CN111177783B - Method and device for preventing mobile storage medium from being divulged - Google Patents
Method and device for preventing mobile storage medium from being divulged Download PDFInfo
- Publication number
- CN111177783B CN111177783B CN201911419947.5A CN201911419947A CN111177783B CN 111177783 B CN111177783 B CN 111177783B CN 201911419947 A CN201911419947 A CN 201911419947A CN 111177783 B CN111177783 B CN 111177783B
- Authority
- CN
- China
- Prior art keywords
- storage medium
- mobile storage
- hidden area
- information
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Abstract
The invention discloses a method and a device for preventing a mobile storage medium from being divulged. Wherein, the method comprises the following steps: compressing the storage space of the mobile storage medium, and dividing a hidden area in the released storage space; mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in a system; and encrypting and decrypting the read-write content in the logic disk through an encryption and decryption engine so as to ensure that the data in the hidden area is subjected to security protection. The invention solves the technical problem that the mass production tool based on the USB flash disk main control chip in the related technology can only safely protect the equipment matched with the USB flash disk main control chip, and has no universality, so that the information protection of the mobile storage medium is incomplete.
Description
Technical Field
The invention relates to the field of data protection, in particular to a method and a device for preventing a mobile storage medium from being divulged.
Background
With the development of digital technology, the mobile flash memory technology is mature, and the application of the mobile storage medium is very wide in daily life and business office scenes. However, in the process of file interaction, the mobile storage medium itself has no control of access right, and once the mobile storage medium is lost, the data files inside the mobile storage medium are not protected, so that the risk of leakage is faced. If there is personal privacy or company trade secrets, then an immeasurable loss may result.
In order to overcome the above problems, the mass production tool based on the usb flash disk main control chip may divide the removable storage medium into a plurality of partitions according to actual requirements, such as a CD-ROM (Compact Disc Read-Only Memory) area, a normal area, a hidden area, and the like. The loading of the hidden area can be mapped into the visible drive letter for use only after the loading of the hidden area passes the program authentication. The hidden area may hold some private or secret data. Fig. 1 shows a flow chart of a method for preventing a mobile storage medium from being compromised in the prior art. As shown in fig. 1, the system runs mass production tool software, and detects whether the main control chip of the usb disk matches with the main control chip of the usb disk to be mass-produced by the mass production tool software when the usb disk is inserted. And if the USB flash disk is matched with the USB flash disk, carrying out sectional mass production on the USB flash disk according to the preset format and capacity, and pulling out the USB flash disk after the mass production is successful. If not, entering the step of exiting the system. Obviously, this scheme can only carry out the volume production to the equipment that matches with USB flash disk main control chip, because USB flash disk main control chip is various, can't carry out the volume production to all ordinary USB flash disks, does not have the commonality promptly, and information protection is not comprehensive.
Aiming at the technical problems that in the related art, a mass production tool based on a USB flash disk main control chip can only realize safety protection on equipment matched with the USB flash disk main control chip, has no universality and causes incomplete information protection of a mobile storage medium, an effective solution is not provided at present.
Disclosure of Invention
The embodiment of the invention provides a method and a device for preventing disclosure of a mobile storage medium, which are used for at least solving the technical problem that in the related art, a mass production tool based on a USB flash disk main control chip can only safely protect equipment matched with the USB flash disk main control chip, and has no universality, so that the information protection of the mobile storage medium is incomplete.
According to an aspect of the embodiments of the present invention, there is provided a method for preventing a mobile storage medium from being compromised, including: compressing the storage space of the mobile storage medium, and dividing a hidden area in the released storage space; mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in a system; and encrypting and decrypting the read-write content in the logic disk through an encryption and decryption engine so as to ensure that the data in the hidden area is subjected to security protection.
Optionally, the hidden region comprises: header information and entity part information, wherein the header information includes at least one of: user information, key information, encryption and decryption algorithm information, hidden area information and verification information, and the entity part information comprises encrypted data information.
Optionally, before compressing the storage space of the removable storage medium, the method further includes: if the access of the mobile storage medium is detected, judging whether the mobile storage medium is registered; if the mobile storage medium is unregistered, formatting the mobile storage medium and starting a step of compressing the storage space of the mobile storage medium; if the mobile storage medium is the registered mobile storage medium, deleting the existing hidden area in the mobile storage medium and/or formatting the mobile storage medium under the condition that the triggering condition is met.
Optionally, before compressing the storage space of the removable storage medium, the method further includes: if the access of the mobile storage medium is detected, judging whether the mobile storage medium is registered; if the mobile storage medium is unregistered, formatting the mobile storage medium and starting a step of compressing the storage space of the mobile storage medium; if the mobile storage medium is the registered mobile storage medium, displaying the logical disc to which the hidden area in the mobile storage medium is mapped in the system, and completing the encryption and decryption of the read-write content in the logical disc.
Optionally, encrypting and decrypting the read-write content in the logical disk by using an encryption and decryption engine, so that the data in the hidden area is subjected to security protection, including: if the access to the mobile storage medium is detected, checking configuration information of the hidden area, wherein the configuration information comprises at least one of the following: user registration information, authority information of the hidden area, key information and identification information of the mobile storage medium; if the configuration information exists, loading a logical disk mapped by the hidden area in the system, and checking the header information of the hidden area; if the verification is successful, determining an encryption and decryption algorithm and key information based on the header information; if the file operation occurs to the mapped file in the logical disk, calling an encryption and decryption engine; the encryption and decryption engine encrypts the operation data in the logical disk by using an encryption and decryption algorithm and the key information; and writing the encrypted data into the physical sector of the hidden area.
Optionally, after encrypting and decrypting the read-write content in the logical disk by the encryption and decryption engine so that the data in the hidden area is protected securely, the method further includes: if the user logging in the system is an authorized user, the plaintext is obtained when the data in the hidden area is accessed; and if the user logging in the system is an unauthorized user, closing the channel for opening the mobile storage medium.
According to another aspect of the embodiments of the present invention, there is also provided a method for preventing a mobile storage medium from being compromised, including: the mobile storage medium is accessed into the computer equipment; if the registered user is successfully registered and/or passes the verification, synchronizing the security policy data to the mobile storage medium; when the mobile storage medium with the security policy data is accessed into the computer equipment again, the storage space of the mobile storage medium is compressed, and the released storage space is divided into hidden areas; remapping the hidden area obtained by dividing the mobile storage medium, and mapping the hidden area to a logical disk in a system; and encrypting and decrypting the read-write content in the logic disk through an encryption and decryption engine so as to ensure that the data in the hidden area is subjected to security protection.
Optionally, the hidden region comprises: header information and entity part information, wherein the header information includes at least one of: user information, key information, encryption and decryption algorithm information, hidden area information and verification information, and the entity part information comprises encrypted data information.
Optionally, encrypting and decrypting the read-write content in the logical disk by using an encryption and decryption engine to perform security protection on the data in the hidden area, where the method includes: if the mobile storage medium is accessed into the computer device again, checking configuration information of the hidden area, wherein the configuration information comprises at least one of the following: user registration information of the mobile storage medium, authority information of the hidden area, key information and identification information; if the configuration information exists, loading a logical disk mapped by the hidden area in a system of the computer equipment, and checking the header information of the hidden area; if the verification is successful, determining an encryption and decryption algorithm and key information based on the header information; if the file operation occurs to the mapped file in the logical disk, calling an encryption and decryption engine; the encryption and decryption engine encrypts the operation data in the logical disk by using an encryption and decryption algorithm and the key information; and writing the encrypted data into the physical sector of the hidden area.
Optionally, after encrypting and decrypting the read-write content in the logical disk by the encryption and decryption engine so that the data in the hidden area is protected securely, the method further includes: if the user logging in the system is an authorized user, the plaintext is obtained when the data in the hidden area is accessed; and if the user logging in the system is an unauthorized user, closing the channel for opening the mobile storage medium.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for preventing a mobile storage medium from being compromised, including: the compression module is used for compressing the storage space of the mobile storage medium and dividing a hidden area in the released storage space; the mapping module is used for mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in the system; and the encryption and decryption module is used for encrypting and decrypting the read-write content in the logic disk through the encryption and decryption engine so as to perform security protection on the data in the hidden area.
Optionally, the hidden region comprises: header information and entity part information, wherein the header information includes at least one of: user information, key information, encryption and decryption algorithm information, hidden area information and verification information, and the entity part information comprises encrypted data information.
Optionally, the apparatus further comprises: the first judgment module is used for judging whether the mobile storage medium is registered or not if the mobile storage medium is detected to be accessed; the first disk processing module is used for formatting the mobile storage medium and starting the step of compressing the storage space of the mobile storage medium if the mobile storage medium is unregistered; and the second disk processing module is used for deleting the existing hidden area in the mobile storage medium and/or formatting the mobile storage medium under the condition that the trigger condition is met if the mobile storage medium is the registered mobile storage medium.
Optionally, the apparatus further comprises: the second judgment module is used for judging whether the mobile storage medium is registered or not if the mobile storage medium is detected to be accessed; a third disk processing module, configured to format the mobile storage medium and start a step of compressing the storage space of the mobile storage medium if the mobile storage medium is unregistered; and the fourth disk processing module is used for displaying the logical disk mapped by the hidden area in the mobile storage medium in the system if the mobile storage medium is the registered mobile storage medium, and completing the encryption and decryption of read-write contents in the logical disk.
Optionally, the encryption and decryption module includes: a checking module, configured to check configuration information of the hidden area if it is detected that the mobile storage medium is accessed, where the configuration information includes at least one of: user registration information of the mobile storage medium, authority information of the hidden area, key information and identification information; the first sub-processing module is used for loading a logical disk mapped by the hidden area in the system and checking the header information of the hidden area if the configuration information exists; the determining module is used for determining an encryption and decryption algorithm and key information based on the header information if the verification is successful; the calling module is used for calling the encryption and decryption engine if the file operation occurs to the mapped file in the logical disk; the second sub-processing module is used for encrypting the operation data in the logical disk by using an encryption and decryption algorithm and key information by the encryption and decryption engine; and the writing module is used for writing the encrypted data into the physical sector of the hidden area.
Optionally, the apparatus further comprises: the first access module is used for obtaining a plaintext when a user logging in the system is an authorized user and accesses data in the hidden area; and the second access module is used for closing and opening the channel of the mobile storage medium if the user logging in the system is an unauthorized user.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for preventing a mobile storage medium from being compromised, including: the access module is used for detecting that the mobile storage medium is accessed into the computer equipment; the synchronization module is used for synchronizing the security policy data to the mobile storage medium if the registered user is successfully registered and/or passes the verification; the dividing module is used for compressing the storage space of the mobile storage medium when the mobile storage medium with the security policy data is accessed into the computer equipment again and dividing the hidden area in the released storage space; the disk mapping module is used for remapping the hidden areas obtained by dividing the mobile storage medium and mapping the hidden areas to the logical disk in the system; and the security processing module is used for encrypting and decrypting the read-write content in the logic disk through the encryption and decryption engine so as to perform security protection on the data in the hidden area.
According to another aspect of the embodiments of the present invention, there is also provided a storage medium, where the storage medium includes a stored program, and when the program runs, the apparatus on which the storage medium is located is controlled to execute any one of the above-mentioned methods for preventing a mobile storage medium from being compromised.
According to another aspect of the embodiments of the present invention, there is also provided a processor, configured to execute a program, where the program executes a method for preventing a secret from being leaked from any one of the above-mentioned mobile storage media.
In the embodiment of the invention, the storage space of the mobile storage medium is compressed firstly, and the released storage space is divided into hidden areas; then mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in the system; and finally, encrypting and decrypting the read-write content in the logic disk through an encryption and decryption engine so as to ensure that the data in the hidden area is subjected to security protection. Compared with the prior art, the storage space of the mobile storage medium is compressed to obtain the hidden area, the data are protected by the hidden area, the technical problem that the information protection of the mobile storage medium is incomplete due to the fact that a volume production tool based on a USB flash disk main control chip in the related art can only achieve safety protection on equipment matched with the USB flash disk main control chip and is not universal is solved, and the purposes of low implementation cost and high universality are achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of a method for preventing a mobile storage medium from being compromised according to the prior art;
fig. 2 is a flowchart of an alternative method for preventing a mobile storage medium from being compromised according to embodiment 1 of the present invention;
fig. 3 is a schematic structural diagram before and after registration of an alternative removable storage medium according to embodiment 1 of the present invention;
FIG. 4 is a flowchart of an alternative registration management module according to embodiment 1 of the present invention;
fig. 5 is a schematic structural diagram of an alternative hidden area according to embodiment 1 of the present invention;
FIG. 6 is a functional block diagram of an alternative removable storage medium according to embodiment 1 of the present invention;
FIG. 7 is a flowchart illustrating operation of an alternative map load module according to embodiment 1 of the present invention;
fig. 8 is a flowchart of an alternative hidden area mapping disk according to embodiment 1 of the present invention;
fig. 9 is a flowchart of an alternative method for preventing a mobile storage medium from being compromised according to embodiment 2 of the present invention;
fig. 10 is a flowchart of another alternative method for preventing a mobile storage medium from being compromised according to embodiment 2 of the present invention;
fig. 11 is a schematic structural diagram of an alternative device for preventing a mobile storage medium from being compromised according to embodiment 3 of the present invention; and
fig. 12 is a schematic structural diagram of an alternative device for preventing a mobile storage medium from being compromised according to embodiment 4 of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, shall fall within the protection scope of the present invention.
Furthermore, the terms "first," "second," and the like in the description and in the claims, as well as in the drawings, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
In accordance with an embodiment of the present invention, there is provided a method embodiment for preventing compromise of a removable storage medium, it being noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions and that, although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that here.
Fig. 2 is a method for preventing a mobile storage medium from being compromised according to an embodiment of the present invention, and as shown in fig. 2, the method may include the following steps:
step S202, the storage space of the mobile storage medium is compressed, and the released storage space is divided into hidden areas.
In an alternative, the mobile storage medium may be a medium for exchanging information, such as a usb disk, a mobile hard disk, and a memory card; the hidden area can store data needing to be protected.
It should be noted that, after the hidden area is divided, the hidden area may be initialized.
Step S204, mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in the system.
In an alternative, the data in the logical disk can be freely operated without being limited by the rights.
Step S206, the read-write content in the logical disk is encrypted and decrypted through the encryption and decryption engine, so that the data in the hidden area is subjected to security protection.
In an alternative, the Encryption and decryption algorithm used by the Encryption and decryption engine may be an SM1 algorithm, an SM3 algorithm, and an SM4 algorithm in a cryptographic algorithm library, or a BF (break Force, storm) algorithm, a DES (Data Encryption Standard) algorithm, a 3DES (Triple Data Encryption Standard) algorithm, an AES (Advanced Data Encryption Standard) algorithm, and the like in a general algorithm library. Compared with a general algorithm, the national cryptographic algorithm has stronger confidentiality, and a proper algorithm can be selected according to occasion requirements.
In an alternative embodiment, the system compresses the common USB disk inserted into its USB interface, and then maps the hidden area to obtain the logical disk, using the storage space released by the compression as the hidden area. And finally, encrypting and decrypting the content in the logical disk by using a cryptographic algorithm through an encryption and decryption engine so as to protect and view the data in the hidden area.
It is easy to note that the method in this embodiment does not distinguish the brand and the capacity of the mobile storage medium, has good compatibility and strong universality, and effectively reduces the purchasing cost and the management cost.
Based on the scheme of the embodiment of the application, the storage space of the mobile storage medium is compressed, and the released storage space is divided into the hidden area; then mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in the system; and finally, encrypting and decrypting the read-write content in the logic disk through an encryption and decryption engine so as to ensure that the data in the hidden area is subjected to security protection. Compared with the prior art, the storage space of the mobile storage medium is compressed to obtain the hidden area, the data are protected by the hidden area, the technical problem that the information protection of the mobile storage medium is incomplete due to the fact that a volume production tool based on a USB flash disk main control chip in the related art can only achieve safety protection on equipment matched with the USB flash disk main control chip and is not universal is solved, and the purposes of low implementation cost and high universality are achieved.
The above-described components of this embodiment are further described below.
Fig. 3 shows a schematic structural diagram before and after registration of an alternative removable storage medium. As shown in fig. 3, the mobile storage medium before registration includes a boot sector, a reserved sector, and a data area, and the mobile storage medium after registration includes a boot sector, a reserved sector, a data area, a hidden area, and the like. Obviously, according to the scheme of the embodiment, the registered mobile storage medium has more hidden areas.
Optionally, before compressing the storage space of the removable storage medium in step S202, the method may further include:
in step S2011, if it is detected that the mobile storage medium is accessed, it is determined whether the mobile storage medium is registered.
In step S2012, if the mobile storage medium is unregistered, the mobile storage medium is formatted, and a step of compressing the storage space of the mobile storage medium is initiated.
Step S2013, if the registered mobile storage medium is the registered mobile storage medium, deleting the existing hidden area in the mobile storage medium and/or formatting the mobile storage medium when the trigger condition is satisfied.
In an alternative, the triggering condition may be that a counterregistration operation is required.
Specifically, the above steps S2011 to S2013 may be performed by a registration management module in the mobile storage medium. And the registration management module is responsible for registration and counterregistration of the mobile storage medium. Figure 4 shows a flow diagram of the operation of an alternative registration management module. As shown in fig. 4, if it is detected that the removable storage medium is accessed, it is first determined whether the removable storage medium is already registered. When the mobile storage medium is not registered, the mobile storage medium is formatted, then the storage space of the mobile storage medium is compressed, and finally the hidden area is divided on the compressed storage space. When the mobile storage medium is registered, the hidden area exists, if the operation of reverse registration is needed, the hidden area is deleted first, the occupied space of the hidden area of the mobile storage medium is recovered, then formatting is carried out, and finally the step of whether the system is quitted is carried out.
In an alternative embodiment, fig. 5 shows a schematic structural diagram of the hidden area. As shown in fig. 5, the hidden area includes: header information and entity part information, wherein the header information includes at least one of: user information, key information, encryption and decryption algorithm information, hidden area information and verification information, and the entity part information comprises encrypted data information.
Optionally, before compressing the storage space of the removable storage medium in step S202, the method may further include:
in step S2014, if it is detected that the removable storage medium is accessed, it is determined whether the removable storage medium is already registered.
In step S2015, if the mobile storage medium is unregistered, formatting the mobile storage medium, and starting the step of compressing the storage space of the mobile storage medium.
In step S2016, if the registered mobile storage medium is the registered mobile storage medium, the logical disk to which the hidden area in the mobile storage medium is mapped in the system is displayed, and the encryption and decryption of the read and write contents are completed in the logical disk.
The step S2016 may be executed by the mapping loading module of the removable storage medium. Specifically, the mapping loading module may remap the hidden area existing in the mobile storage medium to the system, and after the mapping is completed, the user may freely operate the logical disk mapped by the hidden area.
Based on the foregoing description, fig. 6 shows a functional module schematic diagram of an alternative removable storage medium, wherein the removable storage medium is used as a carrier of data, and mainly used for storing data, and the functional module schematic diagram includes a registration management module and a mapping loading module; the registration management module is used for compressing the storage space of a common mobile storage medium, dividing the released storage space into hidden areas, performing related initialization and restoring the registered mobile storage medium; the mapping loading module can remap the hidden area in the mobile storage medium to the system, and after the mapping is completed, the user can freely operate the logical disk mapped by the hidden area. Of course, the map load module may also be responsible for the following operations:
step S206 encrypts and decrypts the read-write content in the logical disk through the encryption and decryption engine, so as to perform security protection on the data in the hidden area, which may specifically include the following steps:
step S2061, if the mobile storage medium is detected to be accessed, checking the configuration information of the hidden area, wherein the configuration information comprises at least one of the following: user registration information of the mobile storage medium, authority information of the hidden area, key information, and identification information.
Step S2062, if the configuration information exists, the logical disk mapped by the hidden area is loaded in the system, and the header information of the hidden area is checked.
In step S2063, if the verification is successful, the encryption/decryption algorithm and the key information are determined based on the header information.
Step S2064, if the file operation occurs to the file in the logical disk obtained by mapping, the encryption and decryption engine is called.
In step S2065, the encryption and decryption engine encrypts the operation data in the logical disk using the encryption and decryption algorithm and the key information.
Step S2066, writing the encrypted data into the physical sector of the hidden area.
FIG. 7 illustrates an alternative map load module workflow diagram. As shown in fig. 7, the map loading module is responsible for checking the hidden area configuration of the removable storage medium, loading and mapping the hidden area into the operating system after the information of the hidden area is verified, and writing the encrypted data written in the logical disk by the user into the physical sector of the removable storage medium. Specifically, after the system is powered on, if the access to the mobile storage medium is detected, whether the configuration information of the hidden area exists is checked. If the configuration information of the hidden area exists, loading a logical disk mapped by the hidden area in the system, and checking the header information of the hidden area. If the verification is successful, an encryption and decryption algorithm and key information are determined based on the header information. And if the file operation occurs to the file in the logical disk obtained by mapping, calling an encryption and decryption engine. The encryption and decryption engine encrypts the operation data in the logical disk by using an encryption and decryption algorithm and key information, finally writes the encrypted data into a physical sector of the hidden area, confirms whether to enter a step of exiting the system, and disconnects the logical disk under the condition of confirming the exiting of the system. If the configuration information of the hidden area does not exist, the process is finished directly.
Optionally, after the step S206 encrypts and decrypts the read-write content in the logical disk by using the encryption and decryption engine, so that the data in the hidden area is protected securely, the method may further include:
step S2071, if the user logging in the system is an authorized user, and accesses the data in the hidden area, a plaintext is obtained.
In one alternative, the plaintext may be data that is not encrypted.
Step S2072, if the user logging in the system is an unauthorized user, the channel for opening the removable storage medium is closed.
For example, if the user logged into the system is an unauthorized user, the system may close the channel that opens the removable storage media, disable the removable storage device without any processing being performed on the removable storage device.
Fig. 8 shows a flow chart of the operation of an alternative hidden area mapping disk. As shown in fig. 8, a hidden area disk mapping drive is developed by using the technology of mapping physical sectors of a storage medium to a disk, so as to realize the function of mapping continuous physical sectors of the storage medium to a logical drive, and the underlying data operation realizes encrypted storage. Specifically, when an application program started in the desktop performs an access operation on a file, the following steps are performed: the application program reads and writes the file, the I/O request of the file is transmitted to the system kernel for processing, and is responsible for receiving the processing result and returning the processing result to the calling module; the file opening request is sent to the kernel layer, the kernel forwards the file I/O read-write request to the file system, and the file system analyzes and converts the I/O request and then sends the I/O request to the disk drive; the hidden area mapping disk device receives the I/O access request, and calls a hidden area mapping disk encryption and decryption engine to encrypt and decrypt data aiming at the read-write I/O request. The encryption and decryption engine is responsible for scheduling the encryption and decryption algorithm library and the key management module, carrying out encryption or decryption operation on the data and returning the result to the calling module; and moving the storage medium, and finally enabling the I/O request to reach the hardware equipment, writing data into a physical sector of the storage equipment or reading the data, and returning the data to the upper layer calling module.
In the scheme, the storage space of the mobile storage medium is compressed firstly, and the released storage space is divided into hidden areas; then mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in the system; and finally, encrypting and decrypting the read-write content in the logic disk through an encryption and decryption engine so as to ensure that the data in the hidden area is subjected to security protection. Compared with the prior art, the storage space of the mobile storage medium is compressed to obtain the hidden area, the data are protected by the hidden area, the technical problem that the information protection of the mobile storage medium is incomplete due to the fact that a volume production tool based on a USB flash disk main control chip in the related art can only achieve safety protection on equipment matched with the USB flash disk main control chip and is not universal is solved, and the purposes of low implementation cost and high universality are achieved. It is easy to notice that the above scheme achieves the purposes of stable technology, high compatibility and convenient and flexible deployment by dividing the architecture of the mobile storage medium into a registration management module and a mapping loading module; the security of the domestic encryption algorithm is high; the implementation cost is greatly reduced because no special hardware equipment is needed; the using habit of the user can not be changed, the learning and training cost is low, and the loss caused by the loss of the mobile storage medium can be effectively prevented.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
Example 2
In accordance with an embodiment of the present invention, there is provided a method embodiment for preventing compromise of a removable storage medium, it being noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions and that, although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that here.
Fig. 9 is a flowchart of a method for preventing a mobile storage medium from being compromised, where, as shown in fig. 9, the method includes the following steps:
in step S901, the mobile storage medium is accessed to the computer device.
In an alternative, the removable storage medium may be a usb disk, a removable hard disk, a memory card, or other media for information exchange.
And step S902, if the registered user is successfully registered and/or passes the verification, synchronizing the security policy data to the mobile storage medium.
In an alternative, the user who has successfully registered and/or passed the authentication may be an intra-enterprise user; the above security policy data may be selected or filled in by the user in the system when the user registers or authenticates, which are all the prior art and are not described herein again.
Step S903, when the mobile storage medium with the security policy data is accessed to the computer device again, the storage space of the mobile storage medium is compressed, and the released storage space is divided into hidden areas.
In an alternative, the hidden area may store data that needs to be protected.
It should be noted that, after the hidden area is divided, the hidden area may be initialized.
Step S904, remaps the hidden area obtained by dividing the mobile storage medium to a logical disk in the system.
In an alternative, the data in the logical disk can be freely operated without being limited by the rights.
Step S905, the encryption and decryption engine encrypts and decrypts the read-write content in the logical disk, so as to perform security protection on the data in the hidden area.
In an alternative, the Encryption and decryption algorithm used by the Encryption and decryption engine may be an SM1 algorithm, an SM3 algorithm, and an SM4 algorithm in a cryptographic algorithm library, or a BF (break Force, storm) algorithm, a DES (Data Encryption Standard) algorithm, a 3DES (Triple Data Encryption Standard) algorithm, an AES (Advanced Data Encryption Standard) algorithm, and the like in a general algorithm library. Compared with a general algorithm, the national cryptographic algorithm has stronger confidentiality, and a proper algorithm can be selected according to occasion requirements.
It is easy to note that the method in this embodiment does not distinguish the brand and the capacity of the mobile storage medium, has good compatibility and strong universality, and effectively reduces the purchasing cost and the management cost.
Optionally, the hidden region comprises: header information and entity part information, wherein the header information includes at least one of: user information, key information, encryption and decryption algorithm information, hidden area information and verification information, and the entity part information comprises encrypted data information.
Optionally, in step S905, the encryption and decryption engine encrypts and decrypts the read-write content in the logical disk, so as to perform security protection on the data in the hidden area, which may specifically include the following steps:
step S9051, if the mobile storage medium is accessed into the computer device again, checking configuration information of the hidden area, wherein the configuration information comprises at least one of the following: user registration information of the mobile storage medium, authority information of the hidden area, key information, and identification information.
Step S9052, if the configuration information exists, loading the logical disk mapped by the hidden area in the system of the computer equipment, and checking the header information of the hidden area.
And step S9053, if the verification is successful, determining an encryption and decryption algorithm and key information based on the header information.
And step S9054, if the file operation occurs to the file in the mapped logical disk, calling an encryption and decryption engine.
In step S9055, the encryption and decryption engine encrypts the operation data in the logical disk using the encryption and decryption algorithm and the key information.
And step S9056, writing the encrypted data into the physical sector of the hidden area.
Optionally, in step S905, after encrypting and decrypting the read-write content in the logical disk by the encryption and decryption engine, so that the data in the hidden area is protected securely, the method may further include:
step S9061, if the user logging in the system is an authorized user, and the data in the hidden area is accessed, a plaintext is obtained.
In one alternative, the plaintext may be data that is not encrypted.
And step S9062, if the user logging in the system is an unauthorized user, closing the channel for opening the mobile storage medium.
In an alternative embodiment, FIG. 10 illustrates a workflow diagram for an enterprise data security management system. As shown in fig. 10, an employee first logs in the system, synchronizes security policy data for the mobile storage medium, and then retrieves the registered mobile storage medium. If the mobile storage medium with the security policy data is accessed to the computer device, the computer device checks whether the hidden area exists in the mobile storage medium. If not, the computer equipment disables the mobile storage medium and enters the step of judging whether to exit the system or not; if yes, loading the hidden area, mapping the hidden area to a logical disk of the system, and after the mapping is completed, the staff can freely operate the file mapped to the logical disk of the system by the hidden area.
It should be noted that, according to the characteristics of the financial industry, the scheme of the embodiment can implement management and protection on the mobile storage device according to the user requirements, prevent secret leakage from being missed, implement secure access and storage of files without increasing the cost, and prevent secret leakage from occurring.
It should be noted that, in the above example 2 of the present application, the preferred embodiment is the same as the scheme and application scenario implementation process provided in example 1, but is not limited to the scheme provided in example 1.
Example 3
According to the embodiment of the present invention, an apparatus for preventing a mobile storage medium from being compromised is provided, and it should be noted that the apparatus for preventing a mobile storage medium from being compromised according to the embodiment of the present application may be used to execute the method for preventing a mobile storage medium from being compromised according to embodiment 1 of the present application. The following describes an apparatus for preventing disclosure of a removable storage medium according to an embodiment of the present invention.
Fig. 11 is a schematic structural diagram of an apparatus for preventing a mobile storage medium from being compromised according to an embodiment of the present application. As shown in fig. 11, the apparatus 1100 includes a compression module 1102, a mapping module 1104, and an encryption/decryption module 1106.
The compressing module 1102 is configured to compress a storage space of the mobile storage medium, and partition a hidden area in the released storage space; a mapping module 1104, configured to map the hidden areas obtained by dividing in the mobile storage medium, and map the hidden areas to a logical disk in the system; the encryption and decryption module 1106 is configured to encrypt and decrypt the read and write content in the logical disk through the encryption and decryption engine, so that the data in the hidden area is protected securely.
Optionally, the hidden region comprises: header information and entity part information, wherein the header information includes at least one of: user information, key information, encryption and decryption algorithm information, hidden area information and verification information, and the entity part information comprises encrypted data information.
Optionally, the apparatus further comprises: the first judgment module is used for judging whether the mobile storage medium is registered or not if the mobile storage medium is detected to be accessed; the first disk processing module is used for formatting the mobile storage medium and starting the step of compressing the storage space of the mobile storage medium if the mobile storage medium is unregistered; and the second disk processing module is used for deleting the existing hidden area in the mobile storage medium and/or formatting the mobile storage medium under the condition that the trigger condition is met if the mobile storage medium is the registered mobile storage medium.
Optionally, the apparatus further comprises: the second judgment module is used for judging whether the mobile storage medium is registered or not if the mobile storage medium is detected to be accessed; a third disk processing module, configured to format the mobile storage medium and start a step of compressing the storage space of the mobile storage medium if the mobile storage medium is unregistered; and the fourth disk processing module is used for displaying the logical disk mapped by the hidden area in the mobile storage medium in the system if the mobile storage medium is the registered mobile storage medium, and completing the encryption and decryption of read-write contents in the logical disk.
Optionally, the encryption and decryption module includes: a checking module, configured to check configuration information of the hidden area if it is detected that the mobile storage medium is accessed, where the configuration information includes at least one of: user registration information, authority information of the hidden area, key information and identification information of the mobile storage medium; the first sub-processing module is used for loading a logical disk mapped by the hidden area in the system and checking the header information of the hidden area if the configuration information exists; the determining module is used for determining an encryption and decryption algorithm and key information based on the header information if the verification is successful; the calling module is used for calling the encryption and decryption engine if the file operation occurs to the mapped file in the logical disk; the second sub-processing module is used for encrypting the operation data in the logical disk by using an encryption and decryption algorithm and key information by the encryption and decryption engine; and the writing module is used for writing the encrypted data into the physical sector of the hidden area.
Optionally, the apparatus further comprises: the first access module is used for obtaining a plaintext when a user logging in the system is an authorized user and accesses data in the hidden area; and the second access module is used for closing and opening the channel of the mobile storage medium when the user logging in the system is an unauthorized user.
It should be noted that the compression module 1102, the mapping module 1104 and the encryption/decryption module 1106 correspond to steps S202 to S206 in embodiment 1, and the three modules are the same as the corresponding steps in the implementation example and application scenarios, but are not limited to the disclosure in embodiment 3.
Example 4
According to the embodiment of the present invention, an apparatus for preventing a mobile storage medium from being compromised is provided, and it should be noted that the apparatus for preventing a mobile storage medium from being compromised according to the embodiment of the present application may be used to execute the method for preventing a mobile storage medium from being compromised according to embodiment 2 of the present application. The following describes an apparatus for preventing disclosure of a mobile storage medium according to an embodiment of the present invention.
Fig. 12 is a schematic structural diagram of an apparatus for preventing a mobile storage medium from being compromised according to an embodiment of the present application. As shown in fig. 11, the apparatus 1200 includes an access module 1202, a synchronization module 1204, a partitioning module 1206, a disk mapping module 1208, and a security processing module 1210.
The access module 1202 is configured to detect that the mobile storage medium accesses the computer device; a synchronization module 1204, configured to synchronize the security policy data to the mobile storage medium if the registered user is successfully registered and/or authenticated; a dividing module 1206, configured to compress the storage space of the mobile storage medium when the mobile storage medium with the security policy data is accessed to the computer device again, and divide the released storage space into hidden areas; a disk mapping module 1208, configured to remap the hidden area obtained by dividing the mobile storage medium, and map the hidden area to a logical disk in the system; the security processing module 1210 is configured to encrypt and decrypt the read and write content in the logical disk by using an encryption and decryption engine, so that the data in the hidden area is protected securely.
Optionally, the hidden region comprises: header information and entity part information, wherein the header information includes at least one of: user information, key information, encryption and decryption algorithm information, hidden area information and verification information, and the entity part information comprises encrypted data information.
Optionally, the secure processing module comprises: a checking module, configured to check configuration information of the hidden area if it is detected that the mobile storage medium is accessed, where the configuration information includes at least one of: user registration information of the mobile storage medium, authority information of the hidden area, key information and identification information; the first sub-processing module is used for loading the logical disk mapped by the hidden area in the system and checking the head information of the hidden area if the configuration information exists; the determining module is used for determining an encryption and decryption algorithm and key information based on the header information if the verification is successful; the calling module is used for calling the encryption and decryption engine if the file operation occurs to the mapped file in the logical disk; the second sub-processing module is used for encrypting the operation data in the logical disk by using an encryption and decryption algorithm and key information by the encryption and decryption engine; and the writing module is used for writing the encrypted data into the physical sector of the hidden area.
Optionally, the apparatus further comprises: the first access module is used for obtaining a plaintext when a user logging in the system is an authorized user and accesses data in the hidden area; and the second access module is used for closing and opening the channel of the mobile storage medium if the user logging in the system is an unauthorized user.
It should be noted that the access module 1202, the synchronization module 1204, the dividing module 1206, the disk mapping module 1208 and the security processing module 1210 correspond to steps S901 to S905 in embodiment 2, and the five modules are the same as the corresponding steps in the implementation example and application scenarios, but are not limited to the disclosure in embodiment 2.
Example 5
According to an embodiment of the present invention, a storage medium is provided, where the storage medium includes a stored program, and when the program runs, a device in which the storage medium is located is controlled to execute the method for preventing the mobile storage medium from being compromised according to embodiment 1 or 2.
Example 6
According to an embodiment of the present invention, there is provided a processor, configured to execute a program, where the program executes the following steps: compressing the storage space of the mobile storage medium, and dividing a hidden area in the released storage space; mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in a system; and encrypting and decrypting the read-write content in the logic disk through an encryption and decryption engine so as to ensure that the data in the hidden area is subjected to security protection.
Further, other steps in embodiment 1 or 2 may also be performed when the program runs, and are not described herein again.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described apparatus embodiments are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or may not be executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (16)
1. A method of protecting a removable storage media from compromise, comprising:
compressing the storage space of the mobile storage medium, and dividing a hidden area in the released storage space;
mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in a system;
the read-write content in the logic disk is encrypted and decrypted through an encryption and decryption engine, so that the data in the hidden area is subjected to security protection,
encrypting and decrypting the read-write content in the logical disk through an encryption and decryption engine to ensure that the data in the hidden area is subjected to security protection, wherein the encryption and decryption engine comprises the following steps:
checking configuration information of the hidden area if the access to the mobile storage medium is detected, wherein the configuration information comprises at least one of the following: user registration information, permission information of a hidden area, key information and identification information of the mobile storage medium;
if the configuration information exists, loading the logical disk mapped by the hidden area in the system, and checking the header information of the hidden area;
if the verification is successful, determining an encryption and decryption algorithm and key information based on the header information;
if the file operation occurs to the file in the logical disk obtained by mapping, calling the encryption and decryption engine;
the encryption and decryption engine uses the encryption and decryption algorithm and the key information to encrypt and decrypt the operation data in the logical disk;
and writing the encrypted data into the physical sector of the hidden area.
2. The method of claim 1, wherein the hidden area comprises: header information and entity part information, wherein the header information includes at least one of: the encryption and decryption system comprises user information, key information, encryption and decryption algorithm information, hidden area information and verification information, wherein the entity part information comprises encrypted data information.
3. The method of claim 1, wherein prior to compressing the storage space of the removable storage media, the method further comprises:
if the mobile storage medium is detected to be accessed, judging whether the mobile storage medium is registered;
if the mobile storage medium is unregistered, formatting the mobile storage medium and starting a step of compressing the storage space of the mobile storage medium;
if the mobile storage medium is the registered mobile storage medium, deleting the existing hidden area in the mobile storage medium and/or formatting the mobile storage medium under the condition that the triggering condition is met.
4. The method of claim 1, wherein prior to compressing the storage space of the removable storage media, the method further comprises:
if the mobile storage medium is detected to be accessed, judging whether the mobile storage medium is registered;
if the mobile storage medium is unregistered, formatting the mobile storage medium and starting a step of compressing the storage space of the mobile storage medium;
if the storage area is the registered mobile storage medium, displaying the logical disk to which the hidden area in the mobile storage medium is mapped in the system, and completing the encryption and decryption of the read-write content in the logical disk.
5. The method according to claim 1, wherein after encrypting and decrypting the read-write content in the logical disk by an encryption and decryption engine to make the data in the hidden area secure, the method further comprises:
if the user logging in the system is an authorized user, the plaintext is obtained when the data of the hidden area is accessed;
and if the user logging in the system is an unauthorized user, closing and opening the channel of the mobile storage medium.
6. A method of protecting a removable storage media from compromise, comprising:
the mobile storage medium is accessed into the computer equipment;
if the registered user is successfully registered and/or passes the verification, synchronizing the security policy data to the mobile storage medium;
when the mobile storage medium with the security policy data is accessed into the computer equipment again, the storage space of the mobile storage medium is compressed, and the released storage space is divided into hidden areas;
remapping the hidden area obtained by dividing the mobile storage medium, and mapping the hidden area to a logical disk in a system;
the read-write content in the logic disk is encrypted and decrypted through an encryption and decryption engine, so that the data in the hidden area is subjected to security protection,
encrypting and decrypting the read-write content in the logical disk through an encryption and decryption engine to ensure that the data in the hidden area is subjected to security protection, wherein the encryption and decryption engine comprises the following steps:
if the mobile storage medium accesses the computer device again, checking configuration information of the hidden area, wherein the configuration information comprises at least one of the following: user registration information, permission information of a hidden area, key information and identification information of the mobile storage medium;
if the configuration information exists, loading the logical disk mapped by the hidden area in the system of the computer equipment, and checking the header information of the hidden area;
if the verification is successful, determining an encryption and decryption algorithm and key information based on the header information;
if the file operation occurs to the file in the logical disk obtained by mapping, calling the encryption and decryption engine;
the encryption and decryption engine encrypts operation data in the logical disk by using the encryption and decryption algorithm and key information;
and writing the encrypted data into the physical sector of the hidden area.
7. The method of claim 6, wherein the hidden area comprises: header information and entity part information, wherein the header information includes at least one of: the encryption and decryption system comprises user information, key information, encryption and decryption algorithm information, hidden area information and verification information, wherein the entity part information comprises encrypted data information.
8. The method according to claim 7, wherein after encrypting and decrypting the read-write content in the logical disk by an encryption and decryption engine to make the data in the hidden area secure, the method further comprises:
if the user logging in the system is an authorized user, the plaintext is obtained when the data of the hidden area is accessed;
and if the user logging in the system is an unauthorized user, closing and opening the channel of the mobile storage medium.
9. An apparatus for preventing disclosure of a removable storage medium, comprising:
the compression module is used for compressing the storage space of the mobile storage medium and dividing a hidden area in the released storage space;
the mapping module is used for mapping the hidden areas obtained by dividing the mobile storage medium to a logical disk in a system;
an encryption and decryption module for encrypting and decrypting the read-write content in the logical disk through an encryption and decryption engine to ensure that the data in the hidden area is subjected to security protection,
the encryption and decryption module comprises:
a checking module, configured to check configuration information of the hidden area if it is detected that the mobile storage medium is accessed, where the configuration information includes at least one of: user registration information, permission information of a hidden area, key information and identification information of the mobile storage medium;
the first sub-processing module is used for loading the logical disk mapped by the hidden area in the system and checking the header information of the hidden area if the configuration information exists;
the determining module is used for determining an encryption and decryption algorithm and key information based on the header information if the verification is successful;
the calling module is used for calling the encryption and decryption engine if the file operation occurs to the file in the logic disk obtained by mapping;
the second sub-processing module is used for encrypting the operation data in the logical disk by the encryption and decryption engine by using the encryption and decryption algorithm and the key information;
and the writing module is used for writing the encrypted data into the physical sector of the hidden area.
10. The apparatus of claim 9, wherein the hidden area comprises: header information and entity part information, wherein the header information includes at least one of: the encryption and decryption system comprises user information, key information, encryption and decryption algorithm information, hidden area information and verification information, wherein the entity part information comprises encrypted data information.
11. The apparatus of claim 9, further comprising:
the first judgment module is used for judging whether the mobile storage medium is registered or not if the mobile storage medium is detected to be accessed;
the first disk processing module is used for formatting the mobile storage medium and starting the step of compressing the storage space of the mobile storage medium if the mobile storage medium is unregistered;
and the second disk processing module is used for deleting the existing hidden area in the mobile storage medium and/or formatting the mobile storage medium under the condition that a trigger condition is met if the mobile storage medium is the registered mobile storage medium.
12. The apparatus of claim 9, further comprising:
the second judgment module is used for judging whether the mobile storage medium is registered or not if the mobile storage medium is detected to be accessed;
a third disk processing module, configured to format the mobile storage medium and start a step of compressing a storage space of the mobile storage medium if the mobile storage medium is an unregistered mobile storage medium;
and the fourth disk processing module is used for displaying a logical disk mapped by the hidden area in the mobile storage medium in the system if the mobile storage medium is the registered mobile storage medium, and completing the encryption and decryption of read-write contents in the logical disk.
13. The apparatus of claim 9, further comprising:
the first access module is used for obtaining a plaintext when a user logging in a system is an authorized user and accesses the data of the hidden area;
and the second access module is used for closing and opening the channel of the mobile storage medium when the user logging in the system is an unauthorized user.
14. An apparatus for preventing disclosure of a removable storage medium, comprising:
the access module is used for detecting that the mobile storage medium is accessed into the computer equipment;
the synchronization module is used for synchronizing the security policy data to the mobile storage medium if the registered user is successfully registered and/or passes the verification;
the dividing module is used for compressing the storage space of the mobile storage medium when the mobile storage medium with the security policy data is accessed into the computer equipment again and dividing a hidden area in the released storage space;
the disk mapping module is used for remapping the hidden area obtained by dividing the mobile storage medium and mapping the hidden area to a logical disk in a system;
a security processing module, configured to encrypt and decrypt, through an encryption and decryption engine, the read-write content in the logical disk, so as to perform security protection on the data in the hidden area,
the security processing module is further configured to check configuration information of the hidden area if the mobile storage medium is accessed to the computer device again, wherein the configuration information includes at least one of: user registration information, permission information of a hidden area, key information and identification information of the mobile storage medium;
the security processing module is further configured to load a logical disk mapped by the hidden area in the system of the computer device and check header information of the hidden area if the configuration information exists;
the security processing module is further used for determining an encryption and decryption algorithm and key information based on the header information if the verification is successful;
the security processing module is further configured to invoke the encryption and decryption engine if a file operation occurs to a file in the logical disk obtained by mapping;
the security processing module is further used for the encryption and decryption engine to encrypt the operation data in the logical disk by using the encryption and decryption algorithm and the key information;
the security processing module is also used for writing the encrypted data into the physical sector of the hidden area.
15. A storage medium, comprising a stored program, wherein the program, when executed, controls a device on which the storage medium is located to perform a method of preventing a compromise between the removable storage medium according to any one of claims 1 to 5.
16. A processor, configured to execute a program, wherein the program executes to perform the method for preventing a secret leakage of the removable storage medium according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911419947.5A CN111177783B (en) | 2019-12-31 | 2019-12-31 | Method and device for preventing mobile storage medium from being divulged |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911419947.5A CN111177783B (en) | 2019-12-31 | 2019-12-31 | Method and device for preventing mobile storage medium from being divulged |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111177783A CN111177783A (en) | 2020-05-19 |
| CN111177783B true CN111177783B (en) | 2022-05-27 |
Family
ID=70656044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911419947.5A Active CN111177783B (en) | 2019-12-31 | 2019-12-31 | Method and device for preventing mobile storage medium from being divulged |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111177783B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112528319A (en) * | 2020-12-05 | 2021-03-19 | 江苏秉信科技有限公司 | Information local security caching method based on multiple authentications |
| CN116756786B (en) * | 2023-08-18 | 2023-11-07 | 长扬科技(北京)股份有限公司 | Method and device for controlling use and safety of mobile storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1866225A (en) * | 2005-05-20 | 2006-11-22 | 联想(北京)有限公司 | Mapping method for mobile memory device |
| CN101101615A (en) * | 2007-08-09 | 2008-01-09 | 上海格尔软件股份有限公司 | Mobile medium divulgence-proof method based on concealed encrypted partition and PKI technology |
| CN101572660A (en) * | 2008-04-30 | 2009-11-04 | 北京明朝万达科技有限公司 | Comprehensive control method for preventing leakage of data |
| CN102646076A (en) * | 2012-02-21 | 2012-08-22 | 福建伊时代信息科技股份有限公司 | Data anti-leakage method of mobile medium and mobile medium |
| CN109086620A (en) * | 2018-07-19 | 2018-12-25 | 郑州信大捷安信息技术股份有限公司 | Physical isolation dual system construction method based on mobile memory medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9158467B2 (en) * | 2006-02-21 | 2015-10-13 | Spectra Logic Corporation | Optional data encryption by partition for a partitionable data storage library |
| CN100592313C (en) * | 2008-04-30 | 2010-02-24 | 李硕 | Electric document anti-disclosure system and its implementing method |
| CN110569202A (en) * | 2019-09-10 | 2019-12-13 | 深圳市得一微电子有限责任公司 | Multimedia file playing method and system for movable storage equipment |
-
2019
- 2019-12-31 CN CN201911419947.5A patent/CN111177783B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1866225A (en) * | 2005-05-20 | 2006-11-22 | 联想(北京)有限公司 | Mapping method for mobile memory device |
| CN101101615A (en) * | 2007-08-09 | 2008-01-09 | 上海格尔软件股份有限公司 | Mobile medium divulgence-proof method based on concealed encrypted partition and PKI technology |
| CN101572660A (en) * | 2008-04-30 | 2009-11-04 | 北京明朝万达科技有限公司 | Comprehensive control method for preventing leakage of data |
| CN102646076A (en) * | 2012-02-21 | 2012-08-22 | 福建伊时代信息科技股份有限公司 | Data anti-leakage method of mobile medium and mobile medium |
| CN109086620A (en) * | 2018-07-19 | 2018-12-25 | 郑州信大捷安信息技术股份有限公司 | Physical isolation dual system construction method based on mobile memory medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111177783A (en) | 2020-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101853363B (en) | File protection method and system | |
| CN1901067B (en) | Copyright protection system, recording device and decryption device | |
| CN100423041C (en) | Data processing apparatus and method | |
| CN102334124B (en) | File protection method and device | |
| CN101341490B (en) | Method for control access of file system, related system, SIM card and computer program product used therein | |
| US20080016127A1 (en) | Utilizing software for backing up and recovering data | |
| US20090013195A1 (en) | Data Storing Method, Data Playback Method, Data Recording Device, Data Playback Device, and Recording Medium | |
| JP2003058840A (en) | Information protection management program utilizing rfid-loaded computer recording medium | |
| CN103294961A (en) | Method and device for file encrypting/decrypting | |
| EP1440441A2 (en) | Secure single drive copy method and apparatus | |
| CN103793334A (en) | Mobile storage device based data protecting method and mobile storage device | |
| CN111177783B (en) | Method and device for preventing mobile storage medium from being divulged | |
| CN103955654A (en) | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system | |
| CN101779209A (en) | Be used for protecting the system and method for the content that is stored in memory device | |
| CN100547598C (en) | Preserve and retrieve data based on symmetric key encryption | |
| CN110569651A (en) | file transparent encryption and decryption method and system based on domestic operating system | |
| CN105989304A (en) | File storage method, file reading method, file storage apparatus and file reading apparatus | |
| CN103458101B (en) | The hardware encryption storage method of a kind of mobile phone privacy contact person and system | |
| CN103473512A (en) | Mobile storage medium management method and mobile storage medium management device | |
| CN100486157C (en) | Distribution type data encryption method | |
| CN112231779B (en) | Cross-platform data security protection method compatible with BitLocker encrypted disk | |
| CN109543472A (en) | Data safety exchange system | |
| CN101778094B (en) | Mobile storage system used for monitoring | |
| CN103514540A (en) | USBKEY business realization method and system | |
| CN113221139A (en) | Electronic information encryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |