CN105574425A - Method and device for accessing stored data - Google Patents
Method and device for accessing stored data Download PDFInfo
- Publication number
- CN105574425A CN105574425A CN201510219209.1A CN201510219209A CN105574425A CN 105574425 A CN105574425 A CN 105574425A CN 201510219209 A CN201510219209 A CN 201510219209A CN 105574425 A CN105574425 A CN 105574425A
- Authority
- CN
- China
- Prior art keywords
- data
- system type
- access
- access instruction
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a method for accessing stored data. The method comprises steps as follows: a data access instruction is received; the data access instruction comprises a target data identification; a system type corresponding to the data access instruction is obtained; identity authentication is carried out on the data access instruction according to the system type; and if the identity authentication is passed, an access path corresponding to the target data identification and the system type is returned. Furthermore, the embodiment of the invention further provides a device for accessing the stored data. By the method and the device, occupation on system resources can be reduced; and the utilization rate of the system resources is greatly improved.
Description
Technical field
The present invention relates to technical field of mobile terminals, particularly relate to a kind of method and device of accessing storage data.
Background technology
In existing two-system intelligent terminal, usually adopting the mode of cryptographic storage to ensure the security of storage file under security system, making conventional system cannot read the file stored under security system because there is no decryption method.Therefore, security system, when written document, needs through encryption, when file reading, needs through decryption processing, thus causes security system in the process of reading and writing of files, needs the process constantly encrypted and decrypted.The system resource that in prior art, the mode of this cryptographic storage spends is comparatively large, causes the utilization factor of system resource not high.
Summary of the invention
Given this, in order to solve the not high problem of said system resource utilization, the invention provides a kind of method of accessing storage data, security system is made to require no the process of encryption and decryption when reading and writing of files, only by the process through an authentication, greatly reduce taking system resource, improve the utilization factor of system resource.
Access the method storing data, comprising:
Receive data access instruction, described data access instruction comprises target data mark;
Obtain the system type that described data access instruction is corresponding;
According to described system type, authentication is carried out to described data access instruction;
If described authentication is passed through, then return and the access path that described target data identifies and described system type is corresponding.
Further, the method that described access stores data also comprises: if described authentication failure, show the information that access is failed.
Further, describedly according to described system type, the step that described data access instruction carries out authentication also to be comprised:
Obtain the digital signature that described data access instruction is corresponding, generate private key according to described digital signature, obtain the PKI corresponding with described system type, verify described digital signature by the PKI corresponding with described system type and described private key, if verification is passed through, then authentication is passed through.
Further, the step of the system type that the described data access instruction of described acquisition is corresponding also comprises:
Obtain system type corresponding to described data access instruction according to the process number of init process, described system type is conventional system or security system.
Further, return described in and also comprise with the step of the access path that described target data identifies and described system type is corresponding:
Return and to identify with described target data and described system type is corresponding softly links, described soft link corresponds to the target data in the storage area corresponding with described system type.
In addition, in order to solve the not high technical matters of said system resource utilization, a kind of device of accessing storage data is additionally provided.
Access the device storing data, comprising:
Command reception module, for receiving data access instruction, described data access instruction comprises target data mark;
System type acquisition module, for obtaining system type corresponding to described data access instruction;
Authentication module, for carrying out authentication according to described system type to described data access instruction;
Access path returns module, for when authentication is passed through, returns and the access path that described target data identifies and described system type is corresponding.
Further, described access path returns module also for when described authentication is failed, shows the information that access is failed.
Described authentication module is also for obtaining digital signature corresponding to described data access instruction, private key is generated according to described digital signature, obtain the PKI corresponding with described system type, described digital signature is verified by the PKI corresponding with described system type and described private key, if verification is passed through, then authentication is passed through.
Described system type acquisition module is also for obtaining system type corresponding to described data access instruction according to the process number of init process, and described system type is conventional system or security system.
Described access path returns module and also to identify with described target data and described system type is corresponding softly links for returning, and described soft link corresponds to the target data in the storage area corresponding with described system type.
Compared with prior art, after have employed the method and apparatus of the access storage data that the present invention proposes, the data stored under security system also can adopt stored in clear as stored under conventional system data, make security system does not need through encryption and decryption process when reading and writing of files, only need the process through authentication, ensure that the storage under security system data security prerequisite under, greatly reduce the calculated amount of security system reading and writing of files, reduce taking system resource, improve the utilization factor of system resource.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Wherein:
Fig. 1 is a kind of process flow diagram of accessing the method storing data in an embodiment;
Fig. 2 is the schematic diagram that access in the application scenarios of Android system in an embodiment stores the method for data;
Fig. 3 is a kind of structural drawing of accessing the device storing data in an embodiment.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
For solving the not high problem of said system resource utilization, in one embodiment, spy proposes a kind of method of accessing storage data, the execution of the method can be dependent on the computer system of von Neumann system, and this computer system can be installed the computer equipments such as the smart mobile phone of multisystem, panel computer, notebook computer or PC.Here multisystem can be the different conventional system and security system etc. of security permission, also can be the first operating system, the second operating system, the 3rd operating system etc. that security permission rank is identical.
Concrete, in the present embodiment, this access stores the method for data as shown in Figure 1, specifically comprises the steps:
Step S102: receive data access instruction, described data access instruction comprises target data mark.
Target data can be file or folder, such as, and photograph album, daily record, contact data, system file etc.Target data identifies the filename or file path that are for access destination data.Such as, in the application scenarios of an Android system, user to certain photo in access photograph album, then needs the file path inputting this photo, and generates data access instruction according to the file path of this input.Or user accesses the catalogue at this photo place, the file path of the photo under this catalogue of photograph album application traversal, obtains thumbnail and shows user.Mobile phone operating system, when traveling through the file path of the photo under this catalogue, namely generates data access instruction, and contains the parameter of the file path of this photo in this data access instruction.
Step S104: obtain the system type that described data access instruction is corresponding.
The system type corresponding with data access instruction is the type of the system receiving this data access instruction.Such as, in the application scenarios of Android android, the operation of multisystem is based on same linux kernel, and multiple system is the process of multiple Linux system that this linux kernel runs, and the corresponding process of each system.If certain process receives data access instruction, thus reads target data, then the system type that the data access instruction got is corresponding is the type of system corresponding to this process.
Such as, user is when under conventional system, operational applications is read and write, and the system type got is conventional system type; User is when under security system, operational applications is read and write, and the system type got is security system type.
Further, the acquisition of system type can according to the process number PID of init process (English: ProcessIdentifier, abbreviation: PID) obtain.System type can be conventional system or security system, also can be the first operating system or the second operating system.In Android system, init process is the user level process after linux kernel starts, after receiving data access instruction, be loaded into the kernel that conventional system and security system share, according to submit to data access instruction should be used for obtain system type corresponding to described data access instruction.That is, the identification information of the process corresponding with system can be adopted as system type.
Step S106: authentication is carried out to described data access instruction according to described system type.
The process of carrying out authentication to data access instruction is and judges whether this data access instruction has permission the process of its target data comprised of access.In the running environment of existing triangular web, the mode of data access instruction being carried out to authentication is the mode adopting and verify according to the digital signature of the operator of input data access instruction, namely generate key according to the digital signature of the operator of input data access instruction, then whether meet the authority of accessing corresponding target data by being decrypted the identity judging operator to this key.
And in the present embodiment, for the running environment of multisystem, can be specially the step that described data access instruction carries out authentication according to described system type:
Obtain the digital signature that described data access instruction is corresponding, generate private key according to described digital signature, obtain the PKI corresponding with described system type, verify described digital signature by the PKI corresponding with described system type and described private key, if verification is passed through, then authentication is passed through; Otherwise, authentication failure.
That is, each system can comprise multiple user account, and each user account all has corresponding digital signature.User is when using the operation of certain user account, and the digital signature that the data access instruction of input is corresponding is the digital signature of this user account.Each system generates the PKI with the type matching of system self according to the digital signature of user account in advance, and preserves, namely certain digital signature in each system all to there being different PKI.
Such as, user A (supposes that user A has access rights for the target data comprised in data access instruction) after have input data access instruction in conventional system, the digital signature that this data access instruction is corresponding is the digital signature of user A, when carrying out authentication to this data access instruction, then can obtain the PKI corresponding with the digital signature of user A stored in conventional system, then corresponding according to data access instruction digital signature generates private key, this PKI and this private key match, therefore, the data access instruction authentication that this user A inputs in conventional system is passed through.
Such as, if user A does not have access rights to certain file in the security system, after the access instruction of user A file described in input reference in the security system, the digital signature that this data access instruction is corresponding is the digital signature of user A, when carrying out authentication to this data access instruction, then can obtain the PKI corresponding with the digital signature of user A stored in security system, then corresponding according to data access instruction digital signature generates private key.User A does not have access rights to this file in described security system, and therefore this PKI and this private key can not match, i.e. the access instruction authentication failure of this file of access of inputting in the security system of this user A.
Step S108: if described authentication is passed through, then return and the access path that described target data identifies and described system type is corresponding.This access path corresponds to described target data file or catalogue.That is, for multisystem, can be independently corresponding with the system type storage area of each system divides in advance, and set up the corresponding relation of target data mark and the storage area corresponding with system type.Return identify corresponding access path with target data time, the access path in the storage area of this system type corresponding to target data mark can be searched according to system type.
Such as, the storage area of two systems divided in advance is respectively " sys1 " and " sys2 ", for target data mark " 1.jpg ", if system type is 1, then can return " sys1 1.jpg "; If system type is 2, then can return " sys2 1.jpg ".
Further, return and to identify with described target data and described system type is corresponding softly links, described soft link corresponds to the target data in the storage area corresponding with described system type.Soft link includes one and points to quoting of file destination or catalogue with the form of absolute path or relative path, can link the file of different file.That is, the file that contains access path can be returned.
In the application scenarios of an Android system, as shown in Figure 2, the interface function by the data access revising bottom realizes above-mentioned logic.Such as, the Environment class in Android system can be revised, in such, contain the interface function getExternalStorageDirectory () obtaining access path.Can add the step of Logic judgment in this interface function, for often kind of system, this interface function getExternalStorageDirectory () all returns corresponding file path or soft link.When be applied in carry out this interface function of data access calls time, this function is given as parameters input using system type and target data mark, this function, by judging system type, selects corresponding call back function to return identifying corresponding file path with target data or softly to link under this system type.
In addition, in one embodiment, for solving the not high problem of said system resource utilization, also proposed a kind of device of accessing storage data, as shown in Figure 3, comprise: command reception module 302, system type acquisition module 304, authentication module 306, access path return module 308, wherein:
Command reception module 302, for receiving data access instruction, described data access instruction comprises target data mark;
System type acquisition module 304, for obtaining system type corresponding to described data access instruction;
Authentication module 306, for carrying out authentication according to described system type to described data access instruction;
Access path returns module 308, for when authentication is passed through, returns and the access path that described target data identifies and described system type is corresponding.
In the present embodiment, access path returns module 308 also for when described authentication is failed, shows the information that access is failed.
In the present embodiment, authentication module 306 is also for obtaining digital signature corresponding to described data access instruction, private key is generated according to described digital signature, obtain the PKI corresponding with described system type, described digital signature is verified by the PKI corresponding with described system type and described private key, if verification is passed through, then authentication is passed through.
In the present embodiment, system type acquisition module 304 is also for obtaining system type corresponding to described data access instruction according to the process number of init process, and described system type is conventional system or security system.
In the present embodiment, access path returns module 308 and also to identify with described target data and described system type is corresponding softly links for returning, and described soft link corresponds to the target data in the storage area corresponding with described system type.
In sum, after implementing the embodiment of the present invention, following beneficial effect will be had:
After have employed the method for the access storage data that the present invention proposes and the device of access storage data, compared with prior art, the data stored under security system also can adopt stored in clear, make security system does not need through encrypting and decrypting process when reading and writing of files, only need the process through authentication, ensure that the storage under security system data security prerequisite under, greatly reducing security system is all and the calculated amount of file, reduce taking system resource, improve the occupancy of system resource.
One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-OnlyMemory, ROM) or random store-memory body (RandomAccessMemory, RAM) etc.
Above disclosedly be only present pre-ferred embodiments, certainly can not limit the interest field of the present invention with this, therefore according to the equivalent variations that the claims in the present invention are done, still belong to the scope that the present invention is contained.
Claims (10)
1. access the method storing data, comprising:
Receive data access instruction, described data access instruction comprises target data mark;
Obtain the system type that described data access instruction is corresponding;
According to described system type, authentication is carried out to described data access instruction;
If described authentication is passed through, then return and the access path that described target data identifies and described system type is corresponding.
2. access as claimed in claim 1 stores the method for data, it is characterized in that, if described authentication failure, shows the information that access is failed.
3. access as claimed in claim 1 stores the method for data, it is characterized in that, describedly also comprises the step that described data access instruction carries out authentication according to described system type:
Obtain the digital signature that described data access instruction is corresponding, generate private key according to described digital signature, obtain the PKI corresponding with described system type, verify described digital signature by the PKI corresponding with described system type and described private key, if verification is passed through, then authentication is passed through.
4. access as claimed in claim 1 stores the method for data, and it is characterized in that, the step of the system type that the described data access instruction of described acquisition is corresponding also comprises:
Obtain system type corresponding to described data access instruction according to the process number of init process, described system type is conventional system or security system.
5. access as claimed in claim 4 stores the method for data, it is characterized in that, described in return and also comprise with the step of the access path that described target data identifies and described system type is corresponding:
Return and to identify with described target data and described system type is corresponding softly links, described soft link corresponds to the target data in the storage area corresponding with described system type.
6. access the device storing data, comprising:
Command reception module, for receiving data access instruction, described data access instruction comprises target data mark;
System type acquisition module, for obtaining system type corresponding to described data access instruction;
Authentication module, for carrying out authentication according to described system type to described data access instruction;
Access path returns module, for when authentication is passed through, returns and the access path that described target data identifies and described system type is corresponding.
7. access as claimed in claim 6 stores the device of data, it is characterized in that, access path returns module also for when described authentication is failed, shows the information that access is failed.
8. access as claimed in claim 6 stores the device of data, it is characterized in that, described authentication module is also for obtaining digital signature corresponding to described data access instruction, private key is generated according to described digital signature, obtain the PKI corresponding with described system type, verify described digital signature by the PKI corresponding with described system type and described private key, if verification is passed through, then authentication is passed through.
9. access as claimed in claim 6 stores the device of data, it is characterized in that, described system type acquisition module is also for obtaining system type corresponding to described data access instruction according to the process number of init process, and described system type is conventional system or security system.
10. access as claimed in claim 9 stores the device of data, it is characterized in that, described access path returns module and also to identify with described target data and described system type is corresponding softly links for returning, and described soft link corresponds to the target data in the storage area corresponding with described system type.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510219209.1A CN105574425B (en) | 2015-04-30 | 2015-04-30 | Access the method and device of storage data |
PCT/CN2015/082958 WO2016173116A1 (en) | 2015-04-30 | 2015-06-30 | Method and device for accessing storage data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510219209.1A CN105574425B (en) | 2015-04-30 | 2015-04-30 | Access the method and device of storage data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105574425A true CN105574425A (en) | 2016-05-11 |
CN105574425B CN105574425B (en) | 2018-06-15 |
Family
ID=55884541
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510219209.1A Active CN105574425B (en) | 2015-04-30 | 2015-04-30 | Access the method and device of storage data |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105574425B (en) |
WO (1) | WO2016173116A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107911820A (en) * | 2017-12-28 | 2018-04-13 | 上海传英信息技术有限公司 | Secret system data file management method and terminal device |
CN108733467A (en) * | 2017-04-20 | 2018-11-02 | 海马云(天津)信息技术有限公司 | The method and device of electronic equipment operation application, electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101547092A (en) * | 2008-03-27 | 2009-09-30 | 天津德智科技有限公司 | Method and device for data synchronization of multi-application systems for unifying user authentication |
CN102043927A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Computer system for data divulgence protection |
CN103268455A (en) * | 2013-05-09 | 2013-08-28 | 华为技术有限公司 | Method and device for accessing data |
CN104168291A (en) * | 2014-08-29 | 2014-11-26 | 宇龙计算机通信科技(深圳)有限公司 | Data access method, data access device and terminal |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014089652A (en) * | 2012-10-31 | 2014-05-15 | Toshiba Corp | Information processing apparatus |
GB201221433D0 (en) * | 2012-11-28 | 2013-01-09 | Hoverkey Ltd | A method and system of providing authentication of user access to a computer resource on a mobile device |
CN104284027A (en) * | 2014-10-29 | 2015-01-14 | 东莞宇龙通信科技有限公司 | Authority management method and authority management system for terminal |
-
2015
- 2015-04-30 CN CN201510219209.1A patent/CN105574425B/en active Active
- 2015-06-30 WO PCT/CN2015/082958 patent/WO2016173116A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101547092A (en) * | 2008-03-27 | 2009-09-30 | 天津德智科技有限公司 | Method and device for data synchronization of multi-application systems for unifying user authentication |
CN102043927A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Computer system for data divulgence protection |
CN103268455A (en) * | 2013-05-09 | 2013-08-28 | 华为技术有限公司 | Method and device for accessing data |
CN104168291A (en) * | 2014-08-29 | 2014-11-26 | 宇龙计算机通信科技(深圳)有限公司 | Data access method, data access device and terminal |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108733467A (en) * | 2017-04-20 | 2018-11-02 | 海马云(天津)信息技术有限公司 | The method and device of electronic equipment operation application, electronic equipment |
CN107911820A (en) * | 2017-12-28 | 2018-04-13 | 上海传英信息技术有限公司 | Secret system data file management method and terminal device |
Also Published As
Publication number | Publication date |
---|---|
WO2016173116A1 (en) | 2016-11-03 |
CN105574425B (en) | 2018-06-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103268455B (en) | The access method of data and device | |
US20150081644A1 (en) | Method and system for backing up and restoring a virtual file system | |
EP1764721B1 (en) | Apparatus and method for controlling access to an external memory | |
KR101382222B1 (en) | System and method for mobile data loss prevention which uses file system virtualization | |
CN109246089B (en) | Role-based front-end and back-end separation architecture access control system and method | |
CN107111728B (en) | Secure key derivation functionality | |
CN111931154B (en) | Service processing method, device and equipment based on digital certificate | |
CN113079200A (en) | Data processing method, device and system | |
CN105446713A (en) | Safe storage method and equipment | |
US20140281499A1 (en) | Method and system for enabling communications between unrelated applications | |
JP2007526573A (en) | Secure resource sharing between applications in independent execution environments within a retrieveable token (eg smart card) | |
WO2017181968A1 (en) | Method for processing application file, method and device for accessing application file, and storage medium | |
CN115134067A (en) | Method for detecting private data leakage | |
CN111177701A (en) | Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip | |
CN210627203U (en) | UICC device with safe storage function | |
CN113918999A (en) | Method and device for establishing safe ferry channel, network disk and storage medium | |
CN106529271A (en) | Terminal and binding check method thereof | |
CN105574425A (en) | Method and device for accessing stored data | |
US12056251B2 (en) | Systems and methods for protecting a folder from unauthorized file modification | |
CN116756774A (en) | Secure storage control method and device for user data | |
CN116049318A (en) | Data storage method and communication device | |
CN111147430A (en) | Encryption method and device applied to intelligent home gateway | |
US7738854B2 (en) | External memory management apparatus and external memory management method | |
US20110138189A1 (en) | Systems and methods for managing storage devices | |
JP2020500381A (en) | Method and apparatus for publishing a work to a network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |