CN106709361A - File content hidden storage access method based on capacity hiding and multi-file system and storage device of method - Google Patents
File content hidden storage access method based on capacity hiding and multi-file system and storage device of method Download PDFInfo
- Publication number
- CN106709361A CN106709361A CN201611080008.9A CN201611080008A CN106709361A CN 106709361 A CN106709361 A CN 106709361A CN 201611080008 A CN201611080008 A CN 201611080008A CN 106709361 A CN106709361 A CN 106709361A
- Authority
- CN
- China
- Prior art keywords
- access
- storage
- storage device
- hidden
- main frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention relates to a file content hidden storage access method based on capacity hiding and a multi-file system and a device of the method. The method comprises the specific steps that first, a capacity request command sent by a master device is monitored through a monitoring unit in a slave device, and the slave device end analyzes a master device access command; if the master device access command is for normal access to a storage area, capacity identification information for normal access to the storage area is fed back to the master device; if the received master device access command is for hidden access to the storage area, identity recognition is needed, and corresponding capacity identification information for hidden access to the storage area i is fed back to the master device after identity recognition is passed; a data elimination function is also provided, wherein when the hidden system is attempted to be cracked, a self-destruction module of a mobile storage device will be triggered to thoroughly eliminate secret files in the hidden area. Through the method, the problems that the stability of the hidden files is affected by an operating system and the hidden files are destroyed by attackers can be effectively solved, and therefore the security of hidden storage file data is effectively guaranteed.
Description
Technical field
It is more particularly to a kind of to be hidden and multifile system based on capacity the invention belongs to mobile storage security technology area
File content hides storage access method and its storage device.
Background technology
Movable storage device application with USB as interface is more and more extensive, such as USB flash disk, has become the transfer of data transfer
Stand, key player is play in the data exchange of intercomputer.At the same time, the safety issue of data also becomes increasingly conspicuous,
Personal vital document information is often stolen or is destroyed, and the hiding storage of file content is sensitive often as one kind protection
The important method of data message, the research for carrying out hiding storage file content maintenance secure data area is surging forward.
Existing file hiding technology mainly has following several:Edit the registry so that user cannot be by common text
Part operation is seen and is hidden file;By files such as image, videos as host file, ghost file is hidden wherein, such as
Image Watermarking Technique can be by file hiding in image information;Mounting API calls, use user-defined file management
The mode of the entry address of correlation function mounting system original management function, filters the access information of hidden file so that use
Family cannot be by explorer, it is seen that the file being hidden;Not the characteristics of label file not being shown using system, by changing text
Part attribute realizes hiding for file as label attribute;The first cluster number of file in directory entry can also be changed in addition to increase text
Part hides intensity;At present it is proposed that by changing directory entry attribute and reconstructing the file hiding method of FAT table sequence;Also
File hiding method then utilize Nand flash storage chip features, the redundant block that file storage is used for bad block management at it
In, realize file hiding;Somebody is proposed file hiding in the file system in the sector fragment of existing file.
For file hiding, its most important criterion is exactly can not feeling for the hiding intensity of file, i.e. file hiding
Intellectual and crack search hidden file required for time complexity and technical difficulty.The above method can realize file
Hide, but it is different to hide intensity.File is lived with the method in host file is easily influenceed by the operation of host file, Shandong
Rod is too poor;And utilize the method for storage chip feature hidden file to hide intensity preferably, but hidden capacity is less, easy shadow
Ring the management of chip bad block;There is stronger disguise, but its robustness come the method for hidden file using the redundant area of file
Difference, hidden capacity is small, is easily influenceed by file operation;Other several methods are all the host side technologies for using, and such as filtering is driven
Dynamic, modification file attribute, reconstruct FAT table etc..In addition, existing file hiding method relies on operating system realizing, and do not apply to
In movable storage device.Above file hiding method has two major defects:(1)Can not perceiving for hidden file is not accounted for
Property, i.e. attacker readily appreciates that the presence of hidden file, so as to steal hidden file;(2)Hidden file is easily grasped by file
The influence of work, such as format device.Attacker can destroy hidden file by format device.
The content of the invention
In consideration of it, the present invention provides a kind of being hidden based on capacity hides storage access side with the file content of multifile system
Method and its storage device, hiding memory block and general memory area are isolated, and improve the security and robustness of hidden file,
And hidden capacity is big, simple to operate.
It is a kind of to hide hidden with the file content of multifile system based on capacity according to design provided by the present invention
Storage access method is hidden, for the access of the hiding data storage in main frame periphery, movable storage device storage region is divided into commonly
Access storage areas and n hiding access storage areas, n hiding access storage areas are expressed as:Access storage areas 1 are hidden, is hidden and is visited
Ask memory block 2 ..., hide access storage areas n, the storage is identified by the flag byte of storage device physical block redundant area and is set
Each standby access storage areas, carry out logic storage to the mapping of physical store, and multifile system is set up stored mobile respectively
In each access storage areas of equipment, the access of the hiding data storage is specifically comprised the following steps:
Step 1, host request access movable storage device capacity, and movable storage device parses the request visit order, and passes through
Address mapping method based on look-up table determines the access storage areas that current request is accessed, and according to access storage areas file
System determines whether that request accesses generic access memory block, if so, generic access memory block capacity information then is fed back into master
Machine;Otherwise, authentication is carried out, if certification passes through, the hiding access storage areas capacity information feedback that corresponding requests are accessed
To main frame, if certification does not pass through, generic access memory block capacity information is fed back into main frame;
Step 2, setting access the threshold value of limited number of times, hide the initialization of access storage areas counter;
Step 3, write operation is received according to movable storage device, carry out authentication;
If step 4, certification pass through, main frame obtains the access rights to the hiding access storage areas of movable storage device, and returns
Step 3 is returned to perform;If certification does not pass through, main frame obtains the access rights of the generic access memory block of movable storage device, and
Hide access storage areas counter and add 1 counting;
Step 5, judge Counter Value whether reach access limited number of times threshold value, if so, being then hidden access storage areas number
Operated according to self-destruction, access storage areas data are hidden in cleaning, and return to step 3 is performed, otherwise, direct return to step 3 is performed.
Above-mentioned, main frame obtains the access rights to the hiding access storage areas of movable storage device, and particular content is:It is main
Machine free switching between generic access memory block and n hiding access storage areas according to request requirements for access.
Above-mentioned, main frame obtains the access rights of the generic access memory block of movable storage device, and particular content is:Limit
Main frame can only ask to access in generic access memory block.
Above-mentioned, described authentication, specifically comprising following content:After movable storage device access host, main frame pair
Movable storage device carries out enumerating identification, after movable storage device driver is installed successfully, main frame direct access generic access
The access rights of memory block;Main frame performs the switching that write operation initiates memory block to movable storage device, is instructed by sending CBW
Wrap to movable storage device, movable storage device parses the instruction and wraps and judge whether to the authority of main frame memory block switching.
Preferably, described movable storage device parses the instruction and wraps and judge whether to the power of main frame memory block switching
Limit, specifically refers to:Movable storage device parses the instruction bag, and the authority for reading current accessed memory block respective file system becomes
Amount, determines whether to give the authority of host request access according to authority variable.
Above-mentioned, access storage areas data self-destruction operation is hidden, specifically refer to:Using the number override based on key page
According to sweep-out method, current access storage areas data of hiding are purged.
A kind of being hidden based on capacity hides storage device with the file content of multifile system, located at movable storage device
Interior, the storage for general data and hiding data is accessed, comprising storage access module, authentication module and data cleansing mould
Block, storage access module includes storage access monitoring unit, generic storage access unit and multiple hiding memory access units;It is general
Logical memory access units, foundation has the file system of general data, and the storage for general data is accessed;Hide storage and access single
Unit sets up the file system for having hiding data respectively, and the storage for hiding data is accessed;Storage access monitoring unit, for root
Determine whether that the storage for giving the hiding memory access units of its correspondence is visited according to host access request and by authentication module
Authority is asked, and trigger data cleaning module is determined whether according to the authentication information that authentication module is fed back.
Wherein, described authentication module, for carrying out host identities certification according to host write operation, comprising counter
Unit and identification authenticating unit, identification authenticating unit access packet by the request that movable storage device parses main frame, obtain
The memory access units information for accessing is asked, and judges to be according to the corresponding file system rights state of the memory access units
It is no by authentication, if authentication passes through, by result feed back to storage access monitoring unit, if authentication is not led to
Cross, then rolling counters forward, and result is fed back into storage access monitoring unit.
Wherein, described storage access monitoring unit feeds back according to the result of authentication module, if authentication passes through,
Then storage access monitoring unit gives the access rights of main frame respective stored access unit;If authentication does not pass through, store
Access monitoring unit gives main frame and only accesses the access rights of generic storage access unit, and it is pre- to judge whether Counter Value reaches
If access limited number of times threshold value, if having reached the threshold value, trigger data cleaning module, otherwise, continuation behaviour is write according to main frame
Carry out authentication.
Wherein, described data cleansing module, for accessing mould to storage according to the trigger signal of storage access monitoring list
Block carries out data cleansing operation.
Beneficial effects of the present invention:
Compared with prior art, the present invention monitors the requests for capacity life that main equipment sends by the monitoring unit in slave unit first
Order, slave unit end parsing main equipment visit order, if the order of normal access storage areas, then by the appearance of normal access storage areas
Amount identification information feedback, if what is received is to hide access storage areas order, needs identification to main equipment, passes through
Afterwards, by the capacity identification information feedback of corresponding hiding access storage areas i to main equipment, i.e. current memory area capacity;It is this
Mechanism makes to need document to be protected to be stored in hiding memory block, and ID authentication mechanism controls to visit the mandate of hidden area
Ask, access of the operating system to hidden area is transparent, and this is the main distinction that the invention is different from other file hiding methods;
In addition, the present invention also provides data dump function, movable storage device oneself can be triggered when the hiding system is attempted to crack
Module is ruined, the secret papers of hidden area are thoroughly removed.The present invention can effectively solve the problem that the stabilization of hidden file by operating system
The problems such as influenceing and destroyed by attacker, has been effectively ensured the security of hiding storage file data.
Brief description of the drawings:
Fig. 1 is method of the present invention schematic flow sheet;
Fig. 2 is schematic device of the invention;
Fig. 3 implements flow chart for the present invention;
Fig. 4 is authentication schematic diagram of the present invention.
Specific embodiment:
The present invention is further detailed explanation with technical scheme below in conjunction with the accompanying drawings, and by preferred embodiment specifically
Bright embodiments of the present invention, but embodiments of the present invention are not limited to this.
Embodiment one, shown in Figure 1, a kind of being hidden based on capacity hides storage visit with the file content of multifile system
Method is asked, for the access of the hiding data storage in main frame periphery, movable storage device storage region is divided into generic access storage
Area and n hiding access storage areas, n hiding access storage areas are expressed as:Hide access storage areas 1, hide access storage areas
2nd ... access storage areas n, is hidden, each of the storage device is identified by the flag byte of storage device physical block redundant area
Access storage areas, carry out logic storage to the mapping of physical store, and each file system is set up in movable storage device pair respectively
In the access storage areas answered, the access of the hiding data storage is specifically comprised the following steps:
Step 1, host request access movable storage device capacity, and movable storage device parses the request visit order, and passes through
Address mapping method based on look-up table determines the access storage areas that current request is accessed, and according to access storage areas file
System determines whether that request accesses generic access memory block, if so, generic access memory block capacity information then is fed back into master
Machine;Otherwise, authentication is carried out, if certification passes through, the hiding access storage areas capacity information feedback that corresponding requests are accessed
To main frame, if certification does not pass through, generic access memory block capacity information is fed back into main frame;
Step 2, setting access the threshold value of limited number of times, hide the initialization of access storage areas counter;
Step 3, write operation is received according to movable storage device, carry out authentication;
If step 4, certification pass through, main frame obtains the access rights to the hiding access storage areas of movable storage device, and returns
Step 3 is returned to perform;If certification does not pass through, main frame obtains the access rights of the generic access memory block of movable storage device, and
Hide access storage areas counter and add 1 counting;
Step 5, judge Counter Value whether reach access limited number of times threshold value, if so, being then hidden access storage areas number
Operated according to self-destruction, access storage areas data are hidden in cleaning, and return to step 3 is performed, otherwise, direct return to step 3 is performed.
Above-mentioned, main frame obtains the access rights to the hiding access storage areas of movable storage device, and particular content is:It is main
Machine free switching between generic access memory block and n hiding access storage areas according to request requirements for access.
Above-mentioned, main frame obtains the access rights of the generic access memory block of movable storage device, and particular content is:Limit
Main frame can only ask to access in generic access memory block.
Above-mentioned, described authentication, specifically comprising following content:After movable storage device access host, main frame pair
Movable storage device carries out enumerating identification, after movable storage device driver is installed successfully, main frame direct access generic access
The access rights of memory block;Main frame performs the switching that write operation initiates memory block to movable storage device, is instructed by sending CBW
Wrap to movable storage device, movable storage device parses the instruction and wraps and judge whether to the authority of main frame memory block switching.
Preferably, described movable storage device parses the instruction and wraps and judge whether to the power of main frame memory block switching
Limit, specifically refers to:Movable storage device parses the instruction bag, and the authority for reading current accessed memory block respective file system becomes
Amount, determines whether to give the authority of host request access according to authority variable.
Above-mentioned, access storage areas data self-destruction operation is hidden, specifically refer to:Using the number override based on key page
According to sweep-out method, current access storage areas data of hiding are purged.
Embodiment two, shown in Figure 1, a kind of being hidden based on capacity hides storage visit with the file content of multifile system
Method is asked, for the access of the hiding data storage in main frame periphery, movable storage device storage region is divided into generic access storage
Area and n hiding access storage areas, n hiding access storage areas are expressed as:Hide access storage areas 1, hide access storage areas
2nd ... access storage areas n, is hidden, each of the storage device is identified by the flag byte of storage device physical block redundant area
Access storage areas, carry out logic storage to the mapping of physical store, and multifile system is set up in the every of movable storage device respectively
Individual access storage areas, the access of the hiding data storage is specifically comprised the following steps:
Step 1, host request access movable storage device capacity, and movable storage device parses the request visit order, and passes through
The access storage areas that current request is accessed are determined based on the address of cache of look-up table gLog2Phy [], and is stored according to accessing
Area file system determines whether that request accesses generic access memory block, if so, then that generic access memory block capacity information is anti-
Feed main frame;Otherwise, authentication is carried out, if certification passes through, the hiding access storage areas capacity letter that corresponding requests are accessed
Breath feeds back to main frame, if certification does not pass through, generic access memory block capacity information is fed back into main frame;
Step 2, setting access the threshold value of limited number of times, hide the initialization of access storage areas counter;
Step 3, write operation is received according to movable storage device, carry out authentication;
If step 4, certification pass through, main frame obtains the access rights to the hiding access storage areas of movable storage device, that is, lead
Machine free switching between generic access memory block and n hiding access storage areas according to request requirements for access, and return to step 3 holds
OK;If certification does not pass through, main frame obtains the access rights of the generic access memory block of movable storage device, that is, limit main frame only
Can ask to access in generic access memory block, and hide access storage areas counter and add 1 counting;
Step 5, judge Counter Value whether reach access limited number of times threshold value, if so, being then hidden access storage areas number
Operated according to self-destruction, using the data clearing method override based on key page, current access storage areas data of hiding be purged,
Access storage areas data are hidden in cleaning, and return to step 3 is performed, and otherwise, direct return to step 3 is performed.
Wherein, authentication, particular content is as follows:After movable storage device access host, main frame is to movable storage device
Carry out enumerating identification, after movable storage device driver is installed successfully, the access of main frame direct access generic access memory block
Authority;Main frame performs the switching that write operation initiates memory block to movable storage device, instructs bag to be stored to mobile by sending CBW
Equipment, movable storage device parses the instruction bag, the authority variable of current accessed memory block respective file system is read, according to power
Limit variable determines whether to give the authority of host request access.
Embodiment three, shown in Figure 2, a kind of being hidden based on capacity hides storage dress with the file content of multifile system
Put, in movable storage device, the storage for general data and hiding data is accessed, comprising storage access module, identity
Authentication module and data cleansing module, storage access module include storage access monitoring unit, generic storage access unit and many
Individual hiding memory access units;Generic storage access unit, foundation has the file system of general data, for depositing for general data
Storage is accessed;Hiding memory access units set up the file system of hiding data respectively, and the storage for hiding data is accessed;Deposit
Storage access monitoring unit, for determining whether that giving its correspondence hides according to host access request and by authentication module
The storage access rights of memory access units, and determine whether that trigger data is clear according to the authentication information that authentication module is fed back
Mold cleaning block.
Example IV, shown in Figure 2, a kind of being hidden based on capacity hides storage dress with the file content of multifile system
Put, in movable storage device, the storage for general data and hiding data is accessed, comprising storage access module, identity
Authentication module, data cleansing module, storage access module include storage access monitoring unit, generic storage access unit and multiple
Hide memory access units;Generic storage access unit, foundation has the file system of general data, for the storage of general data
Access;Hiding memory access units set up the file system of hiding data respectively, and the storage for hiding data is accessed;Storage
Access monitoring unit, for determining whether that giving its corresponding hiding deposits according to host access request and by authentication module
The storage access rights of access unit are stored up, and determines whether that trigger data is cleaned according to the authentication information that authentication module is fed back
Module;Wherein, described authentication module, for carrying out host identities certification according to host write operation, comprising counter list
Unit, identification authenticating unit, identification authenticating unit access packet by the request that movable storage device parses main frame, obtain request
The memory access units information of access, and determine whether to lead to according to the corresponding file system rights state of the memory access units
Authentication is crossed, if authentication passes through, result storage access monitoring unit is fed back into, if authentication does not pass through,
Rolling counters forward, and result is fed back into storage access monitoring unit.
Wherein, described storage access monitoring unit realizes the management to storage region in movable storage device, completes master
Machine logical address realizes transparent mode pipe of the operating system to file system access to the mapping of movable storage device physical address
Reason;Storage access monitoring unit feeds back according to the result of authentication module, if authentication passes through, stores access monitoring list
Unit gives the access rights of main frame respective stored access unit;If authentication does not pass through, storage access monitoring unit gives
Main frame only accesses the access rights of generic storage access unit, and judges whether Counter Value reaches default access limited number of times
Threshold value, if having reached the threshold value, trigger data cleaning module, otherwise, continuation carries out authentication according to host write operation.
Wherein, described data cleansing module, for accessing mould to storage according to the trigger signal of storage access monitoring list
Block carries out data cleansing operation.
The storage region of storage device is divided into some by the present invention:Normal access storage areas and hiding access store
Area 1, hide access storage areas 2 ..., hide access storage areas n, i.e., the physical storage block of storage device is logically divided into many
Individual storage region, when logical storage is mapped to physical storage areas, by the mark for being stored in physical block redundant area in advance
Byte is identified, and when flag byte writes different values, logic storage will be mapped to different physical storage block regions;When master sets
During the order of standby request slave unit capacity, slave unit end analyzing device visit order, if the order of normal access storage areas, then
By the capacity identification information feedback of normal access storage areas to main equipment, if what is received is to hide access storage areas order,
Identification is then needed, by rear, by the capacity identification information feedback of corresponding hiding access storage areas i to main equipment, that is, is worked as
The capacity of preceding memory block, uses format manipulation respectively in normal access storage areas and hiding access storage areas at main equipment end
Respective file system is set up, formatted capacity depends on the memory block capacity that capacity marking byte is provided;Set up authentication
Mechanism, sets interruption and patrols and examines mechanism at main equipment end, and when slave unit accesses master system, slave unit produces interrupt requests,
Main equipment interrupts normal process affairs, patrols and examines access device, and after slave unit is normally connected, main equipment sends authentication letter
Breath, and authentication is carried out by the intelligent processor in slave unit, if authentication does not pass through, main equipment is to slave unit
Storage access normally can only be carried out access storage areas, if authentication passes through, main equipment can be to the storage of slave unit access
The multiple of normal access storage areas and configuration hides between access storage areas freely handover access, under normal circumstances by slave unit
When accessing master system, main equipment will carry out enumerating identification to slave unit, after slave unit driver is installed successfully directly
What is entered is normal access storage areas;User sends operational order by write operation mode at main equipment end to slave unit, from setting
When intelligent processor in standby receives the order for carrying out authentication, then carry out authenticating user identification, certification pass through after from setting
The standby authority that access storage areas are hidden to user's open visit, user freely can hide in normal access storage areas and multiple
Free switching is accessed between access storage areas;Otherwise just processed by normal write operation order;User obtain Hyperaccess from
After the authority of equipment, file content to be concealed can be stored in some the hiding access storage areas specified, storage operation
After the completion of, it is switched to normal access storage areas.
Movable storage device refers to the USB movable storage devices with intelligent processor in the present invention;The capacity of storage device is hidden
Hide, be that, by the interception to master devices request place capacity order, what is fed back when request is returned is the appearance of corresponding region
Value, is not the real physical block memory capacity of slave unit.Multifile system, is that on the basis of capacity is hidden, will store
Zoning be divided into normal access storage areas and hiding access storage areas 1, hide access storage areas 2 ..., hide access storage areas n
Deng multiple storage regions, when logical storage is mapped to physical storage areas, by being stored in physical block redundant area in advance
Flag byte is identified, and when flag byte writes different values, logic storage will be mapped to different physical storage block regions.Body
Part authentication mechanism, is to limit unauthorized user to hiding the access of access storage areas, it is therefore an objective to which protection is hidden to access and stored
The safety in area.
Referring to shown in Fig. 3 and Fig. 4, multifile system is set up in each access storage areas of movable storage device respectively,
The quantity of multifile system and memory block is to correspond, after movable storage device divides memory block, then with memory block capacity
Corresponding position in corresponding file system parameter read-in memory block, so each memory block is owned by an independent file system
System;The trigger flag position that the switching of multifile system is switched using change flag bits as file system, as change=0, no
Need to switch file system;Work as change>When 0, switch current file system to target file system;Multifile system with
Status as current addressable file system mark, as status=0, the memory block where current file system is
Generic access memory block;Work as status>When 0, the memory block where current file system is to hide access storage areas.Slave unit is blocked
The order of master devices request slave unit memory capacity is cut, multiple independent hiding memory blocks is marked off from former memory block, by master
Equipment is to each hidden area of the access map of slave unit memory block, so needing, when master devices request obtains place capacity, to block
The return value of the order is cut, and the capability value of setting is fed back to main equipment;When slave unit accesses main equipment, slave unit prison
Survey the read write command that main equipment sends;When user needs to access hides memory block, it is necessary to which sending authentication to slave unit please
Ask, user authentication data is largely mixed to be stored in a pile general data, and the intelligent processor in slave unit is monitored for identity mark
Enter authentication during the characteristic of knowledge.Slave unit is switched to a corresponding hiding storage area file system by certification after passing through
The physical address space of hidden area, is mapped to logical address space by system, the logical address space mapping of such main frame it is current
The physical address space of file system will be replaced by the physical address space of hidden area.The safeguard protection of hidden area.User
Authentification failure number of times exceed preset threshold values when, equipment will log-on data remove module, do not destroying the situation of file system
The all data stored on lower removing physical block.
The present invention is not limited to above-mentioned specific embodiment, and those skilled in the art can also accordingly make various changes, but
It is any all to cover within the scope of the claims with equivalent or similar change of the invention.
Claims (10)
1. a kind of being hidden based on capacity hides storage access method with the file content of multifile system, is hidden for main frame periphery
The access of data storage, it is characterised in that:Movable storage device storage region is divided into generic access memory block and n is hidden visit
Memory block is asked, n hiding access storage areas are expressed as:Hide access storage areas 1, hide access storage areas 2 ..., hide access
Memory block n, each access storage areas of the storage device are identified by the flag byte of storage device physical block redundant area, are entered
The mapping of physical store is arrived in the storage of row logic, and each file system is set up deposited in corresponding each access of movable storage device respectively
Storage area, the access of the hiding data storage is specifically comprised the following steps:
Step 1, host request access movable storage device capacity, and movable storage device parses the request visit order, and passes through
Address mapping method based on look-up table determines the access storage areas that current request is accessed, and according to access storage areas file system
System determines whether that request accesses generic access memory block, if so, generic access memory block capacity information then is fed back into main frame;
Otherwise, authentication is carried out, if certification passes through, the hiding access storage areas capacity information that corresponding requests are accessed master is fed back into
Machine, if certification does not pass through, main frame is fed back to by generic access memory block capacity information;
Step 2, setting access the threshold value of limited number of times, hide the initialization of access storage areas counter;
Step 3, write operation is received according to movable storage device, carry out authentication;
If step 4, certification pass through, main frame obtains the access rights to the hiding access storage areas of movable storage device, and returns
Step 3 is returned to perform;If certification does not pass through, main frame obtains the access rights of the generic access memory block of movable storage device, and
Hide access storage areas counter and add 1 counting;
Step 5, judge Counter Value whether reach access limited number of times threshold value, if so, being then hidden access storage areas number
Operated according to self-destruction, access storage areas data are hidden in cleaning, and return to step 3 is performed, otherwise, direct return to step 3 is performed.
2. according to claim 1 being hidden based on capacity hides storage access method with the file content of multifile system,
It is characterized in that:Main frame in step 3 obtains the access rights to the hiding access storage areas of movable storage device, particular content
For:Main frame free switching between generic access memory block and n hiding access storage areas according to request requirements for access.
3. according to claim 1 being hidden based on capacity hides storage access method with the file content of multifile system,
It is characterized in that:Main frame in step 3 obtains the access rights of the generic access memory block of movable storage device, particular content
For:Limiting main frame can only ask to access in generic access memory block.
4. the file content of being hidden based on capacity according to any one of claim 1 ~ 3 and multifile system is hidden storage and visited
Ask method, it is characterised in that:Described authentication, specifically comprising following content:After movable storage device access host, main frame
Movable storage device is carried out to enumerate identification, after movable storage device driver is installed successfully, main frame direct access is commonly visited
Ask the access rights of memory block;Main frame performs the switching that write operation initiates memory block to movable storage device, is referred to by sending CBW
To movable storage device, movable storage device parses the instruction and wraps and judge whether order bag to the power of main frame memory block switching
Limit.
5. according to claim 4 being hidden based on capacity hides storage access method with the file content of multifile system,
It is characterized in that:Described movable storage device parses the instruction and wraps and judge whether to the authority of main frame memory block switching,
Specifically refer to:Movable storage device parses the instruction bag, reads the authority variable of current accessed memory block respective file system, root
Determine whether to give the authority of host request access according to authority variable.
6. the file content of being hidden based on capacity according to any one of claim 1 ~ 3 and multifile system is hidden storage and visited
Ask method, it is characterised in that:Access storage areas data self-destruction operation is hidden in step 4, is specifically referred to:Using based on pass
Current access storage areas data of hiding are purged by the data clearing method of key page overriding.
7. a kind of being hidden based on capacity hides storage device with the file content of multifile system, in movable storage device,
Storage for general data and hiding data is accessed, comprising storage access module, authentication module and data cleansing module,
It is characterized in that:Storage access module is visited comprising storage access monitoring unit, generic storage access unit and multiple hiding storages
Ask unit;Generic storage access unit, foundation has the file system of general data, and the storage for general data is accessed;Hide
Memory access units set up the file system of hiding data respectively, and the storage for hiding data is accessed;Storage access monitoring
Unit, for determining whether that giving its correspondence hides storage access list according to host access request and by authentication module
The storage access rights of unit, and trigger data cleaning module is determined whether according to the authentication information that authentication module is fed back.
8. according to claim 7 being hidden based on capacity hides storage device with the file content of multifile system, and it is special
Levy and be:Described authentication module, for carrying out host identities certification according to host write operation, comprising counter unit,
Identification authenticating unit, identification authenticating unit accesses packet by the request that movable storage device parses main frame, obtains request and visits
The memory access units information asked, and determine whether to pass through according to the corresponding file system rights state of the memory access units
Authentication, if authentication passes through, storage access monitoring unit is fed back to by result, if authentication does not pass through, is counted
Rolling counters forward, and result is fed back into storage access monitoring unit.
9. according to claim 8 being hidden based on capacity hides storage device with the file content of multifile system, and it is special
Levy and be:Described storage access monitoring unit feeds back according to the result of authentication module, if authentication passes through, stores
Access monitoring unit gives the access rights of main frame respective stored access unit;If authentication does not pass through, storage accesses prison
Control unit gives main frame and only accesses the access rights of generic storage access unit, and judges whether Counter Value reaches default visit
Limited number of times threshold value is asked, if having reached the threshold value, trigger data cleaning module, otherwise, continuation is carried out according to host write operation
Authentication.
10. according to claim 7 being hidden based on capacity hides storage device with the file content of multifile system, and it is special
Levy and be:Described data cleansing module, for being carried out to storage access module according to the trigger signal of storage access monitoring list
Data cleansing is operated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611080008.9A CN106709361B (en) | 2016-11-30 | 2016-11-30 | File content hidden storage access method based on capacity hiding and multi-file system and storage device thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611080008.9A CN106709361B (en) | 2016-11-30 | 2016-11-30 | File content hidden storage access method based on capacity hiding and multi-file system and storage device thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106709361A true CN106709361A (en) | 2017-05-24 |
CN106709361B CN106709361B (en) | 2020-03-03 |
Family
ID=58934272
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611080008.9A Active CN106709361B (en) | 2016-11-30 | 2016-11-30 | File content hidden storage access method based on capacity hiding and multi-file system and storage device thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106709361B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110489357A (en) * | 2019-09-10 | 2019-11-22 | 深圳市得一微电子有限责任公司 | A kind of method and system of the hiding data on movable memory equipment |
CN111191298A (en) * | 2019-12-30 | 2020-05-22 | 山东方寸微电子科技有限公司 | Storage device and mobile storage equipment that a plurality of partitions switch in real time |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020026580A1 (en) * | 2000-07-19 | 2002-02-28 | Fubito Igari | System for access control to hidden storage area in a disk drive |
CN101120324A (en) * | 2005-02-17 | 2008-02-06 | 英特尔公司 | Integrated circuit capable of flash memory storage management |
CN102207912A (en) * | 2010-07-07 | 2011-10-05 | 无锡中科龙泽信息科技有限公司 | Flash memory equipment for realizing partition function on equipment side and access method of flash memory equipment |
CN102301369A (en) * | 2011-05-30 | 2011-12-28 | 华为终端有限公司 | Data storage device access method and device |
CN102567235A (en) * | 2011-12-29 | 2012-07-11 | 武汉市工程科学技术研究院 | Intelligent active anti-virus U disk based on partition authentication and anti-virus method of U disk |
CN105653986A (en) * | 2015-12-25 | 2016-06-08 | 成都三零嘉微电子有限公司 | Micro SD card-based data protection method and device |
-
2016
- 2016-11-30 CN CN201611080008.9A patent/CN106709361B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020026580A1 (en) * | 2000-07-19 | 2002-02-28 | Fubito Igari | System for access control to hidden storage area in a disk drive |
CN101120324A (en) * | 2005-02-17 | 2008-02-06 | 英特尔公司 | Integrated circuit capable of flash memory storage management |
CN102207912A (en) * | 2010-07-07 | 2011-10-05 | 无锡中科龙泽信息科技有限公司 | Flash memory equipment for realizing partition function on equipment side and access method of flash memory equipment |
CN102301369A (en) * | 2011-05-30 | 2011-12-28 | 华为终端有限公司 | Data storage device access method and device |
CN102567235A (en) * | 2011-12-29 | 2012-07-11 | 武汉市工程科学技术研究院 | Intelligent active anti-virus U disk based on partition authentication and anti-virus method of U disk |
CN105653986A (en) * | 2015-12-25 | 2016-06-08 | 成都三零嘉微电子有限公司 | Micro SD card-based data protection method and device |
Non-Patent Citations (1)
Title |
---|
王康等: "结合容量伪装和双文件系统的文件隐藏方法", 《计算机应用》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110489357A (en) * | 2019-09-10 | 2019-11-22 | 深圳市得一微电子有限责任公司 | A kind of method and system of the hiding data on movable memory equipment |
CN110489357B (en) * | 2019-09-10 | 2023-07-14 | 得一微电子股份有限公司 | Method and system for hiding data on removable storage device |
CN111191298A (en) * | 2019-12-30 | 2020-05-22 | 山东方寸微电子科技有限公司 | Storage device and mobile storage equipment that a plurality of partitions switch in real time |
Also Published As
Publication number | Publication date |
---|---|
CN106709361B (en) | 2020-03-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11586734B2 (en) | Systems and methods for protecting SSDs against threats | |
US8464073B2 (en) | Method and system for secure data storage | |
US8301909B2 (en) | System and method for managing external storage devices | |
CN103020537B (en) | Data encrypting method, data encrypting device, data deciphering method and data deciphering device | |
JP2016081522A (en) | System and method for reducing information leakage from memory | |
US20090150611A1 (en) | Management of external memory functioning as virtual cache | |
US20160357973A1 (en) | Method and apparatus for securing computer mass storage data | |
WO2005015818A1 (en) | Data security and digital rights management system | |
DE10244728A1 (en) | Information protection system for optical disk, transmits user password to optical disk, when stored and obtained serial number of disk are in collation | |
CN106709361A (en) | File content hidden storage access method based on capacity hiding and multi-file system and storage device of method | |
CN101630292B (en) | File encryption-decryption method of USB removable storage device | |
CN115146318B (en) | Virtual disk safe storage method | |
CN110489357A (en) | A kind of method and system of the hiding data on movable memory equipment | |
CN108920099A (en) | Data dynamic storage system and method based on a variety of sliced fashions | |
CN100452076C (en) | Method for constructing transparent coding environment | |
US20080189558A1 (en) | System and Method for Secure Data Storage | |
CN1293483C (en) | Multistorage type physical buffer computer data safety protection method and device | |
CN104123371A (en) | Transparent Windows kernel file filtering method based on hierarchical file system | |
CN107563228A (en) | A kind of method of internal storage data encryption and decryption | |
JP2007058771A (en) | Storage system, storage subsystem, and cache/duplication storing method | |
WO2024021496A1 (en) | Transparent encryption method and apparatus, electronic device, and storage medium | |
CN101944164A (en) | Intelligent mobile storage equipment | |
CN106056007A (en) | Safe solid state disk capable of hiding disk and method | |
US20220123932A1 (en) | Data storage device encryption | |
US9442667B2 (en) | Apparatus and method for protection of stored data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |