CN105488436A - Mobile storage equipment access method and device - Google Patents

Mobile storage equipment access method and device Download PDF

Info

Publication number
CN105488436A
CN105488436A CN201510998032.XA CN201510998032A CN105488436A CN 105488436 A CN105488436 A CN 105488436A CN 201510998032 A CN201510998032 A CN 201510998032A CN 105488436 A CN105488436 A CN 105488436A
Authority
CN
China
Prior art keywords
storage device
mobile storage
movable storage
access
access operation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510998032.XA
Other languages
Chinese (zh)
Other versions
CN105488436B (en
Inventor
胡启宇
潘山
江爱军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Qax Technology Group Inc
Original Assignee
Beijing Qihoo Technology Co Ltd
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Beijing Qianxin Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201510998032.XA priority Critical patent/CN105488436B/en
Publication of CN105488436A publication Critical patent/CN105488436A/en
Application granted granted Critical
Publication of CN105488436B publication Critical patent/CN105488436B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供了一种移动存储设备访问方法和装置,所述方法包括:对接入用户终端的移动存储设备配置设备标识,并取消所述设备标识在所接入的用户终端的操作系统关联位置的展示,接收对所述移动存储设备的访问操作,调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证,并在验证成功后,根据所述访问操作访问所述移动存储设备。本发明实施例的方案由于不展示对接入用户终端的移动存储设备配置的设备标识,无法通过识别设备标识及相关操作直接访移动存储设备,需要进一步调用预置在移动存储设备的第一安全驱动对访问操作进行验证,并且验证成功后,才允许根据所述访问操作访问所述移动存储设备,从而保证了移动存储设备的安全。

The present invention provides a method and device for accessing a mobile storage device. The method includes: configuring a device identifier for a mobile storage device connected to a user terminal, and canceling the device identifier from the associated position of the operating system of the accessed user terminal display, receive an access operation to the mobile storage device, call the first security driver preset in the mobile storage device to perform security verification on the access operation, and after the verification is successful, access the The mobile storage device described above. Since the solution of the embodiment of the present invention does not display the device identification configured for the mobile storage device connected to the user terminal, it is impossible to directly access the mobile storage device through identification of the device identification and related operations, and it is necessary to further call the first security The driver verifies the access operation, and only after the verification is successful, the mobile storage device is allowed to be accessed according to the access operation, thereby ensuring the safety of the mobile storage device.

Description

一种移动存储设备访问方法和装置Method and device for accessing mobile storage device

技术领域technical field

本发明涉及软件技术领域,特别是涉及一种移动存储设备访问方法,以及一种移动存储设备访问装置。The invention relates to the technical field of software, in particular to a mobile storage device access method and a mobile storage device access device.

背景技术Background technique

U盘全称USB闪存盘,是一种使用USB接口与终端设备连接的移动存储设备,具有存储容量大、数据存储速度快、体积小和使用方便等优点,正被越来越多的用户使用。The full name of U-disk is USB flash drive. It is a mobile storage device connected to a terminal device using a USB interface. It has the advantages of large storage capacity, fast data storage speed, small size and convenient use. It is being used by more and more users.

访问U盘时,可以将U盘插入终端设备,通过打开页面显示的U盘盘符访问U盘,将所需数据存储于U盘内或从U盘中下载所需数据。When accessing the U disk, you can insert the U disk into the terminal device, access the U disk by opening the U disk drive letter displayed on the page, store the required data in the U disk or download the required data from the U disk.

但是,普通U盘对数据的访问操作没有任何访问控制,只要具有USB接口的终端设备都可以对U盘进行访问,此种U盘访问方式在给人们带来便利的同时,也带来了病毒侵入和信息泄密等问题。However, ordinary U disks do not have any access control for data access operations. As long as the terminal equipment with a USB interface can access the U disk, this U disk access method brings convenience to people, but also brings viruses. Intrusion and information leakage and other issues.

发明内容Contents of the invention

鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的移动存储设备访问方法和移动存储设备访问装置。In view of the above problems, the present invention is proposed to provide a mobile storage device access method and a mobile storage device access device that overcome the above problems or at least partially solve the above problems.

依据本发明的一个方面,提供了一种移动存储设备访问方法,包括:According to one aspect of the present invention, a method for accessing a mobile storage device is provided, including:

对接入用户终端的移动存储设备配置设备标识,并取消所述设备标识在所接入的用户终端的操作系统关联位置的展示;Configuring a device identifier for the mobile storage device connected to the user terminal, and canceling the display of the device identifier at the location associated with the operating system of the connected user terminal;

接收对所述移动存储设备的访问操作;receiving an access operation to the mobile storage device;

调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证,并在验证成功后,根据所述访问操作访问所述移动存储设备。Calling the first security driver preset in the mobile storage device to perform security verification on the access operation, and after the verification is successful, access the mobile storage device according to the access operation.

可选地,所述移动存储设备采用NTFS新技术文件系统。Optionally, the mobile storage device adopts the NTFS new technology file system.

可选地,所述取消所述设备标识在所接入的用户终端的操作系统的展示包括:Optionally, canceling the presentation of the device identifier on the operating system of the accessed user terminal includes:

修改所述用户终端的操作系统的注册表的关联设置项为不展示接入的移动存储设备。Modifying the associated setting item of the registry of the operating system of the user terminal to not display the accessed mobile storage device.

可选地,在所述接收用户对所述移动存储设备的访问操作之前,所述方法还包括:Optionally, before receiving the user's access operation on the mobile storage device, the method further includes:

生成移动存储设备的管理界面,并在所述管理界面中展示所述设备标识以及对应的登录框;Generate a management interface for the mobile storage device, and display the device identifier and a corresponding login box on the management interface;

对用户在登录框中输入的登录信息进行验证,并确定验证成功。Verify the login information entered by the user in the login box, and determine that the verification is successful.

可选地,所述方法还包括:Optionally, the method also includes:

接收在所述管理界面中对所述移动存储设备的属性设置操作。An operation of setting attributes of the mobile storage device in the management interface is received.

可选地,所述接收对所述移动存储设备的访问操作包括:Optionally, the receiving operation of accessing the mobile storage device includes:

生成所述移动存储设备对应的文件夹,接收用户针对所述文件夹发起的访问操作;Generate a folder corresponding to the mobile storage device, and receive an access operation initiated by the user for the folder;

或,接收某个程序根据所述设备标识发起的访问操作。Or, receive an access operation initiated by a certain program according to the device identifier.

可选地,所述调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证包括:Optionally, the calling the first security driver preset in the mobile storage device to perform security verification on the access operation includes:

若所述访问操作由用户通过文件夹触发,则验证所述访问操作为安全操作;If the access operation is triggered by the user through the folder, verify that the access operation is a safe operation;

若所述访问操作由某个程序根据所述设备标识发起,则验证所述访问操作是否为安全操作。If the access operation is initiated by a certain program according to the device identifier, verify whether the access operation is a safe operation.

可选地,在所述调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证之前,所述方法还包括:Optionally, before the first security driver of the mobile storage device is called to perform security verification on the access operation, the method further includes:

调用预置在所述移动存储设备的第二驱动程序验证所述访问操作是否为安全操作。Calling the second driver preset in the mobile storage device to verify whether the access operation is a safe operation.

可选地,在所述对接入的移动存储设备配置设备标识之后,所述方法还包括:Optionally, after configuring the device identifier for the accessed mobile storage device, the method further includes:

将所述移动存储设备的设备标识与所述第一安全驱动进行关联。Associating the device identifier of the mobile storage device with the first secure driver.

可选地,所述根据所述访问操作访问所述移动存储设备包括:Optionally, the accessing the mobile storage device according to the access operation includes:

通过访问所述设备标识对应的移动存储设备的访问控制接口,将所述访问操作发送至所述移动存储设备。The access operation is sent to the mobile storage device by accessing the access control interface of the mobile storage device corresponding to the device identifier.

可选地,所述访问操作为对所述移动存储设备的读操作、写操作或格式化操作。Optionally, the access operation is a read operation, write operation or format operation on the mobile storage device.

根据本发明的另一个方面,提供了一种移动存储设备访问装置,包括:According to another aspect of the present invention, a device for accessing a mobile storage device is provided, including:

设备标识取消模块,用于对接入用户终端的移动存储设备配置设备标识,并取消所述设备标识在所接入的用户终端的操作系统关联位置的展示;The device identification canceling module is used to configure the device identification for the mobile storage device connected to the user terminal, and cancel the display of the device identification at the associated position of the operating system of the connected user terminal;

访问操作接收模块,用于接收对所述移动存储设备的访问操作;An access operation receiving module, configured to receive an access operation to the mobile storage device;

安全验证模块,用于调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证,并在验证成功后,根据所述访问操作访问所述移动存储设备。The security verification module is configured to call the first security driver preset in the mobile storage device to perform security verification on the access operation, and access the mobile storage device according to the access operation after the verification is successful.

可选地,所述移动存储设备采用NTFS新技术文件系统。Optionally, the mobile storage device adopts the NTFS new technology file system.

可选地,所述设备标识取消模块,具体用于修改所述用户终端的操作系统的注册表的关联设置项为不展示接入的移动存储设备。Optionally, the device identification canceling module is specifically configured to modify the associated setting item of the registry of the operating system of the user terminal to be a mobile storage device that does not display access.

可选地,所述装置还包括:Optionally, the device also includes:

管理界面生成模块,用于在所述接收用户对所述移动存储设备的访问操作之前,生成移动存储设备的管理界面,并在所述管理界面中展示所述设备标识以及对应的登录框;A management interface generation module, configured to generate a management interface of the mobile storage device before receiving the user's access operation on the mobile storage device, and display the device identifier and a corresponding login box on the management interface;

登录信息验证模块,用于对用户在登录框中输入的登录信息进行验证,并确定验证成功。The login information verification module is used to verify the login information input by the user in the login box, and determine that the verification is successful.

可选地,所述装置还包括:Optionally, the device also includes:

属性设置操作接收模块,用于接收在所述管理界面中对所述移动存储设备的属性设置操作。An attribute setting operation receiving module, configured to receive an attribute setting operation on the mobile storage device in the management interface.

可选地,所述访问操作接收模块包括:Optionally, the access operation receiving module includes:

文件夹生成子模块,用于生成所述移动存储设备对应的文件夹,接收用户针对所述文件夹发起的访问操作;A folder generating submodule, configured to generate a folder corresponding to the mobile storage device, and receive an access operation initiated by a user for the folder;

或,访问操作获得子模块,用于接收某个程序根据所述设备标识发起的访问操作。Or, the access operation obtaining submodule is configured to receive an access operation initiated by a certain program according to the device identifier.

可选地,所述安全验证模块包括:Optionally, the security verification module includes:

安全操作确定子模块,用于若所述访问操作由用户通过文件夹触发,则验证所述访问操作为安全操作;A security operation determination submodule, configured to verify that the access operation is a security operation if the access operation is triggered by the user through a folder;

安全操作验证子模块,用于若所述访问操作由某个程序根据所述设备标识发起,则验证所述访问操作是否为安全操作。The security operation verification sub-module is used to verify whether the access operation is a security operation if the access operation is initiated by a certain program according to the device identification.

可选地,所述装置还包括:Optionally, the device also includes:

第二驱动程序调用模块,用于在所述调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证之前,调用预置在所述移动存储设备的第二驱动程序验证所述访问操作是否为安全操作。The second driver calling module is used to call the second driver preset in the mobile storage device before the first security driver preset in the mobile storage device performs security verification on the access operation. Verify that the access operation is a secure operation.

可选地,所述装置还包括:Optionally, the device also includes:

设备标识关联模块,用于在所述对接入的移动存储设备配置设备标识之后,将所述移动存储设备的设备标识与所述第一安全驱动进行关联。The device identification associating module is configured to associate the device identification of the mobile storage device with the first secure driver after the device identification is configured for the accessed mobile storage device.

可选地,所述安全验证模块,具体用于通过访问所述设备标识对应的移动存储设备的访问控制接口,将所述访问操作发送至所述移动存储设备。Optionally, the security verification module is specifically configured to send the access operation to the mobile storage device by accessing an access control interface of the mobile storage device corresponding to the device identifier.

可选地,所述访问操作为对所述移动存储设备的读操作、写操作或格式化操作。通过本发明实施例,由于不展示对接入用户终端的移动存储设备配置的设备标识,无法通过识别设备标识及相关操作直接访移动存储设备,需要进一步调用预置在移动存储设备的第一安全驱动对访问操作进行验证,并且验证成功后,才允许根据所述访问操作访问所述移动存储设备,从而保证了移动存储设备的安全,避免了病毒入侵和信息泄密等问题。Optionally, the access operation is a read operation, write operation or format operation on the mobile storage device. Through the embodiment of the present invention, since the device identification configured for the mobile storage device connected to the user terminal is not displayed, it is impossible to directly access the mobile storage device through identification of the device identification and related operations, and it is necessary to further call the first security The driver verifies the access operation, and only after the verification is successful, the mobile storage device is allowed to be accessed according to the access operation, thereby ensuring the safety of the mobile storage device and avoiding problems such as virus intrusion and information leakage.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same parts. In the attached picture:

图1示出了根据本发明实施例1的移动存储设备访问方法的流程图;FIG. 1 shows a flowchart of a method for accessing a mobile storage device according to Embodiment 1 of the present invention;

图2示出了根据本发明实施例2的移动存储设备访问方法的流程图;FIG. 2 shows a flowchart of a method for accessing a mobile storage device according to Embodiment 2 of the present invention;

图3示出了根据本发明实施例1的移动存储设备访问装置的结构框图;FIG. 3 shows a structural block diagram of an apparatus for accessing a mobile storage device according to Embodiment 1 of the present invention;

图4示出了根据本发明实施例2的移动存储设备访问装置的结构框图。FIG. 4 shows a structural block diagram of an apparatus for accessing a mobile storage device according to Embodiment 2 of the present invention.

具体实施方式detailed description

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

参照图1,示出了根据本发明实施例1的一种移动存储设备访问方法的步骤流程图,具体可以包括如下步骤:Referring to FIG. 1 , it shows a flow chart of the steps of a method for accessing a mobile storage device according to Embodiment 1 of the present invention, which may specifically include the following steps:

步骤101,对接入用户终端的移动存储设备配置设备标识,并取消所述设备标识在所接入的用户终端的操作系统关联位置的展示。Step 101, configuring a device identifier for a mobile storage device connected to a user terminal, and canceling the display of the device identifier at a location associated with an operating system of the connected user terminal.

用户终端可以为台式电脑、笔记本电脑、手机、PAD等终端设备,所述终端设备安装有供接口(例如USB等)插入的卡槽(例如USB卡槽等)。移动存储设备可以为具有接口的U盘、硬盘或是其他可移动使用并可作为存储介质的设备(例如移动终端等)。可以通过将移动存储设备的接口插入用户终端的卡槽,连接移动终端设备和用户终端,实现用户终端对移动存储设备的数据读取操作和数据写入操作等操作。The user terminal can be a terminal device such as a desktop computer, a notebook computer, a mobile phone, and a PAD, and the terminal device is equipped with a card slot (such as a USB card slot, etc.) for an interface (such as a USB, etc.) to be inserted into. The removable storage device may be a USB flash drive with an interface, a hard disk, or other removable devices that can be used as storage media (such as mobile terminals, etc.). By inserting the interface of the mobile storage device into the card slot of the user terminal, connecting the mobile terminal device and the user terminal, the data reading operation and data writing operation of the user terminal to the mobile storage device can be realized.

设备标识为设备盘符,可以是文字、数字、字符和其他标识中至少一种,例如“可移动存储设备I”。在检测到移动存储设备接入用户终端后,可以根据需要对接入的移动存储设备配置设备标识。The device identifier is a device drive letter, which can be at least one of words, numbers, characters and other identifiers, such as "removable storage device 1". After detecting that the mobile storage device is connected to the user terminal, a device identifier can be configured for the connected mobile storage device as required.

在对接入用户终端的移动存储设备配置设备标识后,传统的方法会在用户终端的操作系统关联位置对设备标识进行展示,例如在“我的电脑”所属页面中展示设备标识“可移动存储设备I”等。而本发明实施例中的方法在移动存储设备接入用户终端并对其配置设备标识后,取消所述设备标识在所接入的用户终端的操作系统关联位置的展示,即对配置的设备标识进行隐藏。由于设备标识不展示,无法通过识别设备标识及相关操作直接访问移动存储设备,需要通过完成后续的相关操作才能访问移动存储设备,从而实现了对移动存储设备访问的控制,保证了移动存储设备的安全。After the device identification is configured for the mobile storage device connected to the user terminal, the traditional method will display the device identification at the location associated with the operating system of the user terminal, for example, displaying the device identification "removable storage" on the page of "My Computer" Device I", etc. However, in the method in the embodiment of the present invention, after the mobile storage device is connected to the user terminal and configured with a device identifier, the display of the device identifier at the associated position of the operating system of the connected user terminal is canceled, that is, the configured device identifier to hide. Since the device ID is not displayed, it is impossible to directly access the mobile storage device by identifying the device ID and related operations. It is necessary to complete subsequent related operations to access the mobile storage device, thereby realizing the control of access to the mobile storage device and ensuring the security of the mobile storage device. Safety.

步骤102,接收用户对所述移动存储设备的访问操作。Step 102, receiving a user's access operation on the mobile storage device.

在移动存储设备接入用户终端后,可以接收用户对移动存储设备的访问操作。例如,可以在配置设备标识后,在弹出的页面中展示生成的文件夹,用户可以针对展示的文件夹发起访问操作;也可以在配置设备标识后,接收其他驱动程序或非驱动程序通过逆向操作发现隐藏的设备标识,并对所述设备标识发起访问操作;还可以为其他访问方式,本发明在此不做限制。其中,访问操作可以为读操作、写操作或格式化操作等操作。After the mobile storage device is connected to the user terminal, the user's access operation on the mobile storage device can be received. For example, after configuring the device ID, the generated folder can be displayed on the pop-up page, and the user can initiate an access operation on the displayed folder; after configuring the device ID, other drivers or non-drivers can be received through reverse operations Discover hidden device identifiers, and initiate an access operation on the device identifiers; other access methods may also be used, which are not limited in the present invention. Wherein, the access operation may be an operation such as a read operation, a write operation, or a format operation.

步骤103,调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证,并在验证成功后,根据所述访问操作访问所述移动存储设备。Step 103, call the first security driver preset in the mobile storage device to perform security verification on the access operation, and access the mobile storage device according to the access operation after the verification is successful.

移动存储设备内预置有第一安全驱动的安装文件,安装后的第一安全驱动用于对访问操作进行安全验证。具体地,在移动存储设备接入用户终端后,用户终端的操作系统检测用户终端内是否需要安装第一安全驱动,在检测到所述用户终端内需要安装第一安全驱动时,指示用户终端运行移动存储设备内存储的第一安全驱动的安装文件,以实现第一安全驱动可用。The installation file of the first security driver is preset in the mobile storage device, and the installed first security driver is used for security verification of the access operation. Specifically, after the mobile storage device is connected to the user terminal, the operating system of the user terminal detects whether the first security driver needs to be installed in the user terminal, and when it detects that the first security driver needs to be installed in the user terminal, instructs the user terminal to run The installation file of the first safe driver stored in the storage device is removed, so that the first safe driver is available.

第一驱动程序用于验证发起访问操作的程序是否安全,进而验证访问操作是否为安全操作。The first driver program is used to verify whether the program initiating the access operation is safe, and then verify whether the access operation is a safe operation.

在移动存储设备的终端服务器中预先设置有第一安全程序名单,用于对发起操作访问的程序进行验证。具体地,第一程序名单可以是白名单,默认白名单中的程序为安全程序,若发起访问操作的程序命中白名单,则说明所述程序为安全程序;也可以是黑名单,默认黑名单中的程序为危险程序,若发起访问操作的程序命中黑名单,则说明所述程序为危险程序。还可以是其他验证方法,本发明在此不做限制。A first security program list is preset in the terminal server of the mobile storage device for verifying the program that initiates the operation access. Specifically, the first program list can be a white list, and the programs in the white list are safe programs by default. If the program that initiates the access operation hits the white list, then the program is a safe program; it can also be a black list, and the black list is default. The program in is a dangerous program. If the program that initiates the access operation hits the blacklist, it means that the program is a dangerous program. Other verification methods may also be used, which are not limited in the present invention.

验证访问操作时,可以调用第一安全驱动验证发起访问操作的应用程序或驱动是否属于第一安全程序名单,此时第一安全程序名单为白名单,若属于,则判定所述访问操作为安全操作,可以进一步根据所述访问操作访问所述移动存储设备;如果不属于,则判定所述访问操作为危险操作,阻止对移动存储设备进行访问操作。When verifying the access operation, the first security driver can be called to verify whether the application program or driver that initiates the access operation belongs to the first security program list. At this time, the first security program list is a white list. If it belongs, the access operation is determined to be safe operation, the mobile storage device may be further accessed according to the access operation; if not, determine that the access operation is a dangerous operation, and prevent access to the mobile storage device.

在实际操作中,可以将所述移动存储设备的设备标识与所述第一安全驱动进行关联,可以在第一安全驱动对访问操作验证成功后,对关联的设备标识对应的移动存储设备进行访问操作。In actual operation, the device identification of the mobile storage device may be associated with the first security driver, and the mobile storage device corresponding to the associated device identification may be accessed after the first security driver successfully verifies the access operation operate.

依据本发明实施例,由于不展示对接入用户终端的移动存储设备配置的设备标识,无法通过识别设备标识及相关操作直接访移动存储设备,需要进一步调用预置在移动存储设备的第一安全驱动对访问操作进行验证,并且验证成功后,才允许根据所述访问操作访问所述移动存储设备,从而保证了移动存储设备的安全,避免了病毒入侵和信息泄密等问题。According to the embodiment of the present invention, since the device identification configured for the mobile storage device connected to the user terminal is not displayed, the mobile storage device cannot be directly accessed through the identification of the device identification and related operations, and it is necessary to further call the first security The driver verifies the access operation, and only after the verification is successful, the mobile storage device is allowed to be accessed according to the access operation, thereby ensuring the safety of the mobile storage device and avoiding problems such as virus intrusion and information leakage.

参照图2,示出了根据本发明实施例2的移动存储设备访问方法的流程图,具体可以包括如下步骤:Referring to FIG. 2, it shows a flowchart of a method for accessing a mobile storage device according to Embodiment 2 of the present invention, which may specifically include the following steps:

步骤201,生成移动存储设备的管理界面,并在所述管理界面中展示所述设备标识以及对应的登录框。Step 201, generating a management interface of a mobile storage device, and displaying the device identifier and a corresponding login box on the management interface.

本发明实施例中,在移动存储设备接入用户终端前,可以根据预设操作打开用户终端安装的访问管理客户端,生成移动存储设备的管理界面。In the embodiment of the present invention, before the mobile storage device is connected to the user terminal, the access management client installed on the user terminal may be opened according to a preset operation to generate a management interface of the mobile storage device.

管理界面为信息配置界面,在管理界面中可以展示移动存储设备的设备标识和对应的登录框,登录框内可以展示有多个属性信息以及关联的输入栏,例如设备厂商信息、设备序列单号、单位信息、部门信息、使用人信息、备注信息等属性信息;还可以展示初始口令、口令尝试次数和口令复杂度要求等属性信息,以及针对各个属性信息配置的输入栏。The management interface is an information configuration interface. In the management interface, the device ID of the mobile storage device and the corresponding login box can be displayed. The login box can display multiple attribute information and associated input fields, such as device manufacturer information and device serial number. Attribute information such as unit information, department information, user information, and remark information; attribute information such as initial password, number of password attempts, and password complexity requirements can also be displayed, as well as input columns configured for each attribute information.

在具体操作中,对于首次接入的移动存储设备,可以接收在所述管理界面中对所述移动存储设备的属性设置操作,通过在管理界面中配置属性信息完成对移动存储设备的注册,可以将移动存储设备的注册信息存储于用户终端的登录服务器内以供查看,同时移动存储设备的注册行为可以以日志的形式记录在登录服务器内。In a specific operation, for a mobile storage device accessed for the first time, the property setting operation of the mobile storage device in the management interface can be received, and the registration of the mobile storage device can be completed by configuring property information in the management interface. The registration information of the mobile storage device is stored in the login server of the user terminal for viewing, and the registration behavior of the mobile storage device can be recorded in the login server in the form of a log.

对于非首次接入的移动存储设备,可以在生成的管理界面中输入属性信息,生成对所述移动存储设备的登录信息,可以通过在管理界面中的预设操作,例如点击“确定”按钮,提交输入的登录信息。For a mobile storage device that is not accessed for the first time, attribute information can be input in the generated management interface to generate login information for the mobile storage device. Through preset operations in the management interface, such as clicking the "OK" button, Submit the login information entered.

在实际操作中,移动存储设备可以采用NTFS新技术文件系统,相比于常用的FAT32文件系统,NTFS新技术文件系统内存更大、可以在多个硬盘上存储文件,同时NTFS能够提供各种FAT版本所不具备的性能、安全性、可靠性与先进特性的高级文件系统。例如,NTFS通过标准事务日志功能与恢复技术确保卷的一致性。如果系统出现故障,NTFS能够使用日志文件与检查点信息来恢复文件系统的一致性。在Windows2000和WindowsXP中,NTFS还能提供诸如文件与文件夹权限、加密、磁盘配额以及压缩之类的高级特性。In actual operation, mobile storage devices can use the NTFS new technology file system. Compared with the commonly used FAT32 file system, the NTFS new technology file system has a larger memory and can store files on multiple hard disks. At the same time, NTFS can provide various FAT An advanced file system with performance, security, reliability, and advanced features not available in the previous version. For example, NTFS ensures volume consistency through standard transaction logging features and recovery techniques. If the system fails, NTFS can use the log file and checkpoint information to restore the consistency of the file system. In Windows2000 and WindowsXP, NTFS can also provide advanced features such as file and folder permissions, encryption, disk quotas, and compression.

步骤202,对用户在登录框中输入的登录信息进行验证,并确定验证成功。Step 202, verify the login information entered by the user in the login box, and determine that the verification is successful.

接收到用户在管理界面的登录框中输入的登录信息后,对所述登录信息进行验证,验证所述登录信息是否正确,若正确,则确定验证成功。After receiving the login information input by the user in the login box of the management interface, the login information is verified to verify whether the login information is correct, and if it is correct, it is determined that the verification is successful.

具体验证登录信息时,可以从用户终端的后端服务器中读取移动存储设备的注册信息,判断移动存储设备的登录信息和注册信息是否一致,若一致,则判定验证成功,可以进一步接收用户对移动存储设备的访问操作;若不一致,则判定验证失败,禁止接收用户对移动存储设备的访问操作。When specifically verifying the login information, the registration information of the mobile storage device can be read from the back-end server of the user terminal, and it is judged whether the login information of the mobile storage device is consistent with the registration information. The access operation of the mobile storage device; if inconsistent, it will be determined that the verification fails, and the user's access operation to the mobile storage device is prohibited from being accepted.

步骤203,对接入用户终端的移动存储设备配置设备标识,并取消所述设备标识在所接入的用户终端的操作系统关联位置的展示。Step 203, configuring a device identifier for the mobile storage device connected to the user terminal, and canceling the display of the device identifier at the location associated with the operating system of the connected user terminal.

对移动存储设备配置设备标识后,不展示所述设备标识,例如可以通过修改所述用户终端的操作系统的注册表的关联设置项为不展示接入的移动存储设备,隐藏设备标识。例如,可以在注册表中查找路径HKEY_CURRENT_USER→Software→Microsoft→Windows→CurrentVersion→Ploicies→Explorer,找到“NoDrives”的选项后将其删除,从而隐藏设备标识。还可以通过其他方式隐藏设备标识,本发明在此不做限制。After the device identification is configured for the mobile storage device, the device identification is not displayed. For example, the device identification can be hidden by modifying the associated setting item in the registry of the operating system of the user terminal to not display the connected mobile storage device. For example, you can look up the path HKEY_CURRENT_USER→Software→Microsoft→Windows→CurrentVersion→Ploicies→Explorer in the registry, find the “NoDrives” option and delete it, thereby hiding the device identification. The device identification can also be hidden in other ways, which is not limited in the present invention.

步骤204,接收对所述移动存储设备的访问操作。Step 204, receiving an access operation on the mobile storage device.

在具体实现中,可以在配置设备标识后,生成所述移动存储设备对应的文件夹,接收用户针对文件夹发起的访问操作,例如可以在弹出的页面中展示生成的文件夹,用户可以针对展示的文件夹发起访问操作;也可以在弹出的页面中展示文件夹所在路径以供用户查找,如路径“我的电脑/可移动存储设备I”,用户可以依据所述路径查找文件夹,并对找到的文件夹发起访问操作。In a specific implementation, after the device identifier is configured, the folder corresponding to the mobile storage device can be generated, and the access operation initiated by the user on the folder can be received, for example, the generated folder can be displayed on a pop-up page, and the user can display the Initiate an access operation to the folder; the path of the folder can also be displayed on the pop-up page for the user to find, such as the path "My Computer/Removable Storage Device I", the user can search for the folder according to the path, and The found folder initiates an access operation.

也可以在配置设备标识后,接收某个程序根据设备标识发起的访问操作,例如由其他驱动程序或非驱动程序通过逆向操作发现隐藏的设备标识,并对所述设备标识发起访问操作;还可以为其他接收方式,本发明在此不做限制。其中,访问操作可以为读操作、写操作或格式化操作等。It is also possible to receive an access operation initiated by a certain program based on the device ID after configuring the device ID, for example, other drivers or non-drivers discover hidden device IDs through reverse operations, and initiate access operations on the device ID; you can also For other receiving methods, the present invention is not limited here. Wherein, the access operation may be a read operation, a write operation, or a format operation.

步骤205,调用预置在所述移动存储设备的第二驱动程序验证所述访问操作是否为安全操作。Step 205, calling a second driver preset in the mobile storage device to verify whether the access operation is a safe operation.

第二驱动程序用于验证发起访问操作的程序是否安全,进而验证访问操作是否为安全操作。The second driver is used to verify whether the program initiating the access operation is safe, and then verify whether the access operation is a safe operation.

在移动存储设备的终端服务器中预先设置有第二安全程序名单,用于对发起操作访问的程序进行验证。具体地,第二程序名单可以是白名单,默认白名单中的程序为安全程序,若发起访问操作的程序命中白名单,则说明所述程序为安全程序;也可以是黑名单,默认黑名单中的程序为危险程序,若发起访问操作的程序命中黑名单,则说明所述程序为危险程序。还可以是其他验证方法,本发明在此不做限制。A second security program list is preset in the terminal server of the mobile storage device for verifying the program that initiates the operation access. Specifically, the second program list can be a white list, and the programs in the white list are safe programs by default. If the program that initiates the access operation hits the white list, then the program is a safe program; it can also be a black list, and the black list is default. The program in is a dangerous program. If the program that initiates the access operation hits the blacklist, it means that the program is a dangerous program. Other verification methods may also be used, which are not limited in the present invention.

当访问操作由用户终端内的某个程序触发时,可以在接收对所述移动存储设备的访问操作后,从终端服务器中获取第二安全程序名单,并且判断发起所述访问操作的程序是否属于第二安全程序名单,此时第二访问名单为白名单,若属于,则判定发起所述访问操作的程序为安全程序,所述访问操作为安全操作。其中,第一安全驱动的第一安全程序名单不同于第二安全驱动的第二安全程序名单,例如程序名称不同、程序分类不同、程序来源不同(例如外网下载、用户终端原始程序等)、程序大小不同和其他不同,本发明在此不做限制。使用两个安全驱动分别对访问操作进行验证,进一步保证了移动存储设备的安全。When the access operation is triggered by a certain program in the user terminal, after receiving the access operation to the mobile storage device, the second security program list can be obtained from the terminal server, and it can be judged whether the program initiating the access operation belongs to the The second security program list. At this time, the second access list is a white list. If it belongs to the list, it is determined that the program that initiates the access operation is a security program, and the access operation is a security operation. Wherein, the first security program list of the first security driver is different from the second security program list of the second security driver, such as different program names, different program classifications, different program sources (such as external network downloads, user terminal original programs, etc.), The program size is different and others are different, and the present invention is not limited here. Two security drivers are used to verify the access operation respectively, which further guarantees the security of the mobile storage device.

在具体操作中,触发访问请求的方式可以为用户针对文件夹发起的、某个程序根据设备标识发起的或其他适用方式。若所述访问操作由用户通过文件夹触发,则验证所述访问操作为安全操作,即不调用第二安全驱动对所述访问操作进行安全验证;若所述访问操作由某个程序根据所述设备标识发起,则验证所述访问操作是否为安全操作,例如判断发起所述访问操作的程序是否在第二安全程序名单中,若在,则验证成功,之后再调用第一安全驱动验证所述访问操作是否安全。In a specific operation, the way of triggering the access request may be initiated by the user for the folder, initiated by a certain program according to the device identifier, or in other applicable ways. If the access operation is triggered by the user through the folder, verify that the access operation is a security operation, that is, do not call the second security driver to perform security verification on the access operation; if the access operation is performed by a program according to the If the device identification is initiated, verify whether the access operation is a safe operation, for example, judge whether the program that initiated the access operation is in the second safe program list, if so, the verification is successful, and then call the first safe driver to verify the Whether the access operation is safe.

步骤206,调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证,并在验证成功后,根据所述访问操作访问所述移动存储设备。Step 206, call the first security driver preset in the mobile storage device to perform security verification on the access operation, and access the mobile storage device according to the access operation after the verification is successful.

在具体操作中,触发访问操作的方式可以为用户针对文件夹发起的、某个程序根据设备标识发起的或其他适用方式。若所述访问操作由用户通过文件夹触发,则放行所述访问操作,即不调用第一安全驱动对所述访问操作进行安全验证;若所述访问操作由某个程序根据所述设备标识发起,则验证所述访问操作是否为安全操作,例如判断发起所述访问操作的程序是否在第一安全程序名单中,若在,则验证成功。In a specific operation, the way of triggering the access operation may be initiated by the user for the folder, initiated by a certain program according to the device identifier, or in other applicable ways. If the access operation is triggered by the user through the folder, the access operation is released, that is, the first security driver is not called to perform security verification on the access operation; if the access operation is initiated by a program according to the device identification , then verify whether the access operation is a safe operation, for example, determine whether the program initiating the access operation is in the first list of safe programs, and if so, the verification is successful.

移动存储设备内置有主控芯片,主控芯片设置有一个或多个访问控制接口,可以通过访问所述设备标识对应的移动存储设备的访问控制接口,与其他设备进行数据传输,将所述访问操作发送至所述移动存储设备;进一步主控芯片可以依据访问操作对数据进行处理,通过访问控制接口将处理后的数据反馈至与其连接的用户终端。The mobile storage device has a built-in main control chip, and the main control chip is provided with one or more access control interfaces. By accessing the access control interface of the mobile storage device corresponding to the device identification, it can perform data transmission with other devices, and the access The operation is sent to the mobile storage device; further, the main control chip can process the data according to the access operation, and feed back the processed data to the user terminal connected to it through the access control interface.

依据本发明实施例,由于不展示对接入用户终端的移动存储设备配置的设备标识,无法通过识别设备标识及相关操作直接访移动存储设备,需要进一步调用预置在移动存储设备的第一安全驱动对访问操作进行验证,并且验证成功后,才允许根据所述访问操作访问所述移动存储设备,从而保证了移动存储设备的安全,避免了病毒入侵和信息泄密等问题。According to the embodiment of the present invention, since the device identification configured for the mobile storage device connected to the user terminal is not displayed, the mobile storage device cannot be directly accessed through the identification of the device identification and related operations, and it is necessary to further call the first security The driver verifies the access operation, and only after the verification is successful, the mobile storage device is allowed to be accessed according to the access operation, thereby ensuring the safety of the mobile storage device and avoiding problems such as virus intrusion and information leakage.

参照图3,示出了根据本发明实施例1的移动存储设备访问装置的结构框图,具体可以包括如下模块:Referring to FIG. 3 , it shows a structural block diagram of a device for accessing a mobile storage device according to Embodiment 1 of the present invention, which may specifically include the following modules:

设备标识取消模块301,用于对接入用户终端的移动存储设备配置设备标识,并取消所述设备标识在所接入的用户终端的操作系统关联位置的展示。The device identification canceling module 301 is configured to configure a device identification for a mobile storage device connected to a user terminal, and cancel the display of the device identification at a location associated with an operating system of the connected user terminal.

访问操作接收模块302,用于接收对所述移动存储设备的访问操作。An access operation receiving module 302, configured to receive an access operation on the mobile storage device.

安全验证模块303,用于调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证,并在验证成功后,根据所述访问操作访问所述移动存储设备。The security verification module 303 is configured to call the first security driver preset in the mobile storage device to perform security verification on the access operation, and access the mobile storage device according to the access operation after the verification is successful.

依据本发明实施例,由于不展示对接入用户终端的移动存储设备配置的设备标识,无法通过识别设备标识及相关操作直接访移动存储设备,需要进一步调用预置在移动存储设备的第一安全驱动对访问操作进行验证,并且验证成功后,才允许根据所述访问操作访问所述移动存储设备,从而保证了移动存储设备的安全,避免了病毒入侵和信息泄密等问题。According to the embodiment of the present invention, since the device identification configured for the mobile storage device connected to the user terminal is not displayed, the mobile storage device cannot be directly accessed through the identification of the device identification and related operations, and it is necessary to further call the first security The driver verifies the access operation, and only after the verification is successful, the mobile storage device is allowed to be accessed according to the access operation, thereby ensuring the safety of the mobile storage device and avoiding problems such as virus intrusion and information leakage.

参照图4,示出了根据本发明实施例2的移动存储设备访问装置的结构框图,具体可以包括如下模块:Referring to FIG. 4 , it shows a structural block diagram of a device for accessing a mobile storage device according to Embodiment 2 of the present invention, which may specifically include the following modules:

管理界面生成模块401,用于在所述接收用户对所述移动存储设备的访问操作之前,生成移动存储设备的管理界面,并在所述管理界面中展示所述设备标识以及对应的登录框。The management interface generating module 401 is configured to generate a management interface of the mobile storage device before receiving the user's access operation on the mobile storage device, and display the device identifier and a corresponding login box on the management interface.

登录信息验证模块402,用于对用户在登录框中输入的登录信息进行验证,并确定验证成功。The login information verification module 402 is configured to verify the login information input by the user in the login box, and determine that the verification is successful.

设备标识取消模块403,用于对接入用户终端的移动存储设备配置设备标识,并取消所述设备标识在所接入的用户终端的操作系统关联位置的展示。The device identification canceling module 403 is configured to configure a device identification for the mobile storage device connected to the user terminal, and cancel the display of the device identification at the position associated with the operating system of the connected user terminal.

访问操作接收模块404,用于接收对所述移动存储设备的访问操作。An access operation receiving module 404, configured to receive an access operation on the mobile storage device.

第二驱动程序调用模块405,用于在所述调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证之前,调用预置在所述移动存储设备的第二驱动程序验证所述访问操作是否为安全操作。The second driver calling module 405 is used to call the second driver preset in the mobile storage device before the first security driver preset in the mobile storage device performs security verification on the access operation. The program verifies whether said access operation is a safe operation.

安全验证模块406,用于调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证,并在验证成功后,根据所述访问操作访问所述移动存储设备。The security verification module 406 is configured to call the first security driver preset in the mobile storage device to perform security verification on the access operation, and access the mobile storage device according to the access operation after the verification is successful.

本发明实施例中,优选地,所述移动存储设备采用NTFS新技术文件系统。In the embodiment of the present invention, preferably, the mobile storage device adopts the NTFS new technology file system.

本发明实施例中,优选地,所述设备标识取消模块403,具体用于修改所述用户终端的操作系统的注册表的关联设置项为不展示接入的移动存储设备。In the embodiment of the present invention, preferably, the device identification canceling module 403 is specifically configured to modify the associated setting item of the registry of the operating system of the user terminal to be a mobile storage device that does not display access.

本发明实施例中,优选地,所述装置还包括:In the embodiment of the present invention, preferably, the device further includes:

属性设置操作接收模块,用于接收在所述管理界面中对所述移动存储设备的属性设置操作。An attribute setting operation receiving module, configured to receive an attribute setting operation on the mobile storage device in the management interface.

本发明实施例中,优选地,所述访问操作接收模块404包括:In the embodiment of the present invention, preferably, the access operation receiving module 404 includes:

文件夹生成子模块,用于生成所述移动存储设备对应的文件夹,接收用户针对所述文件夹发起的访问操作;A folder generating submodule, configured to generate a folder corresponding to the mobile storage device, and receive an access operation initiated by a user for the folder;

或,访问操作获得子模块,用于接收某个程序根据所述设备标识发起的访问操作。Or, the access operation obtaining submodule is configured to receive an access operation initiated by a certain program according to the device identifier.

本发明实施例中,优选地,所述安全验证模块406包括:In the embodiment of the present invention, preferably, the security verification module 406 includes:

安全操作确定子模块,用于若所述访问操作由用户通过文件夹触发,则验证所述访问操作为安全操作;A security operation determination submodule, configured to verify that the access operation is a security operation if the access operation is triggered by the user through a folder;

安全操作验证子模块,用于若所述访问操作由某个程序根据所述设备标识发起,则验证所述访问操作是否为安全操作。The security operation verification sub-module is used to verify whether the access operation is a security operation if the access operation is initiated by a certain program according to the device identification.

本发明实施例中,优选地,所述装置还包括:In the embodiment of the present invention, preferably, the device further includes:

设备标识关联模块,用于在所述对接入的移动存储设备配置设备标识之后,将所述移动存储设备的设备标识与所述第一安全驱动进行关联。The device identification associating module is configured to associate the device identification of the mobile storage device with the first secure driver after the device identification is configured for the accessed mobile storage device.

本发明实施例中,优选地,所述安全验证模块406,具体用于通过访问所述设备标识对应的移动存储设备的访问控制接口,将所述访问操作发送至所述移动存储设备。In the embodiment of the present invention, preferably, the security verification module 406 is specifically configured to send the access operation to the mobile storage device by accessing the access control interface of the mobile storage device corresponding to the device identifier.

本发明实施例中,优选地,所述访问操作为对所述移动存储设备的读操作、写操作或格式化操作。In the embodiment of the present invention, preferably, the access operation is a read operation, a write operation or a format operation on the mobile storage device.

依据本发明实施例,由于不展示对接入用户终端的移动存储设备配置的设备标识,无法通过识别设备标识及相关操作直接访移动存储设备,需要进一步调用预置在移动存储设备的第一安全驱动对访问操作进行验证,并且验证成功后,才允许根据所述访问操作访问所述移动存储设备,从而保证了移动存储设备的安全,避免了病毒入侵和信息泄密等问题。According to the embodiment of the present invention, since the device identification configured for the mobile storage device connected to the user terminal is not displayed, the mobile storage device cannot be directly accessed through the identification of the device identification and related operations, and it is necessary to further call the first security The driver verifies the access operation, and only after the verification is successful, the mobile storage device is allowed to be accessed according to the access operation, thereby ensuring the safety of the mobile storage device and avoiding problems such as virus intrusion and information leakage.

对于上述基于地理位置的来电管理装置实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。As for the above embodiment of the geographical location-based incoming call management apparatus, since it is basically similar to the method embodiment, the description is relatively simple, and for relevant parts, please refer to part of the description of the method embodiment.

本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other.

本领域技术人员易于想到的是:上述各个实施例的任意组合应用都是可行的,故上述各个实施例之间的任意组合都是本发明的实施方案,但是由于篇幅限制,本说明书在此就不一一详述了。It is easy for those skilled in the art to think that: any combination of the above-mentioned embodiments is feasible, so any combination of the above-mentioned embodiments is the embodiment of the present invention, but due to space limitations, this description will be limited here Not detailed one by one.

在此提供的基于地理位置的来电管理方案不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造具有本发明方案的系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The geographic location-based call management solution provided herein is not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct a system having the solution of the present invention is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the claims, any one of the claimed embodiments can be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的移动存储设备访问方案中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in the mobile storage device access solution according to the embodiment of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

本发明公开了A1、一种移动存储设备访问方法,其中,包括:The invention discloses A1, a mobile storage device access method, which includes:

对接入用户终端的移动存储设备配置设备标识,并取消所述设备标识在所接入的用户终端的操作系统关联位置的展示;Configuring a device identifier for the mobile storage device connected to the user terminal, and canceling the display of the device identifier at the location associated with the operating system of the connected user terminal;

接收对所述移动存储设备的访问操作;receiving an access operation to the mobile storage device;

调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证,并在验证成功后,根据所述访问操作访问所述移动存储设备。Calling the first security driver preset in the mobile storage device to perform security verification on the access operation, and after the verification is successful, access the mobile storage device according to the access operation.

A2、根据A1所述的方法,其中,所述移动存储设备采用NTFS新技术文件系统。A2. The method according to A1, wherein the mobile storage device adopts the NTFS new technology file system.

A3、根据A1所述的方法,其中,所述取消所述设备标识在所接入的用户终端的操作系统的展示包括:A3. The method according to A1, wherein the canceling the presentation of the device identification on the operating system of the accessed user terminal includes:

修改所述用户终端的操作系统的注册表的关联设置项为不展示接入的移动存储设备。Modifying the associated setting item of the registry of the operating system of the user terminal to not display the accessed mobile storage device.

A4、根据A1所述的方法,其中,在所述接收用户对所述移动存储设备的访问操作之前,所述方法还包括:A4. The method according to A1, wherein, before receiving the user's access operation on the mobile storage device, the method further includes:

生成移动存储设备的管理界面,并在所述管理界面中展示所述设备标识以及对应的登录框;Generate a management interface for the mobile storage device, and display the device identifier and a corresponding login box on the management interface;

对用户在登录框中输入的登录信息进行验证,并确定验证成功。Verify the login information entered by the user in the login box, and determine that the verification is successful.

A5、根据A4所述的方法,其中,所述方法还包括:A5. The method according to A4, wherein the method also includes:

接收在所述管理界面中对所述移动存储设备的属性设置操作。An operation of setting attributes of the mobile storage device in the management interface is received.

A6、根据A1所述的方法,其中,所述接收对所述移动存储设备的访问操作包括:A6. The method according to A1, wherein the receiving an access operation to the mobile storage device includes:

生成所述移动存储设备对应的文件夹,接收用户针对所述文件夹发起的访问操作;Generate a folder corresponding to the mobile storage device, and receive an access operation initiated by the user for the folder;

或,接收某个程序根据所述设备标识发起的访问操作。Or, receive an access operation initiated by a certain program according to the device identifier.

A7、根据A6所述的方法,其中,所述调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证包括:A7. The method according to A6, wherein the calling the first security driver preset in the mobile storage device to perform security verification on the access operation includes:

若所述访问操作由用户通过文件夹触发,则验证所述访问操作为安全操作;If the access operation is triggered by the user through the folder, verify that the access operation is a safe operation;

若所述访问操作由某个程序根据所述设备标识发起,则验证所述访问操作是否为安全操作。If the access operation is initiated by a certain program according to the device identifier, verify whether the access operation is a safe operation.

A8、根据A1所述的方法,其中,在所述调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证之前,所述方法还包括:A8. The method according to A1, wherein, before the first security driver preset in the mobile storage device performs security verification on the access operation, the method further includes:

调用预置在所述移动存储设备的第二驱动程序验证所述访问操作是否为安全操作。Calling the second driver preset in the mobile storage device to verify whether the access operation is a safe operation.

A9、根据A1所述的方法,其中,在所述对接入的移动存储设备配置设备标识之后,所述方法还包括:A9. The method according to A1, wherein, after configuring the device identifier for the accessed mobile storage device, the method further includes:

将所述移动存储设备的设备标识与所述第一安全驱动进行关联。Associating the device identifier of the mobile storage device with the first secure drive.

A10、根据A1所述的方法,其中,所述根据所述访问操作访问所述移动存储设备包括:A10. The method according to A1, wherein said accessing said mobile storage device according to said access operation comprises:

通过访问所述设备标识对应的移动存储设备的访问控制接口,将所述访问操作发送至所述移动存储设备。The access operation is sent to the mobile storage device by accessing the access control interface of the mobile storage device corresponding to the device identifier.

A11、根据A1所述的方法,其中,所述访问操作为对所述移动存储设备的读操作、写操作或格式化操作。A11. The method according to A1, wherein the access operation is a read operation, write operation or format operation on the mobile storage device.

本发明还公开了B12、一种移动存储设备访问装置,其中,包括:The present invention also discloses B12, a device for accessing mobile storage devices, which includes:

设备标识取消模块,用于对接入用户终端的移动存储设备配置设备标识,并取消所述设备标识在所接入的用户终端的操作系统关联位置的展示;The device identification canceling module is used to configure the device identification for the mobile storage device connected to the user terminal, and cancel the display of the device identification at the associated position of the operating system of the connected user terminal;

访问操作接收模块,用于接收对所述移动存储设备的访问操作;An access operation receiving module, configured to receive an access operation to the mobile storage device;

安全验证模块,用于调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证,并在验证成功后,根据所述访问操作访问所述移动存储设备。The security verification module is configured to call the first security driver preset in the mobile storage device to perform security verification on the access operation, and access the mobile storage device according to the access operation after the verification is successful.

B13、根据B12所述的装置,其中,所述移动存储设备采用NTFS新技术文件系统。B13. The device according to B12, wherein the mobile storage device adopts the NTFS new technology file system.

B14、根据B12所述的装置,其中:B14. The device according to B12, wherein:

所述设备标识取消模块,具体用于修改所述用户终端的操作系统的注册表的关联设置项为不展示接入的移动存储设备。The device identification canceling module is specifically configured to modify the association setting item of the registry of the operating system of the user terminal to not display the accessed mobile storage device.

B15、根据B12所述的装置,其中,所述装置还包括:B15. The device according to B12, wherein the device also includes:

管理界面生成模块,用于在所述接收用户对所述移动存储设备的访问操作之前,生成移动存储设备的管理界面,并在所述管理界面中展示所述设备标识以及对应的登录框;A management interface generation module, configured to generate a management interface of the mobile storage device before receiving the user's access operation on the mobile storage device, and display the device identifier and a corresponding login box on the management interface;

登录信息验证模块,用于对用户在登录框中输入的登录信息进行验证,并确定验证成功。The login information verification module is used to verify the login information input by the user in the login box, and determine that the verification is successful.

B16、根据B15所述的装置,其中,所述装置还包括:B16. The device according to B15, wherein the device also includes:

属性设置操作接收模块,用于接收在所述管理界面中对所述移动存储设备的属性设置操作。An attribute setting operation receiving module, configured to receive an attribute setting operation on the mobile storage device in the management interface.

B17、根据B12所述的装置,其中,所述访问操作接收模块包括:B17. The device according to B12, wherein the access operation receiving module includes:

文件夹生成子模块,用于生成所述移动存储设备对应的文件夹,接收用户针对所述文件夹发起的访问操作;A folder generating submodule, configured to generate a folder corresponding to the mobile storage device, and receive an access operation initiated by a user for the folder;

或,访问操作获得子模块,用于接收某个程序根据所述设备标识发起的访问操作。Or, the access operation obtaining submodule is configured to receive an access operation initiated by a certain program according to the device identifier.

B18、根据B17所述的装置,其中,所述安全验证模块包括:B18. The device according to B17, wherein the safety verification module includes:

安全操作确定子模块,用于若所述访问操作由用户通过文件夹触发,则验证所述访问操作为安全操作;A security operation determination submodule, configured to verify that the access operation is a security operation if the access operation is triggered by the user through a folder;

安全操作验证子模块,用于若所述访问操作由某个程序根据所述设备标识发起,则验证所述访问操作是否为安全操作。The security operation verification sub-module is used to verify whether the access operation is a security operation if the access operation is initiated by a certain program according to the device identification.

B19、根据B12所述的装置,其中,所述装置还包括:B19. The device according to B12, wherein the device also includes:

第二驱动程序调用模块,用于在所述调用预置在所述移动存储设备的第一安全驱动对所述访问操作进行安全验证之前,调用预置在所述移动存储设备的第二驱动程序验证所述访问操作是否为安全操作。The second driver calling module is used to call the second driver preset in the mobile storage device before the first security driver preset in the mobile storage device performs security verification on the access operation. Verify that the access operation is a secure operation.

B20、根据B12所述的装置,其中,所述装置还包括:B20, the device according to B12, wherein the device also includes:

设备标识关联模块,用于在所述对接入的移动存储设备配置设备标识之后,将所述移动存储设备的设备标识与所述第一安全驱动进行关联。The device identification associating module is configured to associate the device identification of the mobile storage device with the first secure driver after the device identification is configured for the accessed mobile storage device.

B21、根据B12所述的装置,其中:B21. The device according to B12, wherein:

所述安全验证模块,具体用于通过访问所述设备标识对应的移动存储设备的访问控制接口,将所述访问操作发送至所述移动存储设备。The security verification module is specifically configured to send the access operation to the mobile storage device by accessing the access control interface of the mobile storage device corresponding to the device identifier.

B22、根据B12所述的装置,其中,所述访问操作为对所述移动存储设备的读操作、写操作或格式化操作。B22. The apparatus according to B12, wherein the access operation is a read operation, write operation or format operation to the mobile storage device.

Claims (10)

1. a movable storage device access method, wherein, comprising:
The movable storage device configuration device of access user terminal is identified, and cancels the displaying of described device identification at the operating system relative position of accessed user terminal;
Receive the accessing operation to described movable storage device;
Call and be preset at first of described movable storage device and drive safely safety verification is carried out to described accessing operation, and after being proved to be successful, access described movable storage device according to described accessing operation.
2. method according to claim 1, wherein, described movable storage device adopts NTFS New Technology File System.
3. method according to claim 1, wherein, the described device identification of described cancellation comprises in the displaying of the operating system of accessed user terminal:
The association setting option revising the registration table of the operating system of described user terminal is the movable storage device not showing access.
4. method according to claim 1, wherein, before described reception user is to the accessing operation of described movable storage device, described method also comprises:
Generate the administration interface of movable storage device, and in described administration interface, show the login frame of described device identification and correspondence;
The log-on message that user inputs in login frame is verified, and determines to be proved to be successful.
5. method according to claim 4, wherein, described method also comprises:
Be received in described administration interface and the setup of attribute of described movable storage device is operated.
6. method according to claim 1, wherein, the accessing operation of described reception to described movable storage device comprises:
Generate the file that described movable storage device is corresponding, receive the accessing operation that user initiates for described file;
Or, receive the accessing operation that certain program is initiated according to described device identification.
7. method according to claim 6, wherein, described in call and be preset at first of described movable storage device and drive safely and safety verification is carried out to described accessing operation comprise:
If described accessing operation is triggered by file by user, then verify that described accessing operation is safe operation;
If described accessing operation is initiated according to described device identification by certain program, then verify whether described accessing operation is safe operation.
8. method according to claim 1, wherein, be preset at before first of described movable storage device drives safely and carry out safety verification to described accessing operation described calling, described method also comprises:
Call the second driver being preset at described movable storage device and verify whether described accessing operation is safe operation.
9. method according to claim 1, wherein, after the described mark of the movable storage device configuration device to access, described method also comprises:
The device identification of described movable storage device and described first is driven safely and associates.
10. a movable storage device access means, wherein, comprising:
Module is cancelled in device identification, for identifying the movable storage device configuration device of access user terminal, and cancels the displaying of described device identification at the operating system relative position of accessed user terminal;
Accessing operation receiver module, for receiving the accessing operation to described movable storage device;
Secure verification module, is preset at first of described movable storage device and drives for calling safely and carry out safety verification to described accessing operation, and after being proved to be successful, access described movable storage device according to described accessing operation.
CN201510998032.XA 2015-12-25 2015-12-25 A method and device for accessing a mobile storage device Active CN105488436B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510998032.XA CN105488436B (en) 2015-12-25 2015-12-25 A method and device for accessing a mobile storage device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510998032.XA CN105488436B (en) 2015-12-25 2015-12-25 A method and device for accessing a mobile storage device

Publications (2)

Publication Number Publication Date
CN105488436A true CN105488436A (en) 2016-04-13
CN105488436B CN105488436B (en) 2019-05-10

Family

ID=55675408

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510998032.XA Active CN105488436B (en) 2015-12-25 2015-12-25 A method and device for accessing a mobile storage device

Country Status (1)

Country Link
CN (1) CN105488436B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106101129A (en) * 2016-07-06 2016-11-09 北京元心科技有限公司 A kind of method and system storing device and using its protection data safety
CN108304222A (en) * 2017-01-13 2018-07-20 中标软件有限公司 Apparatus management/control system and method
CN108376224A (en) * 2018-02-24 2018-08-07 深圳市大迈科技有限公司 A kind of movable storage device and its encryption method and device
CN106101129B (en) * 2016-07-06 2019-07-16 北京元心科技有限公司 A kind of storage device and the method and system using its protection data safety
CN110162946A (en) * 2019-05-30 2019-08-23 北京奇安信科技有限公司 Mobile storage management-control method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1661573A (en) * 2004-02-24 2005-08-31 深圳市朗科科技有限公司 Method for managing notations of disks of mobile storage device
CN1866225A (en) * 2005-05-20 2006-11-22 联想(北京)有限公司 Mapping method for mobile memory device
CN101350034A (en) * 2008-09-10 2009-01-21 普天信息技术研究院有限公司 A mobile storage device and method for file access
CN102495986A (en) * 2011-12-15 2012-06-13 上海中标凌巧软件科技有限公司 Calling control method for avoiding embezzlement of enciphered data in computer system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1661573A (en) * 2004-02-24 2005-08-31 深圳市朗科科技有限公司 Method for managing notations of disks of mobile storage device
CN1866225A (en) * 2005-05-20 2006-11-22 联想(北京)有限公司 Mapping method for mobile memory device
CN101350034A (en) * 2008-09-10 2009-01-21 普天信息技术研究院有限公司 A mobile storage device and method for file access
CN102495986A (en) * 2011-12-15 2012-06-13 上海中标凌巧软件科技有限公司 Calling control method for avoiding embezzlement of enciphered data in computer system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周峰: "基于虚拟卷技术的安全U盘研究与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106101129A (en) * 2016-07-06 2016-11-09 北京元心科技有限公司 A kind of method and system storing device and using its protection data safety
CN106101129B (en) * 2016-07-06 2019-07-16 北京元心科技有限公司 A kind of storage device and the method and system using its protection data safety
CN108304222A (en) * 2017-01-13 2018-07-20 中标软件有限公司 Apparatus management/control system and method
CN108376224A (en) * 2018-02-24 2018-08-07 深圳市大迈科技有限公司 A kind of movable storage device and its encryption method and device
CN110162946A (en) * 2019-05-30 2019-08-23 北京奇安信科技有限公司 Mobile storage management-control method and device
CN110162946B (en) * 2019-05-30 2022-08-16 奇安信科技集团股份有限公司 Mobile storage management and control method and device

Also Published As

Publication number Publication date
CN105488436B (en) 2019-05-10

Similar Documents

Publication Publication Date Title
CN103581318B (en) A kind of backup of mobile device data, restoring method and device
CN103987130B (en) Terminal access method, device and system based on WIFI equipment
WO2015062389A1 (en) Method and apparatus for uninstalling system application on terminal device
CN105550598B (en) A kind of method for managing security and device of movable storage device
CN104054086B (en) For the file system access of one or more sandboxed application programs
EP3032418A1 (en) Permission control method and device
CN102938039A (en) Selective file access for applications
CN107209678B (en) System and method for adaptive cloning of mobile devices
WO2015058574A1 (en) Method and apparatus for implementing push notification of extensive application program
WO2016019893A1 (en) Application installation method and apparatus
CN105303100A (en) Verification method and device of application program startup
CN105554137B (en) A kind of standby system and method
CN106155753A (en) Application program installation method, device and terminal
CN103605538B (en) A kind of method and apparatus for installing software
CN103687059B (en) Set up the method and device connected between computing device and mobile device
CN103605537B (en) The installation method of a kind of software and device
WO2014012361A1 (en) Method and device for creating control interface for external device
CN105488436A (en) Mobile storage equipment access method and device
US10097488B2 (en) System and method for recovering electronic mail messages deleted from an information handling system
CN106790252A (en) Log-on message sharing method and device
CN103685259B (en) The method and its device of Account Logon
CN103729604B (en) A kind of method and apparatus in customer access area territory
CN105653991A (en) Processing method and apparatus for mobile storage device
WO2016107348A1 (en) Process right configuration method and device
CN106020894A (en) Method for controlling electronic device and electronic device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Co-patentee after: QAX Technology Group Inc.

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Co-patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd.

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

CP01 Change in the name or title of a patent holder