CN105279453B - It is a kind of to support the partitions of file for separating storage management to hide system and method - Google Patents

It is a kind of to support the partitions of file for separating storage management to hide system and method Download PDF

Info

Publication number
CN105279453B
CN105279453B CN201510624898.4A CN201510624898A CN105279453B CN 105279453 B CN105279453 B CN 105279453B CN 201510624898 A CN201510624898 A CN 201510624898A CN 105279453 B CN105279453 B CN 105279453B
Authority
CN
China
Prior art keywords
user
file
partition
storage device
storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510624898.4A
Other languages
Chinese (zh)
Other versions
CN105279453A (en
Inventor
崔小乐
李大刚
林信南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lishui Zhixing Technology Co.,Ltd.
Original Assignee
Nanjing Wu An Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Wu An Information Technology Co Ltd filed Critical Nanjing Wu An Information Technology Co Ltd
Priority to CN201510624898.4A priority Critical patent/CN105279453B/en
Publication of CN105279453A publication Critical patent/CN105279453A/en
Application granted granted Critical
Publication of CN105279453B publication Critical patent/CN105279453B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The partitions of file for separating storage management is supported to hide system and method, including master computer, storage device, user authentication module and the separation storage management system of at least two support separation storages the invention discloses a kind of;Storage device includes public partition and user partition, generic-document write operation is supported in public partition, when it is validated user that the user of user partition progress file write operation is by user authentication module certification, separation storage is supported, when being authenticated to be disabled user, write operation stopping.Validated user can only see public partition and oneself privately owned user partition in the present invention, can not see the privately owned user partition of other users, and the file operation to other validated users can not effectively be discovered, and ensure the high security of High Security Level file.

Description

It is a kind of to support the partitions of file for separating storage management to hide system and method
Technical field
The present invention relates to field of information security technology, and in particular to a kind of partitions of file for supporting to separate storage management is hidden System and method.
Background technology
The security of existing electronic document storage relies primarily on encryption with access control means to ensure.But file is close Text still remains the integrality of information, and with the continuous enhancing of computing power, encrypted document is by the calculating of bigger computing capability The chance of machine decryption constantly increases.Because the information needed for certification may be decrypted, the failure of link is encrypted also to authentication The validity of system forms larger threat.Therefore occur electronic document being decomposed into multiple fragments, and multiple fragments are distinguished It is stored in the separation memory technology of multiple different storage devices.
The content of the invention
Goal of the invention:For safe information transmission demand, the present invention provides separation storage system and the side of a kind of networking Method, it can effectively prevent hacker by intercepting, the means such as unauthorized access steal secret;Simultaneously easy to implement and popularization.
Technical scheme:The partitions of file of the present invention for supporting separation storage management hides system, master computer;At least The storage device of two access master computers, its memory space include management information area, public partition and user partition, often The management information area of the individual storage device is stored with to be accorded with and validated user table with its unique corresponding storage device identification, legal User's table is written with the reference address of user partition and supports to carry out unique separation storage operation user's in the user partition User identifier;User authentication module, it is installed on the master computer, reads and carry out operating writing-file user in user partition User identifier, compared with the validated user table of storage device where the user partition pair, comparing successful user authentication is Validated user, other users certification are disabled user;Separation storage management system, it is installed on the master computer, including text Part separates Stored Procedure controller software module and user registration module, the user registration module are provided with list of devices and user Managing listings, list of devices are written with the storage device identification symbol for supporting separation storage operation storage device, user management list Be written with the logon account and user identifier of validated user, the user identifier with the storage device validated user table User identifier is corresponding;The file separation Stored Procedure controller software module is used for the written document behaviour for reading active user Make, when being write to public partition, perform generic-document write operation, when entering write-in to user partition, described in calling User authentication module, separation storage write operation is performed for validated user, stops operating writing-file for disabled user.Each deposit Storage equipment is provided with least one public partition and a user partition, by validated user table by the address of each user partition and The user identifier that the user partition can uniquely access user is corresponding so that the user partition only can by the validated user See.
Above-mentioned technical proposal is further improved, the storage device is divided into one and supports file partition and file fragmentation storage Master file separation storage device and only support file fragmentation store secondary file separate storage device.Master file separation storage is set It is standby to refer to the storage device for being responsible for carrying out file partition, generally there is the software and hardware entity for being responsible for carrying out file partition function;Secondary file Separating storage device only has the store function of file fragmentation, and function is decoupled without file;In a system, only one Master file storage device, there can be one or more file separation storage devices.
Further, the storage device includes the storage device of the external master computer and installed in the host computer The local storage device of machine.
Further, the storage device is used as storage medium using any in disk, USB flash disk, mobile hard disk.
Further, USB control chips are included as the storage device of storage medium using USB flash disk, separating reducing handles core Piece and flash chip;Its address space is divided into management information, public partition and user partition.
Further, the management information area of the storage device is stored with storage device static information, storage device dynamic Information, public partition descriptor pointer, user partition descriptor pointer, public partition descriptor, user partition descriptor;It is described Storage device static information is public with the total memory capacity of storage device, maximum public partition number, maximum user partition number, maximum Subregion capacity, maximum user partition capacity, storage device identification symbol are storage cell, and the storage device multidate information is to store The currently available memory capacity of equipment, currently available public partition number, currently available user partition number, current public partition first address It is current in currently available public partition memory capacity, storage device in list, the list of active user's subregion first address, storage device Available subscribers partitioned storage capacity, the catalogue file pointer of public partition, the catalogue file pointer of user partition, current Lawful are used Family list, validated user and user partition corresponding table are storage cell, and the public partition descriptor pointer points to public partition The first address of descriptor table, the user partition descriptor pointer points to the first address of user partition descriptor table, described public Partition descriptor table is held with public partition identification number, public partition amount of capacity, public partition first address, currently available storage Amount, user right are storage cell, the user partition descriptor table with user partition identification number, user partition amount of capacity, User partition first address, currently available memory capacity, validated user number, validated user authentication password pointer, user right are to deposit Store up unit.
The partitions of file hidden method of separation storage management is supported based on said system, is comprised the following steps:
S1:File separation Stored Procedure controller software module obtains the operating writing-file of active user, empty for write-in Between be storage device public partition when, perform generic-document write operation, for write-in space be storage device user partition When, perform step S2;
S2:User authentication module reads the user identifier for carrying out operating writing-file user, with being deposited where the user partition The validated user table of equipment is stored up compared to pair, if comparing successfully, the user authentication is validated user, performs step S3, if comparing Unsuccessful, then the user authentication is disabled user, operating writing-file stopping;
S3:It is " separation " type that file separates Stored Procedure controller software module marks by file, specifies responsible file The storage device that the storage device of partition is master file separation storage device, is merely responsible for file fragmentation storage is that the separation of time file is deposited Equipment is stored up, separating storage device in master file according to the directory information of file separates establishment or renewal in storage device with time file The index information of file, generation file cipher text is encrypted to file and its index information;The directory information of file includes file Name, file storage address, file owners and its authority, file authorizing user and its authority, file size, file attribute, File directory provided in the information, with operating system such as the foundation of file, modification, access time is no different;The index letter of file Breath is the part in file directory, including the information such as filename, file storage address, file size;
S4:File cipher text is sent to master file and separates storage device, master file separates storage device according to file index File cipher text is split into file fragmentation by information, and file fragmentation is separated into storage with time file in master file separation storage device sets Write operation is carried out one by one in standby, and safeguards its file directory information;
S5:If file fragmentation is written into corresponding separation storage device, this operating writing-file is completed.
Above-mentioned technical proposal is further improved, authentication result is new user in the step S2(Disabled user can not be voluntarily Validated user is turned into by registration process), validated user is registered as follows:
S21:File separation Stored Procedure controller software module reads the storage device identification symbol of storage device, checks this Whether storage device identification is accorded with legal storage device list, if not existing, performs step S22, if, perform step S23;
S22:Implementor name, device identifier, device type, the legal storage of equipment operation function list first address write-in are set Standby list, and the total memory capacity, maximum public partition number, maximum user partition number of storage device are initialized, then perform step Rapid S23;
S23:Check master computer keeper(Master computer keeper is responsible for user list, can be related to user Information is written and read operation, has the authority for safeguarding user profile, and master computer keeper can be the conjunction for separating store function Method user or the disabled user for separating store function, if be by the user to separate the validated user of store function It is no to be determined in validated user list)Whether allow to register, if not allowing, registration process stops;If allowing, ejection user logs in Interface, user's login interface are provided with user name input text box and Password Input text box and application " registering new user " link Button, the interface of linking button link are provided with user name input text box, Password Input text box, the input of user partition size Text box;
S24:Obtain the username and password of user login interface input or the user name of " registering new user " input, close Code and user partition size, file separation Stored Procedure controller software module check the storage device management letter of storage device Breath, if currently available user partition number is less than maximum user partition number and currently available user partition memory capacity is less than maximum use Family subregion capacity, then user name, password are write to the user management list of master computer, and are its distributing user identifier;Will User identifier is write in master computer and the current Lawful user list of storage device;Otherwise, user's registration fails.
The file for separating storage is carried out into read operation to comprise the following steps:
S61:Obtain read operation point to file storage location, if storage location be public partition, reading file operation with it is general Logical file read operation is identical;If storage location is user partition, the user for read file operation is authenticated, if certification When as a result matching for the user partition and the user of this initiation read operation, then S62 is performed, if authentication result is used to be illegal Family, then read file operation and stop;
S62:File separates Stored Procedure controller software module according to file index information, calls corresponding text respectively Part separation storage device driver, file fragmentation is read, master file storage device driver is then called, by All Files Fragment is sent in master file separation storage device;
S63:Master file separates storage device and file fragmentation is reverted into file cipher text, and sends to master computer;
S64:File cipher text decryption is reduced into plaintext document by master computer in internal memory, submits to validated user use.
File partition process comprises the following steps in the S3:
S31:According to the index information of file, generation separates storage device with master file, secondary file separates storage device number Measure the equal random number triple of sum(R1i、R2i、R3i), wherein R1i is the quantity of Extracting Information, and R2i is Extracting Information position Array is put, R3i is backfill value array, and array R2i and R3i size are equal to R1i value;
S32:According to R1i and R2i value, from the letter of the random site extraction random amount of the file cipher text of master computer Breath;
S33:The information extracted and extraction quantity, extraction position are stored according to document form generation file cipher text In master file separation storage device;
S34:Using the random number in backfill value array R3i, according to the extraction position in R2i instruction filling file cipher text Put, generate new file fragmentation i, file fragmentation i size and file cipher text it is equal in magnitude;
S35:Repeat step S32-S34, until all random number triples are finished;
S36:New caused All Files fragment is sent into host computer operating system kernel buffers.
Beneficial effect:Compared with prior art, advantages of the present invention:
1st, for the file of separation storage, from spatially, plaintext document is existed only in the internal memory of master computer, other Plaintext document is not present in storage device, when only validated user accesses its privately owned user partition, the effective of file can be obtained Read and write result;From the time, plaintext document is only activity in master file separation storage device access master computer and this document Exist in file processes, after this document is closed, region of memory will be written into random value used in this document in internal memory.
2nd, when being operated to High Security Level file, need to by master file separate storage device access master computer, using point From file read-write operations mode, after master file separation storage device departs from master computer, the plaintext document in master computer internal memory Disappear;Now, the file either in master file separation storage device or time file separation storage device is stolen, wherein Only include Partial encryption fileinfo, the only file in master file separation storage device and all secondary file separation storage devices Obtained by attacker, and be successfully accessed master computer, just have an opportunity to obtain plaintext document information;Simultaneously because disabled user without Method sees the user partition content in storage device, it is more difficult to which it is that the storage for supporting separation storage mode is set to find the storage device It is standby;Validated user also can only see public partition and oneself privately owned user partition, can not see the privately owned user of other users Subregion, the file operation to other validated users can not effectively be discovered;Therefore scheme provided by the invention can ensure High Security Level text The high security of part.
Brief description of the drawings
Fig. 1 is the storage equipment partition scheme schematic diagram of the present invention.
Fig. 2 is the structural representation of special USB flash disk in embodiment.
Fig. 3 is file read-write flow chart.
Embodiment
Technical solution of the present invention is described in detail below.
Embodiment 1:It is provided by the invention support electronic document separation storage partitions of file hidden method, when have to support When the storage device of separation storage conducts interviews, operating system first checks for user identity.If the user is the legal use of certification Family, then the available memory space of the storage device include public partition and the privately owned user partition of the user, in user partition File operation, carried out using separation storage file mode of operation, the file operation in public partition is grasped with generic-document Make identical.If the user is unauthenticated disabled user, available memory space is only public partition, all user partitions Invisible to disabled user, file operation is identical with generic-document operation.From file access angle, even if understanding separation storage system System principle, disabled user can not also judge that this storage device is generic storage equipment or the storage device for supporting separation storage. In addition to having created to the user partition of certain validated user, other user partitions are invisible to the validated user, avoid multi-user it Between access safety sex chromosome mosaicism.
The storage equipment partition overall plan of support that the present invention designs separation storage is as shown in figure 1, storage medium can be with For any type in disk, USB flash disk, mobile hard disk etc..
1 ~ m of public partition:M public partition, public partition can be accessed jointly by user used, what all users saw Public partition information is identical, and the file operation on common zone is identical with the operation on generic storage subregion;Each public partition Size can be adjusted, but storage size shared by public partition must not exceed upper limit m.
1 ~ n of user partition:N privately owned subregions, each user partition is privately owned by a lawful registration user, other users without Method sees the privately owned user of the lawful registration user point, and the file operation on user partition is using separation storage file operation side Formula is carried out, and user partition quantity must not exceed upper limit n.
Storage device management information, specifically include following information:
(1)Storage device static information:Total memory capacity including storage device, maximum public partition number, maximum user The number of partitions, maximum public partition capacity, maximum user partition capacity, storage device identification symbol, storage device supplier information etc. Content.
(2)Storage device multidate information:Including the currently available memory capacity of storage device, current public partition number, currently User partition number, current public partition first address list, active user's subregion first address list, currently available public affairs in storage device It is divided into area's memory capacity, currently available user partition memory capacity in storage device, the catalogue file pointer of public partition, user The corresponding table of the catalogue file pointer of subregion, current Lawful user list, validated user and user partition.
(3)Public partition descriptor pointer:Point to the first address of public partition descriptor table.
(4)User partition descriptor pointer:Point to the first address of user partition descriptor table.
(5)Public partition descriptor, including following information:Public partition identification number, public partition amount of capacity, public point Area's first address, currently available memory capacity, user right.
(6)User partition descriptor, including following information:User partition identification number, user partition amount of capacity, Yong Hufen Area's first address, currently available memory capacity, validated user number, validated user authentication password pointer, user right.
The master computer of separation storage is supported to install separation storage management system, including file additional on the basis of operating system Stored Procedure controller software module is separated, is responsible for separating the functions such as the Read-write Catrol of storage, user management, equipment control, dimension Protect legal storage device list, legal user list;The master computer of the separation storage management system can not supported Separate store function.Specific implementation is, after supporting the storage device of file separation storage to access master computer, activation master File separation Stored Procedure controller software module in computer operating system kernel, the software module only respond validated user Operation application, the operation application of disabled user is not responded.
Legal storage device list includes following information:Implementor name, device identifier device type, equipment operation function row The property default value of heading address, bay status list, subregion property etc., wherein user partition is invisible, hides shape State, only when user partition is accessed by its corresponding validated user, the property of its user partition is just changed to Visible, i.e., Visible state;The property default value of public partition is Visible.
Validated user list includes following information:User name, password, user identifier, corresponding user partition identifier etc..
Separate storage system user's registration flow:When new user wishes to turn into the validated user of separation storage system, it is necessary to Carry out user's registration.The computer system of the support separation storage of the storage device insertion authority of separation storage, operation will be supported The separation storage management system of system and the interaction of user are as follows:
(1)The separation storage management system of operating system carries out the certification of storage device first, confirms the conjunction of storage device Method, the storage device identification symbol of storage device is read, check storage device identification symbol whether in legal storage device list In;If the storage device of legal support separation storage is being regarded it as, is performing step(3);If not existing, starting device is needed Registration process, perform step(2).
(2)Facility registration process is as follows:By implementor name, storage device identification symbol, device type, equipment operation function list The information such as first address write legal storage device list, and initialize the total memory capacity of storage device, maximum public partition number, The contents such as maximum user partition number.
(3)If the storage device is legal, check whether master computer keeper allows new user's registration, if not permitting Perhaps, then registration process stops;If allowing, user's login interface is ejected, asks user to input username and password or apply for the registration of New user, the separation storage management system of operating system is by the user name in user list, user cipher, user identifier three The corresponding relation certification validated user of person;Wherein, user name and user cipher are only stored in point of the operating system of master computer From in storage management system, and user identifier is then stored at master computer and storage device two, when user apply for the registration of it is new After user, then guiding user in interface inputs user name, user cipher, user partition size;The separation storage management of operating system Systems inspection separates the storage device management information of storage device, if currently available user partition number is less than maximum user partition Currently available user partition memory capacity is less than maximum user partition capacity in number and storage device, then by user name, Yong Humi The user management list of code write-in separation storage management system, and be its distributing user identifier;Finally user identifier is write Return in the current Lawful user list of storage device;So far, user registration course is completed.
Separation storage file writes flow:
During file separation Stored Procedure controller software module work, the operating system of master computer is created and opened File, it can establish a piece of storage region in master computer internal memory for this document.Operation, file are preserved when user implements file When automatic repagination operation occurs in memory block, the file separation Stored Procedure controller software module record in operating system nucleus should The written document transmitted with layer is asked, log file name, file directory information;Then read the storage equipment partition of write-in is related Information.When partition holding is public partition, written document process is completed according to normal file write operation;When partition holding is user Subregion, by the legitimacy for comparing user identifier inspection user.If disabled user, write operation flow stops.
Then it is " separation " type by written document type code if validated user, distinguishes then according to file directory information Separated in master file separation storage device with time file and file index is created or updated in storage device;Then to file and its text Part index information is encrypted, and is sent file cipher text to master file by device driver and separates storage device;Master file After separation storage device receives above- mentioned information, the file index quantity in file index information decouples to file, and Text document fragment is preserved in the separate file memory block of itself, other file fragmentations are then back to master computer;It is main The file separation Stored Procedure controller software module and then the corresponding driver of calling of computer, each file fragmentation is write Each secondary file separation storage device, and safeguard its file directory content.So far, the separation storage of file is completed.
From it is above-mentioned write flow can be seen that user operating writing-file can only occur in time file separation storage stream During range controller software module works, the public partition of storage device or the use that the user is privately owned spatially can only occur in On the subregion of family, it is impossible to write the privately owned user's space of other validated users.Write operation on public partition writes behaviour for ordinary file Make, the write operation on user partition is separation storage write operation.
Separate the reading flow of storage file:
During file separation Stored Procedure controller software module work, validated user can initiate read operation application.When When read operation file position is the public partition of storage device, read operation is identical with ordinary file read operation.When reading file Fragment position be storage device user partition, and this document subregion with this initiation read operation user match when, File separates Stored Procedure controller software module according to file index information, calls corresponding secondary file-storage device respectively Driver, fragment file is read, then call the driver of master file separation storage device, all fragment files are sent to In master file separation storage device.Master file separates storage device by fragment file access pattern into cryptograph files, and is sent to analytic accounting Calculation machine.File is decrypted in the internal memory of master computer, the application layer for submitting to operating system in plain text is used.
The characteristics of reading file operation above is that the text in storage device public partition can be read in all validated users Part, but be only capable of reading the file fragmentation in one's own privately owned user partition.
Above-mentioned file partition is separated with being carried out in storage device with recovery process in master file.
Partition process is as follows:
(1)According to index information, produce and the secondary file random number triple that to separate storage device quantity equal(R1i, R2i, R3i), wherein R1i indicates the quantity of Extracting Information, and R2i is Extracting Information position array, and R3i is backfill value array, array R2i and R3i size is equal to R1i value.(2)According to R1i and R2i value, the file cipher text sent from master computer it is random Extract the information of random amount in position.(3)The information extracted and extraction quantity, extraction position are preserved according to document form In master file separates storage device.(4)Using the random number in R3i arrays, according in R2i instruction filling file cipher text Position is extracted, generates new fragment file i.Fragment file i file size and cryptograph files is equal in magnitude.(5)Repeat step (2-4), until all random number triples are finished.(6)New caused all fragment files are sent into host computer operating systems The buffering area of kernel.
Recovery process is the inverse process of partition process, instructs to recover using triple random with identical during partition Journey.
It is specifically described below by taking a main separation storage device, one separation storage device as an example:
Master computer uses ordinary PC, installs Windows operating system.Master file separation storage device is using special USB flash disk, the special USB flash disk are made up of USB control chips, separating reducing process chip, flash chip, as shown in Figure 2.Secondary file separation Storage device uses the hard disk in master computer.
Design document separates Stored Procedure controller software module smc () module, as windows kernel program modules It is articulated in the file system of operating system.smc()Data below structure is safeguarded in module.
Support the legal storage device descriptor of separation storage, each corresponding descriptor of legal storage device:
struct device_sep_struct {
const char * name;/ * sensing equipment name character strings */
in tdev_ID;/ * storage device identifications symbol */
int number;/ * 0 represents main separation storage device, not for 0 represent time separation storage device */
int Max_pub_sections;/ * maximums public partition quantity */
int Max_pri_sections;/ * maximum user partition quantity */
struct Table_sections section_table [Max_Sections];/ * bay status lists */
struct file_operations_pub *fops_pub;/ * points to the finger of public partition file manipulation function Pin */
struct file_operations_pri *fops_pri;/ * points to the finger of user partition file manipulation function Pin */
};
Partition descriptor,
strcut Table_section {
int section_number;/ * partition identifications */
Int section_address/* partition number first address */
int section_capacity;/ * subregion amount of capacity */
boolean sep;/ * partition number properties, pub or pri */
struct user[Max_users];/ * subregion validated users */
struct user current_user;/ * subregion active users */
boolean show;/ * display properties visiable or invisible*/
}
User descriptors:
Struct user {
Char * user_name;/ * sensing user name character strings */
Char * user_password;/ * sensing user cipher character strings */
Boolean legal;/ * whether the validated user * of operating system/
Boolean sep_legal;/ * whether separate the validated user * of storage device/
Int user_ID;/ * user numbers */
Int power;/ * user operating right */
}
Support the storage device management information of separation storage.
Dev_sep_man {
struct device_sep_struct [Max_Dev];
}
The USB flash disk capacity for supporting separation storage is 4GB, and its address space is divided into three parts:Management information, public partition, User partition.Under original state, public partition and user partition quantity are respectively 1.Public partition original state is Visible, user partition original state are invisible.Address is fixed as 4K shared by management information, positioned at relative address The position that 0x00000000 starts.Public partition starts from 4G-4k+1 address, maximum capacity 3Gb.Use remaining address Family subregion.
The data structure of management information is as follows:
#define int Max_pub_sections 4;/ * maximums public partition quantity */
#define int Max_pri_sections 8;/ * maximum user partition quantity */
struct device_sep_usb_struct {
const int vandor;/ * USB flash disk equipment suppliers */
int dev_ID;/ * storage device identifications symbol */
Boolean sep;/ * 0 represents main separation storage device, 1 represent time separation storage device */
struct Table_sections section_table_pub [Max_pub_sections];Public point of/* Area condition list */
struct Table_sections section_table_pri [Max_pri_sections];Public point of/* Area condition list */
struct file_operations_pub *fops_pub;/ * points to the finger of public partition file manipulation function Pin */
struct file_operations_pri *fops_pri;/ * points to the finger of user partition file manipulation function Pin */
}
strcut Table_section_usb {
int section_number;/ * partition numbers */
Int section_address/* partition number initial addresses */
int section_capacity;/ * partition sizes */
boolean sep;/ * partition number properties, pub or pri */
struct user[8];/ * subregion validated users */
struct user current_user;/ * subregion active users */
boolean show;/ * display properties visiable or invisible*/
}
Struct user_usb {
Int user_ID;/ * user numbers */
boolean legal;/ * whether the validated user * of operating system/
Boolean sep_legal;/ * whether separate the validated user * of storage device/
Int power;/ * user operating right */
}
During os starting, smc()Module is without terminate-and-stay-resident at once.When special USB flash disk physics accesses computer, operation System reads the management information in special USB flash disk.If the vandor values in device_sep_usb_struct meet agreement, and Dev_ID values about in the range of definite value, are then carrying out facility registration, start smc()Module, device descriptor is created for the equipment Device_sep_struct structures, and with the write-in of the static information in device_sep_usb_struct by smc()Pipe The corresponding data structure of reason.
Then user's login interface is ejected, it is desirable to which user inputs user name, password or carries out new user's application.
User name and password are inputted if user, then smc()User_name in module check user structures and Whether user_password value matches with input value.If mismatching, refuse user's registration.If matching, by user Legal values in structure are arranged to 1, show the validated user that it is this computer.Storage device pipe is read by user_ID The sep_legal information in the user_usb structures in information is managed, if to all subregions created, the value is 0, then table The bright user is not the validated user for separating storage system, can only access the public partition in special USB flash disk.If find sep_ The user partition of legal=1, then show that this user for one of validated user of separation storage system, may have access to special USB flash disk Public partition and corresponding user partition, set the current_user of the user partition for this user.User has logged in Into.
If applying for new user, the information such as user name, password, user partition size are keyed in by user.Smc()If module is sent out Current registered user's number in existing partition table is equal to Max_pri_sections, then refuses new user's application.Otherwise, smc()Mould Block compares the user partition size whether remaining users space is more than user's application, if being less than, refuses new user's application, no Then, current registered user's number adds 1, and user partition number adds 1, the information of regeneration block table, and using this user as newly-built user point The current_user in area, realize the binding of user and user partition.Then, the management for corresponding information being write to special USB flash disk is believed Relevant position in breath, realizes synchronizing information.So far, user registration course is completed, its user partition of the user-accessible and public affairs The file being divided into area.
After special USB flash disk equipment is nullified successfully in an operating system, the module releases running background.This function passes through special Hook handle in USB flash disk driver is realized.
File read-write basic procedure is as shown in figure 3, each file read-write accesses and is both needed to progress authenticating user identification and access The inspection of legitimacy.Separation/reduction control module in file system is Smc()Module, it is main include " accessing monitoring ", " file read-write " submodule and " worksheet ".
The principle of " accessing monitoring " is that the text with hijack legitimate user to special USB flash disk user partition is monitored in file system Part operates, so as to send separation and restoring operation instruction to the file in Disengagement zone built in special USB flash disk automatically;
" file read-write " is Smc()The Core Feature of module, complete the DES enciphering/decipherings and operating system file of file Read and write standard interface function.
When file preserves, if the operation is write operation of the validated user to file in its user partition, to file content Piecemeal calling is carried out, by calling separating reducing process chip built in special USB flash disk to realize, what piecemeal returned " detaches separation algorithm Information " writes the built-in Disengagement zone of special USB flash disk, and " main information " writes the terminal hard disk reserved area specified as needed, if File is located at public partition, then is handled according to generic-document write operation, and separation store function does not activate.
When file is read, if the operation is read operation of the validated user to file in its user partition, special U will be stored in " the detaching information " of Disengagement zone built in disk and " main information " of designated terminal hard disk reserved area performs opposite after reading respectively Restoring operation, plaintext document content is obtained after reduction and returns to application program;If read file is located at public partition, according to Generic-document read operation is handled, and separation store function does not activate.
" worksheet " is directed to file operation of the validated user to its user partition.Built-in point of the special USB flash disk of all openings It is recorded in from area file in " worksheet ", to ensure the integrality of file separation and restoring operation.Monitoring to user area include read, Write, it is newly-built including all access.All read operations can be all converted into built-in Disengagement zone in dedicated folder and special USB flash disk Read operation, read operation return is reduction after content;Correspond to therewith, all write operations can also be converted into hard to terminal Disk reserved area write operation and the write operation to special USB flash disk, the write operation content after converting are the contents after separation.
When special USB flash disk is accidentally lost, if being accessed to install smc additional()The computer of module, its show as one it is general Logical USB flash disk, only public partition part can use, and user partition is unavailable.
As described above, although the present invention has been represented and described with reference to specific preferred embodiment, but it must not be explained For to the limitation of itself of the invention., can be right under the premise of the spirit and scope of the present invention that appended claims define are not departed from Various changes can be made in the form and details for it.

Claims (10)

1. a kind of support the partitions of file for separating storage management to hide system, it is characterised in that:Including
Master computer;
The storage device of at least two access master computers, its memory space include management information area, public partition and use Family subregion, the management information area of each storage device are stored with and its unique corresponding storage device identification symbol and legal use Family table, validated user table are written with the reference address of user partition and support to carry out unique separation storage behaviour in the user partition Make the user identifier of user;
User authentication module, it is installed on the master computer, reads the user that operating writing-file user is carried out in user partition Identifier, compared with the validated user table of storage device where the user partition pair, it is legal use to compare successful user authentication Family, other users certification are disabled user;
Separation storage management system, it is installed on the master computer, including file separation Stored Procedure controller software module And user registration module, the user registration module are provided with list of devices and user management list, list of devices is written with support The storage device identification symbol of separation storage operation storage device, user management list are written with the logon account and use of validated user Family identifier, the user identifier are corresponding with the user identifier in the storage device validated user table;The file point It is used for the operating writing-file for reading active user from Stored Procedure controller software module, when being write to public partition, Generic-document write operation is performed, when entering write-in to user partition, the user authentication module is called, is held for validated user Row separation storage write operation, stops operating writing-file for disabled user.
2. the partitions of file according to claim 1 for supporting separation storage management hides system, it is characterised in that:It is described to deposit Storage equipment is divided into one and supports file partition to separate storage device with the master file of file fragmentation storage and only support file fragmentation The secondary file separation storage device of storage.
3. the partitions of file according to claim 1 for supporting separation storage management hides system, it is characterised in that:It is described to deposit Storing up equipment includes the storage device of the external master computer and installed in the local storage device of the master computer.
4. the partitions of file according to claim 1 for supporting separation storage management hides system, it is characterised in that:It is described to deposit Storage equipment is used as storage medium using any in disk, USB flash disk, mobile hard disk.
5. the partitions of file according to claim 4 for supporting separation storage management hides system, it is characterised in that:Using U Disk includes USB control chips, separating reducing process chip and flash chip as the storage device of storage medium.
6. the partitions of file according to claim 1 for supporting separation storage management hides system, it is characterised in that:It is described to deposit The management information area of storage equipment is stored with storage device static information, storage device multidate information, public partition descriptor pointer, User partition descriptor pointer, public partition descriptor, user partition descriptor;The storage device static information includes:Deposit The total memory capacity of storage equipment, maximum public partition number, maximum user partition number, maximum public partition capacity, maximum user point Area's capacity, storage device identification symbol, the storage device multidate information include:It is the currently available memory capacity of storage device, current It can be arranged with public partition number, currently available user partition number, current public partition first address list, active user's subregion first address It is currently available user partition memory capacity in currently available public partition memory capacity, storage device in table, storage device, public The catalogue file pointer of subregion, the catalogue file pointer of user partition, current Lawful user list, validated user and user partition Corresponding table, the public partition descriptor pointer point to the first address of public partition descriptor table, the user partition descriptor Pointer points to the first address of user partition descriptor table, and the public partition descriptor table includes:It is public partition identification number, public Subregion amount of capacity, public partition first address, currently available memory capacity, user right, the user partition descriptor table bag Include:User partition identification number, user partition amount of capacity, user partition first address, currently available memory capacity, validated user Number, validated user authentication password pointer, user right.
7. the partitions of file hidden method of separation storage management, its feature are supported based on system described in the claims 2 It is, file write operation comprises the following steps:
S1:File separation Stored Procedure controller software module obtains the operating writing-file of active user, is for write-in space During the public partition of storage device, generic-document write operation is performed, when being the user partition of storage device for write-in space, is held Row step S2;
S2:User authentication module reads the user identifier for carrying out operating writing-file user, is set with storage where the user partition Standby validated user table compared to pair, if comparing successfully, the user authentication be validated user, execution step S3, if comparison not into Work(, then the user authentication is disabled user, operating writing-file stopping;
S3:It is " separation " type that file separates Stored Procedure controller software module marks by file, specifies responsible file partition Storage device be master file separation storage device, the storage device that is merely responsible for file fragmentation storage be that the separation storage of time file is set It is standby, storage device is separated in master file according to the directory information of file establishment or more new file in storage device are separated with time file Index information, generation file cipher text is encrypted to file and its index information;
S4:File cipher text is sent to master file and separates storage device, master file separates storage device according to file index information File cipher text is split into file fragmentation, file fragmentation is separated into storage device in master file separates in storage device with time file Write operation is carried out one by one, and safeguards its file directory information;
S5:If file fragmentation is written into corresponding storage device, this operating writing-file is completed.
8. the partitions of file hidden method according to claim 7 for supporting separation storage management, it is characterised in that the step Authentication result is new user in rapid S2, is registered as validated user as follows:
S21:File separation Stored Procedure controller software module reads the storage device identification symbol of storage device, checks the storage Whether device identifier in list of devices, if not existing, performs step S22, if, perform step S23;
S22:By implementor name, device identifier, device type, equipment operation function list first address write device list, and just The total memory capacity of beginningization storage device, maximum public partition number, maximum user partition number, then perform step S23;
S23:Check whether master computer keeper allows to register, if not allowing, registration process stops;If allowing, user is ejected Login interface, user's login interface are provided with user name input text box and Password Input text box and application " registering new user " Linking button, the interface of linking button link are provided with user name input text box, Password Input text box, user partition size Input text box;
S24:Obtain the username and password of user login interface input or the user name of " registering new user " input, password and User partition size, file separation Stored Procedure controller software module checks the management information area of storage device, if currently may be used It is less than maximum user partition number with user partition number and currently available user partition memory capacity is less than maximum user partition capacity, User name, password are then write to the user management list of master computer, and are its distributing user identifier;User identifier is write Enter in master computer and the current Lawful user list of storage device;Otherwise, user's registration fails.
9. the partitions of file hidden method according to claim 7 for supporting separation storage management, it is characterised in that will separate The file of storage carries out read operation and comprised the following steps:
S61:Obtain and read the storage location that file operation is pointed to, if storage location is public partition, read file operation and general text Part read operation is identical;If storage location is user partition, the user for read file operation is authenticated, if authentication result For validated user, then S62 is performed, if authentication result is disabled user, reads file operation and stop;
S62:File separates Stored Procedure controller software module according to file index information, calls corresponding file to separate respectively Storage device driver, file fragmentation is read, then call master file storage device driver, All Files fragment is sent Separated to master file in storage device;
S63:Master file separates storage device and file fragmentation is reverted into file cipher text, and sends to master computer;
S64:File cipher text decryption is reduced into plaintext document by master computer in internal memory, submits to validated user use.
10. the partitions of file hidden method according to claim 7 for supporting separation storage management, it is characterised in that described File partition process comprises the following steps in S3:
S31:According to the index information of file, generation separates storage device with master file, secondary file separate storage device quantity it With equal random number triple(R1i、R2i、R3i), wherein R1i is the quantity of Extracting Information, and R2i is Extracting Information positional number Group, R3i are backfill value array, and array R2i and R3i size are equal to R1i value;
S32:According to R1i and R2i value, from the information of the random site extraction random amount of the file cipher text of master computer;
S33:The information extracted and extraction quantity, extraction position are merged into a file, master is stored in after being encrypted In file separation storage device;
S34:It is raw according to the extraction position in R2i instruction filling file cipher text using the random number in backfill value array R3i Cheng Xin file fragmentation i, file fragmentation i size and file cipher text it is equal in magnitude;
S35:Repeat step S32-S34, until all random number triples are finished;
S36:All Files fragment is sent into the filebuf of master computer internal memory caused by will be new.
CN201510624898.4A 2015-09-25 2015-09-25 It is a kind of to support the partitions of file for separating storage management to hide system and method Active CN105279453B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510624898.4A CN105279453B (en) 2015-09-25 2015-09-25 It is a kind of to support the partitions of file for separating storage management to hide system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510624898.4A CN105279453B (en) 2015-09-25 2015-09-25 It is a kind of to support the partitions of file for separating storage management to hide system and method

Publications (2)

Publication Number Publication Date
CN105279453A CN105279453A (en) 2016-01-27
CN105279453B true CN105279453B (en) 2018-04-06

Family

ID=55148443

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510624898.4A Active CN105279453B (en) 2015-09-25 2015-09-25 It is a kind of to support the partitions of file for separating storage management to hide system and method

Country Status (1)

Country Link
CN (1) CN105279453B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105912947A (en) * 2016-03-31 2016-08-31 宇龙计算机通信科技(深圳)有限公司 File processing method and device based on external equipment
CN109840435A (en) * 2017-11-27 2019-06-04 深圳市朗科科技股份有限公司 A kind of data guard method storing equipment
CN108052843B (en) * 2017-12-21 2020-10-09 北京连山时代科技有限公司 Safe mobile storage device and implementation method thereof
CN116455887B (en) * 2023-02-15 2023-10-24 深圳市光逸科技创新有限公司 File transmission method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011170681A (en) * 2010-02-19 2011-09-01 Nec Corp External memory device, management terminal, management system of the external memory device, and method for controlling the same
CN102693399A (en) * 2012-05-18 2012-09-26 孙巍 System and method for on-line separation and recovery of electronic documents
CN104735094A (en) * 2015-04-21 2015-06-24 南京伍安信息科技有限公司 Information separation based data security transmission system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011170681A (en) * 2010-02-19 2011-09-01 Nec Corp External memory device, management terminal, management system of the external memory device, and method for controlling the same
CN102693399A (en) * 2012-05-18 2012-09-26 孙巍 System and method for on-line separation and recovery of electronic documents
CN104735094A (en) * 2015-04-21 2015-06-24 南京伍安信息科技有限公司 Information separation based data security transmission system and method

Also Published As

Publication number Publication date
CN105279453A (en) 2016-01-27

Similar Documents

Publication Publication Date Title
CN101345619B (en) Electronic data protection method and device based on biological characteristic and mobile cryptographic key
CN101908106B (en) Memory system with versatile content control
CN101819612B (en) Versatile content control with partitioning
CN101324912B (en) Credible safety computer
CN104252605B (en) A kind of file transparent encrypting and deciphering system of Android platform and method
CN101072100B (en) Authenticating system and method utilizing reliable platform module
EP1953669A2 (en) System and method of storage device data encryption and data access via a hardware key
CN106575342A (en) Kernel program including relational data base, and method and device for executing said program
CN101593252B (en) Method and system for controlling access of computer to USB equipment
CN105279453B (en) It is a kind of to support the partitions of file for separating storage management to hide system and method
CN104794388B (en) application program access protection method and application program access protection device
CN101771689A (en) Method and system for enterprise network single-sign-on by a manageability engine
CN101484904A (en) Content control system and method using versatile control structure
CN101512540A (en) Information processing apparatus and information management method
CN105354479A (en) USB flash disk authentication based solid state disk and data hiding method
CN105027498A (en) A method, system and device for securely storing data files at a remote location by splitting and reassembling said files
CN101561855B (en) Method and system for controlling computer to access USB device
US20140208409A1 (en) Access to data stored in a cloud
WO2004044751A1 (en) A method for realizing security storage and algorithm storage by means of semiconductor memory device
CN105740725A (en) File protection method and system
CN102693399A (en) System and method for on-line separation and recovery of electronic documents
CN103138927A (en) Secret key control method in encrypted storage equipment for fingerprint authentication
CN104955043B (en) A kind of intelligent terminal security protection system
CN103051593A (en) Method and system for secure data ferry
CN106790128A (en) A kind of resource share method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230419

Address after: Floor 11-567, Building 15, International Car City, No. 309 Green Valley Avenue, Nanmingshan Street, Liandu District, Lishui City, Zhejiang Province, 323000

Patentee after: Lishui Zhixing Technology Co.,Ltd.

Address before: Room 506, Building 6, No. 6 Suyuan Road, Nanjing City, Jiangsu Province, 210023

Patentee before: NANJING WUAN INFORMATION TECHNOLOGY Co.,Ltd.