CN104751080A - USB (Universal Serial Bus) flash disk encryption-based data access method and system - Google Patents
USB (Universal Serial Bus) flash disk encryption-based data access method and system Download PDFInfo
- Publication number
- CN104751080A CN104751080A CN201510157987.2A CN201510157987A CN104751080A CN 104751080 A CN104751080 A CN 104751080A CN 201510157987 A CN201510157987 A CN 201510157987A CN 104751080 A CN104751080 A CN 104751080A
- Authority
- CN
- China
- Prior art keywords
- file
- data
- flash disk
- virtual volume
- usb flash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a USB (Universal Serial Bus) flash disk encryption-based data access method and a USB flash disk encryption-based data access system. The method comprises the following steps: step 1) a USB flash disk initializing step: generating a VVMF (Virtual Volume Mapping File) on an ordinary USB flash disk, and inputting a password to encrypt the VVMF; step 2), a data reading step, receiving the password input by a user, and comparing whether the password is the same as an encrypted password of the VVMF; invoking a group of system driving files pre-stored in the USB flash disk to generate volume equipment if the password is correct, loading a drive letter of the volume equipment in a system drive letter catalogue, and further carrying out the corresponding data reading and writing according to user operation.
Description
Technical field
The invention belongs to computer realm, relate to a kind of data access method based on USB flash disk encryption and system.
Background technology
USB flash disk, as electronic document storage instrument easily, is needing under the scene often using PC instead, become must be indispensable memory transactions instrument.But " portable " is favourable also has fraud, wherein maximum drawback is easy loss, loses the important documents caused and leaks too numerous to enumerate with the example of individual privacy leakage, this generates the demand of protection USB flash disk data due to USB flash disk.
In existing solution, " secret USB flash disk " is a kind of conventional USB flash disk data protection means.The working method of secret USB flash disk converts a kind of privately owned file system to by whole for U disk file system, in the system of installing specific software, this filesystem conversion is become common file system (NTFS, FAT32 etc.), and then carry out file read-write.Workflow is as follows:
Secret USB flash disk has stopped information-leakage to a great extent, because USB flash disk can only use in the environment of a credit, the terminal not having installation file format conversion to drive cannot be opened at all.But this results in new problem:
1. use inconvenience, if really there are needs to take outside use, need the environment installing credit in outside.
2. once use, USB flash disk has been encrypted all over, and has some files really not need encryption.
Summary of the invention
Technical matters to be solved by this invention is to provide a kind of data access method based on USB flash disk encryption, take into account the facility of common U disk and encrypted U disk, and no longer All Files is encrypted, the original subregion of USB flash disk exists, secret subregion (UIP) is only generated when being necessary, file can be left in original subregion or secret subregion by user selectively, can not affect the use of original subregion.
It is as follows that the present invention solves the problems of the technologies described above taked technical scheme:
Based on a data access method for USB flash disk encryption, comprising:
Step 1) USB flash disk initialization step, common USB flash disk generates a virtual volume mapped file VVMF, and inputs this virtual volume mapped file of a codon pair and be encrypted;
Step 2) whether reading and writing data step, receive the password of user's input, and it is identical with the Crypted password of described virtual volume mapped file to contrast this password;
Wherein, if this password is correct, then calls one group of system drive file generated volume equipment be pre-stored within USB flash disk, load the drive of described volume equipment in system drive catalogue, and carry out corresponding reading and writing data according to the operation of user further.
Further, step 1) in, when this virtual volume mapped file is encrypted, specifically comprise:
Obscure the data key of generation 1 byte according to the cipher random of input, and this data key is written in the volume head of described virtual volume mapped file.
Further, step 2) in, if this password is correct, then verify the correctness of the volume head of virtual volume mapped file further, wherein, if verify incorrect, then from virtual volume mapped file, read duplicate volume head, if still incorrect, then never call the system drive file generated disk identifier of hard disk on USB flash disk.
Further, the file handle of virtual volume mapped file and described data key are stored in internal memory, step 2) in, corresponding reading and writing data is carried out in operation according to user, specifically comprise: the data read operation instruction obtaining user, and convert thereof into the sector read operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is got according to described sector, and according to the file handle of described virtual volume mapped file, read the data file in corresponding document misregistration region, be decrypted according to the file of the data key recorded in internal memory to above sector, and return to user.
Further, the file handle of virtual volume mapped file and described data key are stored in internal memory, step 2) in, corresponding reading and writing data is carried out in operation according to user, comprise: the data write operation instruction obtaining user, and convert thereof into the sector write operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is converted to according to described sector, and according to the file handle of described virtual volume mapped file, data key according to recording in internal memory is encrypted data, and to the data after the document misregistration region write encryption of correspondence.
Based on a data access arrangement for USB flash disk encryption, comprising:
Initialization module, for generating a virtual volume mapped file VVMF on common USB flash disk; Secret generation module, is encrypted for inputting this virtual volume mapped file of a codon pair according to user;
Program interaction module, for receiving the password of user's input;
Cipher authentication module, for the password inputted according to described user, contrasts this password whether identical with the Crypted password of described virtual volume mapped file;
Virtual drive module, if correct for this password time, call one group be pre-stored within USB flash disk system drive file generated volume equipment;
Equipment load-on module, for loading the drive of described volume equipment in system drive catalogue; Read-write filtering module, carries out corresponding reading and writing data for the operation according to user.
Further, preferably, described secret generation module, when being encrypted this virtual volume mapped file, specifically comprises:
Obscure the data key of generation 1 byte according to the cipher random of input, and this data key is written in the volume head of described virtual volume mapped file.
Further, preferably, also comprise integrity detection module, correct for working as cipher authentication module authentication password, then verify the correctness of the volume head of virtual volume mapped file further, wherein, if verify incorrect, then from virtual volume mapped file, read duplicate volume head, if still incorrect, then never call the system drive file generated disk identifier of hard disk on USB flash disk.
Further, preferably, the file handle of virtual volume mapped file and described data key are stored in internal memory, described read-write filtering module, corresponding reading and writing data is carried out in operation according to user, specifically comprise: the data read operation instruction obtaining user, and convert thereof into the sector read operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is got according to described sector, and according to the file handle of described virtual volume mapped file, read the data file in corresponding document misregistration region, be decrypted according to the file of the data key recorded in internal memory to above sector, and return to user.
Further, preferably, the file handle of virtual volume mapped file and described data key are stored in internal memory, described read-write filtering module, corresponding reading and writing data is carried out in operation according to user, comprise: the data write operation instruction obtaining user, and convert thereof into the sector write operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is converted to according to described sector, and according to the file handle of described virtual volume mapped file, data key according to recording in internal memory is encrypted data, and to the data after the document misregistration region write encryption of correspondence.
After this invention takes such scheme, no longer need to install complicated environment for use in terminal, only use and to there is on USB flash disk independently program and driving accordingly; No longer be encrypted All Files, the original subregion of USB flash disk exists, and only generate secret subregion (UIP) when being necessary, file can be left in original subregion or secret subregion by user selectively, can not affect the use of original subregion.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from instructions, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in write instructions, claims and accompanying drawing and obtain.
Accompanying drawing explanation
Below in conjunction with accompanying drawing, the present invention is described in detail, to make above-mentioned advantage of the present invention definitely.Wherein,
Fig. 1 is the operating diagram of the USB flash disk encryption method of prior art;
Fig. 2 is the operating diagram of the data access method that the present invention is based on USB flash disk encryption;
Fig. 3 is the structural representation of the data access arrangement that the present invention is based on USB flash disk encryption.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, to the present invention, how application technology means solve technical matters whereby, and the implementation procedure reaching technique effect can fully understand and implement according to this.It should be noted that, only otherwise form conflict, each embodiment in the present invention and each feature in each embodiment can be combined with each other, and the technical scheme formed is all within protection scope of the present invention.
In addition, can perform in the computer system of such as one group of computer executable instructions in the step shown in the process flow diagram of accompanying drawing, and, although show logical order in flow charts, but in some cases, can be different from the step shown or described by order execution herein.
Wherein, the abbreviation of each English of instructions of the present invention:
VVMF:Virtual Volume Mapping File, virtual volume mapped file, is used for the File Mapping of a strong encryption to become the disk partition that virtual.
UIP:USB Internal Partition, USB internal zone dividing, the subregion that VVMF is mapped to, main frame occurs with independent drive form.Although it is independently subregion, because actual storage is also in USB storage, so cry internal zone dividing.
Embodiment one:
Specifically, this programme key point is to create VVMF, and when needs use UIP, VVMF is mapped to UIP, and as shown in Figure 2, wherein, the method comprises operating diagram:
Based on a data access method for USB flash disk encryption, comprising:
Step 1) USB flash disk initialization step, common USB flash disk generates a virtual volume mapped file VVMF, and inputs this virtual volume mapped file of a codon pair and be encrypted;
Step 2) whether reading and writing data step, receive the password of user's input, and it is identical with the Crypted password of described virtual volume mapped file to contrast this password;
Wherein, if this password is correct, then calls one group of system drive file generated volume equipment be pre-stored within USB flash disk, load the drive of described volume equipment in system drive catalogue, and carry out corresponding reading and writing data according to the operation of user further.
Further, step 1) in, when this virtual volume mapped file is encrypted, specifically comprise:
Obscure the data key of generation 1 byte according to the cipher random of input, and this data key is written in the volume head of described virtual volume mapped file.
Further, step 2) in, if this password is correct, then verify the correctness of the volume head of virtual volume mapped file further, wherein, if verify incorrect, then from virtual volume mapped file, read duplicate volume head, if still incorrect, then never call the system drive file generated disk identifier of hard disk on USB flash disk.
No longer be encrypted All Files, the original subregion of USB flash disk exists, and only generate secret subregion (UIP) when being necessary, file can be left in original subregion or secret subregion by user selectively, can not affect the use of original subregion.
Further, the file handle of virtual volume mapped file and described data key are stored in internal memory, step 2) in, corresponding reading and writing data is carried out in operation according to user, specifically comprise: the data read operation instruction obtaining user, and convert thereof into the sector read operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is got according to described sector, and according to the file handle of described virtual volume mapped file, read the data file in corresponding document misregistration region, be decrypted according to the file of the data key recorded in internal memory to above sector, and return to user.
Further, the file handle of virtual volume mapped file and described data key are stored in internal memory, step 2) in, corresponding reading and writing data is carried out in operation according to user, comprise: the data write operation instruction obtaining user, and convert thereof into the sector write operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is converted to according to described sector, and according to the file handle of described virtual volume mapped file, data key according to recording in internal memory is encrypted data, and to the data after the document misregistration region write encryption of correspondence.
Embodiment two:
Above method is described in detail in conjunction with the embodiments, wherein, in step 1) in, first need to generate a VVMF on common USB flash disk, it is different what VVMF in essence with one ordinary file do not have, and just simulates a new technology file system within this document;
Further, program can be preserved one and be run copy in original USB flash disk, runs copy and comprises a program (exe file) and one group of volume filtration drive (32 64 two sys files);
Step 2) run when needing to preserve security files the program left in raw partition, will generate UIP after input password, document is deposited in UIP by user again.
As step 1) as described in, UIP is a virtual volume, can't affect original volume, so now the drive that originally took of USB flash disk and UIP drive exist simultaneously, user can select by non-confidential document stored in former drive or by confidential document stored in UIP.When not needing access confidential document, this step need not be carried out, then user is equivalent to directly use common U disk, and imperceptible any difference at ordinary times.
Embodiment three:
In conjunction with concrete program design, above step is described in detail, wherein, step 1) in, USB flash disk initialization step, when common USB flash disk generates a virtual volume mapped file VVMF, can be the file that establishment one can be used for being mapped to UIP in essence by the generation of VVMF, this file takes the form of a common file, specifically, constructive process is as follows:
1. calculate each related data according to program input, in the whole VVMF file of establishment, front 128k is head, and rear 128K is head backup, and these two parts are reserved as program and use, so data field deducts 256k for user inputs.
Such as, follow procedure is input as 10M and calculates, and according to corresponding calculating, then the total size in data field is 10*1024*1024-256*1024=10223616 (bytes), and calculate with 512 byte sector, sector adds up to 10223616/512=19968.
Wherein, specified data skew is for 128k, then calculating data, to start sector be that data-bias is divided by sector-size 128*1024/512=256
2. in internal memory, generate volume head, whole volume head 512 byte, front 256 bytes are data of description, and rear 256 bytes are data keys, and generative process is as follows:
1) mix according to the password of input the data key that meat and fish dishes generates 256 bytes at random, data key is extremely important, and the encryption of whole data field True Data all uses this key;
2) magic is filled to 0x54525545, and this numeral is used for identifying, and can first check that this marks when generating UIP in the future, filling Juan Tou version number is 5 (current version numbers);
3) data key crc32 is calculated;
4) record volume size (10223616), encrypted area start address (128k), encrypted area size (being exactly volume size 10223616 for VVMF), sector-size (512) in volume head;
5) crc32 of 252 (256 bytes deduct the size of crc School Affairs itself) before volume head is calculated;
6) data key that step 1 generates is attached in rear 256 bytes of volume head
7) encrypted in internal memory by whole volume head, the key used during encryption is the password that user directly inputs;
Wherein, can see, if the password of user's setting is lost, volume head all cannot be deciphered, and the encryption of all data is the data keys using the password of user's input to generate, so can to think that whole VVMF is the password encryption using user's setting approx.
In one embodiment, the data structure of rolling up head uses C language structure to be described as:
3. in an embodiment, mainly based on the windows system of Microsoft, then, according to above design, when creating VVMF file, system call CreateFile creates VVMF file, and VVMF file size being adjusted to data field size and adds 128k, is 10354688;
4. the volume head 512bytes of encryption step 2 generated writes VVMF file;
5. before filling, the remainder (128*1024-512=130560) of 128k is 0;
6. file pointer is moved on to the start address of data field, the sector sum using previous calculations to obtain, by sector write 0;
7. duplicate volume head, moves on to size place, 128K+ data field by file pointer, be 10354688 in this example, then writes the head that the 2nd step generates, is partially filled 0 less than 128K.So far, the size of the size of whole VVMF file and user's input is completely the same, then closes the handle of VVMF file.
8. VVMF is mapped to UIP (, wherein, concrete details are shown in the explanation that the read-write of the generation of UIP and VVMF to UIP maps), now take an interim drive, last unappropriated drive can be used, Z often:, Z dish is now a disk without format;
9. directly format Z dish, UIP is formatted into NTFS form by the derivative function FormatEx calling fmifs.dll.Now can enter VVMF file (details are shown in that the generation of UIP and the read-write of VVMF to UIP map) by volume filtration drive write-back to the sector data change that the format of Z dish causes.
10. separate carry UIP, VVMF now creates successfully, can be used for being mapped directly to UIP later.
Wherein, the generation of UIP and the read-write of VVMF to UIP map and specifically comprise:
The generation of 1.UIP is initiatively initiated by user, so the first step is the password of recording user input.
2. in kernel, open VVMF file, read front 512 bytes, the encrypted volume head write when namely generating VVMF.
3. use the codon pair volume head of user's input to be decrypted, if decipher unsuccessfully, the password inputted when the password that user inputs being described and generating VVMF is inconsistent, then cannot generate UIP.
4. the correctness of verification volume head, by comprising verification magic, data key CRC, volume head CRC, if verify unsuccessfully, illustrates that volume head is destroyed, now attempts from the duplicate volume head last 128K
Recover volume head, if duplicate volume head still verifies failure, illustrate that the end of reel is also destroyed, cannot UIP be generated.
5. from volume head, read the primary attribute of volume, as sector-size, encrypted area start address etc., and read key data.
6. retain the VVMF file handle opened and key data, until below read-write operation carries out to UIP time use.
7. kernel is that UIP generates available drive, calls IoCreateDevice and creates volume equipment, calls IoCreateSymbolicLink and generates Symbolic Links.Again by the agreement of WINDOWS roll up for this reason equipment generate drive, as drive be T time, the Symbolic Links Ming Wei DosDevices T of generation:.These Symbolic Links have been exactly UIP for upper strata, to the read-write that the read-write of UIP will finally produce volume equipment.
8. after volume equipment generates, volume filtration drive intervention work, for volume equipment generates filter plant, and call IoAttachDeviceToDeviceStack and filter plant is tied on volume equipment, to be filtered equipment to the read-write of volume equipment so to tackle, namely all will through filter plant to the read-write of UIP.Volume filter plant, the VVMF file handle opened above, key data are associated, be recorded in a global structure, any read-write motion next produced all will be written back on VVMF by encryption and decryption.
Embodiment four:
Respectively with read-write requests citing, to make step of the present invention definitely, specifically:
1) as when upper strata file read via filesystem conversion for read operation is carried out to volume equipment the 100th sector time: volume filter plant intercept read request, sector is converted to the document misregistration of VVMF, (100-1) * 512+128k (roll up head in VVMF and reserve size)=181760, then program can by the VVMF file handle of association, the size (512 byte) of a sector is read from the place that VVMF document misregistration is 181760, use the buffer zone of data key to 512 bytes of recording in internal memory to be decrypted, then return to the promoter of read operation.
2) when topmost paper write via filesystem conversion for write operation is carried out to volume equipment the 200th sector time: volume filter plant intercept and capture get write request, sector is converted to the document misregistration of VVMF, (200-1) * 512+128k (roll up head in VVMF and reserve size)=232960, the data that will write this sector that then upper strata can be imported into by program are first encrypted, again by the VVMF file handle of association, write a sector to the place that VVMF document misregistration is 232960.
When namely reading file: read enciphered data-> deciphering-> from VVMF and return to upper strata.
During written document: upper strata write-> encrypts-> and writes VVMF file.
So when upper strata is completely transparent directly to VVMF in the data of storage encryption.
Wherein, say down for a practical application scene effect that this patent can reach below:
Certain employee goes on business in other places, and two parts of documents have been sent out by company, new product operation instructions and quotation documents, and wherein quotation documents is that needs are highly confidential; This employee, due to network limited, can only go to Internet bar to download this two parts of documents.Employee comes Internet bar, only needs to insert USB flash disk, new product operation instructions is put into USB flash disk, the program of reruning on USB flash disk, after opening UIP, quotation documents is put into UIP.
The present invention has following advantage:
1. do not affect normal use, as user wants to preserve the file such as music, video of not concerning security matters, experience why not together to have less than USB flash disk and common U disk completely.
2.UIP running environment is simple, does not need to install office terminal on machine, only needs on USB flash disk, retain a program being used for generating UIP.
Embodiment five:
With embodiment of the method is corresponding above, the invention also discloses a kind of data access arrangement based on USB flash disk encryption, as shown in Figure 3, specifically, it comprises:
Initialization module, for generating a virtual volume mapped file VVMF on common USB flash disk; Secret generation module, is encrypted for inputting this virtual volume mapped file of a codon pair according to user;
Program interaction module, for receiving the password of user's input;
Cipher authentication module, for the password inputted according to described user, contrasts this password whether identical with the Crypted password of described virtual volume mapped file;
Virtual drive module, if correct for this password time, call one group be pre-stored within USB flash disk system drive file generated volume equipment;
Equipment load-on module, for loading the drive of described volume equipment in system drive catalogue; Read-write filtering module, carries out corresponding reading and writing data for the operation according to user.
Further, preferably, described secret generation module, when being encrypted this virtual volume mapped file, specifically comprises:
Obscure the data key of generation 1 byte according to the cipher random of input, and this data key is written in the volume head of described virtual volume mapped file.
Further, preferably, also comprise integrity detection module, correct for working as cipher authentication module authentication password, then verify the correctness of the volume head of virtual volume mapped file further, wherein, if verify incorrect, then from virtual volume mapped file, read duplicate volume head, if still incorrect, then never call the system drive file generated disk identifier of hard disk on USB flash disk.
Further, preferably, the file handle of virtual volume mapped file and described data key are stored in internal memory, described read-write filtering module, corresponding reading and writing data is carried out in operation according to user, specifically comprise: the data read operation instruction obtaining user, and convert thereof into the sector read operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is got according to described sector, and according to the file handle of described virtual volume mapped file, read the data file in corresponding document misregistration region, be decrypted according to the file of the data key recorded in internal memory to above sector, and return to user.
Further, preferably, the file handle of virtual volume mapped file and described data key are stored in internal memory, described read-write filtering module, corresponding reading and writing data is carried out in operation according to user, comprise: the data write operation instruction obtaining user, and convert thereof into the sector write operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is converted to according to described sector, and according to the file handle of described virtual volume mapped file, data key according to recording in internal memory is encrypted data, and to the data after the document misregistration region write encryption of correspondence.
This patent solves this two problems under the prerequisite that ensure that document security, no longer needs to install complicated environment for use in terminal, only uses and to there is on USB flash disk independently program; No longer be encrypted All Files, the original subregion of USB flash disk exists, and only generate secret subregion (UIP) when being necessary, file can be left in original subregion or secret subregion by user selectively, can not affect the use of original subregion.
It should be noted that, for said method embodiment, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the application is not by the restriction of described sequence of movement, because according to the application, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action and module might not be that the application is necessary.
Those skilled in the art should understand, the embodiment of the application can be provided as method, system or computer program.Therefore, the application can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.
And the application can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disk memory, CD-ROM, optical memory etc.) of computer usable program code.
Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1., based on a data access method for USB flash disk encryption, it is characterized in that, comprising:
Step 1) USB flash disk initialization step, common USB flash disk generates a virtual volume mapped file VVMF, and inputs this virtual volume mapped file of a codon pair and be encrypted;
Step 2) whether reading and writing data step, receive the password of user's input, and it is identical with the Crypted password of described virtual volume mapped file to contrast this password;
Wherein, if this password is correct, then calls one group of system drive file generated volume equipment be pre-stored within USB flash disk, load the drive of described volume equipment in system drive catalogue, and carry out corresponding reading and writing data according to the operation of user further.
2. the data access method based on USB flash disk encryption according to claim 1, is characterized in that, step 1) in, when this virtual volume mapped file is encrypted, specifically comprise:
Obscure the data key of generation 1 byte according to the cipher random of input, and this data key is written in the volume head of described virtual volume mapped file.
3. the data access method based on USB flash disk encryption according to claim 1 and 2, it is characterized in that, step 2) in, if this password is correct, then verify the correctness of the volume head of virtual volume mapped file further, wherein, if verify incorrect, then from virtual volume mapped file, read duplicate volume head, if still incorrect, then never call the system drive file generated volume equipment on USB flash disk.
4. the data access method based on USB flash disk encryption according to claim 2, it is characterized in that, the file handle of virtual volume mapped file and described data key are stored in internal memory, step 2) in, corresponding reading and writing data is carried out in operation according to user, specifically comprise: the data read operation instruction obtaining user, and convert thereof into the sector read operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is got according to described sector, and according to the file handle of described virtual volume mapped file, read the data file in corresponding document misregistration region, be decrypted according to the file of the data key recorded in internal memory to above sector, and return to user.
5. the data access method based on USB flash disk encryption according to claim 2, it is characterized in that, the file handle of virtual volume mapped file and described data key are stored in internal memory, step 2) in, corresponding reading and writing data is carried out in operation according to user, comprise: the data write operation instruction obtaining user, and convert thereof into the sector write operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is converted to according to described sector, and according to the file handle of described virtual volume mapped file, data key according to recording in internal memory is encrypted data, and to the data after the document misregistration region write encryption of correspondence.
6., based on a data access arrangement for USB flash disk encryption, it is characterized in that, comprising:
Initialization module, for generating a virtual volume mapped file VVMF on common USB flash disk; Secret generation module, is encrypted for inputting this virtual volume mapped file of a codon pair according to user;
Program interaction module, for receiving the password of user's input;
Cipher authentication module, for the password inputted according to described user, contrasts this password whether identical with the Crypted password of described virtual volume mapped file;
Virtual drive module, if correct for this password time, call one group be pre-stored within USB flash disk system drive file generated volume equipment;
Equipment load-on module, for loading the drive of described volume equipment in system drive catalogue; Read-write filtering module, carries out corresponding reading and writing data for the operation according to user.
7. the data access arrangement based on USB flash disk encryption according to claim 1, is characterized in that, described secret generation module, when being encrypted this virtual volume mapped file, specifically comprises:
Obscure the data key of generation 1 byte according to the cipher random of input, and this data key is written in the volume head of described virtual volume mapped file.
8. the data access arrangement based on USB flash disk encryption according to claim 1 and 2, it is characterized in that, also comprise integrity detection module, correct for working as cipher authentication module authentication password, then verify the correctness of the volume head of virtual volume mapped file further, wherein, if verify incorrect, then from virtual volume mapped file, read duplicate volume head, if still incorrect, then never call the system drive file generated volume equipment on USB flash disk.
9. the data access arrangement based on USB flash disk encryption according to claim 2, it is characterized in that, the file handle of virtual volume mapped file and described data key are stored in internal memory, described read-write filtering module, corresponding reading and writing data is carried out in operation according to user, specifically comprise: the data read operation instruction obtaining user, and convert thereof into the sector read operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is got according to described sector, and according to the file handle of described virtual volume mapped file, read the data file in corresponding document misregistration region, be decrypted according to the file of the data key recorded in internal memory to above sector, and return to user.
10. the data access arrangement based on USB flash disk encryption according to claim 2, it is characterized in that, the file handle of virtual volume mapped file and described data key are stored in internal memory, described read-write filtering module, corresponding reading and writing data is carried out in operation according to user, comprise: the data write operation instruction obtaining user, and convert thereof into the sector write operation to described volume equipment;
The document misregistration amount of described virtual volume mapped file is converted to according to described sector, and according to the file handle of described virtual volume mapped file, data key according to recording in internal memory is encrypted data, and to the data after the document misregistration region write encryption of correspondence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510157987.2A CN104751080A (en) | 2015-04-29 | 2015-04-29 | USB (Universal Serial Bus) flash disk encryption-based data access method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510157987.2A CN104751080A (en) | 2015-04-29 | 2015-04-29 | USB (Universal Serial Bus) flash disk encryption-based data access method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104751080A true CN104751080A (en) | 2015-07-01 |
Family
ID=53590747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510157987.2A Pending CN104751080A (en) | 2015-04-29 | 2015-04-29 | USB (Universal Serial Bus) flash disk encryption-based data access method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104751080A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106299907A (en) * | 2016-09-24 | 2017-01-04 | 成都创慧科达科技有限公司 | A kind of data connector possessing deciphering function and deciphering apparatus and method |
| CN112463491A (en) * | 2020-12-02 | 2021-03-09 | 广州朗国电子科技有限公司 | Control method and device for education all-in-one machine to enter test mode and storage medium |
| CN112596818A (en) * | 2020-12-30 | 2021-04-02 | 上海众源网络有限公司 | Application program control method, system and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101655893A (en) * | 2009-10-10 | 2010-02-24 | 郑界涵 | Manufacture method of intelligent blog lock, Blog access control method and system thereof |
| US20110061112A1 (en) * | 2008-03-12 | 2011-03-10 | Pavel Berengoltz | System and method for enforcing data encryption on removable media devices |
| CN102289526A (en) * | 2011-09-29 | 2011-12-21 | 深圳市万兴软件有限公司 | HFS+file system data recovery method and device |
-
2015
- 2015-04-29 CN CN201510157987.2A patent/CN104751080A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110061112A1 (en) * | 2008-03-12 | 2011-03-10 | Pavel Berengoltz | System and method for enforcing data encryption on removable media devices |
| CN101655893A (en) * | 2009-10-10 | 2010-02-24 | 郑界涵 | Manufacture method of intelligent blog lock, Blog access control method and system thereof |
| CN102289526A (en) * | 2011-09-29 | 2011-12-21 | 深圳市万兴软件有限公司 | HFS+file system data recovery method and device |
Non-Patent Citations (1)
| Title |
|---|
| 周峰: "基于虚拟卷技术的安全U盘研究与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106299907A (en) * | 2016-09-24 | 2017-01-04 | 成都创慧科达科技有限公司 | A kind of data connector possessing deciphering function and deciphering apparatus and method |
| CN106299907B (en) * | 2016-09-24 | 2018-07-31 | 广东胜怡电器科技有限公司 | A kind of data connector having decryption function and decryption device and method |
| CN112463491A (en) * | 2020-12-02 | 2021-03-09 | 广州朗国电子科技有限公司 | Control method and device for education all-in-one machine to enter test mode and storage medium |
| CN112596818A (en) * | 2020-12-30 | 2021-04-02 | 上海众源网络有限公司 | Application program control method, system and device |
| CN112596818B (en) * | 2020-12-30 | 2023-12-05 | 上海众源网络有限公司 | Application program control method, system and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8856521B2 (en) | Methods and systems for performing secure operations on an encrypted file | |
| US6249866B1 (en) | Encrypting file system and method | |
| JP3733026B2 (en) | Electronic work sales equipment | |
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| JP5981984B2 (en) | Virtual computer system, confidential information protection method, and confidential information protection program | |
| RU2458385C2 (en) | Transaction isolated data storage system | |
| US8307408B2 (en) | System and method for file processing and file processing program | |
| CN102254119B (en) | Safe mobile data storage method based on fingerprint U disk and virtual machine | |
| US7818567B2 (en) | Method for protecting security accounts manager (SAM) files within windows operating systems | |
| CN109325355A (en) | Mobile terminal data method for secure storing based on virtual disk | |
| CN103294969B (en) | File system mounted method and device | |
| CN107994989A (en) | A kind of data encryption system, encryption method, encryption chip and storage device | |
| US20120233712A1 (en) | Method and Device for Accessing Control Data According to Provided Permission Information | |
| CN106100851B (en) | Password management system, intelligent wristwatch and its cipher management method | |
| CN111008390A (en) | Root key generation protection method and device, solid state disk and storage medium | |
| CN104751080A (en) | USB (Universal Serial Bus) flash disk encryption-based data access method and system | |
| JP3528701B2 (en) | Security management system | |
| CN100595739C (en) | Method and system for accessing finance data | |
| CN202217282U (en) | Safety data memory system based on finger print universal serial bus (USB) flash disk and virtual machine | |
| CN103425938A (en) | Folder encryption method and device for Unix-like operating system | |
| CN101132275A (en) | Safety system for implementing use right of digital content | |
| CN102301369B (en) | Data storage device access method and device | |
| CN110113151B (en) | Non-invasive real-time encryption and decryption method for ELF format program | |
| CN111143879A (en) | Android platform SD card file protection method, terminal device and storage medium | |
| CN104036201A (en) | Application-layer file hiding method on Windows operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 250000 Shandong city of Ji'nan province high tech Zone Shun Road No. 1 Building No. 5, Qilu Software Park (Business Plaza E) four A408, A410, A412 room Applicant after: SHANDONG HUARUAN GOLDENCIS SOFTWARE CO., LTD. Address before: 250000 Shandong city of Ji'nan province high tech Zone Shun Road No. 1 Building No. 5, Qilu Software Park (Business Plaza E) four A408, A410, A412 room Applicant before: Shandong Hua Ruan Golden Shield softcom limited |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150701 |
|
| RJ01 | Rejection of invention patent application after publication |