CN104239096A - Method and unit for realizing security data partitions in Android system - Google Patents
Method and unit for realizing security data partitions in Android system Download PDFInfo
- Publication number
- CN104239096A CN104239096A CN201410442668.1A CN201410442668A CN104239096A CN 104239096 A CN104239096 A CN 104239096A CN 201410442668 A CN201410442668 A CN 201410442668A CN 104239096 A CN104239096 A CN 104239096A
- Authority
- CN
- China
- Prior art keywords
- subregion
- secure data
- read
- write
- partition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a unit for realizing security data partitions in the Android system, wherein the method includes the following steps: at least one security data partition for storing security data is set in a reserved partition space in a Linux system partition; a program for reading and writing the security data partition in a Linux system kernel and a read/write permission are set; an access interface for the security data partition is set, and rules of accessing the security data partition are set. Since the method and the unit for realizing security data partitions in the Android system set the security data partition in the Linux system partition, when a user uses an upgrading tool, the data stored in the security data partition cannot be automatically erased and modified, only corresponding method and parameter specifications can be used for reading, writing and accessing the data in the security data partition, and thereby the method and the unit for realizing security data partitions in the Android system are favorable for the security application of the Android system in fields such as finance and security.
Description
Technical field
The present invention relates to android system application, particularly relate to method and device that android system realizes secure data district.
Background technology
Secure data subregion: android system is as a kind of portable operating system of opening, be widely used in mobile phone, in the consumer electronics products such as panel computer, and for finance, the conditional electronic industry fields such as security protection, when employing android system is as product operation system, often need can to retain some data for sector application or demand for security outside Android system, the storage of this part data is independent of outside each subregion of android system, invisible to the domestic consumer of Android system, and when user carries out system upgrade or date restoring by normal mode, reservation can be able to can not be eliminated.
Android system: in the application of electronic product, main data storage medium is mmc, the storage chips such as flash, generally poke medium can be divided into four parts to store: system, cache, userdata, sdcard, be respectively used to storage system file, memory cache file, subscriber data file, and simulate external storage space.This is in four subregions, and the storage mode of user data is all the form using file or database, be visible substantially, and user or third party can use general system upgrade instrument to wipe for user.
Linux system subregion: outside Android file system, system also needs to distribute some storage spaces in order to run boot, system kernel, and virtual memory system etc., the storage of this part data is independent of outside Android file system, can be undertaken wiping and refreshing by general-purpose system upgrading tool, but the application program under android system environment cannot be conducted interviews to it by conventional method.
Secure data district is arranged on linux system subregion and forms a new subregion, general-purpose system upgrading tool would not refresh the data in secure data district, so provide a kind of secure data to be arranged in linux system subregion, and the method for interior data can be normally used to be necessary.
summary of the invention
Fundamental purpose of the present invention, for providing a kind of android system in the processes such as brush machine upgrading, can retain method and the device of secure data.
In order to realize foregoing invention object, first proposing a kind of method that android system realizes secure data district in the embodiment of the present invention, comprising:
In partition space reserved in Linux system subregion, at least one secure data subregion for storage security data is set;
Program to the read and write access of secure data subregion in Linux system kernel is set, and the authority of read-write;
The access interface of secure data subregion is set, the rule of setting access security data partition.
Further, in described partition space reserved in Linux system subregion, before at least one step for the secure data subregion of storage security data is set, comprising:
The size of original each subregion in adjustment Linux system subregion, reserved partition space.
Further, the rule step of described setting access security data partition, comprising:
Read-write operation information is received by application program;
By background service program according to read-write operation information, calculate the space address of required access;
By system file interface, secure data subregion is conducted interviews;
The respective drive program calling read-write storage medium is read and write secure data subregion.
Also provide a kind of android system to realize the device in secure data district in the embodiment of the present invention, comprising:
Memory module, in partition space reserved in Linux system subregion, arranges at least one secure data subregion for storage security data;
Administration module, for arranging the program to the read and write access of secure data subregion in Linux system kernel, and the authority of read-write;
Read and write access module, for arranging the access interface of secure data subregion, the rule of setting access security data partition.
Further, described device comprises:
Adjusting module, for adjusting the size of original each subregion in Linux system subregion, reserved partition space.
Further, described read and write access module comprises:
Operating unit, for receiving read-write operation information by application program;
Computing unit, for passing through background service program according to described read-write operation information, calculates the space address of required access;
Call unit, for conducting interviews to secure data subregion by system file interface;
Read-write cell, reads and writes secure data subregion for the respective drive program calling read-write storage medium.
In the embodiment of the present invention, android system realizes the method and apparatus in secure data district, secure data subregion is arranged in the reserved partition space of Linux system subregion, because new subregion does not have designated parameter in system upgrade order, so user is when use upgrading tool, the data stored in secure data subregion can not be automatically erased and revise, and only have and use the rule of setting and parameter just can carry out read and write access to the data in secure data subregion; The method and apparatus in secure data district is realized by the android system of the embodiment of the present invention, in android system, arrange that secure data brush machine can retain, the sightless secure data subregion of user, be conducive to the safety applications of android system in the fields such as finance, security protection.
Accompanying drawing explanation
Fig. 1 is the process flow diagram that in the embodiment of the present invention, android system realizes the method in secure data district;
Fig. 2 is the structured flowchart that in the embodiment of the present invention, android system realizes the device in secure data district;
Fig. 3 is the structured flowchart that in the embodiment of the present invention, android system realizes the read and write access module of the device in secure data district.
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
With reference to Fig. 1, the embodiment of the present invention proposes a kind of method that android system realizes secure data district, comprises step:
In S1, partition space reserved in Linux system subregion, at least one secure data subregion for storage security data is set, a secure data subregion can be set according to requirements, or two secure data subregions, more secure data subregion also can be set; Because the secure data subregion added is arranged in the subregion of Linux system, outside Android file system, so secure data subregion does not have designated parameter in the upgrade command of Android file system, so user is when using upgrading tool upgrading, can not automatically by the Refresh Data in secure data subregion.In the present embodiment, in order to better arrange secure data subregion, in described partition space reserved in Linux system subregion, before at least one step S1 for the secure data subregion of storage security data is set, comprise: the size of original each subregion in adjustment Linux system subregion, reserved partition space, makes the size of secure data subregion obtain suitable space, and the operation that simultaneously can not affect other original subregion internal processes uses.
S2, the program to the read and write access of secure data subregion in Linux system kernel is set, access control secure data subregion, and the authority of read-write is set, control so that carry out management to the storage space in secure data subregion;
S3, arrange the access interface of secure data subregion, the rule of setting access security data partition, Android file system can according to the rule of setting, and conduct interviews secure data subregion, realizes carrying out read and write access to the data in secure data subregion.That is, by the demand of user, by the rule of setting, the data in secure data subregion can be modified.In this step S3, the rule of access security data partition comprises setup parameter, namely the byte setting specified quantity in secure data subregion is a data block, when needing a certain region in access security data partition, with data block number and secure data partition address for access foundation, read-write operation is carried out to a data block at every turn, need the size being multiplied by data block by target data block address, then add the start address of secure data subregion.Such as, the space size of secure data subregion is 512MB, be divided into 1024 data blocks, the size of a data block is 512Byte, when needing the data of the 513rd data block (i.e. 256M position) of searching in secure data subregion, then need data block number 513 to be multiplied by 512Byte, then add the start address of secure data subregion, finally obtain the data at the 513rd data block (i.e. 256M) place, to its access read-write operation.
In the present embodiment, the described access interface arranging secure data subregion, sets in the rule of access security data partition and the step S3 of parameter, and the rule step of setting access security data partition, comprising: receive read-write operation information by application program; By background service program according to read-write operation information, calculate the space address of required access; Conducted interviews to secure data subregion by system file interface, wherein system file interface refers to one group of specific file, by operating the access of this file realization to secure data district; The respective drive program calling read-write storage medium is read and write secure data subregion.The read-write of the data in secure data subregion can be completed fast by the rule setting access security data partition.
In one embodiment, the equipment of the android system in banking system, in partition space reserved in its Linux system subregion, a secure data subregion for storage security data is set, the raw data that user cannot change or see is contained at secure data partitioned storage, and the authority be provided with its read and write access, when user carries out system upgrade to the equipment of this android system, the parameter that the partition name of secure data subregion and corresponding upgrade command are specified is not had in upgrading tool, so described raw data can not be refreshed or change, when the equipment use of android system, or by the access interface arranged, the raw data in secure data subregion can be called etc., all need to re-write a raw data without the need to each system upgrade, use safety, and save the time re-writing raw data.When needs are modified to raw data, by the rule of setting and parameter, by calling as sys file, read-write amendment can be carried out by system file interface to secure data subregion.
The android system of the embodiment of the present invention realizes the method in secure data district, secure data subregion is arranged in the reserved partition space of Linux system subregion, because new subregion does not have designated parameter in system upgrade order, so user is when use upgrading tool, the data stored in secure data subregion can not be automatically erased and revise, and only have and use corresponding rule and parameter just can carry out read and write access to the data in secure data subregion; The method realizing secure data district by the android system of the embodiment of the present invention arranges in android system that secure data brush machine can retain, the sightless secure data subregion of user, is conducive to the safety applications of android system in the fields such as finance, security protection.
With reference to Fig. 2 and Fig. 3, also provide a kind of android system to realize the device in secure data district in the embodiment of the present invention, comprising:
Memory module 10, for in partition space reserved in Linux system subregion, at least one secure data subregion for storage security data is set, a secure data subregion can be set according to requirements, or two secure data subregions, also can arrange more secure data subregion; Because the secure data subregion added is arranged in the subregion of Linux system, outside Android file system, so secure data subregion does not have designated parameter in the upgrade command of Android file system, so user is when using upgrading tool upgrading, can not automatically by the Refresh Data in secure data subregion.In the present embodiment, the device that android system realizes secure data district also comprises adjusting module 40, adjusting module 40 is for adjusting the size of original each subregion in Linux system subregion, reserved partition space, make the size of secure data subregion obtain suitable space, the operation that simultaneously can not affect other original subregion internal processes uses.
Administration module 20, for arranging the program to the read and write access of secure data subregion in Linux system kernel, access control secure data subregion, and the authority of read-write, control so that carry out management to the storage space in secure data subregion;
Read and write access module 30, for arranging the access interface of secure data subregion, the rule of setting access security data partition, Android file system can to conduct interviews secure data subregion according to the rule of setting, realizes carrying out read and write access to the data in secure data subregion.That is, by the demand of user, by the method for setting, the data in secure data subregion can be modified.In the present embodiment, the rule of access security data partition comprises setup parameter, namely the byte setting specified quantity in secure data subregion is a data block, when needing a certain region in access security data partition, with data block number and secure data partition address for access foundation, read-write operation is carried out to a data block at every turn, need the size being multiplied by data block by target data block address, then add the start address of secure data subregion.Such as, the space size of secure data subregion is 512MB, be divided into 1024 data blocks, the size of a data block is 512Byte, when needing the data of the 513rd data block (i.e. 256M position) of searching in secure data subregion, then need data block number 513 to be multiplied by 512Byte, then add the start address of secure data subregion, finally obtain the data at the 513rd data block (i.e. 256M) place, to its access read-write operation.
In the present embodiment, above-mentioned read and write access module 30 comprises: operating unit 31, for receiving read-write operation information by application program; Computing unit 32, for passing through background service program according to described read-write operation information, calculates the space address of required access; Call unit 33, is conducted interviews to secure data subregion by system file interface, and wherein system file interface refers to one group of specific file, by operating the access of this file realization to secure data district; Read-write cell 34, reads and writes secure data subregion for the respective drive program calling read-write storage medium.By the cooperation of operating unit 31, computing unit 32, call unit 33 and read-write cell 34, can complete the storage of secure data partitioned storage, deletion or Update Table etc.
In one embodiment, the equipment of the android system in banking system, at least one secure data subregion for storage security data is set in the partition space that memory module 10 is reserved in Linux system subregion, the raw data that user cannot change or see is contained at secure data partitioned storage, by administration module 20, the authority to its read and write access is set, when user carries out system upgrade to the equipment of this android system, the parameter that the partition name of secure data subregion and corresponding upgrade command are specified is not had in upgrading tool, so described raw data can not be refreshed or change, when the equipment use of android system, or the access interface that can be arranged by read and write access module 30 is called etc. the raw data in secure data subregion, all need to re-write a raw data without the need to each system upgrade, use safety, and save the time re-writing raw data.When needs are modified to raw data, by the rule of setting and parameter, by calling as sys file, read-write amendment can be carried out by system file interface to secure data subregion.
The android system of the embodiment of the present invention realizes the device in secure data district, secure data subregion is arranged in the reserved partition space of Linux system subregion, because new subregion does not have designated parameter in system upgrade order, so user is when use upgrading tool, the data stored in secure data subregion can not be automatically erased and revise, and only have and use corresponding rule and parameter just can carry out read and write access to the data in secure data subregion; The device realizing secure data district by the android system of the embodiment of the present invention arranges in android system that secure data brush machine can retain, the sightless secure data subregion of user, is conducive to the safety applications of android system in the fields such as finance, security protection.
The foregoing is only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize instructions of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (6)
1. android system realizes the method in secure data district, it is characterized in that, comprising:
In partition space reserved in Linux system subregion, at least one secure data subregion for storage security data is set;
Program to the read and write access of secure data subregion in Linux system kernel is set, and the authority of read-write;
The access interface of secure data subregion is set, the rule of setting access security data partition.
2. android system according to claim 1 realizes the method in secure data district, it is characterized in that, in described partition space reserved in Linux system subregion, before at least one step for the secure data subregion of storage security data is set, comprising:
The size of original each subregion in adjustment Linux system subregion, reserved partition space.
3. android system according to claim 1 realizes the method in secure data district, it is characterized in that, the rule step of described setting access security data partition comprises:
Read-write operation information is received by application program;
By background service program according to read-write operation information, calculate the space address of required access;
By system file interface, secure data subregion is conducted interviews;
The respective drive program calling read-write storage medium is read and write secure data subregion.
4. android system realizes the device in secure data district, it is characterized in that, comprising:
Memory module, in partition space reserved in Linux system subregion, arranges at least one secure data subregion for storage security data;
Administration module, for arranging the program to the read and write access of secure data subregion in Linux system kernel, and the authority of read-write;
Read and write access module, for arranging the access interface of secure data subregion, the rule of setting access security data partition.
5. android system according to claim 4 realizes the device in secure data district, it is characterized in that, described device also comprises:
Adjusting module, for adjusting the size of original each subregion in Linux system subregion, reserved partition space.
6. android system according to claim 4 realizes the device in secure data district, it is characterized in that, described read and write access module comprises:
Operating unit, for inputting read-write operation information by application program;
Computing unit, for passing through background service program according to described read-write operation information, calculates the space address of required access;
Call unit, for conducting interviews to secure data subregion by system file interface;
Read-write cell, reads and writes secure data subregion for the respective drive program calling read-write storage medium.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410442668.1A CN104239096A (en) | 2014-09-02 | 2014-09-02 | Method and unit for realizing security data partitions in Android system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410442668.1A CN104239096A (en) | 2014-09-02 | 2014-09-02 | Method and unit for realizing security data partitions in Android system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104239096A true CN104239096A (en) | 2014-12-24 |
Family
ID=52227231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410442668.1A Pending CN104239096A (en) | 2014-09-02 | 2014-09-02 | Method and unit for realizing security data partitions in Android system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104239096A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683586A (en) * | 2015-03-09 | 2015-06-03 | 深圳酷派技术有限公司 | Method and terminal for information display |
| CN105678183A (en) * | 2015-12-30 | 2016-06-15 | 青岛海信移动通信技术股份有限公司 | User data management method and device for intelligent terminal |
| CN105809055A (en) * | 2016-02-26 | 2016-07-27 | 深圳天珑无线科技有限公司 | Access control method and device, and related equipment |
| WO2016187806A1 (en) * | 2015-05-26 | 2016-12-01 | 华为技术有限公司 | Method, device and terminal for preventing android device from being rooted |
| CN107220008A (en) * | 2017-06-27 | 2017-09-29 | 北京小米移动软件有限公司 | Memory space method for obligating and device |
| CN107291394A (en) * | 2017-06-27 | 2017-10-24 | 北京小米移动软件有限公司 | Memory space method for obligating and device |
| CN107633178A (en) * | 2017-09-29 | 2018-01-26 | 厦门天锐科技股份有限公司 | A kind of file protecting system and method based on Android device |
| CN112783117A (en) * | 2020-12-29 | 2021-05-11 | 浙江中控技术股份有限公司 | Method and device for data isolation between security and conventional control applications |
| CN114911650A (en) * | 2022-07-19 | 2022-08-16 | 浩鲸云计算科技股份有限公司 | Method and system for retrogradable security reinforcement based on RAMOS system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1707440A (en) * | 2004-12-21 | 2005-12-14 | 西安三茗科技有限责任公司 | Data backup recovery and authority control method for hard disk linux document system |
| WO2008092031A2 (en) * | 2007-01-24 | 2008-07-31 | Vir2Us, Inc. | Computer system architecture having isolated file system management for secure and reliable data processing |
| CN102654849A (en) * | 2011-03-03 | 2012-09-05 | 赛酷特(北京)信息技术有限公司 | Method for hiding and reading by partitions |
-
2014
- 2014-09-02 CN CN201410442668.1A patent/CN104239096A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1707440A (en) * | 2004-12-21 | 2005-12-14 | 西安三茗科技有限责任公司 | Data backup recovery and authority control method for hard disk linux document system |
| WO2008092031A2 (en) * | 2007-01-24 | 2008-07-31 | Vir2Us, Inc. | Computer system architecture having isolated file system management for secure and reliable data processing |
| CN102654849A (en) * | 2011-03-03 | 2012-09-05 | 赛酷特(北京)信息技术有限公司 | Method for hiding and reading by partitions |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683586A (en) * | 2015-03-09 | 2015-06-03 | 深圳酷派技术有限公司 | Method and terminal for information display |
| WO2016187806A1 (en) * | 2015-05-26 | 2016-12-01 | 华为技术有限公司 | Method, device and terminal for preventing android device from being rooted |
| CN105678183B (en) * | 2015-12-30 | 2018-09-18 | 青岛海信移动通信技术股份有限公司 | A kind of user data management and device of intelligent terminal |
| CN105678183A (en) * | 2015-12-30 | 2016-06-15 | 青岛海信移动通信技术股份有限公司 | User data management method and device for intelligent terminal |
| CN105809055A (en) * | 2016-02-26 | 2016-07-27 | 深圳天珑无线科技有限公司 | Access control method and device, and related equipment |
| CN105809055B (en) * | 2016-02-26 | 2019-03-22 | 深圳天珑无线科技有限公司 | Access control method, device and relevant device |
| CN107220008B (en) * | 2017-06-27 | 2020-08-07 | 北京小米移动软件有限公司 | Storage space reservation method and device |
| CN107291394A (en) * | 2017-06-27 | 2017-10-24 | 北京小米移动软件有限公司 | Memory space method for obligating and device |
| CN107220008A (en) * | 2017-06-27 | 2017-09-29 | 北京小米移动软件有限公司 | Memory space method for obligating and device |
| CN107633178A (en) * | 2017-09-29 | 2018-01-26 | 厦门天锐科技股份有限公司 | A kind of file protecting system and method based on Android device |
| CN107633178B (en) * | 2017-09-29 | 2020-12-04 | 厦门天锐科技股份有限公司 | File protection system and method based on Android device |
| CN112783117A (en) * | 2020-12-29 | 2021-05-11 | 浙江中控技术股份有限公司 | Method and device for data isolation between security and conventional control applications |
| CN114911650A (en) * | 2022-07-19 | 2022-08-16 | 浩鲸云计算科技股份有限公司 | Method and system for retrogradable security reinforcement based on RAMOS system |
| CN114911650B (en) * | 2022-07-19 | 2022-10-18 | 浩鲸云计算科技股份有限公司 | Method and system for retrogradable security reinforcement based on RAMOS |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104239096A (en) | Method and unit for realizing security data partitions in Android system | |
| US9678666B2 (en) | Techniques to configure a solid state drive to operate in a storage mode or a memory mode | |
| CN101266829B (en) | Memory card, memory system including the same, and operating method thereof | |
| CN108231109B (en) | Method, device and system for refreshing Dynamic Random Access Memory (DRAM) | |
| US8700879B2 (en) | Concurrent memory operations | |
| CN105378642A (en) | System and method for high performance and low cost flash translation layer | |
| CN102662690A (en) | Method and apparatus for starting application program | |
| CN101473438A (en) | Hybrid memory device with single interface | |
| CN110297603A (en) | Random write performance method for improving, device and computer equipment based on solid state hard disk | |
| CN103218312A (en) | File access method and file access system | |
| CN110232035A (en) | The operating method of storage system and storage system | |
| CN103729300A (en) | Method and related device for managing non-volatile memories | |
| CN103677653A (en) | Data processing method and electronic device based on solid state disk (SSD) | |
| CN104346288A (en) | Method for managing a memory device, memory device and controller | |
| CN109445691B (en) | Method and device for improving FTL algorithm development and verification efficiency | |
| CN109101185A (en) | Solid storage device and its write order and read command processing method | |
| CN106575273A (en) | Systems and methods for expanding memory for system on chip | |
| CN101706788A (en) | Cross-area access method for embedded file system | |
| CN100377086C (en) | Method for realizing operating procedure directly from file system in embedded system | |
| CN105468400A (en) | Linux user mode based method and system for calling timer | |
| US20190042415A1 (en) | Storage model for a computer system having persistent system memory | |
| CN110096222A (en) | The operating method of storage system and storage system | |
| US20100115004A1 (en) | Backup system that stores boot data file of embedded system in different strorage sections and method thereof | |
| CN106155580A (en) | A kind of storage method and system based on embedded multi-media card eMMC | |
| CN109408226A (en) | Data processing method, device and terminal device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141224 |