CN109086620B - Physical isolation dual-system construction method based on mobile storage medium - Google Patents
Physical isolation dual-system construction method based on mobile storage medium Download PDFInfo
- Publication number
- CN109086620B CN109086620B CN201810799351.1A CN201810799351A CN109086620B CN 109086620 B CN109086620 B CN 109086620B CN 201810799351 A CN201810799351 A CN 201810799351A CN 109086620 B CN109086620 B CN 109086620B
- Authority
- CN
- China
- Prior art keywords
- operating system
- module
- personal computer
- partition
- storage medium
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010276 construction Methods 0.000 title claims abstract description 18
- 238000002955 isolation Methods 0.000 title claims abstract description 18
- 238000004891 communication Methods 0.000 claims abstract description 15
- 238000012795 verification Methods 0.000 claims abstract description 14
- 238000000034 method Methods 0.000 claims abstract description 9
- 238000005192 partition Methods 0.000 claims description 33
- 230000009977 dual effect Effects 0.000 claims description 8
- 230000006399 behavior Effects 0.000 claims description 6
- 238000009434 installation Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 5
- 241000700605 Viruses Species 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 230000009545 invasion Effects 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6236—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Virology (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a physical isolation dual-system construction method based on a mobile storage medium, wherein the mobile storage medium comprises a storage controller module, a storage module, an interface module, a safety module and a wireless communication module, the storage controller module is respectively connected with the storage module, the interface module and the safety module, the interface module is respectively connected with the safety module and the wireless communication module, and the method comprises the following steps: presetting a first operating system containing a disk filter driver in the storage module, and presetting a second operating system in a local disk of the personal computer; after the personal computer is electrified, when the personal computer is connected with the mobile storage medium and the PIN code passes verification, the first operating system is allowed to be loaded and started; the first operating system is physically isolated from the second operating system by the disk filter driver.
Description
Technical Field
The invention relates to the technical field of computer operating systems, in particular to a physical isolation dual-system construction method based on a mobile storage medium.
Background
At present, government agencies and enterprises and public institutions need to install office operating systems and office software on personal computers when working, and need to install common operating systems for personal life and entertainment when dealing with non-office affairs, and if each person is equipped with two personal computers, the working cost is increased; if an office operating system and a common operating system are installed on one personal computer at the same time, because the prior art mostly adopts a mode of realizing dual-system logical isolation by local hard disk partitions, when the common operating system is infected by external viruses, the office operating system and office data, file infection viruses, sensitive files are stolen, and the like, thereby affecting normal safe office.
In addition, with the rapid development of the scientific and technological level and the informatization degree, a plurality of government institutions and enterprises and public institutions urgently need more convenient, efficient and safer mobile office services, and in the prior art, a U disk is mostly adopted to load an office operating system to meet the mobile office requirements, but the loaded and started office operating system is still associated with a local hard disk of a personal computer and can be accessed mutually, so that certain potential safety hazards exist in the operating environment of the office operating system.
How to construct a physically isolated dual system based on a mobile storage medium enables a user to not only perform safe office at any time and any place, but also realize that an office operating system and a common operating system are completely physically isolated and cannot access each other, so that a system partition where the office operating system is located is comprehensively protected, operations of installing an application program, encrypting and storing sensitive data and the like in a safe environment in which the office operating system operates are not associated with a local hard disk of a personal computer, and the problem that needs to be solved at present is urgently solved.
In order to solve the above problems, people are always seeking an ideal technical solution.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a physical isolation dual-system construction method based on a mobile storage medium, a safe office operation system is constructed, the physical isolation of the dual systems is realized, and in the safe environment of the operation of the office operation system, a user can perform operations of installing an application program, encrypting and storing sensitive data and the like, so that the method has the advantages of scientific design, strong practicability, mobile and portable performance and the like.
In order to achieve the purpose, the invention adopts the technical scheme that: a physical isolation dual-system construction method based on a mobile storage medium, wherein the mobile storage medium comprises a storage controller module, a storage module, an interface module, a security module and a wireless communication module, the storage controller module is respectively connected with the storage module, the interface module and the security module, and the interface module is respectively connected with the security module and the wireless communication module, the method comprises the following steps:
step 1, presetting a first operating system containing a disk filter driver in the storage module of the mobile storage medium, and presetting a second operating system in a local hard disk of a personal computer;
step 2, after the personal computer is powered on, judging whether the personal computer is connected with the mobile storage medium, if so, further performing PIN code verification, and when the PIN code verification is passed, allowing the personal computer to load and start the first operating system;
and 3, the first operating system realizes physical isolation from the second operating system through the disk filter driver.
Based on the above, the physical isolation dual-system construction method further includes:
step 4, the first operating system realizes the installation of the application program through an EWF assembly;
and 5, the personal computer realizes the encryption of the sensitive data through the security module and stores the encrypted sensitive data into the storage module.
Based on the above, in step 1, the storage module in the mobile storage medium is divided into a first partition and a second partition, where the first operating system is preset in the first partition, and the second partition is used to store encrypted sensitive data.
Based on the above, in step 2, after the personal computer is powered on, it is determined whether the mobile storage medium is connected to the personal computer, if so, the BIOS of the personal computer is set or automatically detected, then the user is requested to input the PIN code of the security module for verification, and if the verification is passed within the set input times, the first operating system in the storage module is allowed to be loaded and started through the storage controller module, and step 3 is executed; otherwise, forbidding loading and starting the first operating system;
and if the connection is not established, loading and starting the second operating system in the local hard disk.
Based on the above, in step 3, when the personal computer loads and starts the first operating system, the disk filter driver of the first operating system monitors the local hard disk behavior of the personal computer in real time, and when the disk filter driver monitors that the local hard disk registers with the first operating system, the disk filter driver immediately intercepts the registration behavior, so that the local hard disk cannot load and start the first operating system, and the first operating system is physically isolated from the local hard disk in the process of loading and starting.
Based on the above, in step 4, the first partition is authorized to be in a writable state, and the first operating system directly writes the application program to be stored into the first partition where the first operating system is located through its own EWF component, so that the installation of the application program can be realized; and after the writing is finished, the first operating system is restored to the read-only state again.
Based on the above, in step 5, when the user uses the personal computer to encrypt the sensitive data, an encryption request instruction is sent to the security module through the interface module, and after receiving the encryption request instruction, the security module executes a corresponding encryption operation, and then stores the ciphertext of the sensitive data in the second partition through the memory control module.
Based on the above, the mobile storage medium is a usb disk or a mobile hard disk.
Based on the above, the storage controller module includes a Flash storage controller, an eMMC storage controller, and an SSD storage controller, and the storage module includes a Flash memory, an eMMC memory, and an SSD memory.
Based on the above, interface module includes USB interface and Type-c interface, safety module is the security chip, wireless communication module is the 4G module.
Compared with the prior art, the invention has outstanding substantive characteristics and remarkable progress, and particularly, the personal computer only uses the memory, the CPU and the input/output equipment resources of the personal computer when a mobile storage medium is adopted to load and start the first operating system, and the first operating system comprises a disk filter driver, so that the first operating system is physically isolated from the second operating system of the local hard disk of the personal computer in the process of loading and starting, and the first operating system is ensured to be completely isolated from the data of the local hard disk of the personal computer in the process of normal use; the first operating system is a read-only system and has a write protection mechanism, so that the first operating system and the disk filter driver cannot be modified and damaged randomly, and the application programs and data can be written into the partition where the first operating system is located only under a specific authorization condition through the EWF component, so that the safety of the first operating system is improved, the system partition where the first operating system is located is protected comprehensively, and the safe storage of the application programs is realized; the safety loading of the first operating system is ensured by adding the verification of the PIN code of the safety module when the first operating system is loaded and started, and the privacy safety of the user sensitive data is ensured by encrypting the user sensitive data through the safety module; by setting the interface module, the interface module can be set according to different adaptive interfaces of the personal computer, so that the use of the personal computers with different interfaces is met; through setting up wireless communication module, satisfy the demand that the user can surf the net anytime and anywhere.
Drawings
Fig. 1 is a schematic block diagram of a removable storage medium and a personal computer according to the present invention.
Fig. 2 is a schematic flow chart of a physical isolation dual-system construction method according to the present invention.
Detailed Description
The technical solution of the present invention is further described in detail by the following embodiments.
The invention provides a physical isolation dual-system construction method based on a mobile storage medium, as shown in figure 1, the mobile storage medium comprises a storage controller module, a storage module, an interface module, a security module and a wireless communication module, wherein the storage controller module is respectively connected with the storage module, the interface module and the security module, the interface module is respectively connected with the security module and the wireless communication module, and a personal computer is in communication connection with the mobile storage medium through the interface module.
Specifically, as shown in fig. 2, the physical isolation dual-system construction method includes:
step 1, presetting a first operating system containing a disk filter driver in the storage module of the mobile storage medium, and presetting a second operating system in a local hard disk of a personal computer; the first operating system is used for safe work, and the second operating system is used for life entertainment;
in actual operation, the storage module in the removable storage medium is divided into a first partition and a second partition, wherein the first partition is used for presetting the first operating system, and the second partition is used for storing encrypted sensitive data.
Step 2, after the personal computer is powered on, judging whether the personal computer is connected with the mobile storage medium, if so, further performing PIN code verification, and when the PIN code verification is passed, allowing the personal computer to load and start the first operating system;
specifically, after the personal computer is powered on, firstly, whether the personal computer is connected with the mobile storage medium is judged, if so, the BIOS of the basic input/output system of the personal computer is set or automatically detected, then, a user is requested to input the PIN code of the security module for verification, and if the verification is passed within the set input times, the first operating system in the storage module is allowed to be loaded and started through the storage controller module, and a step 3 is executed; otherwise, forbidding loading and starting the first operating system;
and if the connection is not established, loading and starting the second operating system in the local hard disk.
Step 3, the first operating system realizes physical isolation from the second operating system through the disk filter driver;
when the personal computer loads and starts the first operating system, a disk filter driver of the first operating system monitors the local hard disk behavior of the personal computer in real time, and when the disk filter driver monitors that the local hard disk registers to the first operating system, the registration behavior is immediately intercepted, so that the local hard disk cannot load and start the first operating system, and the first operating system is physically isolated from the local hard disk in the process of loading and starting.
In practical application, a user can only carry the mobile storage medium with the first operating system without carrying a personal computer, the business information processing of mobile office can be realized only by inserting the mobile storage medium into a computer of another person, and the safety of the business information processing can be effectively ensured due to the safety and the reliability of the first operating system.
Preferably, the mobile storage medium is a U disk or a mobile hard disk; the storage module comprises a Flash memory, an eMMC memory and an SSD memory, and the storage controller module comprises a Flash storage controller, an eMMC storage controller and an SSD storage controller.
The interface module comprises a USB interface and a Type-c interface, and is adapted according to the interface Type of the personal computer when in use; specifically, in practical application, the interface can be set to be a USB interface or a Type-c interface according to the interface Type of the personal computer of the user, or two interfaces can be set simultaneously, one interface module is of a USB Type, and the other reserved interface module is set to be a Type-c interface, so that different interface requirements of the personal computer of the user can be met.
The security module is a security chip, has the functions of encryption and decryption operation, digital signature, identity authentication and certificate storage security, and provides hardware password operation service.
The wireless communication module is a 4G module, and an SIM card is inserted into the mobile storage medium to realize the internet access function of the mobile storage medium.
In practical application, the wireless communication module can be set according to the SIM card type of a user, most SIM cards are in 4G communication at present, and can also be set to be 5G with the improvement of technology in the future; the user can meet the requirement of surfing the internet at any time and any place through the wireless communication module.
Further, the physical isolation dual-system construction method further includes:
and 4, the first operating system realizes the installation of the application program through the EWF assembly.
The EWF (enhanced Write filter) is an important embedded feature provided in the microsoft operating system, and provides a means for protecting a volume from writing, so that the operating system can be started from a read-only medium, when the EWF Write protection function is turned on, all writing operations are redirected to a region of a disk or a memory, the region is called a cover layer, the cover layer is arranged above a protected volume, the reading and writing operations for the protected volume all need to pass through the cover layer, when the writing operations for the protected volume are performed, data cache is recorded in the cover layer, and a writable appearance of the volume is generated.
Normally, the first operating system is in a read-only state, and the first operating system directs an application program, which is to write to the first partition, to a memory of an overlay layer through an EWF component of the first operating system, where the application program is unrelated to the first partition in which the first operating system is located; when the first operating system is restarted, the written application program cannot be stored;
when an application program is to be saved in a first partition in which the first operating system is located, the first partition needs to be authorized to be in a writable state under a specific authorization condition, and the first operating system directly writes the application program to be saved into the first partition in which the first operating system is located through an EWF component of the first operating system, instead of being directed to a memory of an overlay layer, so that the installation of the application program can be realized;
and after the writing is finished, the first operating system is restored to a read-only state again, so that the invasion and the tampering of external viruses are prevented.
And 4, selectively writing the application program into the first partition where the first operating system is located through the EWF component, so that the operation of installing the application program in a safe environment where the office operating system runs is realized, and the operation is not associated with a local hard disk of the personal computer.
In practical application, after the first operating system is protected by the EWF component, a user can perform secure internet access operation, and if a malicious webpage is inadvertently accessed and infected with a virus, the user does not need to worry about that the user can restore the original state only by restarting the first operating system, because the malicious webpage invades the first operating system, is only a false image in a memory and cannot write in a first partition (a protected volume) where the first operating system is located, the virus invasion is effectively prevented, and data on the system partition is protected to avoid being changed or damaged.
Further, the physical isolation dual system construction method further includes:
and 5, the personal computer realizes the encryption of the sensitive data through the security module and stores the encrypted sensitive data into the storage module.
Specifically, when a user uses the personal computer to encrypt sensitive data, an encryption request instruction is sent to the security module through the interface module, after receiving the encryption request instruction, the security module executes corresponding encryption operation, and then the memory control module stores a ciphertext of the sensitive data into the second partition.
And step 5, the operation of encrypting and storing sensitive data under the safe environment of the operation of the office operating system is realized, and the operation is not associated with the local hard disk of the personal computer.
Finally, it should be noted that the above examples are only used to illustrate the technical solutions of the present invention and not to limit the same; although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art will understand that: modifications to the specific embodiments of the invention or equivalent substitutions for parts of the technical features may be made; without departing from the spirit of the present invention, it is intended to cover all aspects of the invention as defined by the appended claims.
Claims (6)
1. A physical isolation dual-system construction method based on a mobile storage medium comprises a storage controller module, a storage module, an interface module, a security module and a wireless communication module, wherein the storage controller module is respectively connected with the storage module, the interface module and the security module; the storage controller module is used for storing the ciphertext of the sensitive data into the storage module; the method is characterized by comprising the following steps:
step 1, presetting a first operating system containing a disk filter driver in the storage module of the mobile storage medium, and presetting a second operating system in a local hard disk of a personal computer; dividing the storage module in the mobile storage medium into a first partition and a second partition, wherein the first operating system is preset in the first partition, and the second partition is used for storing encrypted sensitive data;
step 2, after the personal computer is powered on, judging whether the personal computer is connected with the mobile storage medium, if so, further performing PIN code verification, and when the PIN code verification is passed, allowing the personal computer to load and start the first operating system;
step 3, the first operating system realizes physical isolation from the second operating system through the disk filter driver;
when the personal computer loads and starts the first operating system, a disk filter driver of the first operating system monitors the local hard disk behavior of the personal computer in real time, and when the disk filter driver monitors that the local hard disk registers to the first operating system, the registration behavior is immediately intercepted, so that the local hard disk cannot load and start the first operating system, and the first operating system is physically isolated from the local hard disk in the process of loading and starting;
step 4, the first operating system realizes the installation of the application program through an EWF assembly;
under normal conditions, the first operating system is in a read-only state, and the first operating system points an application program which is to write the first partition into a memory of a covering layer through an EWF component of the first operating system; when the first operating system is restarted, the written application program cannot be stored;
when an application program is to be saved in a first partition in which a first operating system is located, authorizing the first partition to be in a writable state, and directly writing the application program to be saved into the first partition in which the first operating system is located by the first operating system through an EWF component of the first operating system to realize the installation of the application program; the first operating system is restored to a read-only state after the writing is finished;
and 5, the personal computer realizes the encryption of the sensitive data through the security module and stores the encrypted sensitive data into the storage module.
2. The physically isolated dual system construction method of claim 1, wherein: in step 2, after the personal computer is powered on, judging whether the mobile storage medium is connected with the personal computer, if so, setting or automatically detecting the BIOS of the personal computer, then requesting a user to input the PIN code of the security module for verification, and if the verification is passed within the set input times, allowing the storage controller module to load and start the first operating system in the storage module, and executing step 3; otherwise, forbidding loading and starting the first operating system;
and if the connection is not established, loading and starting the second operating system in the local hard disk.
3. The physically isolated dual system construction method of claim 1, wherein: in step 5, when the user uses the personal computer to encrypt the sensitive data, an encryption request instruction is sent to the security module through the interface module, after receiving the encryption request instruction, the security module executes corresponding encryption operation, and then the memory controller module stores the ciphertext of the sensitive data to the second partition.
4. The physically isolated dual system construction method of claim 1, wherein: the mobile storage medium is a U disk or a mobile hard disk.
5. The physically isolated dual system construction method of claim 1, wherein: the storage controller module comprises a Flash storage controller, an eMMC storage controller and an SSD storage controller, and the storage module comprises a Flash memory, an eMMC memory and an SSD memory.
6. The physically isolated dual system construction method of claim 1, wherein: the interface module comprises a USB interface and a Type-c interface, the safety module is a safety chip, and the wireless communication module is a 4G module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810799351.1A CN109086620B (en) | 2018-07-19 | 2018-07-19 | Physical isolation dual-system construction method based on mobile storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810799351.1A CN109086620B (en) | 2018-07-19 | 2018-07-19 | Physical isolation dual-system construction method based on mobile storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109086620A CN109086620A (en) | 2018-12-25 |
| CN109086620B true CN109086620B (en) | 2021-03-23 |
Family
ID=64838200
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810799351.1A Active CN109086620B (en) | 2018-07-19 | 2018-07-19 | Physical isolation dual-system construction method based on mobile storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109086620B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110363062A (en) * | 2019-05-06 | 2019-10-22 | 天津鹰之眼生物科技有限公司 | A kind of intelligence living body double screen testimony of a witness verification instrument device and method |
| CN111177783B (en) * | 2019-12-31 | 2022-05-27 | 北京明朝万达科技股份有限公司 | Method and device for preventing mobile storage medium from being divulged |
| CN111737771A (en) * | 2020-06-17 | 2020-10-02 | 山东大学 | Supervision place police service terminal system based on Android dual-system trusted operation framework |
| CN114697440B (en) * | 2020-12-30 | 2023-08-29 | 成都鼎桥通信技术有限公司 | Network management method and mobile terminal |
| CN114546501B (en) * | 2022-01-28 | 2023-10-24 | 郑州信大捷安信息技术股份有限公司 | Method for starting Linux operating system in physical read-only disk |
| CN115186300B (en) * | 2022-09-08 | 2023-01-06 | 粤港澳大湾区数字经济研究院(福田) | File security processing system and file security processing method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102184357A (en) * | 2011-04-28 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | Portable trustworthy private information processing system |
| CN102223232A (en) * | 2011-05-12 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Trusted system building method and system based on USB safety memory encryption card |
| CN102902937A (en) * | 2012-09-27 | 2013-01-30 | 郑州信大捷安信息技术股份有限公司 | Protection method based on Windows XP Embedded carry-on operation system of U disk (USB (universal serial bus) flash disk) |
-
2018
- 2018-07-19 CN CN201810799351.1A patent/CN109086620B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102184357A (en) * | 2011-04-28 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | Portable trustworthy private information processing system |
| CN102223232A (en) * | 2011-05-12 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Trusted system building method and system based on USB safety memory encryption card |
| CN102902937A (en) * | 2012-09-27 | 2013-01-30 | 郑州信大捷安信息技术股份有限公司 | Protection method based on Windows XP Embedded carry-on operation system of U disk (USB (universal serial bus) flash disk) |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109086620A (en) | 2018-12-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109086620B (en) | Physical isolation dual-system construction method based on mobile storage medium | |
| US10061928B2 (en) | Security-enhanced computer systems and methods | |
| US20200012795A1 (en) | Protecting computing devices from unauthorized access | |
| US8856534B2 (en) | Method and apparatus for secure scan of data storage device from remote server | |
| US8555083B1 (en) | Systems and methods for protecting against unauthorized access of encrypted data during power-management modes | |
| US20170359333A1 (en) | Context based switching to a secure operating system environment | |
| US20070180257A1 (en) | Application-based access control system and method using virtual disk | |
| US20170329963A1 (en) | Method for data protection using isolated environment in mobile device | |
| US20190042756A1 (en) | Technologies for pre-boot biometric authentication | |
| US20220147634A1 (en) | Client authentication and data management system | |
| US9219728B1 (en) | Systems and methods for protecting services | |
| CN101150459B (en) | Method and system for improving safety of information safety device | |
| EP4121881A1 (en) | Systems and methods for protecting a folder from unauthorized file modification | |
| US11411968B1 (en) | Systems and methods for protecting a cloud computing device from malware | |
| US10592663B2 (en) | Technologies for USB controller state integrity protection | |
| CN116226870B (en) | Security enhancement system and method | |
| CN110909357B (en) | Electronic book and control method thereof | |
| US20220374534A1 (en) | File system protection apparatus and method in auxiliary storage device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A method for constructing a physically isolated dual system based on mobile storage media Granted publication date: 20210323 Pledgee: Bank of Zhengzhou Co.,Ltd. Zhongyuan Science and Technology City Sub branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2024980013861 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |