CN106709361A - File content hidden storage access method based on capacity hiding and multi-file system and storage device of method - Google Patents

File content hidden storage access method based on capacity hiding and multi-file system and storage device of method Download PDF

Info

Publication number
CN106709361A
CN106709361A CN201611080008.9A CN201611080008A CN106709361A CN 106709361 A CN106709361 A CN 106709361A CN 201611080008 A CN201611080008 A CN 201611080008A CN 106709361 A CN106709361 A CN 106709361A
Authority
CN
China
Prior art keywords
access
storage
storage device
hidden
main frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611080008.9A
Other languages
Chinese (zh)
Other versions
CN106709361B (en
Inventor
李清宝
张平
曾光裕
陈志锋
蔡国民
王康
王烨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201611080008.9A priority Critical patent/CN106709361B/en
Publication of CN106709361A publication Critical patent/CN106709361A/en
Application granted granted Critical
Publication of CN106709361B publication Critical patent/CN106709361B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention relates to a file content hidden storage access method based on capacity hiding and a multi-file system and a device of the method. The method comprises the specific steps that first, a capacity request command sent by a master device is monitored through a monitoring unit in a slave device, and the slave device end analyzes a master device access command; if the master device access command is for normal access to a storage area, capacity identification information for normal access to the storage area is fed back to the master device; if the received master device access command is for hidden access to the storage area, identity recognition is needed, and corresponding capacity identification information for hidden access to the storage area i is fed back to the master device after identity recognition is passed; a data elimination function is also provided, wherein when the hidden system is attempted to be cracked, a self-destruction module of a mobile storage device will be triggered to thoroughly eliminate secret files in the hidden area. Through the method, the problems that the stability of the hidden files is affected by an operating system and the hidden files are destroyed by attackers can be effectively solved, and therefore the security of hidden storage file data is effectively guaranteed.

Description

Based on capacity hide and multifile system file content hide storage access method and Its storage device
Technical field
It is more particularly to a kind of to be hidden and multifile system based on capacity the invention belongs to mobile storage security technology area File content hides storage access method and its storage device.
Background technology
Movable storage device application with USB as interface is more and more extensive, such as USB flash disk, has become the transfer of data transfer Stand, key player is play in the data exchange of intercomputer.At the same time, the safety issue of data also becomes increasingly conspicuous, Personal vital document information is often stolen or is destroyed, and the hiding storage of file content is sensitive often as one kind protection The important method of data message, the research for carrying out hiding storage file content maintenance secure data area is surging forward.
Existing file hiding technology mainly has following several:Edit the registry so that user cannot be by common text Part operation is seen and is hidden file;By files such as image, videos as host file, ghost file is hidden wherein, such as Image Watermarking Technique can be by file hiding in image information;Mounting API calls, use user-defined file management The mode of the entry address of correlation function mounting system original management function, filters the access information of hidden file so that use Family cannot be by explorer, it is seen that the file being hidden;Not the characteristics of label file not being shown using system, by changing text Part attribute realizes hiding for file as label attribute;The first cluster number of file in directory entry can also be changed in addition to increase text Part hides intensity;At present it is proposed that by changing directory entry attribute and reconstructing the file hiding method of FAT table sequence;Also File hiding method then utilize Nand flash storage chip features, the redundant block that file storage is used for bad block management at it In, realize file hiding;Somebody is proposed file hiding in the file system in the sector fragment of existing file.
For file hiding, its most important criterion is exactly can not feeling for the hiding intensity of file, i.e. file hiding Intellectual and crack search hidden file required for time complexity and technical difficulty.The above method can realize file Hide, but it is different to hide intensity.File is lived with the method in host file is easily influenceed by the operation of host file, Shandong Rod is too poor;And utilize the method for storage chip feature hidden file to hide intensity preferably, but hidden capacity is less, easy shadow Ring the management of chip bad block;There is stronger disguise, but its robustness come the method for hidden file using the redundant area of file Difference, hidden capacity is small, is easily influenceed by file operation;Other several methods are all the host side technologies for using, and such as filtering is driven Dynamic, modification file attribute, reconstruct FAT table etc..In addition, existing file hiding method relies on operating system realizing, and do not apply to In movable storage device.Above file hiding method has two major defects:(1)Can not perceiving for hidden file is not accounted for Property, i.e. attacker readily appreciates that the presence of hidden file, so as to steal hidden file;(2)Hidden file is easily grasped by file The influence of work, such as format device.Attacker can destroy hidden file by format device.
The content of the invention
In consideration of it, the present invention provides a kind of being hidden based on capacity hides storage access side with the file content of multifile system Method and its storage device, hiding memory block and general memory area are isolated, and improve the security and robustness of hidden file, And hidden capacity is big, simple to operate.
It is a kind of to hide hidden with the file content of multifile system based on capacity according to design provided by the present invention Storage access method is hidden, for the access of the hiding data storage in main frame periphery, movable storage device storage region is divided into commonly Access storage areas and n hiding access storage areas, n hiding access storage areas are expressed as:Access storage areas 1 are hidden, is hidden and is visited Ask memory block 2 ..., hide access storage areas n, the storage is identified by the flag byte of storage device physical block redundant area and is set Each standby access storage areas, carry out logic storage to the mapping of physical store, and multifile system is set up stored mobile respectively In each access storage areas of equipment, the access of the hiding data storage is specifically comprised the following steps:
Step 1, host request access movable storage device capacity, and movable storage device parses the request visit order, and passes through Address mapping method based on look-up table determines the access storage areas that current request is accessed, and according to access storage areas file System determines whether that request accesses generic access memory block, if so, generic access memory block capacity information then is fed back into master Machine;Otherwise, authentication is carried out, if certification passes through, the hiding access storage areas capacity information feedback that corresponding requests are accessed To main frame, if certification does not pass through, generic access memory block capacity information is fed back into main frame;
Step 2, setting access the threshold value of limited number of times, hide the initialization of access storage areas counter;
Step 3, write operation is received according to movable storage device, carry out authentication;
If step 4, certification pass through, main frame obtains the access rights to the hiding access storage areas of movable storage device, and returns Step 3 is returned to perform;If certification does not pass through, main frame obtains the access rights of the generic access memory block of movable storage device, and Hide access storage areas counter and add 1 counting;
Step 5, judge Counter Value whether reach access limited number of times threshold value, if so, being then hidden access storage areas number Operated according to self-destruction, access storage areas data are hidden in cleaning, and return to step 3 is performed, otherwise, direct return to step 3 is performed.
Above-mentioned, main frame obtains the access rights to the hiding access storage areas of movable storage device, and particular content is:It is main Machine free switching between generic access memory block and n hiding access storage areas according to request requirements for access.
Above-mentioned, main frame obtains the access rights of the generic access memory block of movable storage device, and particular content is:Limit Main frame can only ask to access in generic access memory block.
Above-mentioned, described authentication, specifically comprising following content:After movable storage device access host, main frame pair Movable storage device carries out enumerating identification, after movable storage device driver is installed successfully, main frame direct access generic access The access rights of memory block;Main frame performs the switching that write operation initiates memory block to movable storage device, is instructed by sending CBW Wrap to movable storage device, movable storage device parses the instruction and wraps and judge whether to the authority of main frame memory block switching.
Preferably, described movable storage device parses the instruction and wraps and judge whether to the power of main frame memory block switching Limit, specifically refers to:Movable storage device parses the instruction bag, and the authority for reading current accessed memory block respective file system becomes Amount, determines whether to give the authority of host request access according to authority variable.
Above-mentioned, access storage areas data self-destruction operation is hidden, specifically refer to:Using the number override based on key page According to sweep-out method, current access storage areas data of hiding are purged.
A kind of being hidden based on capacity hides storage device with the file content of multifile system, located at movable storage device Interior, the storage for general data and hiding data is accessed, comprising storage access module, authentication module and data cleansing mould Block, storage access module includes storage access monitoring unit, generic storage access unit and multiple hiding memory access units;It is general Logical memory access units, foundation has the file system of general data, and the storage for general data is accessed;Hide storage and access single Unit sets up the file system for having hiding data respectively, and the storage for hiding data is accessed;Storage access monitoring unit, for root Determine whether that the storage for giving the hiding memory access units of its correspondence is visited according to host access request and by authentication module Authority is asked, and trigger data cleaning module is determined whether according to the authentication information that authentication module is fed back.
Wherein, described authentication module, for carrying out host identities certification according to host write operation, comprising counter Unit and identification authenticating unit, identification authenticating unit access packet by the request that movable storage device parses main frame, obtain The memory access units information for accessing is asked, and judges to be according to the corresponding file system rights state of the memory access units It is no by authentication, if authentication passes through, by result feed back to storage access monitoring unit, if authentication is not led to Cross, then rolling counters forward, and result is fed back into storage access monitoring unit.
Wherein, described storage access monitoring unit feeds back according to the result of authentication module, if authentication passes through, Then storage access monitoring unit gives the access rights of main frame respective stored access unit;If authentication does not pass through, store Access monitoring unit gives main frame and only accesses the access rights of generic storage access unit, and it is pre- to judge whether Counter Value reaches If access limited number of times threshold value, if having reached the threshold value, trigger data cleaning module, otherwise, continuation behaviour is write according to main frame Carry out authentication.
Wherein, described data cleansing module, for accessing mould to storage according to the trigger signal of storage access monitoring list Block carries out data cleansing operation.
Beneficial effects of the present invention:
Compared with prior art, the present invention monitors the requests for capacity life that main equipment sends by the monitoring unit in slave unit first Order, slave unit end parsing main equipment visit order, if the order of normal access storage areas, then by the appearance of normal access storage areas Amount identification information feedback, if what is received is to hide access storage areas order, needs identification to main equipment, passes through Afterwards, by the capacity identification information feedback of corresponding hiding access storage areas i to main equipment, i.e. current memory area capacity;It is this Mechanism makes to need document to be protected to be stored in hiding memory block, and ID authentication mechanism controls to visit the mandate of hidden area Ask, access of the operating system to hidden area is transparent, and this is the main distinction that the invention is different from other file hiding methods; In addition, the present invention also provides data dump function, movable storage device oneself can be triggered when the hiding system is attempted to crack Module is ruined, the secret papers of hidden area are thoroughly removed.The present invention can effectively solve the problem that the stabilization of hidden file by operating system The problems such as influenceing and destroyed by attacker, has been effectively ensured the security of hiding storage file data.
Brief description of the drawings:
Fig. 1 is method of the present invention schematic flow sheet;
Fig. 2 is schematic device of the invention;
Fig. 3 implements flow chart for the present invention;
Fig. 4 is authentication schematic diagram of the present invention.
Specific embodiment:
The present invention is further detailed explanation with technical scheme below in conjunction with the accompanying drawings, and by preferred embodiment specifically Bright embodiments of the present invention, but embodiments of the present invention are not limited to this.
Embodiment one, shown in Figure 1, a kind of being hidden based on capacity hides storage visit with the file content of multifile system Method is asked, for the access of the hiding data storage in main frame periphery, movable storage device storage region is divided into generic access storage Area and n hiding access storage areas, n hiding access storage areas are expressed as:Hide access storage areas 1, hide access storage areas 2nd ... access storage areas n, is hidden, each of the storage device is identified by the flag byte of storage device physical block redundant area Access storage areas, carry out logic storage to the mapping of physical store, and each file system is set up in movable storage device pair respectively In the access storage areas answered, the access of the hiding data storage is specifically comprised the following steps:
Step 1, host request access movable storage device capacity, and movable storage device parses the request visit order, and passes through Address mapping method based on look-up table determines the access storage areas that current request is accessed, and according to access storage areas file System determines whether that request accesses generic access memory block, if so, generic access memory block capacity information then is fed back into master Machine;Otherwise, authentication is carried out, if certification passes through, the hiding access storage areas capacity information feedback that corresponding requests are accessed To main frame, if certification does not pass through, generic access memory block capacity information is fed back into main frame;
Step 2, setting access the threshold value of limited number of times, hide the initialization of access storage areas counter;
Step 3, write operation is received according to movable storage device, carry out authentication;
If step 4, certification pass through, main frame obtains the access rights to the hiding access storage areas of movable storage device, and returns Step 3 is returned to perform;If certification does not pass through, main frame obtains the access rights of the generic access memory block of movable storage device, and Hide access storage areas counter and add 1 counting;
Step 5, judge Counter Value whether reach access limited number of times threshold value, if so, being then hidden access storage areas number Operated according to self-destruction, access storage areas data are hidden in cleaning, and return to step 3 is performed, otherwise, direct return to step 3 is performed.
Above-mentioned, main frame obtains the access rights to the hiding access storage areas of movable storage device, and particular content is:It is main Machine free switching between generic access memory block and n hiding access storage areas according to request requirements for access.
Above-mentioned, main frame obtains the access rights of the generic access memory block of movable storage device, and particular content is:Limit Main frame can only ask to access in generic access memory block.
Above-mentioned, described authentication, specifically comprising following content:After movable storage device access host, main frame pair Movable storage device carries out enumerating identification, after movable storage device driver is installed successfully, main frame direct access generic access The access rights of memory block;Main frame performs the switching that write operation initiates memory block to movable storage device, is instructed by sending CBW Wrap to movable storage device, movable storage device parses the instruction and wraps and judge whether to the authority of main frame memory block switching.
Preferably, described movable storage device parses the instruction and wraps and judge whether to the power of main frame memory block switching Limit, specifically refers to:Movable storage device parses the instruction bag, and the authority for reading current accessed memory block respective file system becomes Amount, determines whether to give the authority of host request access according to authority variable.
Above-mentioned, access storage areas data self-destruction operation is hidden, specifically refer to:Using the number override based on key page According to sweep-out method, current access storage areas data of hiding are purged.
Embodiment two, shown in Figure 1, a kind of being hidden based on capacity hides storage visit with the file content of multifile system Method is asked, for the access of the hiding data storage in main frame periphery, movable storage device storage region is divided into generic access storage Area and n hiding access storage areas, n hiding access storage areas are expressed as:Hide access storage areas 1, hide access storage areas 2nd ... access storage areas n, is hidden, each of the storage device is identified by the flag byte of storage device physical block redundant area Access storage areas, carry out logic storage to the mapping of physical store, and multifile system is set up in the every of movable storage device respectively Individual access storage areas, the access of the hiding data storage is specifically comprised the following steps:
Step 1, host request access movable storage device capacity, and movable storage device parses the request visit order, and passes through The access storage areas that current request is accessed are determined based on the address of cache of look-up table gLog2Phy [], and is stored according to accessing Area file system determines whether that request accesses generic access memory block, if so, then that generic access memory block capacity information is anti- Feed main frame;Otherwise, authentication is carried out, if certification passes through, the hiding access storage areas capacity letter that corresponding requests are accessed Breath feeds back to main frame, if certification does not pass through, generic access memory block capacity information is fed back into main frame;
Step 2, setting access the threshold value of limited number of times, hide the initialization of access storage areas counter;
Step 3, write operation is received according to movable storage device, carry out authentication;
If step 4, certification pass through, main frame obtains the access rights to the hiding access storage areas of movable storage device, that is, lead Machine free switching between generic access memory block and n hiding access storage areas according to request requirements for access, and return to step 3 holds OK;If certification does not pass through, main frame obtains the access rights of the generic access memory block of movable storage device, that is, limit main frame only Can ask to access in generic access memory block, and hide access storage areas counter and add 1 counting;
Step 5, judge Counter Value whether reach access limited number of times threshold value, if so, being then hidden access storage areas number Operated according to self-destruction, using the data clearing method override based on key page, current access storage areas data of hiding be purged, Access storage areas data are hidden in cleaning, and return to step 3 is performed, and otherwise, direct return to step 3 is performed.
Wherein, authentication, particular content is as follows:After movable storage device access host, main frame is to movable storage device Carry out enumerating identification, after movable storage device driver is installed successfully, the access of main frame direct access generic access memory block Authority;Main frame performs the switching that write operation initiates memory block to movable storage device, instructs bag to be stored to mobile by sending CBW Equipment, movable storage device parses the instruction bag, the authority variable of current accessed memory block respective file system is read, according to power Limit variable determines whether to give the authority of host request access.
Embodiment three, shown in Figure 2, a kind of being hidden based on capacity hides storage dress with the file content of multifile system Put, in movable storage device, the storage for general data and hiding data is accessed, comprising storage access module, identity Authentication module and data cleansing module, storage access module include storage access monitoring unit, generic storage access unit and many Individual hiding memory access units;Generic storage access unit, foundation has the file system of general data, for depositing for general data Storage is accessed;Hiding memory access units set up the file system of hiding data respectively, and the storage for hiding data is accessed;Deposit Storage access monitoring unit, for determining whether that giving its correspondence hides according to host access request and by authentication module The storage access rights of memory access units, and determine whether that trigger data is clear according to the authentication information that authentication module is fed back Mold cleaning block.
Example IV, shown in Figure 2, a kind of being hidden based on capacity hides storage dress with the file content of multifile system Put, in movable storage device, the storage for general data and hiding data is accessed, comprising storage access module, identity Authentication module, data cleansing module, storage access module include storage access monitoring unit, generic storage access unit and multiple Hide memory access units;Generic storage access unit, foundation has the file system of general data, for the storage of general data Access;Hiding memory access units set up the file system of hiding data respectively, and the storage for hiding data is accessed;Storage Access monitoring unit, for determining whether that giving its corresponding hiding deposits according to host access request and by authentication module The storage access rights of access unit are stored up, and determines whether that trigger data is cleaned according to the authentication information that authentication module is fed back Module;Wherein, described authentication module, for carrying out host identities certification according to host write operation, comprising counter list Unit, identification authenticating unit, identification authenticating unit access packet by the request that movable storage device parses main frame, obtain request The memory access units information of access, and determine whether to lead to according to the corresponding file system rights state of the memory access units Authentication is crossed, if authentication passes through, result storage access monitoring unit is fed back into, if authentication does not pass through, Rolling counters forward, and result is fed back into storage access monitoring unit.
Wherein, described storage access monitoring unit realizes the management to storage region in movable storage device, completes master Machine logical address realizes transparent mode pipe of the operating system to file system access to the mapping of movable storage device physical address Reason;Storage access monitoring unit feeds back according to the result of authentication module, if authentication passes through, stores access monitoring list Unit gives the access rights of main frame respective stored access unit;If authentication does not pass through, storage access monitoring unit gives Main frame only accesses the access rights of generic storage access unit, and judges whether Counter Value reaches default access limited number of times Threshold value, if having reached the threshold value, trigger data cleaning module, otherwise, continuation carries out authentication according to host write operation.
Wherein, described data cleansing module, for accessing mould to storage according to the trigger signal of storage access monitoring list Block carries out data cleansing operation.
The storage region of storage device is divided into some by the present invention:Normal access storage areas and hiding access store Area 1, hide access storage areas 2 ..., hide access storage areas n, i.e., the physical storage block of storage device is logically divided into many Individual storage region, when logical storage is mapped to physical storage areas, by the mark for being stored in physical block redundant area in advance Byte is identified, and when flag byte writes different values, logic storage will be mapped to different physical storage block regions;When master sets During the order of standby request slave unit capacity, slave unit end analyzing device visit order, if the order of normal access storage areas, then By the capacity identification information feedback of normal access storage areas to main equipment, if what is received is to hide access storage areas order, Identification is then needed, by rear, by the capacity identification information feedback of corresponding hiding access storage areas i to main equipment, that is, is worked as The capacity of preceding memory block, uses format manipulation respectively in normal access storage areas and hiding access storage areas at main equipment end Respective file system is set up, formatted capacity depends on the memory block capacity that capacity marking byte is provided;Set up authentication Mechanism, sets interruption and patrols and examines mechanism at main equipment end, and when slave unit accesses master system, slave unit produces interrupt requests, Main equipment interrupts normal process affairs, patrols and examines access device, and after slave unit is normally connected, main equipment sends authentication letter Breath, and authentication is carried out by the intelligent processor in slave unit, if authentication does not pass through, main equipment is to slave unit Storage access normally can only be carried out access storage areas, if authentication passes through, main equipment can be to the storage of slave unit access The multiple of normal access storage areas and configuration hides between access storage areas freely handover access, under normal circumstances by slave unit When accessing master system, main equipment will carry out enumerating identification to slave unit, after slave unit driver is installed successfully directly What is entered is normal access storage areas;User sends operational order by write operation mode at main equipment end to slave unit, from setting When intelligent processor in standby receives the order for carrying out authentication, then carry out authenticating user identification, certification pass through after from setting The standby authority that access storage areas are hidden to user's open visit, user freely can hide in normal access storage areas and multiple Free switching is accessed between access storage areas;Otherwise just processed by normal write operation order;User obtain Hyperaccess from After the authority of equipment, file content to be concealed can be stored in some the hiding access storage areas specified, storage operation After the completion of, it is switched to normal access storage areas.
Movable storage device refers to the USB movable storage devices with intelligent processor in the present invention;The capacity of storage device is hidden Hide, be that, by the interception to master devices request place capacity order, what is fed back when request is returned is the appearance of corresponding region Value, is not the real physical block memory capacity of slave unit.Multifile system, is that on the basis of capacity is hidden, will store Zoning be divided into normal access storage areas and hiding access storage areas 1, hide access storage areas 2 ..., hide access storage areas n Deng multiple storage regions, when logical storage is mapped to physical storage areas, by being stored in physical block redundant area in advance Flag byte is identified, and when flag byte writes different values, logic storage will be mapped to different physical storage block regions.Body Part authentication mechanism, is to limit unauthorized user to hiding the access of access storage areas, it is therefore an objective to which protection is hidden to access and stored The safety in area.
Referring to shown in Fig. 3 and Fig. 4, multifile system is set up in each access storage areas of movable storage device respectively, The quantity of multifile system and memory block is to correspond, after movable storage device divides memory block, then with memory block capacity Corresponding position in corresponding file system parameter read-in memory block, so each memory block is owned by an independent file system System;The trigger flag position that the switching of multifile system is switched using change flag bits as file system, as change=0, no Need to switch file system;Work as change>When 0, switch current file system to target file system;Multifile system with Status as current addressable file system mark, as status=0, the memory block where current file system is Generic access memory block;Work as status>When 0, the memory block where current file system is to hide access storage areas.Slave unit is blocked The order of master devices request slave unit memory capacity is cut, multiple independent hiding memory blocks is marked off from former memory block, by master Equipment is to each hidden area of the access map of slave unit memory block, so needing, when master devices request obtains place capacity, to block The return value of the order is cut, and the capability value of setting is fed back to main equipment;When slave unit accesses main equipment, slave unit prison Survey the read write command that main equipment sends;When user needs to access hides memory block, it is necessary to which sending authentication to slave unit please Ask, user authentication data is largely mixed to be stored in a pile general data, and the intelligent processor in slave unit is monitored for identity mark Enter authentication during the characteristic of knowledge.Slave unit is switched to a corresponding hiding storage area file system by certification after passing through The physical address space of hidden area, is mapped to logical address space by system, the logical address space mapping of such main frame it is current The physical address space of file system will be replaced by the physical address space of hidden area.The safeguard protection of hidden area.User Authentification failure number of times exceed preset threshold values when, equipment will log-on data remove module, do not destroying the situation of file system The all data stored on lower removing physical block.
The present invention is not limited to above-mentioned specific embodiment, and those skilled in the art can also accordingly make various changes, but It is any all to cover within the scope of the claims with equivalent or similar change of the invention.

Claims (10)

1. a kind of being hidden based on capacity hides storage access method with the file content of multifile system, is hidden for main frame periphery The access of data storage, it is characterised in that:Movable storage device storage region is divided into generic access memory block and n is hidden visit Memory block is asked, n hiding access storage areas are expressed as:Hide access storage areas 1, hide access storage areas 2 ..., hide access Memory block n, each access storage areas of the storage device are identified by the flag byte of storage device physical block redundant area, are entered The mapping of physical store is arrived in the storage of row logic, and each file system is set up deposited in corresponding each access of movable storage device respectively Storage area, the access of the hiding data storage is specifically comprised the following steps:
Step 1, host request access movable storage device capacity, and movable storage device parses the request visit order, and passes through Address mapping method based on look-up table determines the access storage areas that current request is accessed, and according to access storage areas file system System determines whether that request accesses generic access memory block, if so, generic access memory block capacity information then is fed back into main frame; Otherwise, authentication is carried out, if certification passes through, the hiding access storage areas capacity information that corresponding requests are accessed master is fed back into Machine, if certification does not pass through, main frame is fed back to by generic access memory block capacity information;
Step 2, setting access the threshold value of limited number of times, hide the initialization of access storage areas counter;
Step 3, write operation is received according to movable storage device, carry out authentication;
If step 4, certification pass through, main frame obtains the access rights to the hiding access storage areas of movable storage device, and returns Step 3 is returned to perform;If certification does not pass through, main frame obtains the access rights of the generic access memory block of movable storage device, and Hide access storage areas counter and add 1 counting;
Step 5, judge Counter Value whether reach access limited number of times threshold value, if so, being then hidden access storage areas number Operated according to self-destruction, access storage areas data are hidden in cleaning, and return to step 3 is performed, otherwise, direct return to step 3 is performed.
2. according to claim 1 being hidden based on capacity hides storage access method with the file content of multifile system, It is characterized in that:Main frame in step 3 obtains the access rights to the hiding access storage areas of movable storage device, particular content For:Main frame free switching between generic access memory block and n hiding access storage areas according to request requirements for access.
3. according to claim 1 being hidden based on capacity hides storage access method with the file content of multifile system, It is characterized in that:Main frame in step 3 obtains the access rights of the generic access memory block of movable storage device, particular content For:Limiting main frame can only ask to access in generic access memory block.
4. the file content of being hidden based on capacity according to any one of claim 1 ~ 3 and multifile system is hidden storage and visited Ask method, it is characterised in that:Described authentication, specifically comprising following content:After movable storage device access host, main frame Movable storage device is carried out to enumerate identification, after movable storage device driver is installed successfully, main frame direct access is commonly visited Ask the access rights of memory block;Main frame performs the switching that write operation initiates memory block to movable storage device, is referred to by sending CBW To movable storage device, movable storage device parses the instruction and wraps and judge whether order bag to the power of main frame memory block switching Limit.
5. according to claim 4 being hidden based on capacity hides storage access method with the file content of multifile system, It is characterized in that:Described movable storage device parses the instruction and wraps and judge whether to the authority of main frame memory block switching, Specifically refer to:Movable storage device parses the instruction bag, reads the authority variable of current accessed memory block respective file system, root Determine whether to give the authority of host request access according to authority variable.
6. the file content of being hidden based on capacity according to any one of claim 1 ~ 3 and multifile system is hidden storage and visited Ask method, it is characterised in that:Access storage areas data self-destruction operation is hidden in step 4, is specifically referred to:Using based on pass Current access storage areas data of hiding are purged by the data clearing method of key page overriding.
7. a kind of being hidden based on capacity hides storage device with the file content of multifile system, in movable storage device, Storage for general data and hiding data is accessed, comprising storage access module, authentication module and data cleansing module, It is characterized in that:Storage access module is visited comprising storage access monitoring unit, generic storage access unit and multiple hiding storages Ask unit;Generic storage access unit, foundation has the file system of general data, and the storage for general data is accessed;Hide Memory access units set up the file system of hiding data respectively, and the storage for hiding data is accessed;Storage access monitoring Unit, for determining whether that giving its correspondence hides storage access list according to host access request and by authentication module The storage access rights of unit, and trigger data cleaning module is determined whether according to the authentication information that authentication module is fed back.
8. according to claim 7 being hidden based on capacity hides storage device with the file content of multifile system, and it is special Levy and be:Described authentication module, for carrying out host identities certification according to host write operation, comprising counter unit, Identification authenticating unit, identification authenticating unit accesses packet by the request that movable storage device parses main frame, obtains request and visits The memory access units information asked, and determine whether to pass through according to the corresponding file system rights state of the memory access units Authentication, if authentication passes through, storage access monitoring unit is fed back to by result, if authentication does not pass through, is counted Rolling counters forward, and result is fed back into storage access monitoring unit.
9. according to claim 8 being hidden based on capacity hides storage device with the file content of multifile system, and it is special Levy and be:Described storage access monitoring unit feeds back according to the result of authentication module, if authentication passes through, stores Access monitoring unit gives the access rights of main frame respective stored access unit;If authentication does not pass through, storage accesses prison Control unit gives main frame and only accesses the access rights of generic storage access unit, and judges whether Counter Value reaches default visit Limited number of times threshold value is asked, if having reached the threshold value, trigger data cleaning module, otherwise, continuation is carried out according to host write operation Authentication.
10. according to claim 7 being hidden based on capacity hides storage device with the file content of multifile system, and it is special Levy and be:Described data cleansing module, for being carried out to storage access module according to the trigger signal of storage access monitoring list Data cleansing is operated.
CN201611080008.9A 2016-11-30 2016-11-30 File content hidden storage access method based on capacity hiding and multi-file system and storage device thereof Active CN106709361B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611080008.9A CN106709361B (en) 2016-11-30 2016-11-30 File content hidden storage access method based on capacity hiding and multi-file system and storage device thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611080008.9A CN106709361B (en) 2016-11-30 2016-11-30 File content hidden storage access method based on capacity hiding and multi-file system and storage device thereof

Publications (2)

Publication Number Publication Date
CN106709361A true CN106709361A (en) 2017-05-24
CN106709361B CN106709361B (en) 2020-03-03

Family

ID=58934272

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611080008.9A Active CN106709361B (en) 2016-11-30 2016-11-30 File content hidden storage access method based on capacity hiding and multi-file system and storage device thereof

Country Status (1)

Country Link
CN (1) CN106709361B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110489357A (en) * 2019-09-10 2019-11-22 深圳市得一微电子有限责任公司 A kind of method and system of the hiding data on movable memory equipment
CN111191298A (en) * 2019-12-30 2020-05-22 山东方寸微电子科技有限公司 Storage device and mobile storage equipment that a plurality of partitions switch in real time

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020026580A1 (en) * 2000-07-19 2002-02-28 Fubito Igari System for access control to hidden storage area in a disk drive
CN101120324A (en) * 2005-02-17 2008-02-06 英特尔公司 Integrated circuit capable of flash memory storage management
CN102207912A (en) * 2010-07-07 2011-10-05 无锡中科龙泽信息科技有限公司 Flash memory equipment for realizing partition function on equipment side and access method of flash memory equipment
CN102301369A (en) * 2011-05-30 2011-12-28 华为终端有限公司 Data storage device access method and device
CN102567235A (en) * 2011-12-29 2012-07-11 武汉市工程科学技术研究院 Intelligent active anti-virus U disk based on partition authentication and anti-virus method of U disk
CN105653986A (en) * 2015-12-25 2016-06-08 成都三零嘉微电子有限公司 Micro SD card-based data protection method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020026580A1 (en) * 2000-07-19 2002-02-28 Fubito Igari System for access control to hidden storage area in a disk drive
CN101120324A (en) * 2005-02-17 2008-02-06 英特尔公司 Integrated circuit capable of flash memory storage management
CN102207912A (en) * 2010-07-07 2011-10-05 无锡中科龙泽信息科技有限公司 Flash memory equipment for realizing partition function on equipment side and access method of flash memory equipment
CN102301369A (en) * 2011-05-30 2011-12-28 华为终端有限公司 Data storage device access method and device
CN102567235A (en) * 2011-12-29 2012-07-11 武汉市工程科学技术研究院 Intelligent active anti-virus U disk based on partition authentication and anti-virus method of U disk
CN105653986A (en) * 2015-12-25 2016-06-08 成都三零嘉微电子有限公司 Micro SD card-based data protection method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王康等: "结合容量伪装和双文件系统的文件隐藏方法", 《计算机应用》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110489357A (en) * 2019-09-10 2019-11-22 深圳市得一微电子有限责任公司 A kind of method and system of the hiding data on movable memory equipment
CN110489357B (en) * 2019-09-10 2023-07-14 得一微电子股份有限公司 Method and system for hiding data on removable storage device
CN111191298A (en) * 2019-12-30 2020-05-22 山东方寸微电子科技有限公司 Storage device and mobile storage equipment that a plurality of partitions switch in real time

Also Published As

Publication number Publication date
CN106709361B (en) 2020-03-03

Similar Documents

Publication Publication Date Title
US11586734B2 (en) Systems and methods for protecting SSDs against threats
US8464073B2 (en) Method and system for secure data storage
US8301909B2 (en) System and method for managing external storage devices
CN103020537B (en) Data encrypting method, data encrypting device, data deciphering method and data deciphering device
JP2016081522A (en) System and method for reducing information leakage from memory
US20090150611A1 (en) Management of external memory functioning as virtual cache
US20160357973A1 (en) Method and apparatus for securing computer mass storage data
WO2005015818A1 (en) Data security and digital rights management system
DE10244728A1 (en) Information protection system for optical disk, transmits user password to optical disk, when stored and obtained serial number of disk are in collation
CN106709361A (en) File content hidden storage access method based on capacity hiding and multi-file system and storage device of method
CN101630292B (en) File encryption-decryption method of USB removable storage device
CN115146318B (en) Virtual disk safe storage method
CN110489357A (en) A kind of method and system of the hiding data on movable memory equipment
CN108920099A (en) Data dynamic storage system and method based on a variety of sliced fashions
CN100452076C (en) Method for constructing transparent coding environment
US20080189558A1 (en) System and Method for Secure Data Storage
CN1293483C (en) Multistorage type physical buffer computer data safety protection method and device
CN104123371A (en) Transparent Windows kernel file filtering method based on hierarchical file system
CN107563228A (en) A kind of method of internal storage data encryption and decryption
JP2007058771A (en) Storage system, storage subsystem, and cache/duplication storing method
WO2024021496A1 (en) Transparent encryption method and apparatus, electronic device, and storage medium
CN101944164A (en) Intelligent mobile storage equipment
CN106056007A (en) Safe solid state disk capable of hiding disk and method
US20220123932A1 (en) Data storage device encryption
US9442667B2 (en) Apparatus and method for protection of stored data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant