CN109254735A - The access control method and device of movable storage device - Google Patents
The access control method and device of movable storage device Download PDFInfo
- Publication number
- CN109254735A CN109254735A CN201811185662.5A CN201811185662A CN109254735A CN 109254735 A CN109254735 A CN 109254735A CN 201811185662 A CN201811185662 A CN 201811185662A CN 109254735 A CN109254735 A CN 109254735A
- Authority
- CN
- China
- Prior art keywords
- target
- storage device
- movable storage
- file
- fsd
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/0604—Improving or facilitating administration, e.g. storage management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/545—Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Human Computer Interaction (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of access control method of movable storage device and devices, this method comprises: filter Driver on FSD obtains the target presupposed information of target movable storage device if filter Driver on FSD detects the presence of target movable storage device access terminal equipment;Application layer receives target presupposed information, and search whether exist and the matched target movable storage device of target presupposed information in the corresponding relationship of preconfigured registered movable storage device and presupposed information, if, target strategy data corresponding with target movable storage device are then searched in the corresponding relationship between registered movable storage device and policy data, if it is not, then obtaining the target strategy data of corresponding unregistered movable storage device;Target strategy data are sent to filter Driver on FSD by application layer;Filter Driver on FSD receives the target strategy data from application layer;Filter Driver on FSD receives file access request, is accessed control according to target strategy data to file access request.
Description
Technical field
The present invention relates to technical field of data security, a kind of access control method more particularly to movable storage device and
Device.
Background technique
Currently, large capacity movable storage device (such as USB flash disk, mobile hard disk etc.) is used widely, it is mobile to large capacity
The data access control of storage equipment can effectively ensure the data safety of Intranet.
By taking USB flash disk as an example, at present when carrying out safe access control to USB flash disk, mainly utilize based on disk filter driving
Portable Storage Control software carries out the access control (such as refusal, encryption write-in etc.) of sector level to USB flash disk memory.
Inventor has found in the implementation of the present invention, the data control program of movable storage device in the related technology
It is difficult to meet the data control of file-level.
Summary of the invention
The present invention provides a kind of access control method of movable storage device and devices, to solve shifting in the related technology
The data control program of dynamic storage equipment is difficult to the problem of meeting the data control of file-level.
To solve the above-mentioned problems, according to an aspect of the present invention, the invention discloses a kind of movable storage devices
Access control method, comprising:
If filter Driver on FSD detects the presence of target movable storage device access terminal equipment, the file filter is driven
The dynamic target presupposed information for obtaining the target movable storage device is simultaneously sent to application layer, wherein the target presupposed information
Including equipment Serial Number and partition information;
The application layer receives the target presupposed information, and in preconfigured registered movable storage device and presets
Searched whether in the corresponding relationship of information exist with the matched target movable storage device of the target presupposed information, if so,
It searches in corresponding relationship between preconfigured registered movable storage device and policy data and is deposited with target movement
The corresponding target strategy data of equipment are stored up, if it is not, then obtaining the target plan of the unregistered movable storage device of preconfigured correspondence
Slightly data;
The target strategy data are sent to the filter Driver on FSD by the application layer;
The filter Driver on FSD receives the target strategy data from the application layer;
The filter Driver on FSD receives the file access request for being directed to the target movable storage device;
The filter Driver on FSD accesses control to the file access request according to the target strategy data.
According to another aspect of the present invention, the invention also discloses a kind of access control apparatus of movable storage device, packets
It includes:
Module is obtained, if obtaining the target for detecting the presence of target movable storage device access terminal equipment
The target presupposed information of movable storage device is simultaneously sent to searching module, wherein the target presupposed information includes equipment sequence
Number and partition information;
Searching module, for receiving the target presupposed information, and preconfigured registered movable storage device with
Searched whether in the corresponding relationship of presupposed information exist with the matched target movable storage device of the target presupposed information, if
It is then to search in the corresponding relationship between preconfigured registered movable storage device and policy data and moved with the target
It is dynamic to store the corresponding target strategy data of equipment, if it is not, then obtaining the mesh of the unregistered movable storage device of preconfigured correspondence
Mark policy data;
Sending module, for sending the target strategy data to the first receiving module;
First receiving module, for receiving the target strategy data from the sending module;
Second receiving module, for receiving the file access request for being directed to the target movable storage device;
Control module, for being accessed control according to the target strategy data to the file access request.
Compared with prior art, the present invention includes the following advantages:
In this way, the embodiment of the present invention is set using the mobile storage of target that filter Driver on FSD detection is linked into terminal device
It is standby, and the application layer that its presupposed information returns to upper layer is obtained, application layer can be obtained according to preconfigured policy information
To the target strategy data for being directed to the target movable storage device, and it is handed down to filter Driver on FSD, filter Driver on FSD root again
It accesses control according to the target strategy data to the file access request for the target movable storage device received,
To realize the data control to the file-level of movable storage device.
Detailed description of the invention
Fig. 1 is a kind of structural block diagram of the access control system embodiment of movable storage device of the invention;
Fig. 2 is a kind of step flow chart of the access control method embodiment of movable storage device of the invention;
Fig. 3 is a kind of structural block diagram of the access control apparatus embodiment of movable storage device of the invention.
Specific embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real
Applying mode, the present invention is described in further detail.
Referring to Fig.1, a kind of structural block diagram of the access control system embodiment of movable storage device of the invention is shown.
The system includes the mobile mobile sms service in application layer and filter Driver on FSD in inner nuclear layer,
In, this document filtration drive is that (File System Minifilter Drivers, is that Windows is based on Minifilter
Simplified third party developer develops filter Driver on FSD and a set of frame for providing, microfiltration driver framework) framework and open
Hair.
Wherein, the mobile mobile sms service of application layer, being mainly responsible for reception mobile memory medium, (i.e. mobile storage is set
It is standby) insertion notice, policy data reception, parse and issue;
Filter Driver on FSD is mainly responsible for the access of monitoring mobile memory medium, receives policy data, and according to policy data
Control the access to mobile memory medium.
As shown in Figure 1, the mobile mobile sms service of application layer, is inserted into message reception module, plan by mobile memory medium
Slightly parsing module, policy data issue module composition.
Wherein, mobile memory medium is inserted into message reception module, is responsible for receiving driving layer mobile memory medium insertion notice,
And equipment Serial Number, the partition information of mobile memory medium are obtained from insertion notice, and by equipment Serial Number and partition information
Pass to strategy analyzing module;
Strategy analyzing module, for presupposed information (above equipment sequence number and the subregion letter of mobile memory medium will to be received
Breath) it is parsed;And the corresponding movement is searched from the policy data that server issues according to the presupposed information after parsing
The policy data of storage medium, and the policy data is parsed, it is converted to the policy data synchronous with filter Driver on FSD
Structure;And the policy data of parsing is sent to policy data and issues module;
Policy data issues module, is responsible for the policy data parsed received being handed down to filter Driver on FSD.
Wherein, the policy data that server issues in advance includes depositing to the movement for the system for being registered to the embodiment of the present invention
The policy data of storage media, and the policy data of the mobile memory medium to the system for being not registered to the embodiment of the present invention.
Wherein, the presupposed information of registered mobile memory medium can be reported to server, then, server by application layer
Can be to the mobile memory medium configuration strategy data with the presupposed information, then server will be deposited for the registered movement
The policy data of storage media is handed down to the systematic difference layer of the embodiment of the present invention.Wherein, different registered mobile storages is situated between
The policy data of matter can be identical or different, and the present invention does not limit this.
It is deposited in addition, server can also be issued to the systematic difference layer of the embodiment of the present invention for all unregistered movements
The policy data of storage media, application layer can save the policy data for unregistered mobile memory medium, wherein
The policy data of all unregistered mobile memory mediums can be identical.
Wherein, since the sequence number of mobile memory medium can be tampered, the embodiment of the present invention can use equipment
Sequence number and partition information uniquely determine the identity of mobile memory medium, that is, are which mobile memory mediums.
Wherein, the type of the mobile memory medium of control of the embodiment of the present invention includes but is not limited to that USB flash disk, mobile hard disk etc. move
Dynamic storage medium.
As shown in Figure 1, file system filter driver, by mobile memory medium monitoring module, external communication interface module, text
Part access control module, file encryption-decryption module composition.
Mobile memory medium monitoring module is responsible for the mobile memory medium of the system of the monitoring access embodiment of the present invention, when
When having detected mobile memory medium access, sequence number, the partition information of the mobile memory medium of access are obtained, and by sequence number
The mobile memory medium insertion message sink that the notice can be sent directly to application layer in the notification is carried with partition information
The notice can also be sent to external communication interface module by module, by external communication interface module by notice reporting to movement
Storage medium is inserted into message reception module;
External communication interface module is responsible for the request of response application layer, issues module from policy data and receives policy data,
And the target strategy data received are sent to file access control module;It can also be connect from mobile memory medium monitoring module
The above-mentioned notice for carrying sequence number and partition information is received, and the notice is sent to mobile memory medium insertion message sink mould
Block.
File access control module, is responsible for processing to the access control of the file of mobile memory medium and its storage, can be with
Denied access mobile memory medium can permit normal read-write mobile memory medium, can also be to the text on mobile memory medium
Part carries out read-only control, while can also be written and read control extension etc. to the file on mobile memory medium;It is also responsible for root
File encryption-decryption module is called to carry out the encryption and decryption operation of file according to target strategy data.
File encryption-decryption module is responsible for that the encryption file on mobile memory medium is decrypted, and deposits to write-in to movement
The file of storage media is encrypted.
A kind of access control of movable storage device of the invention is shown referring to Fig. 2 below with reference to system shown in FIG. 1
The step flow chart of embodiment of the method processed, can specifically include following steps:
Step 101, if filter Driver on FSD detects the presence of target movable storage device access terminal equipment, the text
Part filtration drive obtains the target presupposed information of the target movable storage device and is sent to application layer;
Wherein, the target presupposed information includes equipment Serial Number and partition information.
The embodiment of the present invention is compared by having detected whether movable storage device access terminal equipment by filter Driver on FSD
In having detected whether movable storage device access by application layer, can be promoted movable storage device access judgement accuracy and
Timeliness.
The filter Driver on FSD of the embodiment of the present invention can start automatically after terminal device booting.
Optionally, it when executing step 101, is deposited if filter Driver on FSD receives expression movement from microfiltration driver framework
The notice that the volume load of equipment is completed is stored up, then the target that the filter Driver on FSD obtains the target movable storage device is preset
Information is simultaneously sent to application layer.
Wherein, in system initialization, the filter Driver on FSD can register volume to microfiltration driver framework and load
At call back function, due to microfiltration driver framework at first detect volume load complete event, microfiltration driver framework
It can use the filter Driver on FSD that the event is notified the registered function by the call back function, in this way, file filter drives
It is dynamic to receive volume load notice from microfiltration driver framework by the call back function, wherein the volume loads notification list
Show that the volume load of movable storage device is completed.After so filter Driver on FSD receives the notice, i.e. supporting paper filtration drive
It detects the presence of movable storage device (i.e. above-mentioned target movable storage device) and is linked into terminal device, then, file filter drives
It moves the target presupposed information of the movable storage device (i.e. target movable storage device) of available access and is sent to application layer.
In this way, the filter Driver on FSD of the embodiment of the present invention is by receiving the mobile storage of expression from microfiltration driver framework
The notice that the volume load of equipment is completed, once receive the notice, it can determine that terminal device access has movable storage device,
To timely notifying application layer, to access control to movable storage device.
In one example, the detailed method for introducing the embodiment of the present invention is carried out in the direction from bottom to upper layer here
How recognition detection to there is mobile memory medium to be linked into terminal device, specifically includes following process:
When mobile memory medium is inserted into computer USB port, system is identified as USB device first, can load
USB device driving, wherein since USB device is not necessarily movable storage device, can also be that camera, U-shield etc. are set
It is standby.Therefore, system also needs to judge whether the USB device is movable storage device, if so, system will go load disk to drive
Dynamic (disk.sys).
After the completion of disk drive load, system will load document system drive, circular document system has a volume.File
(wherein, the filter Driver on FSD of the embodiment of the present invention is in advance to micro- mistake for the microfiltration driver framework of system drive meeting loading system
Filter driver framework has registered the call back function that volume load is completed).
It is notified that microfiltration driver framework is handled when the volume of movable storage device, which loads, to be completed, microfiltration driver framework connects
Above-mentioned call back function can be called after notified, to notify the filter Driver on FSD movable storage device registered to oneself
Volume has loaded completion.
In this way, the filter Driver on FSD of the embodiment of the present invention can timely receive the logical of insertion mobile memory medium
Know --- volume load notice.
Step 102, the application layer receives the target presupposed information, and sets in preconfigured registered mobile storage
Search whether exist and the matched target movable storage device of the target presupposed information in the standby corresponding relationship with presupposed information;
Wherein, each registered shifting has been pre-configured with according to the application layer of Fig. 1 embodiment embodiment of the present invention
Corresponding relationship between dynamic storage equipment and its presupposed information, therefore, in the mesh for the movable storage device for receiving an access
After marking presupposed information, it can search whether exist and the mobile storage of the matched target of the target presupposed information in the corresponding relationship
Equipment.
Specifically, presupposed information includes two information, respectively equipment Serial Number and partition information, due to equipment sequence
It number can be tampered, if that the equipment Serial Number of registered USB flash disk is revised as the equipment Serial Number of unregistered USB flash disk, then such as
Fruit presupposed information only includes equipment Serial Number, then can there is a situation where USB flash disk identification mistake, use so as to cause to registered USB flash disk
The policy data of unregistered USB flash disk accesses control, thus increase the risk that is stolen to the data in registered USB flash disk,
In this regard, the presupposed information of setting of the embodiment of the present invention further includes partition information.
When searching whether to have target movable storage device matched with the target presupposed information in the corresponding relationship, look into
Look for, and subregion in partition information and target presupposed information identical with the sequence number in target presupposed information with the presence or absence of sequence number
The identical registered movable storage device of information;
If it is present the registered movable storage device found is determined as target movable storage device, that is, determine
Exist and the target presupposed information in the corresponding relationship of preconfigured registered movable storage device and presupposed information
The target movable storage device matched, continues to execute step 103.
If it does not exist, then searching whether that there are the subregions in partition information and target presupposed information in the corresponding relationship
The identical registered movable storage device of information, without concern for sequence number, if there is the identical registered movement of partition information
Store equipment, then the registered movable storage device is determined as target movable storage device, that is, determine it is preconfigured
Exist in the corresponding relationship of registration movable storage device and presupposed information and is deposited with the matched target movement of the target presupposed information
Equipment is stored up, step 103 is continued to execute;If there is no the subregions in partition information and target presupposed information to believe in the corresponding relationship
Cease identical registered movable storage device, it is determined that in pair of preconfigured registered movable storage device and presupposed information
In should being related to there is no with the matched target movable storage device of the target presupposed information, continue to execute step 104.
In this way, when there is no partition informations and equipment Serial Number and in target presupposed information in above-mentioned corresponding relationship
When the identical registered movable storage device of corresponding information, then the matching for only carrying out partition information to search in corresponding relationship with
The matched registered movable storage device of target presupposed information, this way it is possible to avoid because the sequence number quilt of movable storage device
Distort and cause interior data can not safe access control the problem of.
If so, step 103, the application layer is between preconfigured registered movable storage device and policy data
Corresponding relationship in search corresponding with target movable storage device target strategy data;
Wherein, the embodiment of the present invention is configured with the policy data of each registered movable storage device in application layer in advance,
Wherein, the policy data of different registered movable storage devices can be identical or different, and the present invention does not limit this.
The embodiment of the present invention can be conducive to system stability, if by plan by configuring policy data in application layer
Slightly data configuration is in the filter Driver on FSD of inner nuclear layer, then it will cause systems to collapse once there is mistake for filter Driver on FSD
It bursts, therefore, the embodiment of the present invention only only stores necessary code logic in filter Driver on FSD, without configuring storage strategy number
According to.
If it is not, then step 104, the application layer obtain the target plan of the unregistered movable storage device of preconfigured correspondence
Slightly data;
If do not found in the corresponding relationship of registered movable storage device and presupposed information default with the target
The target movable storage device of information matches then illustrates that the movable storage device of access is not registered to the embodiment of the present invention
The mobile memory medium of system is illegal mobile memory medium, so, application layer is available preconfigured for unregistered
The target strategy data of movable storage device.
Wherein, as long as being not registered to the movable storage device of system of the embodiment of the present invention, their policy data is phase
With, it is all preconfigured target strategy data for unregistered movable storage device here.
It should be noted that the target strategy data that step 103 and step 104 obtain are different, because for registration U
The access control scheme of disk and non-registered USB flash disk is different.
Step 105, the target strategy data are sent to the filter Driver on FSD by the application layer;
Wherein, as described in the system embodiment of Fig. 1, application layer retransmited after being parsed target strategy data to
Filter Driver on FSD.
Step 106, the filter Driver on FSD receives the target strategy data from the application layer;
Step 107, the filter Driver on FSD receives the file access request for being directed to the target movable storage device;
Optionally, when executing step 107, the filter Driver on FSD can receive from microfiltration driver framework and be directed to institute
State the file access request of movable storage device.
It is carried out specifically, inner nuclear layer can be passed to any access operation of the file on mobile memory medium
Processing, wherein the filter Driver on FSD of inner nuclear layer can be registered to microfiltration driver framework in advance, then when microfiltration drives frame
Bridge joint is received to after the file access request on mobile memory medium, and microfiltration driver framework can call the text registered to it
File access request is passed to filter Driver on FSD and accessed control, therefore, the text of the embodiment of the present invention by part filtration drive
Part filtration drive can receive the file access request for being directed to the movable storage device from microfiltration driver framework.
Step 108, the filter Driver on FSD visits the file access request according to the target strategy data
Ask control.
Wherein, filter Driver on FSD is receiving the above-mentioned target movable storage device to access from microfiltration driver framework
File access request after, can according to be directed to the target movable storage device target strategy data, to be asked to file access
The control that accesses is asked, and the microfiltration driver framework that processing result can be returned to upper layer is handled.
In this way, the embodiment of the present invention is set using the mobile storage of target that filter Driver on FSD detection is linked into terminal device
It is standby, and the application layer that its presupposed information returns to upper layer is obtained, application layer can be obtained according to preconfigured policy information
To the target strategy data for being directed to the target movable storage device, and it is handed down to filter Driver on FSD, filter Driver on FSD root again
It accesses control according to the target strategy data to the file access request for the target movable storage device received,
To realize the data control to the file-level of movable storage device.
Optionally, before step 101, can also include: according to the method for the embodiment of the present invention
The registration request of application layer reception movable storage device;
Wherein, the present invention can be registered to for the movable storage device for storing confidential data that enterprises use
The system of embodiment, therefore, application layer can receive the registration request of movable storage device, wherein the registration request can
To include presupposed information, the presupposed information includes equipment Serial Number and partition information, that is to say, that can be in the registration request
Carry the equipment Serial Number and partition information of the movable storage device.
The application layer generates registered movable storage device pass corresponding with presupposed information in response to the registration request
System.
Wherein, application layer can from registration request extract equipment sequence number and partition information and using this two information come
Generate the corresponding relationship of the registered movable storage device and the presupposed information.The corresponding relationship may include: that registration equipment 1 is right
Answer sequence number 1, partition information 1;Register 2 corresponding sequence number 2 of equipment, partition information 2 etc..
In this way, the embodiment of the present invention can be carried out for the movable storage device for needing to be registered to system of the embodiment of the present invention
The registration of facility information, to generate the corresponding relationship of registered movable storage device and presupposed information, which is one
To one corresponding relationship.
Optionally, the application layer generates registered movable storage device and presupposed information in response to the registration request
Corresponding relationship after, can also include: according to the method for the embodiment of the present invention
The presupposed information of each registered storage equipment is uploaded to predetermined server by the application layer;
Wherein, application layer can be for the registered movable storage device of each of unallocated policy data, by the pre- of them
If information uploads to predetermined server, predetermined server can configure plan to the corresponding movable storage device of every group of presupposed information
Slightly data, wherein identical policy data or corresponding different plan can be corresponded between different registered movable storage devices
Slightly data, the present invention do not limit this.
The application layer receives the policy data for each registered movable storage device from predetermined server, raw
At the corresponding relationship of registered movable storage device and policy data;
Wherein, the corresponding relationship is for example including registration 1 relative strategy data 1 of equipment;Register 2 relative strategy data 2 of equipment;
Register 3 relative strategy data 1 ... of equipment etc..Wherein, each registered movable storage device can have a strategy number
According to that is, a kind of access control scheme.Such as forbid accessing, or, read-only plaintext, or, read-only plaintext and ciphertext, or, encrypt and read,
Or, normal read-write etc..
The application layer receives the policy data for unregistered movable storage device from predetermined server and preservation.
Wherein, since terminal device can also access the movable storage device of unregistered system, the embodiment of the present invention
Predetermined server the policy data for all unregistered movable storage devices can also be issued to application layer, in this way, using
Layer can receive the policy data for all unregistered movable storage devices from predetermined server, and be stored in this
Ground.
It is set in this way, the application layer of the embodiment of the present invention can be received from predetermined server for each registered mobile storage
The policy data of the access control of standby and all unregistered movable storage devices, thus generate registered movable storage device with
Corresponding relationship between policy data, and preserve the policy data for all unregistered movable storage devices.
It should be noted that the application layer of the embodiment of the present invention whether receives the plan for registered movable storage device
Slightly data, or reception can for the receiving time of policy data for the policy data of unregistered movable storage device
It to receive in advance, can also be received during access control, if that being directed to the policy data of some movable storage device
It is updated, then it can be by way of plugging the movable storage device again, to use updated policy data to come to the shifting
The file access of dynamic storage equipment is controlled.
Optionally, if the target strategy data are to forbid accessing, when executing step 108, the file filter is driven
It is dynamic to return to error message in response to the file access request to forbid to the file on the target movable storage device
Access.
Wherein, filter Driver on FSD can return to error message and give microfiltration driver framework, so that this is to the mesh
File access on mark movable storage device is prohibited.
In this way, the embodiment of the present invention can be according to the target strategy data of movable storage device, to movable storage device
File access forbidden.
Optionally, if the target strategy data are read-only plaintext, when executing step 108, the file filter is driven
It is dynamic to allow to carry out reading behaviour to the clear text file on the target movable storage device in response to the file access request
Make, refuses the file access request to the target movable storage device in addition to reading plaintext.
Wherein, since the target strategy data for the target movable storage device (such as USB flash disk) are read-only plaintext,
Any file access other than reading plaintext can be all rejected, so, if this document access request is to read on the USB flash disk
Some clear text file, then filter Driver on FSD can allow the read operation.But if this document access request is read-only plaintext
Except file operation, then can all be refused by filter Driver on FSD.Such as the ciphertext data on USB flash disk are read out request,
Request etc. to data write-in is carried out on USB flash disk.
In this way, the embodiment of the present invention can be according to the target strategy data of movable storage device, to movable storage device
File carry out the access control of read-only plaintext.
Optionally, if the target strategy data are read-only plaintext and ciphertext, when executing step 108, the file
Filtration drive can allow in response to the file access request to clear text file on the target movable storage device and close
File carries out read operation, refuses the file to the target movable storage device in addition to reading plaintext and in addition to reading ciphertext
Access request, wherein when the file access request includes carrying out read operation to cryptograph files, then the filter Driver on FSD
The cryptograph files read from the target movable storage device are decrypted.
Wherein, since the target strategy data for the target movable storage device (such as USB flash disk) are read-only plaintext and close
Text, thus in addition to read plaintext access request other than, and in addition to read ciphertext access request other than any file access all
It can be rejected, so, if this document access request includes some clear text file read on the USB flash disk, filter Driver on FSD
It can allow the read operation;For another example, this document access request includes some cryptograph files read on the USB flash disk, then file filter
Driving can also allow the read operation, and after reading the cryptograph files, and encryption/decryption module can be called to come to ciphertext text
Part is decrypted, and the data after decryption are returned to microfiltration driver framework.
It, all can be literary but if this document access request is to read in plain text and read the file access operation except ciphertext
Part filtration drive refusal.Such as the request etc. of data write-in is carried out to USB flash disk.
In this way, the embodiment of the present invention can be according to the target strategy data of movable storage device, to movable storage device
File carry out the access control of read-only plaintext and read-only ciphertext.
Optionally, if the target strategy data are to encrypt and read, when executing step 108, the file filter is driven
It is dynamic to allow to carry out file read operation and file to the target movable storage device in response to the file access request
Write operation, wherein when the file access request includes the write operation to file, then obtained according to the file access request
The cryptograph files that encryption obtains are written to the mobile storage of the target and set by data to be written to the data encryption to be written
It is standby;When the file access request includes the read operation to file, then access of continuing is obtained according to the file access request
According to the return data to be read.
Wherein, since the target strategy data for the target movable storage device (such as USB flash disk) are to encrypt and read, institute
With if this document access request includes to USB flash disk write-in data (whether plaintext or ciphertext), filter Driver on FSD meeting
Allow the write operation, also, encryption/decryption module can be called to encrypt to the data to be written, by encrypted ciphertext text
The target movable storage device is written in part;In addition, when the file access request includes the read operation to file, then file mistake
Filter driving can allow the read operation of this document, can be obtained according to the file access request on USB flash disk data to be read (no matter
It is clear data or ciphertext data), then, the data to be read that will acquire return to microfiltration driver framework.
In this way, the embodiment of the present invention can be according to the target strategy data of movable storage device, to movable storage device
Carry out the access control of file encryption write-in.
Optionally, if the target strategy data are normal read-write, when executing step 108, the file filter is driven
It is dynamic to allow to carry out file read operation and file to the target movable storage device in response to the file access request
Write operation, wherein when the file access request includes the write operation to file, then obtained according to the file access request
Data (plaintext or cipher text) to be written operate without encryption and decryption, and the data to be written are directly written to the target and are moved
Dynamic storage equipment;When the file access request includes the read operation to file, then obtained according to the file access request
It is (wherein, straight to the data to be read on movable storage device to return to the data to be read for data (plaintext or cipher text) to be read
Reading is connect, is operated without any encryption and decryption, the data of reading is returned into microfiltration driver framework).
In this way, the embodiment of the present invention can be according to the target strategy data of movable storage device, to movable storage device
The access control for carrying out normal file write-in and reading is operated without any encryption and decryption.
The policy data of configuration of the embodiment of the present invention includes but is not limited to forbid access, read-only plaintext (mobile memory medium
On with file existing for plaintext version), read-only plaintext and ciphertext (ciphertext refers to by the encrypted file of filter Driver on FSD),
Encrypt and read (the new file of the file or write-in that are changed on mobile memory medium, by encrypted write-in), normal read-write (is
Refer to the file of plaintext version present on mobile memory medium, the cryptograph files direct read/write encrypted by filter Driver on FSD,
It is operated without encryption and decryption).And it only has one in the above-mentioned policy data enumerated for any one mobile memory medium
Kind policy data, thereby it can be assured that the mutual exclusion on the control strategy of mobile memory medium, avoidance strategy data contradiction.
For policy data unlisted in above-described embodiment, in the visit for carrying out mobile memory medium using the policy data
When asking control, principle is similar, therefore, no longer repeats one by one here, is enumerated here based on above-mentioned illustrated embodiments are available
Every kind of policy data step 108 embodiment.
The access control method and system architecture of the movable storage device of the embodiment of the present invention are advanced, consistent, compatible
Property it is high;Since the access to mobile memory medium is configured with policy data, so as to promote client secure, and system
Deployment is convenient, flexible;In addition, the mobile memory medium of control of the embodiment of the present invention does not need to make specially treated, do not depend on specific
Environment, flexibility ratio are high;And buying special movement storage medium is not needed, not additional hardware cost burden realizes movement
The refined rights management of storage medium.
By means of the above method of the embodiment of the present invention, by having detected whether mobile memory medium by filter Driver on FSD
It is linked into equipment, the risk of detection not in time can be inserted into avoid movable storage device;In addition, the embodiment of the present invention is for control
The mobile memory medium of system includes registered mobile memory medium and unregistered mobile memory medium, so as to store to mobile
The access control of medium provides the control of subdivision function, so that the access control of the mobile memory medium of registered and unregistered system
Schema differences processed;In addition, policy data that mobile memory medium is configured of the embodiment of the present invention can there are many, so as to
So that the control function to mobile memory medium is more comprehensive;It is further to pass through setting Different Strategies data, so as to
The controls such as the file transparent read-write to mobile memory medium, file encryption read-write are supported to operate;By to different mobile storages
Medium configures corresponding policy data, carries out the file access control on mobile memory medium according to policy data, so as to
With when control program changes, by adjusting the policy data configured to the mobile memory medium, so that being stored to mobile
The control of medium is more flexible.
It should be noted that for simple description, therefore, it is stated as a series of action groups for embodiment of the method
It closes, but those skilled in the art should understand that, embodiment of that present invention are not limited by the describe sequence of actions, because according to
According to the embodiment of the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art also should
Know, the embodiments described in the specification are all preferred embodiments, and the related movement not necessarily present invention is implemented
Necessary to example.
It is corresponding with method provided by the embodiments of the present invention, referring to Fig. 3, show a kind of mobile storage of the present invention
The structural block diagram of the access control apparatus embodiment of equipment, can specifically include following module:
Module 31 is obtained, if obtaining the mesh for detecting the presence of target movable storage device access terminal equipment
It marks the target presupposed information of movable storage device and is sent to searching module 32, wherein the target presupposed information includes equipment
Sequence number and partition information;
Searching module 32, for receiving the target presupposed information, and in preconfigured registered movable storage device
With searched whether in the corresponding relationship of presupposed information exist with the matched target movable storage device of the target presupposed information, if
It is then to search in the corresponding relationship between preconfigured registered movable storage device and policy data and moved with the target
It is dynamic to store the corresponding target strategy data of equipment, if it is not, then obtaining the mesh of the unregistered movable storage device of preconfigured correspondence
Mark policy data;
Sending module 33, for sending the target strategy data to the first receiving module 34;
First receiving module 34, for receiving the target strategy data from the sending module 33;
Second receiving module 35, for receiving the file access request for being directed to the target movable storage device;
Control module 36, for being accessed control according to the target strategy data to the file access request.
Optionally, described device further include:
Third receiving module, for receiving the registration request of movable storage device, wherein the registration request includes default
Information, the presupposed information include equipment Serial Number and partition information;
Respond module, for generating pair of registered movable storage device and presupposed information in response to the registration request
It should be related to;
Uploading module, for the presupposed information of each registered storage equipment to be uploaded to predetermined server;
Generation module, for receiving the strategy number for each registered movable storage device from predetermined server
According to generating the corresponding relationship of registered movable storage device and policy data;
4th receiving module, for receiving the policy data for unregistered movable storage device from predetermined server
And it saves.
Optionally, the acquisition module 31, if indicating movable storage device for receiving from microfiltration driver framework
The notice that volume load is completed, then obtain the target presupposed information of the target movable storage device and be sent to searching module 32.
Optionally, second receiving module 35 is also used to receive from microfiltration driver framework mobile for the target
Store the file access request of equipment.
Optionally, the control module 36, if being also used to the target strategy data is to forbid accessing, in response to described
File access request returns to error message to forbid to the file access on the target movable storage device.
Optionally, the control module 36, if being also used to the target strategy data is read-only plaintext, in response to described
File access request allows to carry out read operation to the clear text file on the target movable storage device, refuse to the target
File access request of the movable storage device in addition to reading plaintext.
Optionally, the control module 36 responds if being also used to the target strategy data is read-only plaintext and ciphertext
In the file access request, allow on the target movable storage device clear text file and cryptograph files carry out reading behaviour
Make, refuse the file access request to the target movable storage device in addition to reading plaintext and in addition to reading ciphertext, wherein
When the file access request includes carrying out read operation to cryptograph files, then read to from the target movable storage device
Cryptograph files be decrypted.
Optionally, the control module 36, if being also used to the target strategy data is to encrypt and read, in response to described
File access request allows to carry out file read operation and file write operation to the target movable storage device, wherein work as institute
When to state file access request include the write operation to file, then data to be written are obtained according to the file access request, to institute
Data encryption to be written is stated, the cryptograph files that encryption obtains are written to the target movable storage device, when the file is visited
When asking that request includes the read operation to file, then data to be read is obtained according to the file access request, continued described in return
Take file.
For device embodiment, since it is basically similar to the method embodiment, related so being described relatively simple
Place illustrates referring to the part of embodiment of the method.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, apparatus or calculate
Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can
With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program
The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions
In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these
Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices
Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices
In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet
The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram
The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that
Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus
The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart
And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases
This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as
Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap
Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article
Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited
Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
Above to a kind of access control method of movable storage device provided by the present invention, a kind of movable storage device
Access control system and a kind of access control apparatus of movable storage device, are described in detail, used herein specifically
Principle and implementation of the present invention are described for a example, the present invention that the above embodiments are only used to help understand
Method and its core concept;At the same time, for those skilled in the art is being embodied according to the thought of the present invention
There will be changes in mode and application range, in conclusion the contents of this specification are not to be construed as limiting the invention.
Claims (14)
1. a kind of access control method of movable storage device characterized by comprising
If filter Driver on FSD detects the presence of target movable storage device access terminal equipment, the filter Driver on FSD is obtained
It takes the target presupposed information of the target movable storage device and is sent to application layer, wherein the target presupposed information includes
Equipment Serial Number and partition information;
The application layer receives the target presupposed information, and in preconfigured registered movable storage device and presupposed information
Corresponding relationship in search whether exist with the matched target movable storage device of the target presupposed information, if so, pre-
It searches in corresponding relationship between the registered movable storage device first configured and policy data and is set with the mobile storage of the target
Standby corresponding target strategy data, if it is not, then obtaining the target strategy number of the unregistered movable storage device of preconfigured correspondence
According to;
The target strategy data are sent to the filter Driver on FSD by the application layer;
The filter Driver on FSD receives the target strategy data from the application layer;
The filter Driver on FSD receives the file access request for being directed to the target movable storage device;
The filter Driver on FSD accesses control to the file access request according to the target strategy data.
2. the method according to claim 1, wherein if the filter Driver on FSD detects the presence of target movement
Equipment access terminal equipment is stored, then the filter Driver on FSD obtains the target presupposed information of the target movable storage device
And be sent to before application layer, the method also includes:
The registration request of application layer reception movable storage device, wherein the registration request includes presupposed information, the default letter
Breath includes equipment Serial Number and partition information;
The application layer generates the corresponding relationship of registered movable storage device and presupposed information in response to the registration request;
The presupposed information of each registered storage equipment is uploaded to predetermined server by the application layer;
The application layer receives the policy data for each registered movable storage device from predetermined server, generates
Register the corresponding relationship of movable storage device and policy data;
The application layer receives the policy data for unregistered movable storage device from predetermined server and preservation.
3. the method according to claim 1, wherein if the filter Driver on FSD detects the presence of target movement
Equipment access terminal equipment is stored, then the filter Driver on FSD obtains the target presupposed information of the target movable storage device
And it is sent to application layer, comprising:
If filter Driver on FSD receives the notice for indicating that the volume load of movable storage device is completed from microfiltration driver framework,
The filter Driver on FSD obtains the target presupposed information of the target movable storage device and is sent to application layer.
4. the method according to claim 1, wherein the filter Driver on FSD is received for the mobile storage
The file access request of equipment, comprising:
The filter Driver on FSD is asked from the reception of microfiltration driver framework for the file access of the target movable storage device
It asks.
5. described the method according to claim 1, wherein if the target strategy data are to forbid accessing
Filter Driver on FSD accesses control to the file access request according to the target strategy data, comprising:
The filter Driver on FSD returns to error message in response to the file access request to forbid depositing target movement
Store up the file access in equipment.
6. described the method according to claim 1, wherein if the target strategy data are read-only plaintext
Filter Driver on FSD accesses control to the file access request according to the target strategy data, comprising:
The filter Driver on FSD allows in response to the file access request to the plaintext on the target movable storage device
File carries out read operation, refuses the file access request to the target movable storage device in addition to reading plaintext.
7. the method according to claim 1, wherein if the target strategy data be read-only plaintext and ciphertext,
Then the filter Driver on FSD accesses control to the file access request according to the target strategy data, comprising:
The filter Driver on FSD allows in response to the file access request to the plaintext on the target movable storage device
File and cryptograph files carry out read operation, refusal to the target movable storage device in addition to reading plaintext and except reading ciphertext it
Outer file access request, wherein when the file access request includes carrying out read operation to cryptograph files, then the file
The cryptograph files read from the target movable storage device are decrypted in filtration drive;
If the target strategy data are to encrypt and read, the filter Driver on FSD is according to the target strategy data to described
File access request accesses control, comprising:
The filter Driver on FSD allows to carry out file to the target movable storage device in response to the file access request
Read operation and file write operation, wherein when the file access request includes the write operation to file, then according to the text
Part access request obtains data to be written, to the data encryption to be written, the cryptograph files that encryption obtains is written to described
Target movable storage device is then asked according to the file access when the file access request includes the read operation to file
It asks and obtains data to be read, return to the file to be read.
8. a kind of access control apparatus of movable storage device characterized by comprising
Module is obtained, if it is mobile to obtain the target for detecting the presence of target movable storage device access terminal equipment
Store equipment target presupposed information simultaneously be sent to searching module, wherein the target presupposed information include equipment Serial Number and
Partition information;
Searching module for receiving the target presupposed information, and in preconfigured registered movable storage device and is preset
Searched whether in the corresponding relationship of information exist with the matched target movable storage device of the target presupposed information, if so,
It searches in corresponding relationship between preconfigured registered movable storage device and policy data and is deposited with target movement
The corresponding target strategy data of equipment are stored up, if it is not, then obtaining the target plan of the unregistered movable storage device of preconfigured correspondence
Slightly data;
Sending module, for sending the target strategy data to the first receiving module;
First receiving module, for receiving the target strategy data from the sending module;
Second receiving module, for receiving the file access request for being directed to the target movable storage device;
Control module, for being accessed control according to the target strategy data to the file access request.
9. device according to claim 8, which is characterized in that described device further include:
Third receiving module, for receiving the registration request of movable storage device, wherein the registration request includes default letter
Breath, the presupposed information includes equipment Serial Number and partition information;
Respond module, for generating in response to the registration request, registered movable storage device is corresponding with presupposed information to be closed
System;
Uploading module, for the presupposed information of each registered storage equipment to be uploaded to predetermined server;
Generation module, it is raw for receiving the policy data for each registered movable storage device from predetermined server
At the corresponding relationship of registered movable storage device and policy data;
4th receiving module, for receiving the policy data for unregistered movable storage device and guarantor from predetermined server
It deposits.
10. device according to claim 8, which is characterized in that
The acquisition module, if indicating that the volume of movable storage device loads the logical of completion for receiving from microfiltration driver framework
Know, then obtain the target presupposed information of the target movable storage device and is sent to searching module.
11. device according to claim 8, which is characterized in that
Second receiving module is also used to receive the file for being directed to the target movable storage device from microfiltration driver framework
Access request.
12. device according to claim 8, which is characterized in that
The control module, if being also used to the target strategy data is to forbid accessing, in response to the file access request,
Error message is returned to forbid to the file access on the target movable storage device.
13. device according to claim 8, which is characterized in that
The control module, if being also used to the target strategy data is read-only plaintext, in response to the file access request,
Allow to carry out the clear text file on the target movable storage device read operation, refusal removes the target movable storage device
Read the file access request except plaintext.
14. device according to claim 8, which is characterized in that
The control module is visited if being also used to the target strategy data is read-only plaintext and ciphertext in response to the file
It asks request, allows to refuse to described clear text file and cryptograph files progress read operation on the target movable storage device
File access request of the target movable storage device in addition to reading plaintext and in addition to reading ciphertext, wherein when the file is visited
Ask request include to cryptograph files carry out read operation when, then to the cryptograph files read from the target movable storage device into
Row decryption;
The control module, if being also used to the target strategy data is to encrypt and read, in response to the file access request,
Allow to carry out file read operation and file write operation to the target movable storage device, wherein when the file access is asked
When asking including write operation to file, then data to be written are obtained according to the file access request, to the data to be written
The cryptograph files that encryption obtains are written to the target movable storage device by encryption, when the file access request includes pair
When the read operation of file, then data to be read are obtained according to the file access request, returns to the file to be read.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811185662.5A CN109254735A (en) | 2018-10-11 | 2018-10-11 | The access control method and device of movable storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811185662.5A CN109254735A (en) | 2018-10-11 | 2018-10-11 | The access control method and device of movable storage device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109254735A true CN109254735A (en) | 2019-01-22 |
Family
ID=65045986
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811185662.5A Pending CN109254735A (en) | 2018-10-11 | 2018-10-11 | The access control method and device of movable storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109254735A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111783074A (en) * | 2020-07-31 | 2020-10-16 | 广东电网有限责任公司梅州供电局 | Access control method and device of mobile memory, electronic equipment and storage medium |
| CN112257122A (en) * | 2020-10-22 | 2021-01-22 | 深圳软牛科技有限公司 | Data processing method, device and equipment based on T2 chip and storage medium |
| CN112818341A (en) * | 2021-01-26 | 2021-05-18 | 山东方寸微电子科技有限公司 | External device control method and device based on operating system filter layer drive |
| CN113688415A (en) * | 2021-10-27 | 2021-11-23 | 湖南新云网科技有限公司 | File management and control method, equipment and storage medium |
| CN116756786A (en) * | 2023-08-18 | 2023-09-15 | 长扬科技(北京)股份有限公司 | Method and device for controlling use and safety of mobile storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838137A (en) * | 2006-04-26 | 2006-09-27 | 南京大学 | Read-write access control method for plug-in memory device |
| CN102184370A (en) * | 2011-04-11 | 2011-09-14 | 西安电子科技大学 | Document security system based on microfiltration drive model |
| CN102622311A (en) * | 2011-12-29 | 2012-08-01 | 北京神州绿盟信息安全科技股份有限公司 | USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system |
| CN104866784A (en) * | 2015-06-03 | 2015-08-26 | 杭州华澜微科技有限公司 | BIOS encryption-based safety hard disk, and data encryption and decryption method |
| CN106203187A (en) * | 2016-06-26 | 2016-12-07 | 厦门天锐科技股份有限公司 | The USB storage device method for limiting of a kind of filter Driver on FSD and system |
-
2018
- 2018-10-11 CN CN201811185662.5A patent/CN109254735A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838137A (en) * | 2006-04-26 | 2006-09-27 | 南京大学 | Read-write access control method for plug-in memory device |
| CN102184370A (en) * | 2011-04-11 | 2011-09-14 | 西安电子科技大学 | Document security system based on microfiltration drive model |
| CN102622311A (en) * | 2011-12-29 | 2012-08-01 | 北京神州绿盟信息安全科技股份有限公司 | USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system |
| CN104866784A (en) * | 2015-06-03 | 2015-08-26 | 杭州华澜微科技有限公司 | BIOS encryption-based safety hard disk, and data encryption and decryption method |
| CN106203187A (en) * | 2016-06-26 | 2016-12-07 | 厦门天锐科技股份有限公司 | The USB storage device method for limiting of a kind of filter Driver on FSD and system |
Non-Patent Citations (1)
| Title |
|---|
| 陈志远等: "《windows驱动开发》", 31 March 2016, 哈尔滨工程大学出版社 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111783074A (en) * | 2020-07-31 | 2020-10-16 | 广东电网有限责任公司梅州供电局 | Access control method and device of mobile memory, electronic equipment and storage medium |
| CN112257122A (en) * | 2020-10-22 | 2021-01-22 | 深圳软牛科技有限公司 | Data processing method, device and equipment based on T2 chip and storage medium |
| CN112818341A (en) * | 2021-01-26 | 2021-05-18 | 山东方寸微电子科技有限公司 | External device control method and device based on operating system filter layer drive |
| CN112818341B (en) * | 2021-01-26 | 2023-02-24 | 山东方寸微电子科技有限公司 | External device control method and device based on operating system filter layer drive |
| CN113688415A (en) * | 2021-10-27 | 2021-11-23 | 湖南新云网科技有限公司 | File management and control method, equipment and storage medium |
| CN116756786A (en) * | 2023-08-18 | 2023-09-15 | 长扬科技(北京)股份有限公司 | Method and device for controlling use and safety of mobile storage medium |
| CN116756786B (en) * | 2023-08-18 | 2023-11-07 | 长扬科技(北京)股份有限公司 | Method and device for controlling use and safety of mobile storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109254735A (en) | The access control method and device of movable storage device | |
| US11381572B2 (en) | Pervasive intermediate network attached storage application | |
| EP2756445B1 (en) | Securing data usage in computing devices | |
| US11689575B2 (en) | Network access by applications in an enterprise managed device system | |
| US20180131721A1 (en) | Enforcing enterprise requirements for devices registered with a registration service | |
| CN103577761B (en) | A kind of method and apparatus for processing private data in a mobile device | |
| CN104025544B (en) | Sensitive information leakage prevention system, and sensitive information leakage prevention method | |
| CN102622311A (en) | USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system | |
| US10146461B2 (en) | Automatic back-up system with verification key and method of operation thereof | |
| US20200278813A1 (en) | Multi cloud data framework for secure data access and portability | |
| KR20150052010A (en) | Network system for implementing a cloud platform | |
| US20170373853A1 (en) | Managing user profiles securely in a user environment | |
| BR112020007864A2 (en) | asset management devices and methods | |
| WO2016018217A1 (en) | Location-locked data | |
| CN101350034B (en) | Mobile memory apparatus and method for visiting file | |
| CN114036538A (en) | Database transparent encryption and decryption implementation method and system based on virtual block device | |
| CN109388966A (en) | File permission control method and device | |
| US11232220B2 (en) | Encryption management for storage devices | |
| WO2021188716A1 (en) | Systems and methods for protecting a folder from unauthorized file modification | |
| WO2015152894A1 (en) | Device-type based content management | |
| CN103902919B (en) | A kind of method and device recovering log-on message | |
| CN109583242A (en) | The method and system that fdisk encrypts under a kind of K-UX system | |
| KR101248803B1 (en) | Apparatus for controlling information leakage based access allowed region and its method | |
| CN109033848A (en) | Storing data method for safe operation and system | |
| US20150215380A1 (en) | Network system for implementing a cloud platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190122 |
|
| RJ01 | Rejection of invention patent application after publication |