CN105488436B - A kind of movable storage device access method and device - Google Patents
A kind of movable storage device access method and device Download PDFInfo
- Publication number
- CN105488436B CN105488436B CN201510998032.XA CN201510998032A CN105488436B CN 105488436 B CN105488436 B CN 105488436B CN 201510998032 A CN201510998032 A CN 201510998032A CN 105488436 B CN105488436 B CN 105488436B
- Authority
- CN
- China
- Prior art keywords
- storage device
- movable storage
- access
- access operation
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012795 verification Methods 0.000 claims abstract description 30
- 238000005516 engineering process Methods 0.000 claims description 9
- 230000001960 triggered effect Effects 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 claims description 7
- 238000012360 testing method Methods 0.000 claims 2
- 230000000977 initiatory effect Effects 0.000 description 11
- 230000006399 behavior Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 5
- 231100000572 poisoning Toxicity 0.000 description 5
- 230000000607 poisoning effect Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000009434 installation Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000003780 insertion Methods 0.000 description 2
- 230000037431 insertion Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of movable storage device access method and devices, the described method includes: the movable storage device to access user terminal configures device identification, and cancel the device identification in the displaying of the operating system relative position of the user terminal accessed, receive the access operation to the movable storage device, the the first safety driving for being preset at the movable storage device is called to carry out safety verification to the access operation, and after being proved to be successful, the movable storage device is accessed according to the access operation.Device identification of the scheme of the embodiment of the present invention due to not showing the movable storage device configuration to access user terminal, movable storage device can not be directly visited by identification device identification and relevant operation, it needs that the first safety driving for being preset at movable storage device is further called to verify access operation, and after being proved to be successful, just allow to access the movable storage device according to the access operation, to ensure that the safety of movable storage device.
Description
Technical field
The present invention relates to software technology fields, more particularly to a kind of movable storage device access method and a kind of shifting
Dynamic storage device access device.
Background technique
USB flash disk full name USB flash drive is a kind of movable storage device being connect using USB interface with terminal device, has and deposits
The advantages that capacity is big, data rate memory is fast, small in size and easy to use is stored up, is just used by more and more users.
When accessing USB flash disk, USB flash disk can be inserted into terminal device, USB flash disk be accessed by opening the USB flash disk drive that the page is shown, by institute
Data needed for needing data to be stored in USB flash disk or download from USB flash disk.
But common U disk does not have any access control to the access operation of data, as long as the terminal with USB interface is set
Standby to access to USB flash disk, such USB flash disk access mode also brings Virus entry while bringing convenient
And the problems such as information-leakage.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind
State the movable storage device access method and movable storage device access mechanism of problem.
According to one aspect of the present invention, a kind of movable storage device access method is provided, comprising:
Device identification is configured to the movable storage device of access user terminal, and cancels the device identification and is being accessed
The displaying of the operating system relative position of user terminal;
Receive the access operation to the movable storage device;
The the first safety driving for being preset at the movable storage device is called to carry out safety verification to the access operation, and
After being proved to be successful, the movable storage device is accessed according to the access operation.
Optionally, the movable storage device uses NTFS New Technology File System.
Optionally, the displaying of the operating system in the user terminal accessed of cancelling the device identification includes:
The association setting option for modifying the registration table of the operating system of the user terminal is the mobile storage for not showing access
Equipment.
Optionally, before the reception user is to the access operation of the movable storage device, the method also includes:
The administration interface of movable storage device is generated, and shows the device identification and correspondence in the administration interface
Login frame;
The log-on message that user inputs in login frame is verified, and determination is proved to be successful.
Optionally, the method also includes:
It receives and operation is arranged to the attribute of the movable storage device in the administration interface.
Optionally, described receive includes: to the access operation of the movable storage device
The corresponding file of the movable storage device is generated, the access behaviour that user initiates for the file is received
Make;
Or, receiving the access operation that some program is initiated according to the device identification.
Optionally, described that the first safety driving for being preset at the movable storage device is called to carry out the access operation
Safety verification includes:
If the access operation is triggered by user by file, verifying the access operation is safety operation;
If the access operation is initiated by some program according to the device identification, verify the access operation whether be
Safety operation.
Optionally, it is described call be preset at the movable storage device first safety driving to the access operation into
Before row safety verification, the method also includes:
The second driver for being preset at the movable storage device is called to verify whether the access operation is to grasp safely
Make.
Optionally, after the described pair of movable storage device accessed configuration device identification, the method also includes:
The device identification of the movable storage device and the first safety driving are associated.
Optionally, described to include: according to the access operation access movable storage device
By accessing the access control interface of the corresponding movable storage device of the device identification, the access operation is sent out
It send to the movable storage device.
Optionally, the access operation is to the read operation of the movable storage device, write operation or format manipulation.
According to another aspect of the present invention, a kind of movable storage device access mechanism is provided, comprising:
Module is cancelled in device identification, configures device identification for the movable storage device to access user terminal, and cancel
Displaying of the device identification in the operating system relative position of the user terminal accessed;
Access operation receiving module, for receiving the access operation to the movable storage device;
Secure verification module, for calling the first safety driving for being preset at the movable storage device to grasp the access
Make carry out safety verification, and after being proved to be successful, the movable storage device is accessed according to the access operation.
Optionally, the movable storage device uses NTFS New Technology File System.
Optionally, module is cancelled in the device identification, the registration of the operating system specifically for modifying the user terminal
The association setting option of table is the movable storage device for not showing access.
Optionally, described device further include:
Administration interface generation module, for before the reception user is to the access operation of the movable storage device,
The administration interface of movable storage device is generated, and shows the device identification and corresponding login in the administration interface
Frame;
Log-on message authentication module, for verifying to the log-on message that user inputs in login frame, and determination is tested
It demonstrate,proves successfully.
Optionally, described device further include:
Attribute setting operation receiving module, for receiving in the administration interface to the attribute of the movable storage device
Setting operation.
Optionally, the access operation receiving module includes:
File generates submodule, for generating the corresponding file of the movable storage device, receives user and is directed to institute
State the access operation of file initiation;
Or, access operation obtains submodule, the access operation initiated for receiving some program according to the device identification.
Optionally, the secure verification module includes:
Safety operation determines submodule, if being triggered by user by file for the access operation, described in verifying
Access operation is safety operation;
Submodule is verified in safety operation, if being initiated by some program according to the device identification for the access operation,
Then verify whether the access operation is safety operation.
Optionally, described device further include:
Second driver calling module, for calling the first safety for being preset at the movable storage device to drive described
Before the dynamic progress safety verification to the access operation, the second driver verifying for being preset at the movable storage device is called
Whether the access operation is safety operation.
Optionally, described device further include:
Device identification relating module, after the movable storage device for accessing at described Dui configures device identification, by institute
The device identification and the first safety driving for stating movable storage device are associated.
Optionally, the secure verification module, specifically for being set by accessing the corresponding mobile storage of the device identification
The access operation is sent to the movable storage device by standby access control interface.
Optionally, the access operation is to the read operation of the movable storage device, write operation or format manipulation.It is logical
The embodiment of the present invention is crossed, due to not showing the device identification of the movable storage device configuration to access user terminal, can not be passed through
Movable storage device is directly visited in identification device identification and relevant operation, is needed further to call and is preset at the of movable storage device
Access operation is verified in one safety driving, and after being proved to be successful, and is just allowed according to the access operation access shifting
Dynamic storage equipment, thus the problems such as ensure that the safety of movable storage device, avoiding poisoning intrusion and information-leakage.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows the flow chart of according to embodiments of the present invention 1 movable storage device access method;
Fig. 2 shows the flow charts of according to embodiments of the present invention 2 movable storage device access method;
Fig. 3 shows the structural block diagram of according to embodiments of the present invention 1 movable storage device access mechanism;
Fig. 4 shows the structural block diagram of according to embodiments of the present invention 2 movable storage device access mechanism.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
Referring to Fig.1, a kind of step process of according to embodiments of the present invention 1 movable storage device access method is shown
Figure, can specifically include following steps:
Step 101, device identification is configured to the movable storage device of access user terminal, and cancels the device identification and exists
The displaying of the operating system relative position of the user terminal accessed.
User terminal can be the terminal devices such as desktop computer, laptop, mobile phone, PAD, the installing terminal equipment
There is the card slot (such as USB card slot etc.) for interface (such as USB etc.) insertion.Movable storage device can for interface USB flash disk,
Hard disk or other removable equipment (such as mobile terminal etc.) used and can be used as storage medium.It can be deposited by that will move
The card slot for storing up the interface insertion user terminal of equipment, connects mobile terminal device and user terminal, realizes user terminal to movement
Store the operations such as data read operation and the data write operation of equipment.
Device identification is equipment drive, can be at least one of text, number, character and other identifier, such as " removable
Dynamic storage equipment I ".After detecting movable storage device access user terminal, the mobile storage to access can according to need
Device configuration device identification.
After the movable storage device to access user terminal configures device identification, traditional method can be in user terminal
Operating system relative position is shown device identification, such as presentation device mark " can in the page belonging to " my computer "
Movable storage device I " etc..And the method in the embodiment of the present invention movable storage device access user terminal and to it with installing
After standby mark, cancel the device identification in the displaying of the operating system relative position of the user terminal accessed, i.e., to configuration
Device identification be hidden.Since device identification is not shown, can not directly be accessed by identification device identification and relevant operation
Movable storage device needs that movable storage device could be accessed by completing subsequent relevant operation, to realize to movement
The control of storage device access ensure that the safety of movable storage device.
Step 102, user is received to the access operation of the movable storage device.
After movable storage device access user terminal, user can receive to the access operation of movable storage device.Example
Such as, the file of generation can be shown in the page of pop-up after configuring device identification, user can be for the file shown
Folder initiates access operation;Other drivers or non-driven program can also be received by inversely grasping after configuring device identification
Make the hiding device identification of discovery, and access operation is initiated to the device identification;It can also be other access modes, the present invention
Herein with no restrictions.Wherein, access operation can be the operation such as read operation, write operation or format manipulation.
Step 103, the first safety driving for being preset at the movable storage device is called to pacify the access operation
Full verifying, and after being proved to be successful, the movable storage device is accessed according to the access operation.
The first installation file driven safely is preset in movable storage device, after installation first safety driving for pair
Access operation carries out safety verification.Specifically, after movable storage device access user terminal, the operating system of user terminal is examined
It surveys in user terminal and whether needs to install the first safety driving, detecting that needing to install the first safety in the user terminal drives
When dynamic, indicating user terminal runs the first installation file driven safely stored in movable storage device, to realize the first peace
Full driving is available.
First driver be used for verify initiate access operation program whether safety, and then authentication-access operate whether be
Safety operation.
The first security procedure list is previously provided in the terminal server of movable storage device, for operating to initiation
The program of access is verified.Specifically, the first program list can be white list, and defaulting the program in white list is safe journey
Sequence illustrates that described program is security procedure if the program for initiating access operation hits white list;It is also possible to blacklist, writes from memory
The program in blacklist is recognized for dangerous program, if the program for initiating access operation hits blacklist, illustrates described program for danger
Dangerous program.It can also be other verification methods, the present invention is herein with no restrictions.
When authentication-access operates, the application program of the first safety driving verifying initiation access operation can be called or driving is
No to belong to the first security procedure list, the first security procedure list determines the access operation if belonging to for white list at this time
For safety operation, the movable storage device further can be accessed according to the access operation;If be not belonging to, institute is determined
Stating access operation is risky operation, prevents the operation that accesses to movable storage device.
In actual operation, the device identification of the movable storage device and the first safety driving can be closed
Connection, can be after the first safety driving be proved to be successful access operation, movable storage device corresponding to associated device identification
Access operation.
According to an embodiment of the present invention, due to not showing the equipment mark to the configuration of the movable storage device of access user terminal
Know, can not directly visit movable storage device by identification device identification and relevant operation, further call is needed to be preset at movement
Access operation is verified in first safety driving of storage equipment, and after being proved to be successful, is just allowed according to access behaviour
Make the access movable storage device and avoids poisoning intrusion and information-leakage to ensure that the safety of movable storage device
The problems such as.
Referring to Fig. 2, the flow chart of according to embodiments of the present invention 2 movable storage device access method is shown, specifically may be used
To include the following steps:
Step 201, the administration interface of movable storage device is generated, and shows the device identification in the administration interface
And corresponding login frame.
In the embodiment of the present invention, before movable storage device access user terminal, user can be opened according to predetermined registration operation
The access management client of terminal installation, generates the administration interface of movable storage device.
Administration interface is information configuration interface, and the device identification of movable storage device and right can be shown in administration interface
The login frame answered, can show multiple attribute informations and associated input field in login frame, such as device manufacturer's information, set
The attribute informations such as standby sequence odd numbers, unit information, department's information, user's information, remark information;It can also show initial mouth
Enable, password number of attempt and password complexity require etc. attribute informations, and for each attribute information configuration input field.
In concrete operations, for the movable storage device accessed for the first time, it may be received in the administration interface to institute
State movable storage device attribute setting operation, by administration interface configuration attribute information complete to movable storage device
The registration information of movable storage device, can be stored in the login service device of user terminal the same time shift for checking by registration
The registration behavior of dynamic storage equipment can be recorded in login service device in the form of log.
For the non-movable storage device accessed for the first time, attribute information can be inputted in the administration interface of generation, generated
, can be by the predetermined registration operation in administration interface to the log-on message of the movable storage device, such as click " determination " and press
Button submits the log-on message of input.
In actual operation, movable storage device can use NTFS New Technology File System, compared to common FAT32
File system, NTFS New Technology File System memory is bigger, can on multiple hard disks storage file, while NTFS is capable of providing
Performance not available for various FAT versions, safety, reliability and advanced feature advanced file system.For example, NTFS passes through
Standard transaction journal function and recovery technology ensure the consistency rolled up.If system breaks down, NTFS is able to use log text
Part restores the consistency of file system with checkpoint information.In Windows 2000 and Windows XP, NTFS can also be mentioned
For the advanced feature of such as file and file permission, encryption, Disk Quotas and compression etc.
Step 202, the log-on message that user inputs in login frame is verified, and determination is proved to be successful.
After receiving the log-on message that user inputs in the login frame of administration interface, the log-on message is tested
Whether correct card, verify the log-on message, if correctly, it is determined that be proved to be successful.
When specific verifying log-on message, the registration of movable storage device can be read from the back-end server of user terminal
Information judges whether the log-on message of movable storage device is consistent with registration information, if unanimously, decision verification success can be with
User is further received to the access operation of movable storage device;If inconsistent, decision verification failure is forbidden receiving user couple
The access operation of movable storage device.
Step 203, device identification is configured to the movable storage device of access user terminal, and cancels the device identification and exists
The displaying of the operating system relative position of the user terminal accessed.
After configuring device identification to movable storage device, the device identification is not shown, such as can be by described in modification
The association setting option of the registration table of the operating system of user terminal is the movable storage device for not showing access, concealing device mark
Know.For example, can in registration table accessed path HKEY_CURRENT_USER → Software → Microsoft → Windows
→ CurrentVersion → Ploicies → Explorer is deleted after finding the option of " NoDrives ", to hide
Device identification.It concealing device can also identify by other means, the present invention is herein with no restrictions.
Step 204, the access operation to the movable storage device is received.
In the concrete realization, the corresponding file of the movable storage device can be generated, is connect after configuring device identification
It receives user and is directed to the access operation that file is initiated, such as can show the file of generation, Yong Huke in the page of pop-up
To initiate access operation for the file shown;Path where file can also be shown for user in the page of pop-up
It searches, such as path " my computer/movable memory equipment I ", user can be according to the path searching file, and to finding
File initiate access operation.
The access operation that some program is initiated according to device identification can also be received after configuring device identification, such as by
The device identification that other drivers or non-driven program are hidden by contrary operation discovery, and the device identification is initiated to visit
Ask operation;Modes can also be received for other, the present invention is herein with no restrictions.Wherein, access operation can be read operation, write behaviour
Work or format manipulation etc..
Step 205, call whether the second driver for being preset at the movable storage device verifies the access operation
For safety operation.
Second driver be used for verify initiate access operation program whether safety, and then authentication-access operate whether be
Safety operation.
The second security procedure list is previously provided in the terminal server of movable storage device, for operating to initiation
The program of access is verified.Specifically, the second program list can be white list, and defaulting the program in white list is safe journey
Sequence illustrates that described program is security procedure if the program for initiating access operation hits white list;It is also possible to blacklist, writes from memory
The program in blacklist is recognized for dangerous program, if the program for initiating access operation hits blacklist, illustrates described program for danger
Dangerous program.It can also be other verification methods, the present invention is herein with no restrictions.
When access operation is triggered by some program in user terminal, can receive to the movable storage device
After access operation, the second security procedure list is obtained from terminal server, and judges to initiate the program of the access operation
Whether second security procedure list is belonged to, and the second access list is white list at this time, if belonging to, determines to initiate the access behaviour
The program of work is security procedure, and the access operation is safety operation.Wherein, the first the first security procedure list driven safely
The the second security procedure list driven safely different from second, such as program name difference, class of procedures difference, program source are not
With (such as outer net downloading, user terminal original program etc.), program size is different and other are different, and the present invention does not limit herein
System.Access operation is verified respectively using two safety drivings, further ensures the safety of movable storage device.
In concrete operations, the mode for triggering access request can be user for file initiation, some program root
Initiated according to device identification or other applicable patterns.If the access operation is triggered by user by file, described in verifying
Access operation is safety operation, that is, never calls the second safety driving and carry out safety verification to the access operation;If the access
Operation is initiated by some program according to the device identification, then verifies whether the access operation is safety operation, such as judge
The program of the access operation is initiated whether in the second security procedure list, if being proved to be successful, recalling first later
Whether the access operation is verified in safety driving safe.
Step 206, the first safety driving for being preset at the movable storage device is called to pacify the access operation
Full verifying, and after being proved to be successful, the movable storage device is accessed according to the access operation.
In concrete operations, the mode for triggering access operation can be user for file initiation, some program root
Initiated according to device identification or other applicable patterns.If the access operation is triggered by user by file, described in clearance
Access operation never calls the first safety driving and carries out safety verification to the access operation;If the access operation is by some
Program is initiated according to the device identification, then verifies whether the access operation is safety operation, such as the visit is initiated in judgement
The program of operation is asked whether in the first security procedure list, if being proved to be successful.
Movable storage device is built-in with main control chip, and main control chip is provided with one or more access control interfaces, can be with
By the access control interface of the corresponding movable storage device of the access device identification, carry out data transmission with other equipment,
The access operation is sent to the movable storage device;Further main control chip can carry out data according to access operation
Processing, by access control interface will treated data feedback to user terminal connected to it.
According to an embodiment of the present invention, due to not showing the equipment mark to the configuration of the movable storage device of access user terminal
Know, can not directly visit movable storage device by identification device identification and relevant operation, further call is needed to be preset at movement
Access operation is verified in first safety driving of storage equipment, and after being proved to be successful, is just allowed according to access behaviour
Make the access movable storage device and avoids poisoning intrusion and information-leakage to ensure that the safety of movable storage device
The problems such as.
Referring to Fig. 3, the structural block diagram of according to embodiments of the present invention 1 movable storage device access mechanism is shown, specifically
May include following module:
Module 301 is cancelled in device identification, configures device identification for the movable storage device to access user terminal, and take
Disappear the device identification the operating system relative position of the user terminal accessed displaying.
Access operation receiving module 302, for receiving the access operation to the movable storage device.
Secure verification module 303, for calling the first safety driving for being preset at the movable storage device to the visit
It asks that operation carries out safety verification, and after being proved to be successful, the movable storage device is accessed according to the access operation.
According to an embodiment of the present invention, due to not showing the equipment mark to the configuration of the movable storage device of access user terminal
Know, can not directly visit movable storage device by identification device identification and relevant operation, further call is needed to be preset at movement
Access operation is verified in first safety driving of storage equipment, and after being proved to be successful, is just allowed according to access behaviour
Make the access movable storage device and avoids poisoning intrusion and information-leakage to ensure that the safety of movable storage device
The problems such as.
Referring to Fig. 4, the structural block diagram of according to embodiments of the present invention 2 movable storage device access mechanism is shown, specifically
May include following module:
Administration interface generation module 401, for the reception user to the access operation of the movable storage device it
Before, the administration interface of movable storage device is generated, and show in the administration interface device identification and corresponding step on
Record frame.
Log-on message authentication module 402 for verifying to the log-on message that user inputs in login frame, and determines
It is proved to be successful.
Module 403 is cancelled in device identification, configures device identification for the movable storage device to access user terminal, and take
Disappear the device identification the operating system relative position of the user terminal accessed displaying.
Access operation receiving module 404, for receiving the access operation to the movable storage device.
Second driver calling module 405, for calling be preset at the movable storage device first to pacify described
Before full driving carries out safety verification to the access operation, the second driver for being preset at the movable storage device is called
Verify whether the access operation is safety operation.
Secure verification module 406, for calling the first safety driving for being preset at the movable storage device to the visit
It asks that operation carries out safety verification, and after being proved to be successful, the movable storage device is accessed according to the access operation.
In the embodiment of the present invention, it is preferable that the movable storage device uses NTFS New Technology File System.
In the embodiment of the present invention, it is preferable that module 403 is cancelled in the device identification, is specifically used for modifying user's end
The association setting option of the registration table of the operating system at end is the movable storage device for not showing access.
In the embodiment of the present invention, it is preferable that described device further include:
Attribute setting operation receiving module, for receiving in the administration interface to the attribute of the movable storage device
Setting operation.
In the embodiment of the present invention, it is preferable that the access operation receiving module 404 includes:
File generates submodule, for generating the corresponding file of the movable storage device, receives user and is directed to institute
State the access operation of file initiation;
Or, access operation obtains submodule, the access operation initiated for receiving some program according to the device identification.
In the embodiment of the present invention, it is preferable that the secure verification module 406 includes:
Safety operation determines submodule, if being triggered by user by file for the access operation, described in verifying
Access operation is safety operation;
Submodule is verified in safety operation, if being initiated by some program according to the device identification for the access operation,
Then verify whether the access operation is safety operation.
In the embodiment of the present invention, it is preferable that described device further include:
Device identification relating module, after the movable storage device for accessing at described Dui configures device identification, by institute
The device identification and the first safety driving for stating movable storage device are associated.
In the embodiment of the present invention, it is preferable that the secure verification module 406 is specifically used for by accessing the equipment mark
The access operation is sent to the movable storage device by the access control interface for knowing corresponding movable storage device.
In the embodiment of the present invention, it is preferable that the access operation is the read operation to the movable storage device, write operation
Or format manipulation.
According to an embodiment of the present invention, due to not showing the equipment mark to the configuration of the movable storage device of access user terminal
Know, can not directly visit movable storage device by identification device identification and relevant operation, further call is needed to be preset at movement
Access operation is verified in first safety driving of storage equipment, and after being proved to be successful, is just allowed according to access behaviour
Make the access movable storage device and avoids poisoning intrusion and information-leakage to ensure that the safety of movable storage device
The problems such as.
For the above-mentioned incoming call managing device embodiment based on geographical location, due to itself and the basic phase of embodiment of the method
Seemingly, so being described relatively simple, the relevent part can refer to the partial explaination of embodiments of method.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It would have readily occurred to a person skilled in the art that: any combination application of above-mentioned each embodiment is all feasible, therefore
Any combination between above-mentioned each embodiment is all embodiment of the present invention, but this specification exists as space is limited,
This is not just detailed one by one.
Provided herein the incoming call Managed Solution based on geographical location not with any certain computer, virtual system or its
Its equipment is inherently related.Various general-purpose systems can also be used together with teachings based herein.As described above, it constructs
Structure required by system with the present invention program is obvious.In addition, the present invention is not also directed to any certain programmed
Language.It should be understood that can use various programming languages realizes summary of the invention described herein, and above to specific language
Say that done description is in order to disclose the best mode of carrying out the invention.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention
Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect
Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, such as right
As claim reflects, inventive aspect is all features less than single embodiment disclosed above.Therefore, it then follows tool
Thus claims of body embodiment are expressly incorporated in the specific embodiment, wherein each claim conduct itself
Separate embodiments of the invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment
Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any
Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed
All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention
Within the scope of and form different embodiments.For example, in detail in the claims, embodiment claimed it is one of any
Can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors
Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice
Microprocessor or digital signal processor (DSP) are realized in movable storage device access scheme according to an embodiment of the present invention
Some or all components some or all functions.The present invention is also implemented as executing side as described herein
Some or all device or device programs (for example, computer program and computer program product) of method.It is such
It realizes that program of the invention can store on a computer-readable medium, or can have the shape of one or more signal
Formula.Such signal can be downloaded from an internet website to obtain, and perhaps be provided on the carrier signal or with any other shape
Formula provides.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability
Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch
To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame
Claim.
Claims (18)
1. a kind of movable storage device access method, wherein include:
Device identification is configured to the movable storage device of access user terminal, and cancels the device identification in the user accessed
The displaying of the operating system relative position of terminal;
Receive the access operation to the movable storage device, comprising: generate the corresponding file of the movable storage device, connect
It receives user and is directed to the access operation that the file is initiated;Or, receiving the access that some program is initiated according to the device identification
Operation;
It calls the first safety driving for being preset at the movable storage device to carry out safety verification to the access operation, and is testing
After demonstrate,proving successfully, the movable storage device is accessed according to the access operation, wherein access behaviour is initiated in the verifying of the first driver
Whether the program of work is safe, and then whether authentication-access operation is safety operation;
Wherein, described that the first safety driving for being preset at the movable storage device is called to carry out safe test to the access operation
If card includes: that the access operation is triggered by user by file, verifying the access operation is safety operation;If described
Access operation is initiated by some program according to the device identification, then verifies whether the access operation is safety operation.
2. according to the method described in claim 1, wherein, the movable storage device uses NTFS New Technology File System.
3. described to cancel the device identification in the behaviour of the user terminal accessed according to the method described in claim 1, wherein
The displaying for making system includes:
The association setting option for modifying the registration table of the operating system of the user terminal is the movable storage device for not showing access.
4. according to the method described in claim 1, wherein, receiving user to the access operation of the movable storage device described
Before, the method also includes:
The administration interface of movable storage device is generated, and shows in the administration interface device identification and corresponding steps on
Record frame;
The log-on message that user inputs in login frame is verified, and determination is proved to be successful.
5. according to the method described in claim 4, wherein, the method also includes:
It receives and operation is arranged to the attribute of the movable storage device in the administration interface.
6. according to the method described in claim 1, wherein, being preset at the first safety of the movable storage device in the calling
Before driving carries out safety verification to the access operation, the method also includes:
The second driver for being preset at the movable storage device is called to verify whether the access operation is safety operation.
7. according to the method described in claim 1, wherein, the described pair of movable storage device accessed configuration device identification it
Afterwards, the method also includes:
The device identification of the movable storage device and the first safety driving are associated.
8. described to access the movable storage device packet according to the access operation according to the method described in claim 1, wherein
It includes:
By accessing the access control interface of the corresponding movable storage device of the device identification, the access operation is sent to
The movable storage device.
9. according to the method described in claim 1, wherein, the access operation be read operation to the movable storage device,
Write operation or format manipulation.
10. a kind of movable storage device access mechanism, wherein include:
Module is cancelled in device identification, configures device identification for the movable storage device to access user terminal, and described in cancellation
Displaying of the device identification in the operating system relative position of the user terminal accessed;
Access operation receiving module, for receiving the access operation to the movable storage device, comprising: file generates submodule
Block receives user and is directed to the access operation that the file is initiated for generating the corresponding file of the movable storage device;
Or, access operation obtains submodule, the access operation initiated for receiving some program according to the device identification;
Secure verification module, for call be preset at the movable storage device first safety driving to the access operation into
Row safety verification, and after being proved to be successful, the movable storage device is accessed according to the access operation, wherein the first driving journey
Whether the program that access operation is initiated in sequence verifying is safe, and then whether authentication-access operation is safety operation;
Wherein, the secure verification module includes:
Safety operation determines submodule, if being triggered by user by file for the access operation, verifies the access
Operation is safety operation;
Submodule is verified in safety operation, if being initiated by some program according to the device identification for the access operation, is tested
Demonstrate,prove whether the access operation is safety operation.
11. device according to claim 10, wherein the movable storage device uses NTFS New Technology File System.
12. device according to claim 10, in which:
Module is cancelled in the device identification, and the association of the registration table of the operating system specifically for modifying the user terminal is arranged
Item is the movable storage device for not showing access.
13. device according to claim 10, wherein described device further include:
Administration interface generation module, for generating before the reception user is to the access operation of the movable storage device
The administration interface of movable storage device, and the device identification and corresponding login frame are shown in the administration interface;
Log-on message authentication module, for being verified to the log-on message that user inputs in login frame, and determine verifying at
Function.
14. device according to claim 13, wherein described device further include:
Attribute setting operation receiving module, is arranged the attribute of the movable storage device in the administration interface for receiving
Operation.
15. device according to claim 10, wherein described device further include:
Second driver calling module, for calling the be preset at the movable storage device first safe driving pair described
Before the access operation carries out safety verification, calls and be preset at described in the second driver verifying of the movable storage device
Whether access operation is safety operation.
16. device according to claim 10, wherein described device further include:
Device identification relating module, after the movable storage device for accessing at described Dui configures device identification, by the shifting
The device identification of dynamic storage equipment is associated with the first safety driving.
17. device according to claim 10, in which:
The secure verification module, specifically for the access control by accessing the corresponding movable storage device of the device identification
The access operation is sent to the movable storage device by interface.
18. device according to claim 10, wherein the access operation is that the reading to the movable storage device is grasped
Work, write operation or format manipulation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510998032.XA CN105488436B (en) | 2015-12-25 | 2015-12-25 | A kind of movable storage device access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510998032.XA CN105488436B (en) | 2015-12-25 | 2015-12-25 | A kind of movable storage device access method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105488436A CN105488436A (en) | 2016-04-13 |
| CN105488436B true CN105488436B (en) | 2019-05-10 |
Family
ID=55675408
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510998032.XA Active CN105488436B (en) | 2015-12-25 | 2015-12-25 | A kind of movable storage device access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105488436B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108304222A (en) * | 2017-01-13 | 2018-07-20 | 中标软件有限公司 | Apparatus management/control system and method |
| CN108376224A (en) * | 2018-02-24 | 2018-08-07 | 深圳市大迈科技有限公司 | A kind of movable storage device and its encryption method and device |
| CN110162946B (en) * | 2019-05-30 | 2022-08-16 | 奇安信科技集团股份有限公司 | Mobile storage management and control method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1661573A (en) * | 2004-02-24 | 2005-08-31 | 深圳市朗科科技有限公司 | Method for managing notations of disks of mobile storage device |
| CN1866225A (en) * | 2005-05-20 | 2006-11-22 | 联想(北京)有限公司 | Mapping method for mobile memory device |
| CN101350034A (en) * | 2008-09-10 | 2009-01-21 | 普天信息技术研究院有限公司 | Mobile memory apparatus and method for visiting file |
| CN102495986A (en) * | 2011-12-15 | 2012-06-13 | 上海中标凌巧软件科技有限公司 | Calling control method for avoiding embezzlement of enciphered data in computer system |
-
2015
- 2015-12-25 CN CN201510998032.XA patent/CN105488436B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1661573A (en) * | 2004-02-24 | 2005-08-31 | 深圳市朗科科技有限公司 | Method for managing notations of disks of mobile storage device |
| CN1866225A (en) * | 2005-05-20 | 2006-11-22 | 联想(北京)有限公司 | Mapping method for mobile memory device |
| CN101350034A (en) * | 2008-09-10 | 2009-01-21 | 普天信息技术研究院有限公司 | Mobile memory apparatus and method for visiting file |
| CN102495986A (en) * | 2011-12-15 | 2012-06-13 | 上海中标凌巧软件科技有限公司 | Calling control method for avoiding embezzlement of enciphered data in computer system |
Non-Patent Citations (1)
| Title |
|---|
| 基于虚拟卷技术的安全U盘研究与实现;周峰;《中国优秀硕士学位论文全文数据库信息科技辑》;20140615;第2-5、14-27、32-46页 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105488436A (en) | 2016-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105550598B (en) | A kind of method for managing security and device of movable storage device | |
| KR102347562B1 (en) | Security Control Methods and Computer Systems | |
| CN104885092B (en) | Security system and method for operating system | |
| CN104685510B (en) | Recognition application whether be rogue program method, system and storage medium | |
| US20040122774A1 (en) | Method and system for executing applications on a mobile device | |
| EP3089494A1 (en) | Trusted execution environment initialization method and device | |
| Miller | Exploring the NFC attack surface | |
| CN110516428B (en) | Data reading and writing method and device of mobile storage equipment and storage medium | |
| US11205512B2 (en) | Usage control method and system for medical detection device, and medical detection device | |
| CN105488436B (en) | A kind of movable storage device access method and device | |
| US9292701B1 (en) | System and method for launching a browser in a safe mode | |
| CN106096418B (en) | SELinux-based startup security level selection method and device and terminal equipment | |
| CN106294102A (en) | The method of testing of application program, client, server and system | |
| JP2005182798A (en) | Subscriber identification module (sim) emulator | |
| CN107563748B (en) | Processing method and device for account, medium and computing equipment | |
| US11436131B2 (en) | Systems and methods for software testing using a disposable code | |
| CN111355720A (en) | Method, system and equipment for accessing intranet by application and computer storage medium | |
| CN111756703A (en) | Debugging interface management method and device and electronic equipment | |
| EP2579153A1 (en) | Information generation system and method therefor | |
| CN105653991B (en) | A kind for the treatment of method and apparatus of movable storage device | |
| CN112788017A (en) | Safety verification method, device, equipment and medium | |
| CN106127054B (en) | A kind of system-level safety protecting method towards smart machine control instruction | |
| CN111177752B (en) | Credible file storage method, device and equipment based on static measurement | |
| US10530835B2 (en) | Application recording | |
| CN103632086B (en) | The method and apparatus for repairing basic input-output system BIOS rogue program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Co-patentee after: QAX Technology Group Inc. Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Co-patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. |