CN104598787B - The file of a kind of artificial mandate and offer trusted operations environment stores and edit methods - Google Patents
The file of a kind of artificial mandate and offer trusted operations environment stores and edit methods Download PDFInfo
- Publication number
- CN104598787B CN104598787B CN201510035777.6A CN201510035777A CN104598787B CN 104598787 B CN104598787 B CN 104598787B CN 201510035777 A CN201510035777 A CN 201510035777A CN 104598787 B CN104598787 B CN 104598787B
- Authority
- CN
- China
- Prior art keywords
- file
- control module
- special software
- user
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of method of protection information safety; disclose a kind of artificial mandate and provide the file of trusted operations environment to store and edit methods; its based on a kind of inside contain control chip and the mobile storage equipment of storer, the special software managing this mobile storage equipment and for user interactions and run the hardware platform of this special software, include trusted operating system district in described storer and store the storage zone of object file. The file of a kind of artificial mandate provided by the invention and offer trusted operations environment stores and edit methods, effectively prevent wooden horse virus stealing the file in mobile storage equipment under unknown operating environment, but also allow user use specified file at current environment and guarantee that alternative document can not be run counter to user intention and be stolen, greatly it is user-friendly to, simultaneously, the checking of all access credentials all carries out in the control chip of independence and hardware platform, effectively improves the confidentiality of mobile storage equipment.
Description
[technical field]
The present invention relates to a kind of method of protection information safety, in particular to a kind of artificial mandate and the file storage and the edit methods that provide trusted operations environment.
[background technology]
No matter whether common mobile storage equipment, possess encryption function, or whether directly by storage block opening to computer operating system, and whether file access is carried out artificial license confirmation, they all only play the function of a document carrier. When file is when opening, always it is present in computer operating system in the way of expressly, then opens by corresponding software for editing. When the environment that software for editing runs and operating system and periphery software environment itself also exist give away secrets risk time, it suffices to say that what takes precautions against the secret and safe that all cannot ensure these files for another example. Such as during the file on strange calculating hands-operation storing device, user does not also know whether computer exists virus, does not know whether have the file that the 3rd people steals storing device yet.
Therefore, the technical problem that cannot ensure to solve the security of trusted operations environment in above-mentioned situation, applicant thinks to be needed to introduce a kind of novel method, and this kind of method needs conveniently to provide a kind of believable operating environment, for user, the file of mobile storage device interior is carried out editing application on the one hand; Then need on the other hand to carry out authorizing to the process entering this operating environment and carrying out browsing file and application to verify.
Also have one it is noted that situation be that the file that oneself is different is had different secret and safe requirement by user, the special need for confidentiality of some file, so above-mentioned believable operating environment can be entered edits, but some file does not need secrecy like this, directly can edit under current operating system and use, if above-mentioned believable operating environment also must be entered into could access editor, will be seemed inconvenience greatly, because above-mentioned believable operating environment is an environment parallel with current operation system, handoff procedure needs heavily opening of computer.
In prior art, generally all only emphasize file access authorization control or encipherment protection, and do not consider the safeguard protection demand of file when editing. Even if being concerned about environmental safety when file editor uses, one method is not provided yet, allow user that different files can be adopted different strategies, what safe rank was high enter security context edits, what rank was low can directly current operation environment editor, and in fact the disappearance of this kind of method causes a lot of inconvenience to user.
[summary of the invention]
It is an object of the invention to overcome above-mentioned the deficiencies in the prior art, thering is provided a kind of artificial mandate and provide the file of trusted operations environment to store and edit methods, it is intended to solve the technical problem that security is not high, editing environment switching is difficult to guarantee safely, can not be selected by different file different editing environments of file editing environment of the prior art.
For achieving the above object, the present invention proposes a kind of artificial mandate and provide the file of trusted operations environment to store and edit methods, the file of a kind of artificial mandate and offer trusted operations environment stores and edit methods, it is the mobile storage equipment containing control chip and storer based on a kind of inside, manage this mobile storage equipment special software and for user interactions and run the hardware platform of this special software, include trusted operating system district in described storer and store the storage zone of object file, it is provided with trusted operations environment in described trusted operating system district, the routine package run on described control chip is containing control module, described mobile storage equipment is also provided with for the input block with user interactions, described control module respectively with trusted operating system district, special software communicates with input block, its concrete steps are as follows:
A) original state: mobile storage equipment and hardware platform are communicated to connect, control chip powers on and runs control module, and control module enters protection state, and special software runs on a hardware platform, waits the operating command of user;
B) password authentication: user opens special software, special software ejects password authentication frame, waiting the input of user, the predetermined password information of the password that input block is transmitted by control module and inside is compared, if be consistent, then go to step E), if do not met, then by the information feed back of password mistake to special software, go to step C), if incongruent number of times reaches N time, then return back to step D);
C) verify unsuccessfully: special software ejects the password authentication frame with user interactions again, wait the input of user by input block, return back to step B);
D) access unsuccessfully: control module checks predetermined configuration information, if configuration information is format, then password information and checking information are all reset to defaults by control module, by information feed back too much for errors number to special software, and remove the inner all files in storage zone, special software is closed after ejecting the too much caution frame of errors number automatically, go to step N), if configuration information is not for format, then control module by information feed back too much for errors number to special software, special software ejects the too much caution frame of errors number, return back to step B),
E) operating environment is selected: special software ejects the selection frame selecting editing environment for user, if user selects the file in edit and storage district in special software, then special software ejects the insincere caution frame of environment again, go to step F), if user selects the file in edit and storage district in trusted operations environment, then go to step L);
F) sending operating command: according to the operation of user, special software sends the operating command to storage zone internal file, and operating command is transferred to control module, waits the feedback of control module;
G) access control: control module parse operation order, judges whether this order belongs to special command, if, then the control command that this order needs user to confirm is fed back to special software, go to step H), if not, then go to step K);
H) user confirms: special software ejects the confirmation frame with user interactions, wait user's input, after input block receives the input of user, arranged as confirmation, and transfer to control module, if do not receive the confirmation of input block in T1 time inner control module, then control module judges that this is operating as invalid operation, and by information feed back invalid for operation to special software, again F is gone to step), if have received the confirmation of input block in T1 time inner control module, then go to step I);
I) confirmation operation: after control module receives confirmation, checking information predetermined to itself and inside is checked, if be consistent, then go to step K), if do not met, then error message being fed back to special software, going to step J), if incongruent number of times reaches three times, then return back to step D);
J) confirm unsuccessfully: special software ejects the confirmation frame with user interactions again, wait the input of user, return back to step H);
K) manipulation: control module parse operation order, and access or the transmission of file is carried out according to operating command, return back to step F immediately);
L) status checking: whether control module inspection self is in protection state, if being in trust state, then go to step N), if being in protection state, then control module switches to trust state, enumerates trusted operating system district to hardware platform, special software control service platform upper once start time enter trusted operating system district, and under the communication connection keeping mobile storage equipment and hardware platform, hardware platform is restarted;
M) editing environment is started: control module enumerates trusted operating system district and storage zone to the hardware platform after restarting, operation according to user, hardware platform sends the operating command to storage zone internal file, and this operating command is transferred to control module, control module resolves this operating command, and carries out the editor of file according to operating command;
N) end operation: user's complete operation; exit trusted operating system district; control module control hardware platform upper once start time do not enter trusted operating system district; hardware platform is closed; disconnect trusted operating system district and the communication of hardware platform and the communication connection of mobile storage equipment and hardware platform successively; and switch to protection state, return back to steps A).
As preferably, the program run on described control chip also comprises file system module, described control module is by calling file system module accesses storage zone, in step K) in, control module parse operation order, and call file system module according to operating command, carry out access or the transmission of file.
As preferably, the described T1 time is 5s��10s, in step B) in, the number of times of N is no less than three times.
As preferably, in step K) in, if what special software sent is catalogue visit order, then control module is according to the file information of inside, storage zone, the catalogue information needed for extraction, and by catalogue information feed back to special software, checks for user.
As preferably, in step K) in, if what special software sent is delete command, then control module according to delete command for file or catalogue, by catalogue information corresponding to the file deletion of inside, storage zone or change, then by the information feed back deleted to special software.
As preferably, in step K) in, if what special software sent is heavy named order, then control module according to heavy named order for file or catalogue, the file title of change inside, storage zone or catalogue information corresponding to change, then by the information feed back changed to special software.
As preferably, in step K) in, if what special software sent is transmission command, then control module is according to the file information of inside, storage zone, extract transmission command for file or catalogue, file or packed catalogue information are transferred to special software, transmit it to hardware platform by special software, control module after completing to transmit by the information feed back that is transmitted to special software.
As preferably, in step K) in, if special software send be import order, then control module according to import order in file or catalogue information, file information is write storage zone or change corresponding catalogue information, then by the information feed back that imported to special software.
As preferably, described mobile storage equipment is communicated to connect by usb protocol and hardware platform.
As preferably, described input block comprises Fingerprint Identification Unit, described Fingerprint Identification Unit with control chip be connected and with control module communication, in step B) and step H) in, password or the confirmation of user's input are finger print information, in step B) and step I) in, the inner predetermined password information of control module and checking information are corresponding finger print informations.
The useful effect of the present invention: compared with prior art, the file of a kind of artificial mandate provided by the invention and offer trusted operations environment stores and edit methods, step is reasonable, the secure and trusted operating environment adopting mobile storage equipment built-in is as the interface of the file in user's access and editor's mobile storage equipment, effectively prevent wooden horse virus stealing the file in mobile storage equipment under unknown operating environment, but also allow user use specified file at current environment and guarantee that alternative document can not be run counter to user intention and be stolen, greatly it is user-friendly to, simultaneously, the checking of all access credentials all carries out in the control chip of independence and hardware platform, avoid the virus control hardware platforms such as wooden horse automatically to operate, effectively improve the confidentiality of mobile storage equipment.
The feature of the present invention and advantage will be described in detail by reference to the accompanying drawings by embodiment.
[accompanying drawing explanation]
Fig. 1 is the schematic flow sheet of the embodiment of the present invention.
[embodiment]
For making the object, technical solutions and advantages of the present invention clearly understand, below by accompanying drawing and embodiment, the present invention being further elaborated. It should be understood that specific embodiment described herein is only in order to explain the present invention, it is not limited to the scope of the present invention. In addition, in the following description, the description to known features and technology is eliminated, to avoid the concept unnecessarily obscuring the present invention.
Consult Fig. 1, the embodiment of the present invention provides a kind of artificial mandate and provides the file of trusted operations environment to store and edit methods, the file of a kind of artificial mandate and offer trusted operations environment stores and edit methods, it is the mobile storage equipment containing control chip and storer based on a kind of inside, manage this mobile storage equipment special software and for user interactions and run the hardware platform of this special software, include trusted operating system district in storer and store the storage zone of object file, trusted operations environment it is provided with in trusted operating system district, the routine package run on control chip is containing control module, mobile storage equipment is also provided with for the input block with user interactions, control module respectively with trusted operating system district, special software communicates with input block.
In embodiments of the present invention, trusted operating system district is in order to provide safe trusted operations environment, and it can be resolved the data block of inside, storage zone and data block is shown to user in the form of a file, so that user edits. And trusted operations environment is an operating environment with the operating system mutual exclusion on hardware platform, thus not only make trusted operating system district depart from the operating system of hardware platform, ensure that the safety of the inner data in storage zone, but also different file system all can be run on identical hardware platform, facilitate the editor of user.
Wherein, for the file that security requirements is not high, file can also be edited by user by running special software on a hardware platform, although its security is not high, but without the need to heavily opening hardware platform, it is applicable to and situation it is pressed for time, thus realizes different files and there is different operating environments, greatly user-friendly.
Concrete secure file storage and the step of edit methods are as follows:
A) original state: mobile storage equipment and hardware platform are communicated to connect, control chip powers on and runs control module, and control module enters protection state, and special software runs on a hardware platform, waits the operating command of user.
In embodiments of the present invention; protection state is the original state of each parts in mobile storage equipment; under protection state; hardware platform and control module communication; control module receives the operating command of special software; trusted operating system district does not all intercom with hardware platform mutually with storage zone, and namely the inner data in storage zone are in protected state.
Wherein, special software can be mounted on hardware platform, it is also possible to is installed on mobile storage equipment and runs on a hardware platform.
B) password authentication: user opens special software, special software ejects password authentication frame, waiting the input of user, the predetermined password information of the password that input block is transmitted by control module and inside is compared, if be consistent, then go to step E), if do not met, then by the information feed back of password mistake to special software, go to step C), if incongruent number of times reaches N time, then return back to step D).
In embodiments of the present invention, user needs to run special software by password authentication, i.e. step B) limit as the first step of file access authorization mechanism, it is for preventing disabled user directly by special software access storage areas. Simultaneously, incongruent for password number of times can be write down by control module, and when mobile storage equipment and hardware platform disconnect, this number of times still can retain, avoid disabled user can not meet number of times by the connection disconnected between mobile storage equipment and hardware platform to remove, thus the step preventing disabled user from getting around format constantly attempts password.
Wherein, the number of times of N is no less than 3 times, in an embodiment of the present invention, and N value 6 times.
C) verify unsuccessfully: special software ejects the password authentication frame with user interactions again, wait the input of user by input block, return back to step B).
D) access unsuccessfully: control module checks predetermined configuration information, if configuration information is format, then password information and checking information are all reset to defaults by control module, by information feed back too much for errors number to special software, and remove the inner all files in storage zone, special software is closed after ejecting the too much caution frame of errors number automatically, go to step N), if configuration information is not for format, then control module by information feed back too much for errors number to special software, special software ejects the too much caution frame of errors number, return back to step B).
Step B) access the first re-authorization operation as whole file, it can not only prevent disabled user to the access of storage zone, but also warning pattern can be entered when disabled user steals by force, namely in step D) in eject the warning of user, if configuration information is format, then whole storage zone will be formatd by control module, thus avoids more data to be stolen, by user's damage control in suitable scope. Certainly, this just can operate in the critical moment, and for common situation, such as user forgets password, and user can make control information be feedback information by change configuration information, and can not format all data.
In embodiments of the present invention, the information that configures can by the producer in the setting of control chip manufacturing starting stage, it is also possible to adjust at any time in use by user. Wherein, configuration information can also be modified by user by special software.
E) operating environment is selected: special software ejects the selection frame selecting editing environment for user, if user selects the file in edit and storage district in special software, then special software ejects the insincere caution frame of environment again, go to step F), if user selects the file in edit and storage district in trusted operations environment, then go to step L).
F) sending operating command: according to the operation of user, special software sends the operating command to storage zone internal file, and operating command is transferred to control module, waits the feedback of control module.
G) access control: control module parse operation order, judges whether this order belongs to special command, if, then the control command that this order needs user to confirm is fed back to special software, go to step H), if not, then go to step K).
For the operation of user, embodiments of the invention adopt stepped control, for the operating command that some are special, such as, delete the inner data in storage zone or outwards transmit inner data etc., and special software can remind this operating command of user to need to carry out user's confirmation; And the operating command that can not affect the inner data in storage zone for other, control module can directly carry out the process of operating command, thus really realize different operating and all have the mandate of different stage to limit, and greatly improves the security performance of mobile storage equipment.
H) user confirms: special software ejects the confirmation frame with user interactions, wait user's input, after input block receives the input of user, arranged as confirmation, and transfer to control module, if do not receive the confirmation of input block in T1 time inner control module, then control module judges that this is operating as invalid operation, and by information feed back invalid for operation to special software, again F is gone to step), if have received the confirmation of input block in T1 time inner control module, then go to step I).
In embodiments of the present invention, confirmation is that user is inputted by input block, it is directly transferred into the verification that control module carries out confirmation, namely control module independently carries out the verification of confirmation, special file transfer software and hardware platform only can receive the operation result of this operating command, the authorization control of file access independently operates so that can depart from hardware platform, improve the checking information privacy of user, stop the 3rd people or virus control hardware platform just can skip the situation of the direct access storage areas of user.
Wherein, in order to leave the time that user checks and inputs for, the T1 time is set to 5s��10s, and the embodiment of the present invention adopts 5s.
I) confirmation operation: after control module receives confirmation, checking information predetermined to itself and inside is checked, if be consistent, then go to step K), if do not met, then error message being fed back to special software, going to step J), if incongruent number of times reaches three times, then return back to step D).
In embodiments of the present invention, no matter it is that control module all can enter the pattern of format, and namely each access authorization restriction has urgent scheme, it is to increase the security performance of mobile storage equipment because password authentication failure or confirmation operation demonstration failure.
J) confirm unsuccessfully: special software ejects the confirmation frame with user interactions again, wait the input of user, return back to step H).
K) manipulation: control module parse operation order, and access or the transmission of file is carried out according to operating command, return back to step F immediately).
L) status checking: whether control module inspection self is in protection state; if being in trust state; then go to step N); if being in protection state; then control module switches to trust state, enumerates trusted operating system district to hardware platform, special software control service platform upper once start time enter trusted operating system district; and under the communication connection keeping mobile storage equipment and hardware platform, hardware platform is restarted.
In embodiments of the present invention, trust the using state that state is each parts in mobile storage equipment, trusting under state, the trusted operations environment in trusted operating system district is intercomed mutually by control module and hardware platform, and the inner data in storage zone now are in the editing environment that can trust. The operating command that user produces in trusted operations environment can be transferred to control module by hardware platform, carries out the reading of data block by control module.
Owing to as long as the storer of insincere operating system with mobile storage equipment is connected, virus is just likely infected in storage zone, therefore, the embodiment of the present invention requires that user first checks state before entering trusted operations environment, in case the virus infection storage zone in the origin operation system of control module hardware platform after opening can trust operating system district.
M) editing environment is started: control module enumerates trusted operating system district and storage zone to the hardware platform after restarting, operation according to user, hardware platform sends the operating command to storage zone internal file, and this operating command is transferred to control module, control module resolves this operating command, and carries out the editor of file according to operating command.
In embodiments of the present invention, the operation of user each time all needs the parsing through control module, namely the access of hardware platform is not only controlled by control module, but also the access running trusted operations on a hardware platform is also controlled separately, make the access rights of hardware platform can control in the corresponding scope of operating command, thus further limit hardware platform to the access rights of inside, storage zone data, it is to increase the confidentiality of storage zone.
N) end operation: user's complete operation; exit trusted operating system district; control module control hardware platform upper once start time do not enter trusted operating system district; hardware platform is closed; disconnect trusted operating system district and the communication of hardware platform and the communication connection of mobile storage equipment and hardware platform successively; and switch to protection state, return back to steps A).
In order to make special software also can provide safety performance good operating environment, the program run on control chip also comprises file system module, control module is by calling file system module accesses storage zone, in step K) in, control module parse operation order, and call file system module according to operating command, carry out access or the transmission of file.
In this kind of structure, the file system module that the inner all data in storage zone all have mobile storage equipment to carry is resolved, hardware platform can not only be isolated to the direct access of inside, storage zone data block, but also different file can be made to run all on the same hardware platform.
Specifically, in step K) in, if what special software sent is catalogue visit order, then control module is according to the file information of inside, storage zone, the catalogue information needed for extraction, and by catalogue information feed back to special software, checks for user.
Specifically, in step K) in, if what special software sent is delete command, then control module according to delete command for file or catalogue, by catalogue information corresponding to the file deletion of inside, storage zone or change, then by the information feed back deleted to special software.
Specifically, in step K) in, if what special software sent is heavy named order, then control module according to heavy named order for file or catalogue, the file title of change inside, storage zone or catalogue information corresponding to change, then by the information feed back changed to special software.
Specifically, in step K) in, if what special software sent is transmission command, then control module is according to the file information of inside, storage zone, extract transmission command for file or catalogue, file or packed catalogue information are transferred to special software, transmit it to hardware platform by special software, control module after completing to transmit by the information feed back that is transmitted to special software.
Specifically, in step K) in, if special software send be import order, then control module according to import order in file or catalogue information, file information is write storage zone or change corresponding catalogue information, then by the information feed back that imported to special software.
In embodiments of the present invention, mobile storage equipment is communicated to connect by usb protocol and hardware platform, and, input block is also by usb protocol and control module communication, input block now both can be connected with control chip by the USB interface on mobile storage equipment, it is also possible to is fixed on mobile storage equipment.
Wherein, the implementation method of the safe editing environment of file both can be used for the file transfer between the mobile storage equipment by usb protocol and hardware platform; also can be used between fixture and fixture the file transfer undertaken by hardware platform; also can be used for the file transfer of Unified Device inside; as long as equipment includes independent editing environment, just belong in protection scope of the present invention.
The foregoing is only the better embodiment of the present invention, not in order to limit the present invention, all any amendment, equivalent replacement or improvement etc. done within the spirit and principles in the present invention, all should be included within protection scope of the present invention.
Claims (10)
1. manually authorize and provide the file of trusted operations environment to store and edit methods for one kind, it is characterized in that: the file of a kind of artificial mandate and offer trusted operations environment stores and edit methods, it is the mobile storage equipment containing control chip and storer based on a kind of inside, manage this mobile storage equipment special software and for user interactions and run the hardware platform of this special software, include trusted operating system district in described storer and store the storage zone of object file, it is provided with trusted operations environment in described trusted operating system district, the routine package run on described control chip is containing control module, described mobile storage equipment is also provided with for the input block with user interactions, described control module respectively with trusted operating system district, special software communicates with input block, its concrete steps are as follows:
A) original state: mobile storage equipment and hardware platform are communicated to connect, control chip powers on and runs control module, and control module enters protection state, and special software runs on a hardware platform, waits the operating command of user;
B) password authentication: user opens special software, special software ejects password authentication frame, waiting the input of user, the predetermined password information of the password that input block is transmitted by control module and inside is compared, if be consistent, then go to step E), if do not met, then by the information feed back of password mistake to special software, go to step C), if incongruent number of times reaches N time, then return back to step D);
C) verify unsuccessfully: special software ejects the password authentication frame with user interactions again, wait the input of user by input block, return back to step B);
D) access unsuccessfully: control module checks predetermined configuration information, if configuration information is format, then password information and checking information are all reset to defaults by control module, by information feed back too much for errors number to special software, and remove the inner all files in storage zone, special software is closed after ejecting the too much caution frame of errors number automatically, go to step N), if configuration information is not for format, then control module by information feed back too much for errors number to special software, special software ejects the too much caution frame of errors number, return back to step B),
E) operating environment is selected: special software ejects the selection frame selecting editing environment for user, if user selects the file in edit and storage district in special software, then special software ejects the insincere caution frame of environment again, go to step F), if user selects the file in edit and storage district in trusted operations environment, then go to step L);
F) sending operating command: according to the operation of user, special software sends the operating command to storage zone internal file, and operating command is transferred to control module, waits the feedback of control module;
G) access control: control module parse operation order, judges whether this order belongs to special command, if, then the control command that this order needs user to confirm is fed back to special software, go to step H), if not, then go to step K);
H) user confirms: special software ejects the confirmation frame with user interactions, wait user's input, after input block receives the input of user, arranged as confirmation, and transfer to control module, if do not receive the confirmation of input block in T1 time inner control module, then control module judges that this is operating as invalid operation, and by information feed back invalid for operation to special software, again F is gone to step), if have received the confirmation of input block in T1 time inner control module, then go to step I);
I) confirmation operation: after control module receives confirmation, checking information predetermined to itself and inside is checked, if be consistent, then go to step K), if do not met, then error message being fed back to special software, going to step J), if incongruent number of times reaches three times, then return back to step D);
J) confirm unsuccessfully: special software ejects the confirmation frame with user interactions again, wait the input of user, return back to step H);
K) manipulation: control module parse operation order, and access or the transmission of file is carried out according to operating command, return back to step F immediately);
L) status checking: whether control module inspection self is in protection state, if being in trust state, then go to step N), if being in protection state, then control module switches to trust state, enumerates trusted operating system district to hardware platform, special software control service platform upper once start time enter trusted operating system district, and under the communication connection keeping mobile storage equipment and hardware platform, hardware platform is restarted;
M) editing environment is started: control module enumerates trusted operating system district and storage zone to the hardware platform after restarting, operation according to user, hardware platform sends the operating command to storage zone internal file, and this operating command is transferred to control module, control module resolves this operating command, and carries out the editor of file according to operating command;
N) end operation: user's complete operation; exit trusted operating system district; control module control hardware platform upper once start time do not enter trusted operating system district; hardware platform is closed; disconnect trusted operating system district and the communication of hardware platform and the communication connection of mobile storage equipment and hardware platform successively; and switch to protection state, return back to steps A).
2. the file of a kind of artificial mandate as claimed in claim 1 and offer trusted operations environment stores and edit methods, it is characterized in that: the program run on described control chip also comprises file system module, described control module is by calling file system module accesses storage zone, in step K) in, control module parse operation order, and call file system module according to operating command, carry out access or the transmission of file.
3. the file of a kind of artificial mandate as claimed in claim 1 and offer trusted operations environment stores and edit methods, it is characterised in that: the described T1 time is 5s��10s, in step B) in, the number of times of N is no less than three times.
4. the file of a kind of artificial mandate as claimed any one in claims 1 to 3 and offer trusted operations environment stores and edit methods, it is characterized in that: in step K) in, if what special software sent is catalogue visit order, then control module is according to the file information of inside, storage zone, catalogue information needed for extraction, and by catalogue information feed back to special software, check for user.
5. the file of a kind of artificial mandate as claimed any one in claims 1 to 3 and offer trusted operations environment stores and edit methods, it is characterized in that: in step K) in, if what special software sent is delete command, then control module according to delete command for file or catalogue, by catalogue information corresponding to the file deletion of inside, storage zone or change, then by the information feed back deleted to special software.
6. the file of a kind of artificial mandate as claimed any one in claims 1 to 3 and offer trusted operations environment stores and edit methods, it is characterized in that: in step K) in, if what special software sent is heavy named order, then control module according to heavy named order for file or catalogue, the file title of change inside, storage zone or catalogue information corresponding to change, then by the information feed back changed to special software.
7. the file of a kind of artificial mandate as claimed any one in claims 1 to 3 and offer trusted operations environment stores and edit methods, it is characterized in that: in step K) in, if what special software sent is transmission command, then control module is according to the file information of inside, storage zone, extract transmission command for file or catalogue, file or packed catalogue information are transferred to special software, transmit it to hardware platform by special software, control module after completing to transmit by the information feed back that is transmitted to special software.
8. the file of a kind of artificial mandate as claimed any one in claims 1 to 3 and offer trusted operations environment stores and edit methods, it is characterized in that: in step K) in, if what special software sent is import order, then control module is according to the file imported in order or catalogue information, file information is write storage zone or change corresponding catalogue information, then by the information feed back that imported to special software.
9. the file of a kind of artificial mandate as claimed in claim 1 and offer trusted operations environment stores and edit methods, it is characterised in that: described mobile storage equipment is communicated to connect by usb protocol and hardware platform.
10. the file of a kind of artificial mandate as claimed in claim 9 and offer trusted operations environment stores and edit methods, it is characterized in that: described input block comprises Fingerprint Identification Unit, described Fingerprint Identification Unit with control chip be connected and with control module communication, in step B) and step H) in, password or the confirmation of user's input are finger print information, in step B) and step I) in, the inner predetermined password information of control module and checking information are corresponding finger print informations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510035777.6A CN104598787B (en) | 2015-01-23 | 2015-01-23 | The file of a kind of artificial mandate and offer trusted operations environment stores and edit methods |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510035777.6A CN104598787B (en) | 2015-01-23 | 2015-01-23 | The file of a kind of artificial mandate and offer trusted operations environment stores and edit methods |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104598787A CN104598787A (en) | 2015-05-06 |
| CN104598787B true CN104598787B (en) | 2016-06-01 |
Family
ID=53124565
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510035777.6A Active CN104598787B (en) | 2015-01-23 | 2015-01-23 | The file of a kind of artificial mandate and offer trusted operations environment stores and edit methods |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104598787B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106127073B (en) * | 2016-06-21 | 2023-05-05 | 浙江集研信息科技有限公司 | User operation information protection method |
| CN111209547B (en) * | 2018-11-22 | 2023-04-18 | 联想企业解决方案(新加坡)有限公司 | Computing device and data security access method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1786942A (en) * | 2005-12-02 | 2006-06-14 | 无锡永中科技有限公司 | Saving method for file editing environment and return method thereof |
| CN101364984A (en) * | 2008-08-13 | 2009-02-11 | 西安鼎蓝通信技术有限公司 | Method for guarantee safety of electronic file |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100458774C (en) * | 2004-11-29 | 2009-02-04 | 国际商业机器公司 | File editing device and file editing method |
-
2015
- 2015-01-23 CN CN201510035777.6A patent/CN104598787B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1786942A (en) * | 2005-12-02 | 2006-06-14 | 无锡永中科技有限公司 | Saving method for file editing environment and return method thereof |
| CN101364984A (en) * | 2008-08-13 | 2009-02-11 | 西安鼎蓝通信技术有限公司 | Method for guarantee safety of electronic file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104598787A (en) | 2015-05-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20160261601A1 (en) | Wireless router, fast access control method and authentication connection method of wireless routers | |
| CN105681328A (en) | Electronic device controlling method and device as well as electronic device | |
| CN105528306B (en) | A kind of data read-write method and dual system termi-nal of dual system termi-nal | |
| CN101593252B (en) | Method and system for controlling access of computer to USB equipment | |
| CN102521165A (en) | Security U disk and recognition method and device thereof | |
| CN102799831B (en) | Information safety protection system of application system based on database and information safety protection method | |
| CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
| KR20110083889A (en) | Apparatus and method for processing data according to remote control in data storage device | |
| CN101561855B (en) | Method and system for controlling computer to access USB device | |
| CN104581008A (en) | Information security protection system and method for video monitoring system | |
| CN104598787B (en) | The file of a kind of artificial mandate and offer trusted operations environment stores and edit methods | |
| CN104598838B (en) | A kind of random verification and provide trusted operating environment file store and edit methods | |
| US9374708B2 (en) | Method and system for encrypting terminal using subscriber identity module card | |
| CN102387494A (en) | Android-mobile-platform-based remote automatic information exchange and control solution | |
| CN104573559A (en) | File storage and access method capable of supporting password authentication and operation log | |
| CN103916271A (en) | Method and device for switching multiple ONU authentication modes in PON system | |
| CN103824014A (en) | Isolation certificating and monitoring method of USB (universal serial bus) port within local area network | |
| CN104615918B (en) | A kind ofly support offline authorization and solve the environment implementation method of secure composition demand | |
| CN104579831A (en) | Data transmission processing method and device | |
| CN104598837B (en) | A kind of environment implementation method solving file security editor demand | |
| CN203206256U (en) | A mobile storage device | |
| CN107943622A (en) | Spare O&M methods, devices and systems | |
| CN104573467B (en) | A kind of file storage and inquire method directly being accepted user's confirmation by card reader | |
| CN104573570B (en) | File storage and access method allowing card reader to generate random check codes | |
| CN104573558B (en) | A kind of file storage and inquire method directly being accepted user's confirmation by memory device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |