Disclosure of Invention
In view of the above, the present invention is directed to a method for accessing a usb disk and a usb disk, so as to at least partially solve the above problems.
In order to achieve the above object, a first aspect of the present invention provides a method for accessing a usb disk, where the method includes: responding to the received access instruction to the USB flash disk; determining that the access address of the access instruction is a specific address of the U disk; and executing an APDU instruction related to the access instruction or returning data of a specified area to realize response to the access instruction.
Preferably, the specific address is obtained by: and taking the address of the preset file in the file allocation table as the specific address.
Preferably, the preset file is pre-stored in a preset directory of a preset partition of the usb disk.
Preferably, the executing the corresponding APDU instruction or returning the data of the designated area includes: if the access instruction is a write instruction, executing an APDU instruction related to the access instruction; and if the access instruction is a reading instruction, returning the data of the specified area.
Preferably, before the returning the data of the designated area, the method further comprises: and judging whether the specified area has valid data or not, if so, returning the data of the specified area, and otherwise, returning a null value or an error.
Preferably, the executing the APDU instruction related to the access instruction includes: extracting data in a data field of the access instruction; and executing the APDU instruction which has a mapping relation with the data.
Preferably, after the APDU instruction having the mapping relation with the data is executed, the method further includes: and writing the execution result of the APDU instruction into the specified area.
In a second aspect of the present invention, there is also provided a usb disk, including an interface section, a storage section, and a control section, the control section being configured to: determining an access address of an access instruction acquired from the interface unit as a specific address in the storage unit; and executing an APDU instruction related to the access instruction or returning data of a specified area to realize response to the access instruction.
Preferably, the storage component includes a preset file, the preset file is prestored in a preset directory of a preset partition of the storage component, and an address of the preset file in a file allocation table is used as the specific address.
Preferably, the storage means comprises a private partition invisible to the host operating system, the private partition being accessible only by the APDU instructions.
The present invention also provides a computer storage medium having a computer program stored thereon, which when executed by a processor implements any of the above-described methods for accessing a usb disk.
The USB flash disk access method and the USB flash disk have the following beneficial effects:
1) in this embodiment, the personalized application processing is executed by using a general interface provided by the operating system without acquiring the ROOT authority, and the access to the private partition is realized through the application processing, so that the security and reliability of the system are ensured.
2) The key data are stored in the private partition of the USB flash disk, and the data can be transmitted and stored in a ciphertext mode according to application requirements, so that the safety of the data is guaranteed.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
Fig. 1 is a schematic step diagram of a U-disk access method in an embodiment of the present invention, and as shown in fig. 1, the U-disk access method includes:
s11, responding to the received access instruction to the U disk;
when the U disk receives an access instruction through the USB interface, the access instruction is a general instruction, specifically an SCSI general instruction, and the SCSI general instruction is adopted because an operating system generally adopts a file system in the form of FAT16/FAT32/NTFS and the like and is managed through an SCSI instruction set. The USB flash disk only needs to process the general instruction issued by the general operating system, so that additional permission is not needed.
S12, determining the access address of the access instruction as the specific address of the U disk;
the particular address in this embodiment includes one or a combination of a particular partition and a particular offset. For example, the partition of the access operation is determined as the first partition, and the access address is the same as the value of a preset global variable ADDR. The setting step of the global variable ADDR will be described in detail later.
And S13, executing the APDU instruction related to the access instruction or returning the data of the designated area to realize the response to the access instruction.
And if the determination condition in the last step is met, intercepting or discarding the access instruction, and not executing the function of the access instruction any more. Wherein intercepting or discarding specifically comprises: intercepting, then extracting APDU, executing APDU according to mapping relation, if it is illegal APDU command, not executing, and writing error state into designated address. But the response to the access instruction is completed by executing the APDU instruction corresponding to the access instruction or directly returning the data of the designated area. The APDU command is adopted to utilize the normative of the APDU command on data transmission, but also ensure the isolation of the APDU command from the universal command of the USB flash disk. Through the steps, the access of the universal command to the USB flash disk is avoided, and the technical effect of data safety is realized on the premise of ensuring the access safety of the USB flash disk.
Fig. 2 is a flowchart of creating a default file according to an embodiment of the present invention, as shown in fig. 2. In this embodiment, the preset file is pre-stored in a preset directory of a preset partition of the usb disk. Specifically, when the usb disk is issued, a predetermined specified directory is established in a predetermined fixed partition (in this embodiment, the first partition is used) of the usb disk through the host operating system, for example: the preset directory is \ Android \ data \ com. And establishing a file zhixin No. crd with a fixed name under the preset directory, wherein the file is the preset file, hereinafter referred to as IO file.
Fig. 3 is a flowchart of specific address determination according to an embodiment of the present invention, as shown in fig. 3. In this embodiment, the specific address is obtained by: and taking the address of the preset file in the file allocation table as the specific address. When the issued USB flash disk is used, the USB flash disk is inserted into a USB port of a host, after the USB flash disk is electrified, a security chip completes a series of initialization operations, the FAT file system of a first partition is analyzed, and IO files are searched: zhixinio. crd. If the file exists, assigning the address of the file to a specific address: a global variable ADDR; otherwise, the global variable ADDR is assigned null. And after the address resolution is finished, finishing the enumeration process according to the flow of the host operating system. Through the steps, the IO file is accessed to be equal to the matching judgment of the operation address, and the triggering judgment process is simplified.
In an embodiment, the executing the corresponding APDU instruction or returning the data of the designated area includes: if the access instruction is a write instruction, executing an APDU instruction related to the access instruction; and if the access instruction is a reading instruction, returning the data of the specified area. The following describes a writing process corresponding to the "write command" and a reading process corresponding to the "read command", respectively.
Fig. 4 is a schematic flow chart illustrating a process flow of a "write command" according to an embodiment of the present invention, as shown in fig. 4. In this embodiment, when the upper computer application needs to send an instruction to the usb disk, the instruction to be sent is used as data to be written into the IO file, a WRITE command (0x2A) common to the operating system is called, and after receiving the WRITE command, the usb disk makes a determination: if the partition of the write operation is the first partition and the access address is the same as the address of the global variable ADDR, the instruction is intercepted. Analyzing and processing a data field in an instruction, and extracting data in the data field of the access instruction; and executing the APDU command with the mapping relation with the data to complete the function corresponding to the APDU command. The APDU command can complete functions of encryption, decryption, private partition storage, PIN verification, other personalized command processing and the like. And further saving the processing result and the data to be returned to a specified area, such as a global variable Buff _ CMD. The subsequent steps are favorable for enabling the upper computer to obtain the execution result of the APDU instruction and return data. The APDU instruction is set, so that data operation on the private partition of the secure flash disk can be realized, and various customization functions can be realized.
Fig. 5 is a diagram illustrating APDU instruction types according to an embodiment of the present invention, as shown in fig. 5. After the personalization application instruction is re-parsed from the WRITE command (0x2A), the instruction is executed. Wherein the personalized application instructions comprise: encryption, decryption, private partition storage, verification of PINs and other personalization instructions.
FIG. 6 is a flowchart illustrating a process of a "read instruction" according to an embodiment of the present invention, as shown in FIG. 6. In this embodiment, when the upper computer software needs to obtain an instruction execution result or return data, an operating system universal interface is called, a Read (0x28) instruction is sent to an IO file, and after receiving a Read instruction, the usb disk makes a determination: if the partition of the read operation is the first partition and the access address is the same as the address of the global variable ADDR, the instruction is intercepted, the data in the file is not actually read, and the processing result of the instruction stored in the designated area (Buff _ CMD) in the previous step and the data to be returned serve as the return data of the read instruction and are returned to the upper computer application. When no valid data exists in the designated area, a null value or an error is returned. Therefore, before returning the data of the designated area, a step of judging whether the designated area has valid data is added, which is beneficial to the abnormal feedback of the system and improves the use experience.
It can be seen from the above embodiments that the upper computer software calls the general interface of the operating system to access the partition of the usb disk without additional permission, and the embodiments of the present invention perform special processing on the general instruction used by the general interface, mainly process the read-write instruction of the file, and implement transmission of the private instruction, thereby implementing security and personalized application.
Fig. 7 is a schematic view of a usb flash drive according to an embodiment of the present invention, as shown in fig. 7. In this embodiment, a usb disk is further provided, which includes an interface unit, a storage unit, and a control unit, where the control unit is configured to: determining an access address of an access instruction acquired from the interface unit as a specific address in the storage unit; and executing an APDU instruction related to the access instruction or returning data of a specified area to realize response to the access instruction.
For specific limitations of the functions implemented by the control unit, reference may be made to the above limitations of the usb disk access method, which will not be described herein again. Where the control components may provide communication isolation between the high speed USB and EMMC buses.
In an embodiment, the storage component includes a preset file, the preset file is prestored in a preset directory of a preset partition of the storage component, and an address of the preset file in a file allocation table is used as the specific address. Through a host operating system, a specified directory is established in a fixed partition (in this scheme, a first partition is used) of the usb disk, and a file with a fixed name, that is, the aforementioned IO file, is established under the specified directory: zhixin No. crd, the specified directory in this embodiment is \ Android \ data \ com. The issued security USB flash disk is powered on again, the security chip analyzes the FAT file system of the first partition after finishing a series of initialization operations, and IO files are searched: zhixinio. crd. If the file exists, assigning the address of the file to a global variable ADDR, otherwise, assigning the ADDR to be null. And after the address resolution is finished, finishing the enumeration process according to the flow of the host operating system.
In an embodiment, the storage component comprises a private partition invisible to the host operating system, the private partition being accessible only by the APDU instructions. In order to improve the safety of the U disk, besides the ordinary partition and the encryption partition, a third partial storage partition is provided: invisible "private partition": only the security chip can access, the outside is invisible, and the operating system and the upper computer software cannot directly access. The data can be read and written in plaintext or ciphertext; the data can be stored in plaintext or ciphertext; the method can be used as a single storage area for unified management, and can also be divided into different functional areas according to applications, and different security attributes are added for independent management. Since the private partition is invisible to the host operating system and cannot utilize the file system of the host operating system, the private instruction in the SCSI command set needs to be used to manage the partition through the security chip. In this embodiment, an APDU instruction is used to access the data.
Embodiments of the present invention also provide a computer storage medium having a computer program stored thereon, where the computer program is executed by a processor to implement the method for accessing a usb disk according to the embodiments.
The embodiment of the invention provides a method for executing a private instruction without Root authority, realizing personalized application processing and accessing a private partition through a personalized application.
Although the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the details of the above embodiments, and various simple modifications can be made to the technical solutions of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and the simple modifications all belong to the protection scope of the embodiments of the present invention.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, the embodiments of the present invention do not describe every possible combination.
Those skilled in the art will understand that all or part of the steps in the method according to the above embodiments may be implemented by a program, which is stored in a storage medium and includes several instructions to enable a single chip, a chip, or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In addition, any combination of different implementation manners of the embodiments of the present invention can be performed, and the embodiments of the present invention should be considered as disclosed in the embodiments of the present invention as long as the combination does not depart from the idea of the embodiments of the present invention.