus.

If described hardware instruction is not to read instruction, or described source address is the address on safety storage apparatus, and described hardware instruction is sent to transmitting element 8140 by instruction analysis unit 8120.

If described source address is not the address on safety storage apparatus, instruction modification unit 8130 searches mapped bitmap, and according to reading the reading address in instruction described in the data modification of mapped bitmap.

Identical with the mapped bitmap in above-described embodiment, mapped bitmap described in the present embodiment is also used for representing whether the data of locally stored address are dumped to described safety storage apparatus.Such as, instruction modification unit 8130 searches position of correspondence in the first mapped bitmap, sector that source address comprises.If " position " data are shown as 1, represent and have occurred and that dump, if " position " data are shown as 0 or NULL (empty), represent and dump does not occur.If having occurred and that dump, described source address (reading address) is changed into the dump address of correspondence by instruction modification unit 8130, and amended hardware instruction is sent to transmitting element 8140.

Further, described data security readers can also include lock unit 8150.Described lock unit 8150 couples with instruction modification unit 8130.Described lock unit 8150 is adapted to set up the communication of computing terminal system and described safety storage apparatus, and is synchronized between described computing terminal system and described safety storage apparatus by mapped bitmap.Concrete, lock unit 8150 is when computing terminal system start-up, set up the communication of computing terminal system and described safety storage apparatus, and the second mapped bitmap on described safety storage apparatus is synchronized to described computing terminal system, save as the first mapped bitmap, it is provided that instruction modification unit 8130 uses.

Described safety storage apparatus can be remote storage device, and described remote storage device can be shared by multiple computing terminal systems.

In other embodiments of the invention, described safety storage apparatus can also be local memory device.

According to a further embodiment of the invention, above-mentioned data security readers and data safety storage device can merge into a device, and wherein instruction analysis unit and instruction modification unit can process storage instruction and can process again reading instruction, and citing below is introduced.

According to a further embodiment of the invention, it is provided that a kind of data store safely and reading device.Such as Figure 25, data store safely and include with reading device 9100:

Instruction operation environment caching and recovery unit 9101, be suitable to caching and recover instruction operation environment；

Instruction acquiring unit 9102, is suitable to obtain next instruction address that will run, and this address is the first address；It is further adapted for treating the machine instruction fragment of scheduling/execution according to the first address acquisition；Wherein, the last item instruction of machine instruction fragment to be dispatched is the first jump instruction；The concrete mode obtaining machine instruction fragment to be dispatched has been described in embodiment above, repeats no more here；

Instruction retrieval unit 9104, is suitable to utilize described first address search address correspondence table；What described address correspondence table pointed to for expression the first address treats whether dispatch command fragment has the restructuring instruction fragment preserved, and the data of address correspondence table are address pair；

If finding corresponding record, instruction retrieval unit 9104 is suitable to the instruction operation environment that call instruction running environment caching is cached with recovery unit 9101 recovery, and the corresponding address jumping to find continues executing with (this has been recombinated)；

Without finding corresponding record, call instruction recomposition unit 9103 carries out reorganization operation.

Wherein, instruction recombination unit 9103 includes:

Instruction resolution unit 9111, is above-mentioned instruction analysis unit 7120 and the combination of instruction analysis unit 8120, and whether each the hardware instruction being suitable to analyze in the machine instruction fragment treating scheduling/execution described in described hardware instruction judgement is to store or read to instruct；

Instruction modification unit 9112, if instruction resolution unit 9111 finds storage or reads instruction:

For storage instruction, the destination address revised in described storage instruction is the corresponding storage address on safety storage apparatus；

For reading instruction, search mapped bitmap, and according to reading the reading address in instruction described in the data modification of mapped bitmap；

Updating block 9113, is suitable to, after instruction modification unit 9112 revises described storage instruction, update the position that described in mapped bitmap, destination address is corresponding, to embody dump；

Lock unit 9114, is adapted to set up the communication of computing terminal system and described safety storage apparatus, and is synchronized between described computing terminal system and described safety storage apparatus by mapped bitmap.

After instruction resolution unit 9111, instruction modification unit 9112, updating block 9113 and lock unit 9114 have operated, it is pop down instruction that instruction recombination unit 9103 is suitable to replace the first jump instruction, records address and the operand of the first jump instruction in pop down instructs；It is further adapted for after pop down instructs adding the second jump instruction, generates and there is two address restructuring instruction fragment；The entry address of described second jump instruction indicator device 9100；It is further adapted for the first address, the second address of restructuring instruction fragment is set up in the corresponding table in address a record.

Description based on the preceding paragraph, instruction recombination unit 9103 is in other embodiments, it is also possible to instruction resolution unit 9111, instruction modification unit 9112, updating block 9113 and lock unit 9114 as same level and column unit (as shown in figure 26).

After instruction recombination unit 9103 acquisition restructuring instruction fragment, it is further adapted for the instruction operation environment that call instruction running environment caching is cached with recovery unit 9101 recovery, and the address jumping to restructuring instruction fragment continues executing with (reorganization operation completes).

It will be appreciated by those skilled in the art that, this embodiment simply to illustrate that and illustrate, be not limiting as data security readers, data safety storage device and instruction recombination device merge mode, various data security readers, data safety storage device and the instruction recombination device of above-mentioned introduction can by various required in the way of merge.

It addition, above-mentioned method for secure storing and device can also be combined with cloud, it is ensured that the safety of data in cloud, thus accelerate the application of cloud computing (cloudcomputing) and popularize.Specific embodiment will be introduced below.

It will be understood by those skilled in the art that the said method realized at safe floor can also complete in each layer in operating system nucleus layer to hardware layer.Concrete function realize position without departing from the spirit and scope of the present invention.

The method for secure storing describing present invention offer detailed in above-described embodiment and device, compared with prior art, have the advantage that

1, secure storage method of data achieves instruction-level data dump i.e. data total dump, based on this, achieve the secure storage method of data of computing terminal system line period for the national games, on the one hand, even if making wooden horse or malice instrument achieve classified information and also cannot preserve acquired information, data are made to be present in all the time in controlled safety range；On the other hand, the local any data being no longer saved under concerning security matters state, therefore prevent the active of concerning security matters personnel to divulge a secret and passively divulge a secret；

2, receive the hardware instruction from hardware mapping layer and can improve Information Security further with all instructions of examination of 100%.

The safe read method describing present invention offer the most detailed in above-described embodiment and device, compared with prior art, have the advantage that

1, data safe reading method coordinates secure storage method of data to make data be present in all the time in controlled safety range, and ensures after safe data storage (dump), can be by dump data read-out；Owing to this locality will no longer be saved in any data under concerning security matters state, therefore prevent the active of concerning security matters personnel to divulge a secret and passively divulge a secret；

2, when safety storage apparatus is remote storage device, can be that multiple terminal is shared, improve the space service efficiency of safety storage apparatus.

Data interconnect safely

Read safely/the method and device such as storage according to data presented hereinbefore, the safe interacted system of data can be designed, it is achieved network data security.

According to one embodiment of the invention, it is provided that a kind of network environment, as shown in figure 27, this network environment includes:

Terminal system A01, terminal system A02 ... terminal system A0n (n is natural number) and storage device A80 interconnected is carried out by network 1；

Terminal system A11, terminal system A12 ... terminal system A1n (n is natural number) and storage device A81 interconnected is carried out by network 2；

Terminal system (not shown) and storage device A8n interconnected is carried out by network m；

Network 1, network 2 ... the network m and registrar A90 interconnected is carried out by network x.

Wherein, storage device (i.e. safety storage apparatus) A80, A81 ... A8n are the safety storage apparatus introduced in above example.

Storage device A80 and terminal system A01, terminal system A02 ... terminal system A0n local memory device between set up mapped bitmap；Terminal system A01, terminal system A02 ... terminal system A0n are disposed data presented hereinbefore and are stored safely/safe read method, it is also possible to instruction recombination method when disposing operation presented hereinbefore.

Storage device A81 and terminal system A11, terminal system A12 ... terminal system A1n local memory device between set up mapped bitmap；Terminal system A11, terminal system A12 ... terminal system A1n are disposed data presented hereinbefore and are stored safely/safe read method, it is also possible to instruction recombination method when disposing operation presented hereinbefore.

Mapped bitmap is set up between storage device A8n and the local memory device of terminal system interconnected by network m；The terminal system interconnected by network m is disposed data presented hereinbefore and is stored safely/safe read method, it is also possible to instruction recombination method when disposing operation presented hereinbefore.

Network X can be in network 1, network 2 ... network m, it is also possible to be different from network 1, another network of network 2 ... network m.In other words, registrar A90 can be located at network 1, in one of network 2 ... network m, network 1, network 2 ... network m interconnect.

Can also include data server or application server etc. in network 1, network 2 ... network m, it sets up mapped bitmap with the corresponding storage device in each network；Server disposition data presented hereinbefore store safely/safe read method, it is also possible to instruction recombination method during operation.

Registrar A90 can have one, it is possibility to have multiple.Registrar A90 is used for providing terminal system access authentication, and i.e. when terminal system wishes to get involved this network environment or network system, registrar A90 receives its registration request and determines whether that it accesses.The operation of registrar A90 will be discussed in more detail below.

According to one embodiment of the invention, in this network environment, the storage of the data of terminal system and read operation can store safely according to above-mentioned data and carry out with read method.

Concrete, terminal system (or data server/application server) data manipulation method S800 includes:

S801, initialization operation, including:

S8011, from setting up the safety storage apparatus synchronization map bitmap of mapped bitmap with local memory device, save as the first mapped bitmap；Save location can be in internal memory；

S8012, from registrar synchronous safety address table, save as local security address table (being referred to as the first secure address table)；Save location can be in internal memory；

S802, receives hardware instruction；

S803, analyzes and judges whether this hardware instruction is to read instruction, storage instruction or transmission instruction；

S804, if these three kinds instructions, carries out instruction and processes as follows:

S8041, for storage instruction, is revised as the corresponding storage address setting up on the safety storage apparatus of mapped bitmap with local memory device by the local destination address in storage instruction；

S8042, for reading instruction, obtains the source address read in instruction, utilizes source address to retrieve the first mapped bitmap, and reads the reading address in instruction according to the data modification of mapped bitmap；

S8043, for transmission instruction, obtains the destination address in transmission instruction, utilizes destination address to retrieve the first secure address table, it is judged that whether destination address is secure address, if it is not, refuse this transmission instruction；

S805, is sent to hardware layer by amended or the most unaccepted hardware instruction.

According to a further embodiment of the invention, S8041 can also include:

Update the first mapped bitmap, destination address (sector) " position " of correspondence in the first mapped bitmap is set to 1 or the labelling of other instruction dumps；Further, the mapped bitmap being updated over is synchronized to the safety storage apparatus of correspondence, safety equipment save as the second mapped bitmap.

Calculating equipment in above-mentioned network environment i.e. constitutes a kind of embodiment of the safe interacted system of data that the present invention provides.More embodiments of the safe interacted system of data will be explained below introducing.

According to one embodiment of the invention, it is provided that the safe interacted system of a kind of data set up process, as shown in figure 28 a, this is set up process S900 and includes:

S901a, calculating equipment (being shown as computing terminal 1 in figure) send registration request to registrar；

S901b, registrar inquire whether this calculating equipment agrees to the data taken over operated by this calculating equipment by safety storage apparatus and access；

S901c, the equipment that calculates send response message to registrar；

If this response of S902a is for disagreeing adapter, registrar refuses the registration request of this calculating equipment, terminates this and sets up process；(this step is not shown)

If this response of S902b is for agreeing to adapter, registrar disposes above-mentioned secure storage method of data and read method and safe transmission method on the computing device, and registrar agrees to this calculating facility registration；

S902c, registrar are this calculating deployed with devices safety storage apparatus, complete to set up process, simultaneously will be complete cut off between this calculating equipment and any storage device except safety storage apparatus in addition to mutual, and also by mutual with the all-network in addition to safe interacted system for cut-out.

" cut-out " therein is through the operation of instruction-level, utilizes bitmap to be redirected to the operation of all of storage device in addition to safety storage apparatus to realize on safety storage apparatus.

The deployment area of this safety storage apparatus be do not have conditional, can be local at the equipment of calculating, it is also possible to be positioned in the LAN at calculating equipment place, it is also possible to be positioned in the LAN at registrar place, as long as have network can physical connection the most permissible.

In other embodiments of the present invention, registrar can also when the operation that this calculating deployed with devices is above-mentioned instruction recombination method, it is achieved instruction recombination or tracking during operation.Now, it is also possible to realize instruction recombination method and the combination S6000 of data safety access method during the most above-mentioned operation.

After calculating equipment (such as terminal system or intelligent terminal) completes registration, stored safely and read method by above-mentioned data, sensitive data or secure data will be preserved in safety storage apparatus.

According to one embodiment of the invention, having been added in data server in safe interacted system, this data server also adds according to S900 registration, the safety storage apparatus of its correspondence for example, safety storage apparatus 1.

When calculating equipment (such as computing terminal 2) needs to access the data in safe interacted system, first, safe interacted system, the safety storage apparatus of its correspondence for example, safety storage apparatus 2 are added according to S900 registration.

Then, as depicted in fig. 28b, the computing terminal 2 data access process S910 in the safe interacted system of data includes:

S911, calculating equipment (such as computing terminal 2) send access request to data server；

S912, data server send secure address inquiry message to registrar, inquire whether this computing terminal 2 is secure address；

S913, registrar send secure address response message to data server, inform whether this computing terminal 2 is secure address；

If after S914 obtains affirmative acknowledgement, data server reads corresponding data according to this request, and this reading process is above-mentioned data safe reading method；If obtaining negative response, then data server ignores described data access request；

S915, data server send data answering to computing terminal 2；With

If S916 computing terminal 2 needs to preserve data, then according to above-mentioned secure storage method of data, in safety storage apparatus 2, preserve data.

In another embodiment, the content that in above-described embodiment, registrar is completed can also complete in each terminal system, and the most each terminal system is a registrar simultaneously.If needing terminal oneself to complete to confirm the task that client is the safest, so need a kind of mechanism, any one of terminal check can be allowed to be connected to the machine upper portion of terminal by network affixed one's name to data black hole system and (include that above-mentioned data store safely/read method, instruction recombination method during above-mentioned operation can also be included, above-mentioned data safe transmission method can also be included), and each terminal oneself one certification registration table of maintenance.

After having had this mechanism, when terminal receives any one network request, first verify that whether the promoter of request deploys data black hole system, being verified, add the promoter of request in the certification registration table of terminal, so promoter's (another machine) of request is just by this terminal authentication.Whether the promoter of checking request deploys data black hole system can use mutual trust verification algorithm based on timestamp to carry out, being verified, add the promoter of request in the certification registration table of terminal, so promoter's (another machine) of request is just by this terminal authentication.

Accordingly, above-mentioned data access method S910 needs to be adjusted.According to one embodiment of the invention, as shown in Figure 28 c, there is the data access method S940 (being also simultaneously a kind of data safety mutual contact construction in a systematic way cube method) calculating equipment of registering functional, including:

S941, computing terminal 1 send access request to computing terminal 2；

S942, computing terminal 2 send to computing terminal 1 and dispose inquiry, i.e. whether inquiry computing terminal 1 is agreed to dispose above-mentioned secure storage method of data and read method；

S943, computing terminal 1 send to computing terminal 2 and dispose response；

In order to whole access process is described, in the present embodiment, computing terminal 1 sends affirmative acknowledgement；If computing terminal 1 sends negative response, then the information with computing terminal 2 terminates alternately, and data access can not complete；

S944, computing terminal 2 is to computing terminal 1 dispositions method and specifies safety storage apparatus；The most above-mentioned data of described method store safely and data safe reading method, it is also possible to instruction recombination method when including above-mentioned data safe transmission method and run；Described safety storage apparatus is safety storage apparatus 1；

S945, computing terminal 2 utilize safe read method to read, from the safety storage apparatus 2 of its correspondence, the data that computing terminal 1 will access；

S946, computing terminal 2 send to computing terminal 1 and access response；With

If S947 needs to preserve data, calculating equipment 1 utilizes secure storage method of data the access data obtained to be saved in the safety storage apparatus 1 of its correspondence.

Optionally, each computing terminal is safeguarded a register list, such as, after computing terminal 1 deploys data black hole system, computing terminal 1 is added the register list of computing terminal 2, it is also possible to computing terminal 2 is added the register list of computing terminal 1 simultaneously.

Optionally, before step S942, can first check whether to have deployed secure storage method of data and read method (or data black hole system).

As shown in figure 28d, according to a further embodiment of the invention, it is provided that a kind of have registering functional calculate equipment data access method S950, including:

S951, computing terminal 1 send access request to computing terminal 2；

S952, computing terminal 2 send to dispose to computing terminal 1 and check message, and this message has deployed data black hole system (or above-mentioned data safety access method) for checking on computing terminal 1；

S953, computing terminal 1 send to dispose to computing terminal 2 and check feedback message；

This feedback message comprises one or one group of numerical value, and according to this numerical value, computing terminal 2 will can interpolate that computing terminal 1 has deployed data black hole system；

S954, computing terminal 2 determine the deployable state of computing terminal 1, i.e. judge whether computing terminal 1 deploys data black hole system；

(1) if described deployment checks that feedback message determines that data black hole system disposed by computing terminal 1, then continue executing with:

S955, computing terminal 2 utilize safe read method to read, from the safety storage apparatus 2 of its correspondence, the data that computing terminal 1 will access；

S956, computing terminal 2 send to computing terminal 1 and access response；

If S957 needs to preserve data, calculating equipment 1 utilizes secure storage method of data the access data obtained to be saved in the safety storage apparatus 1 of its correspondence.

(2) if described deployment checks that feedback message determines that data black hole system the most do not disposed by computing terminal 1, then above-mentioned data access method S940 is performed:

S943, computing terminal 1 send to computing terminal 2 and dispose response；

S944, computing terminal 2 is to computing terminal 1 dispositions method and specifies safety storage apparatus；The most above-mentioned data of described method store safely and data safe reading method；Described safety storage apparatus is safety storage apparatus 1；

Above-mentioned steps S953-S954 may include that and utilizes mutual trust verification algorithm based on timestamp to judge by computing terminal 1 with computing terminal 2 the other side has deployed data black hole system (process similar CHAP agreement).

Optionally, each computing terminal is safeguarded a register list, such as, after computing terminal 1 deploys data black hole system, computing terminal 1 is added the register list of computing terminal 2, it is also possible to computing terminal 2 is added the register list of computing terminal 1 simultaneously.When certain computing terminal accesses the machine, first checking for whether registration class table comprises this computing terminal, if comprised, illustrating to have registered, it is not necessary to carry out disposing checking or disposing the operations such as inquiry again.

Optionally, said method S950 can improve further, is actively illustrated self to have disposed data black hole system by accessing initiator.As shown in Figure 28 e, according to a further embodiment of the invention, it is provided that a kind of have registering functional calculate equipment data access method S960, including:

S961, computing terminal 1 send access request to computing terminal 2；

S962, computing terminal 1 send " deployment advertisement message " to computing terminal 2, and this message is used for notifying that computing terminal 2 has deployed data black hole system (or above-mentioned data safety access method) on computing terminal 1；

S963, computing terminal 2 determine the deployable state of computing terminal 1, i.e. judge whether computing terminal 1 deploys data black hole system；

S964, computing terminal 2 utilize safe read method to read, from the safety storage apparatus 2 of its correspondence, the data that computing terminal 1 will access；

S965, computing terminal 2 send to computing terminal 1 and access response；

If S966 needs to preserve data, calculating equipment 1 utilizes secure storage method of data the access data obtained to be saved in the safety storage apparatus 1 of its correspondence.

Further, each terminal be a registrar embodiment in, for convenience computing terminal use and in order to make safe interacted system have unidirectional import feature (data only import but no export), according to a further embodiment of the invention, the calculating equipment (such as terminal system A01) in the safe interacted system of data has two patterns:

In the flrst mode, it is also called safe mode, instruction recombination platform on calculating equipment runs (when deploying above-mentioned operation the most on the computing device instruction recombination method or when applying above-mentioned operation instruction recombination device), data storage and reading all complete on its safety storage apparatus distributed, and complete cut off between this calculating equipment and any storage device in addition to safety storage apparatus mutual, also cut off this calculating equipment mutual (shielding dependent instruction by instruction recombination platform during above-mentioned operation) with the all-network in addition to safe interacted system；

Under the second mode, being also called general mode, the instruction recombination platform on calculating equipment does not runs, and registration service function does not enables, and the calculating equipment under general mode can use as common calculating equipment, such as, can obtain data from other network nodes.

It addition, can not mutually access between the calculating equipment of general mode and safe mode calculating equipment.For example, it is assumed that computing terminal 1 is in safe mode and computing terminal 2 is in general mode.If computing terminal 2 computing terminal to be accessed 1, computing terminal 2 will send access request to computing terminal 1, and transmission is disposed and checked message by computing terminal 1, and computing terminal 1 cannot obtain the effective response of computing terminal 2, and access can not be carried out.If computing terminal 1 computing terminal to be accessed 2, computing terminal 1 needs to send access request to computing terminal 2, computing terminal 1 can attempt to obtain the deployment inspection information of computing terminal 2 equally before transmitting, if computing terminal 1 cannot obtain the effective response of computing terminal 2, access can not be carried out.

The switching of above two pattern can complete by carrying out system reboot, concrete, and which kind of pattern interrogation system user wants to enter at the beginning of system start-up, and system user determines to enter which kind of pattern according to the use demand of oneself.

Generally corresponding, according to one embodiment of the invention with method S900 of above description, S910, it is provided that a kind of computing terminal (i.e. calculating equipment).As shown in Figure 28 f, this computing terminal f00 includes:

I/O interface f01, is suitable to set up with registrar f11 be connected and communicate；

Registering unit f02 that is connected respectively with I/O interface f01, black hole unit f03, query unit f04.

Wherein, registering unit f02 is suitable to be registered to registrar f11 by I/O interface f01；

The work process of registering unit f02 includes that the information with registrar is mutual, for registering or accept the deployment inspection of registrar on registrar, is specifically referred to method S900, S910 and S950.

Wherein, unit f03 in black hole is suitable to receive the data black hole system that registrar f11 disposes；Described data black hole system is defined in introduction above.Such as, data black hole system includes (i.e. achieving) above-mentioned secure storage method of data and data safe reading method, or data black hole system includes above-mentioned data safety storage device and data security readers；Data black hole system can also include instruction recombination method during above-mentioned operation, or includes instruction recombination device during above-mentioned operation；Data black hole system can also include above-mentioned data safe transmission method etc..

This black hole unit f03 is further adapted for carrying out data interaction with other computing terminals or calculating equipment, such as, include sending access request etc..

Wherein, query unit f04 is suitable to send inquiry message to registrar f11, inquires that certain calculating equipment has been registered.

Generally corresponding, according to one embodiment of the invention with method S900 of above description, S910, it is provided that a kind of registrar.As shown in Figure 28 g, this registrar g00 includes:

I/O interface g01, is suitable to calculating equipment that (calculating equipment g11 in such as figure and calculate equipment g12 is also called calculating equipment a and calculates equipment b) and connect and communicate；

Dispose inspection unit g02, be suitable to send to dispose to calculating equipment check message, check that calculating equipment has deployed data black hole system；Check that interaction is referred to method S950；If disposing inspection unit g02 to check that this calculating equipment of discovery has deployed data black hole system, disposing inspection unit g02 and being further adapted for updating register list g05, this calculating equipment is added to be entered in register list；If disposing inspection unit g02 to find that this calculating equipment not yet disposes data black hole system, starting and disposing inquiry unit g03；

Dispose inquiry unit g03, be suitable to send inquiry message to calculating equipment, inquire whether this calculating equipment agrees to the data taken over operated by this calculating equipment by safety storage apparatus and access；Response message if from the equipment of calculating represents and disagrees adapter, refuses the registration request of this calculating equipment, terminates；If this response is for agreeing to adapter, caller deployment unit g04 disposes data black hole system；

Program deployment unit g04, is suitable to calculating deployed with devices data black hole system, after deployment terminates, is further adapted for updating register list g05, this calculating equipment adds entering in register list.

This registrar g00 also includes: trade mark enquiries unit g06, for receiving the inquiry such as calculating equipment g12 from computing terminal, check that certain specific computing terminal has been registered by inquiry register list g05, and to calculating equipment g12 feedback query result.

Generally corresponding, according to a further embodiment of the invention with method S940 of above description, S950, it is provided that a kind of computing terminal.As shown in Figure 28 h, this calculating equipment h00 includes:

I/O interface h01, is suitable to calculating equipment that (the calculating equipment h11 in such as figure is also called calculating equipment c) and connects and communicate；

Dispose inspection unit h02, be suitable to (such as calculate equipment c) send deployment inspection message to calculating equipment, check that calculating equipment has deployed data black hole system；Check that interaction is referred to method S950；If disposing inspection unit h02 to check that discovery this calculating equipment c has deployed data black hole system, disposing inspection unit h02 and being further adapted for updating register list h06, this calculating equipment c is added to be entered in register list；If disposing inspection unit h02 to find that this calculating equipment c not yet disposes data black hole system, starting and disposing inquiry unit h03；

Dispose inquiry unit h03, be suitable to (such as calculate equipment c) send inquiry message to calculating equipment, inquire whether this calculating equipment agrees to the data taken over operated by this calculating equipment by safety storage apparatus and access；Response message if from the equipment of calculating represents and disagrees adapter, refuses the registration request of this calculating equipment, terminates；If this response is for agreeing to adapter, caller deployment unit h04 disposes data black hole system；

Program deployment unit h04, is suitable to calculating deployed with devices data black hole system, after deployment terminates, is further adapted for updating register list h06, this calculating equipment adds entering in register list.

This calculating equipment h00 also includes: black hole unit h05, is suitable to dispose data black hole system.This black hole unit h05 is further adapted for carrying out data interaction with other computing terminals or calculating equipment, such as, include sending access request etc..

Generally corresponding with method S960 of above description, according to a further embodiment of the invention, it is provided that a kind of computing terminal/calculating equipment.As shown in Figure 28 i, this calculating equipment i00 includes:

I/O interface i01, is suitable to calculating equipment that (the calculating equipment i11 in such as figure is also called calculating equipment d) and connects and communicate；

Dispose inspection unit i02, be suitable to receive the access request from other calculating equipment (such as calculating equipment i11) and deployment advertisement message；If determining that calculating equipment i11 has deployed data black hole system by disposing advertisement message, then update register list i04, this calculating equipment d is added to be entered in register list；

Black hole unit i03, is suitable to dispose data black hole system, is further adapted for carrying out data interaction with other computing terminals or calculating equipment i11, such as, includes sending access request, disposing advertisement message etc..

It addition, instruction recombination method when black hole unit i03 is further adapted for disposing above-mentioned operation.Now, calculate equipment i00 and can have both of which, the most above-mentioned safe mode and general mode.

It addition, this calculating equipment i00 can also include disposing inquiry unit and program deployment unit, when disposing inspection unit i02 and finding that calculating equipment d does not dispose data black hole system, carry out disposing inquiry and deployment operation.

In other embodiments of the present invention, computing terminal in above-described embodiment or the units/components quantity in registrar can carry out increasing and decreasing (such as required, I/O interface can not be comprised, unit directly couples with destination object), the components and functionality provided in each embodiment can also be provided, or with the parts in known elements alternative embodiment.

It will be appreciated by those skilled in the art that; the embodiment of above-mentioned computing terminal and registrar is all that citing describes; it is not intended as the meaning of restriction, the protection domain that the deformation that said apparatus may be carried out by any those of ordinary skill in the art is stated without departure from the claims in the present invention.

Wide area network data interconnects safely

With continued reference to Figure 27, if one or more not at same LAN in network 1, network 2 and network m, the following will discuss the safe interacted system of data in this case.

According to one embodiment of the invention, it is provided that a kind of safe interacted system of wide area network data.As shown in figure 29, the safe interacted system of this wide area network data includes:

Be positioned at terminal system B01 in LAN 1, terminal system B02 ..., terminal system B0n, storage device B80；

Be positioned at terminal system B11 in LAN 2, terminal system B12 ..., terminal system B1n, storage device B81；

Be positioned at terminal system B21 in LAN m, terminal system B22 ..., terminal system B2n, storage device B82；

Virtual secure with LAN 1, LAN 2 and LAN m interconnection stores server B 30 respectively.

Wherein, virtual secure storage server B 30 is as the trunk node of distributed file system, and storage device B80-B82 is each partial node of distributed file system.Terminal B11 has only to access virtual secure storage server B 30, can be obtained the data of storage device B80, B81 and B82 by virtual secure storage server B 30.Data access in all LANs is the most directly carried out, and the data access between all LANs is essentially all and carries out transfer by virtual secure server B 30.

It addition, in the safe interacted system of wide area network, each node (including that storage device and terminal system even virtual secure stores server) autonomous foundation accesses and controls registration (such as said method S950 or S960).

According to a further embodiment of the invention, it is provided that a kind of safe interacted system of wide area network data.As shown in figure 30, the safe interacted system of this wide area network data includes:

Be positioned at terminal system C01 in LAN 1, terminal system C02 ..., terminal system C0n；

Be positioned at terminal system C11 in LAN 2, terminal system C12 ..., terminal system C1n；

Be positioned at terminal system C21 in LAN m, terminal system C22 ..., terminal system C2n；

Centralized safety with LAN 1, LAN 2 and LAN m interconnection is stored server C30, including storage device C80, storage device C81 and storage device C82 etc. respectively.

Wherein, centralized safety storage server C30 has the corresponding network port and lan address to distribute to each LAN 1, LAN 2 and LAN m respectively.

Centralized safety storage server C30 has the function of registrar in above-described embodiment.Terminal system in LAN 1, LAN 2 and LAN m is the most registered on centralized safety storage server C30, and instruction recombination method when being deployed the methods such as above-mentioned safety reading/storage and run.

Centralized safety storage server C30 includes multiple storage device, such as storage device C80, storage device C81 and storage device C82 etc..These storage devices are already allocated to the system terminal in safe interacted system in each LAN, as the safety storage apparatus used in its secure access method.Concrete, the data that centralized safety storage server C30 provides in terminal system deployment present invention store safely with read method when, storage device C80 distributes to the terminal system in LAN 1 as safety storage apparatus；Storage device C81 distributes to the terminal system in LAN 2 as safety storage apparatus；Storage device C82 distributes to the terminal system in LAN m as safety storage apparatus.

According to one embodiment of the invention, above-mentioned wide area network data safety mutual contact construction in a systematic way cube method includes:

SA01, calculating equipment (such as system terminal C01) send registration request to safety storage server B 30 or C30；

SA02, safety storage server B 30 or C30 inquire whether this calculating equipment agrees to the data taken over operated by this calculating equipment by safety storage apparatus and access；

It is to agree to the response message of adapter that SA03, the equipment that calculates send response message, such as content to safety storage server B 30 or C30；

SA04, safety storage server B 30 or C30 (being to agree to the response message of adapter according to content) are disposed data black hole system on the computing device, and are registered this calculating equipment；

SA05, safety storage server B 30 or C30 are this calculating deployed with devices safety storage apparatus (such as storage device C80), complete to set up process.

If safety storage server B 30 or C30 instruction recombination method when the operation that this calculating deployed with devices is above-mentioned, it becomes possible to instruction recombination or tracking when realizing running.Now, it is also possible to realize instruction recombination method and the combination S6000 of data safety access method during the most above-mentioned operation.

After calculating equipment (such as terminal system or intelligent terminal) completes registration, stored safely and read method by above-mentioned data, data will be preserved in safety storage apparatus, or from safety storage apparatus, read data.

The safe interacted system of network payment

Apply the safe interacted system of above-mentioned data, according to one embodiment of the invention, it is provided that a kind of safe interacted system of network payment.As shown in figure 31, the safe interacted system of this network payment includes:

It is positioned in network 1: registrar D91, the safety storage apparatus D81 of data server D01 and correspondence thereof, pays application server D02 and the safety storage apparatus D82 of correspondence thereof；

It is positioned in the network 2 interconnected with network 1: the safety storage apparatus D83 of registrar D90, network terminal D03 (computer), mobile terminal D04, and the two correspondence；With

It is positioned at and pays in the network 3 that application server D02 interconnects: the safety storage apparatus D84 that registrar D92, account settlement server D05, account data server D06, and account data server are corresponding with account settlement server.

Wherein, the interface paying application server access network 1 is referred to as application interface, and the interface of access network 3 is referred to as payment interface.

Wherein, network 1 and network 2 can be a network.

Wherein, data server D01, application server D02, network terminal D03, the mobile terminal D04 method the most according to S900 presented hereinbefore that pays are registered by registrar D90 and registrar D91 and are added the safe interacted system of network 1 and network 2 respectively；Pay application server D02, account settlement server D05, account data server D06 and the most add safe interacted system according to the method for S900 presented hereinbefore by registrar D92 registration.Lay respectively among network 1 and network 3 owing to paying application server D02, so registering to registrar D91 and D92 respectively.

Wherein, data server D01, paying safety storage apparatus corresponding to application server D02 can also be identical；Network terminal D03, safety storage apparatus corresponding for mobile terminal D04 can also be different；Account settlement server D05, safety storage apparatus corresponding for account data server D06 can also be different.

Wherein, registrar D90, D91 and D92 to each deployed with devices registered instruction recombination method and safety based on the method storage/reading/transmission method during above-mentioned operation.

With continued reference to Figure 31, in the safe interacted system of network payment, network terminal D03 or mobile terminal D04 can access the data server D01 in network 1, and the preservation access information that accesses to your account (access information can certainly be preserved in this locality, its process is identical with S910) can be set up on data server D01.

The process that network terminal D03 or mobile terminal D04 accesses the data server D01 in network 1 is similar to S910, but adds the step preserving access information on data server D01.Concrete, this process (i.e. the processing procedure of the data access request of computing terminal) S920 includes:

S921, calculating equipment (network terminal D03 or mobile terminal D04) send access request to data server D01；This access request can be transmitted directly to data server D01 by calculating equipment, it is also possible to is transmitted to data server D01 by other application servers；

S922, data server D01 send secure address inquiry message to registrar D90, inquire whether this computing terminal is secure address；

S923, registrar D90 send secure address response message to data server D01, inform that this computing terminal is secure address；

S924, obtain affirmative acknowledgement after, data server D01 according to this request read corresponding data, this reading process is above-mentioned data safe reading method；If obtaining negative response, then data server D01 ignores described data access request；

S925, data server D01 send data answering to computing terminal；

S926, computing terminal determine that a part is accessed data is saved on data server D01, and according to above-mentioned secure storage method of data, data server D01 preserves data to safety storage apparatus D81.

With continued reference to Figure 31, in the safe interacted system of network payment, network terminal D03 or mobile terminal D04 can buy the product or service accessed by the payment application server D02 in network 1.

Network terminal D03 or mobile terminal D04 (by application interface) is accessed and pays application server D02, then included by process (i.e. the processing procedure paying request of the computing terminal) S930 of payment application server D02 access account settlement server D05:

S931, calculating equipment (network terminal D03 or mobile terminal D04) send, to paying application server D02, the request of payment；

This payment request can be transmitted directly to pay application server D02 by calculating equipment, it is also possible to is transmitted to pay application server D02 by other application servers；

This payment request comprises fund account information and the Transaction Information of user；Described fund account information can be entity bank account, virtual bank's account and other kinds of fund account information, and described Transaction Information includes number of transaction, unit price etc.；

S932, payment application server D02 send secure address inquiry message to registrar D90, inquire whether this computing terminal is secure address；

S933, registrar D90 send secure address response message to paying application server D02, inform that this computing terminal is secure address；

If S934 obtains negative response, then pay application server D02 and ignore described payment request；If obtaining affirmative acknowledgement, paying application server D02 and calculate transaction data according to the Transaction Information paid in request and generate settlement information；Settlement information can be a concrete numerical value (i.e. required payment), it is also possible to for a series of data for calculating settlement information；

S935, payment application server D02 (passing through payment interface) send settlement request to account settlement server D05；Described settlement request includes fund account information and the settlement information of user；

S936, account settlement server D05 send secure address inquiry message to registrar D92, inquire whether this payment application server D02 is secure address；

S937, registrar D92 send secure address response message to account settlement server D05, inform that this payment application server D02 is secure address；

S938, account settlement server D05 call the fund account data of correspondence according to the fund account information (such as account name and account ID) in settlement information；

Judge whether fund account data disclosure satisfy that the requirement of settlement information；

If can not meet, send to payment application server D02 and unsuccessfully reply；

If can meet, carry out the settlement operations amount of money of settlement information (will deduct from fund account data), the fund account data of renewal are saved in the safety storage apparatus D84 of correspondence, and send successful respond to paying application server D02；

S939, payment application server D02 send success or failure response according to the success or failure response received to computing terminal, and if successful respond, preserve this payment request information on corresponding safety storage apparatus D82.

Wherein, in step S938, account settlement server D05 can also access account data server D06 to obtain fund account data.

By data security feature, (such as data store safely/read/transmission method to above-mentioned safe interacted system (the such as data safe interacted system of safe interacted system/network payment), and store safely/read/transmission method based on the data of instruction recombination method when running) implant in LAN or wide area network, it is ensured that the safety of sensitive data in LAN and Wide Area Network.Even if rogue program is invaded, its any data accessed, all without being stolen, even all will be confined among the safety storage apparatus of safe interacted system together with rogue program itself forever.

Above-mentioned safe interacted system has not only safely provided strong support to the data in cloud computing, more network payment and the universal basis having established safety of mobile payment.

It should be noted that and understand, in the case of without departing from the spirit and scope of the present invention required by appended claims, it is possible to the present invention of foregoing detailed description is made various modifications and improvements.It is therefore desirable to the scope of the technical scheme of protection is not limited by given any specific exemplary teachings.

Claims

1. a method for building up for the safe interacted system of data, including:

Step 1, calculating equipment send registration request to registrar；

Step 3, the equipment that calculates send response message to registrar；With

Step 4, registrar check described response message；

Wherein, secure storage method of data includes:

Step a1, reception hardware instruction；

Step a2, analyze described hardware instruction；

Step a4, amended storage instruction is sent to hardware layer；

Wherein, data safe reading method includes:

Step b1, reception hardware instruction；

Step b2, analyze described hardware instruction；

Step b5, amended reading instruction is sent to hardware layer.

2. the method for building up of the safe interacted system of data as claimed in claim 1, wherein, after step a3, secure storage method of data also includes:

3. the method for building up of the safe interacted system of data as claimed in claim 2, wherein, before step a1, secure storage method of data also includes:

4. the method for building up of the safe interacted system of data as claimed in claim 1, wherein, before step b4, data safe reading method also includes:

5. the method for building up of the safe interacted system of data as claimed in claim 1, wherein, in step a1 and b1, described hardware instruction is from hardware mapping layer.

6. the method for building up of the safe interacted system of data as claimed in claim 1, wherein, in step 4, instruction recombination method when registrar disposes operation the most on the computing device, during this operation, instruction recombination method includes:

Step c1, cache instruction running environment；

Step c2, obtaining machine instruction fragment to be scheduled, the last item instruction of described machine instruction fragment is the first jump instruction；Before the last item instruction of the machine instruction fragment of described acquisition, insert the second jump instruction, the entry address of described second jump instruction directional order restructuring platform, generate restructuring instruction fragment；The value of the address register in the instruction operation environment of described caching is revised as the address of restructuring instruction fragment；

7. the method for building up of the safe interacted system of data as claimed in claim 1, wherein, in step 4, instruction recombination method when registrar disposes operation the most on the computing device, during this operation, instruction recombination method includes:

Step d1, cache instruction running environment；

8. the method for building up of the safe interacted system of data as claimed in claim 1, wherein, in step 4, instruction recombination method when registrar disposes operation the most on the computing device, during this operation, instruction recombination method includes:

Step e1, cache instruction running environment；

9. it is applied to a data access method for the safe interacted system of data that method according to any one of claim 1-8 is set up, including:

10. data access method as claimed in claim 9, after step 5, also includes:

11. 1 kinds of safe interacted systems of data, including: calculate equipment, safety storage apparatus and registrar；

The 12. safe interacted systems of data as claimed in claim 11, wherein, described registrar is suitable to:

Receive the registration request from the equipment of calculating；

The 13. safe interacted systems of data as claimed in claim 11, wherein, instruction recombination method when described registrar is further adapted for disposing operation on the computing device, during this operation, instruction recombination method includes:

Step c1, cache instruction running environment；

The 14. safe interacted systems of data as claimed in claim 11, wherein, instruction recombination method when described registrar is further adapted for disposing operation on the computing device, during this operation, instruction recombination method includes:

Step d1, cache instruction running environment；

The 15. safe interacted systems of data as claimed in claim 11, wherein, instruction recombination method when described registrar is further adapted for disposing operation on the computing device, during this operation, instruction recombination method includes:

Step e1, cache instruction running environment；

16. 1 kinds calculate equipment, including:

Wherein, secure storage method of data includes:

Step a1, reception hardware instruction；

Step a2, analyze described hardware instruction；

Step a4, amended storage instruction is sent to hardware layer；

Wherein, data safe reading method includes:

Step b1, reception hardware instruction；

Step b2, analyze described hardware instruction；

Step b5, amended reading instruction is sent to hardware layer.

17. calculate equipment, wherein, instruction recombination method when described data black hole system also includes running as claimed in claim 16, and during this operation, instruction recombination method includes:

Step c1, cache instruction running environment；

Step c2, obtaining machine instruction fragment to be scheduled, the last item instruction of described machine instruction fragment is the first jump instruction；Before the last item instruction of the machine instruction fragment of described acquisition, insert the second jump instruction, the entry address of described second jump instruction directional order restructuring platform, generate restructuring instruction fragment；The value of the address register in the instruction operation environment of described caching is revised as the address of restructuring instruction fragment；With

18. calculate equipment, wherein, instruction recombination method when described data black hole system also includes running as claimed in claim 16, and during this operation, instruction recombination method includes:

Step d1, cache instruction running environment；

19. calculate equipment, wherein, instruction recombination method when described data black hole system also includes running as claimed in claim 16, and during this operation, instruction recombination method includes:

Step e1, cache instruction running environment；

20. 1 kinds of registrar, including:

Program deployment unit, is suitable to calculating deployed with devices data black hole system, after deployment terminates, is further adapted for adding this calculating equipment entering in register list；

Wherein, secure storage method of data includes:

Step a1, reception hardware instruction；

Step a2, analyze described hardware instruction；

Step a4, amended storage instruction is sent to hardware layer；

Wherein, data safe reading method includes:

Step b1, reception hardware instruction；

Step b2, analyze described hardware instruction；

Step b5, amended reading instruction is sent to hardware layer.

21. registrar as claimed in claim 20, wherein, the response message if from the equipment of calculating represents and disagrees adapter, disposes inquiry unit and is suitable to refuse the registration request of this calculating equipment；If this response is for agreeing to adapter, disposes inquiry unit and be suitable to caller deployment unit deployment data black hole system.

22. registrar as claimed in claim 20, also include:

Trade mark enquiries unit, is suitable to receive the inquiry from the equipment of calculating, checks that certain specific calculating equipment has been registered by inquiry register list, and to calculating equipment feedback query result.

23. registrar as claimed in claim 20, also include:

Dispose inspection unit, be suitable to send to dispose to calculating equipment check message, check that calculating equipment has deployed data black hole system.

24. registrar as claimed in claim 22, wherein, if disposing inspection unit inspection to find that described calculating equipment has deployed data black hole system, disposing inspection unit and being further adapted for updating register list, this calculating equipment adds entering in register list；If disposing inspection unit to find that this calculating equipment not yet disposes data black hole system, starting and disposing inquiry unit.