CN114153396B - Data processing method and device, data storage device and terminal device - Google Patents
Data processing method and device, data storage device and terminal device Download PDFInfo
- Publication number
- CN114153396B CN114153396B CN202111463477.XA CN202111463477A CN114153396B CN 114153396 B CN114153396 B CN 114153396B CN 202111463477 A CN202111463477 A CN 202111463477A CN 114153396 B CN114153396 B CN 114153396B
- Authority
- CN
- China
- Prior art keywords
- password
- space
- data processing
- data
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013500 data storage Methods 0.000 title claims abstract description 36
- 238000003672 processing method Methods 0.000 title claims abstract description 22
- 238000012545 processing Methods 0.000 claims abstract description 187
- 238000000034 method Methods 0.000 claims abstract description 21
- 238000013507 mapping Methods 0.000 claims description 24
- 230000007704 transition Effects 0.000 claims description 18
- 238000002955 isolation Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 12
- 238000005192 partition Methods 0.000 description 7
- 230000003993 interaction Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000009434 installation Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
Abstract
The embodiment of the invention discloses a data processing method, a device, data storage equipment and terminal equipment, wherein the data storage equipment comprises a first space and a second space, and the second space is an encryption space; the method judges the target operation type of the data processing password by receiving the password information of the data processing password sent by the host; if the data processing password does not comprise the password information, accessing a first space according to the data processing password, and if the target operation type of the data processing password belongs to a first preset type, accessing the first space according to the data processing password; if the target operation type of the data processing password belongs to a second preset type, accessing a second space according to the data processing password. The isolation of the conventional storage space and the encrypted storage space is realized through the first space and the second space, and the data contents are mapped respectively according to different types of data processing passwords, so that the safety of the stored data is ensured.
Description
Technical Field
The present invention relates to the field of data storage technologies, and in particular, to a data processing method, a data processing device, a data storage device, and a terminal device.
Background
In existing hard disk data security solutions, the entire logical block address (Logical Block Address, LBA) address space of the disk is typically exposed to the host side. The LBA range of, for example, a 240G disk is: 0 to (468862128-1), the host side can see the whole LBA address space. Then in this address space, a system partition is partitioned from the beginning, with some of the latter partitions being used as secure partitions.
This approach has the following disadvantages: the concealment is not good enough, and the host side can sense the condition of the security partition of the lower layer of the disc, so that a certain security risk exists. Since the user can read the data within the secure partition, there is a risk that the data may be deciphered. The existing hard disk storage scheme has the technical problem that the safety is difficult to guarantee.
Disclosure of Invention
In order to solve the above technical problems, embodiments of the present application provide a data processing method, apparatus, data storage device, and terminal device, where the specific scheme is as follows:
in a first aspect, an embodiment of the present application provides a data processing method, which is applied to a data storage device, where the data storage device includes a first space and a second space, and the second space is an encrypted space; the method comprises the following steps:
receiving a data processing password;
when the data processing password does not comprise password information, accessing the first space according to the data processing password;
when the data processing password comprises password information, judging a target operation type of the data processing password according to the password information;
if the target operation type of the data processing password belongs to a first preset type, accessing the first space according to the data processing password;
and if the target operation type of the data processing password belongs to a second preset type, accessing the second space according to the data processing password.
According to a specific implementation manner of the embodiment of the present application, the step of determining, according to the password information, a target operation type of the data processing password includes:
searching a password matched with the password information in a preset encryption password library;
if the password matched with the password information is not found in the preset encryption password library, judging that the target operation type of the data processing password belongs to a first preset type;
and if the password matched with the password information is matched in the preset encryption password library, judging that the target operation type of the data processing password belongs to a second preset type.
According to a specific implementation manner of the embodiment of the present application, if the target operation type of the data processing password belongs to a second preset type, the step of accessing the second space according to the data processing password includes:
carrying out data encryption on the data content to be processed corresponding to the data processing password;
and mapping the encrypted data content to be processed to the second space.
According to a specific implementation manner of the embodiment of the present application, when the first space is accessed according to the data processing password, the second space is in an invisible state;
if the target operation type of the data processing password belongs to a first preset type, the method further comprises:
if the logical block address to be occupied by the data content to be processed corresponding to the data processing password is larger than the residual address of the first space, after all the residual addresses of the first space are mapped, stopping mapping the data content to be processed corresponding to the residual data processing password.
According to a specific implementation manner of the embodiments of the present application, if the target operation type of the data processing password belongs to a second preset type, the step of accessing the second space according to the data processing password further includes:
if the target address interval in the first space stores partial data in the data content to be processed corresponding to the data processing password, selecting a partial encryption address mark as a transition address in the second space;
and accessing the target address interval in the first space through the transition address of the second space. According to a specific implementation manner of the embodiment of the present application, after the step of accessing the target address interval in the first space through the transitional address of the second space, the method further includes:
and after the transition address of the second space is accessed to the target address interval of the first space, restoring the transition address to the encrypted address of the second space.
In a second aspect, an embodiment of the present application provides a data processing apparatus, which is applied to a data storage device, where the data storage device includes a first space and a second space, and the second space is an encrypted space; the device comprises:
the receiving module is used for receiving the data processing password sent by the host;
the first processing module is used for accessing a first space according to the data processing password when the data processing password does not comprise password information;
the second processing module is used for judging the target operation type of the data processing password according to the password information when the password information is included in the data processing password;
the first mapping module is used for accessing a first space according to the data processing password if the target operation type of the data processing password belongs to a first preset type;
and the second mapping module is used for accessing a second space according to the data processing password if the target operation type of the data processing password belongs to a second preset type.
According to a specific implementation manner of the embodiment of the present application, the second processing module is specifically configured to search a preset encryption password library for a password that matches the password information, if the password that matches the password information is not found in the preset encryption password library, determine that the target operation type of the data processing password belongs to a first preset type, and if the password that matches the password information is matched in the preset encryption password library, determine that the target operation type of the data processing password belongs to a second preset type.
In a third aspect, an embodiment of the present application further provides a data storage device, where the data storage device includes a first space, a second space, and the data processing apparatus of the second aspect, where the second space is an encrypted space.
In a fourth aspect, embodiments of the present application further provide a terminal device, where the terminal device includes the data storage device in the third aspect.
In summary, the embodiments of the present application provide a data processing method, apparatus, data storage device, and terminal device, where the data processing method is applied to a data processing device, and the data processing device includes a first space and a second space, and the second space is an encrypted space; the method comprises the steps of receiving whether a data processing password sent by a host comprises password information or not, accessing the first space according to the data password if the data processing password does not comprise the password information, and judging a target operation type of the data processing password according to the password information if the data processing password comprises the password information; if the target operation type of the data processing password belongs to a first preset type, accessing a first space according to the data processing password; and if the target operation type of the data processing password belongs to a second preset type, accessing a second space according to the data processing password. The isolation of the conventional storage space and the encrypted storage space is realized through the first space and the second space, and the data contents are mapped respectively according to different types of data processing passwords, so that the safety of the stored data is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the present invention, the drawings that are required for the embodiments will be briefly described, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope of the present invention. Like elements are numbered alike in the various figures.
Fig. 1 is a schematic flow chart of a data processing method according to an embodiment of the present application;
fig. 2 shows an interaction scenario schematic diagram to which a data processing method according to an embodiment of the present application is applied;
fig. 3 is a schematic diagram of another interaction scenario applied by a data processing method according to an embodiment of the present application;
FIG. 4 is an interactive schematic diagram showing partial steps in a data processing method according to an embodiment of the present application;
fig. 5 shows a schematic block diagram of a data processing apparatus according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments.
The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present invention.
The terms "comprises," "comprising," "including," or any other variation thereof, are intended to cover a specific feature, number, step, operation, element, component, or combination of the foregoing, which may be used in various embodiments of the present invention, and are not intended to first exclude the presence of or increase the likelihood of one or more other features, numbers, steps, operations, elements, components, or combinations of the foregoing.
Furthermore, the terms "first," "second," "third," and the like are used merely to distinguish between descriptions and should not be construed as indicating or implying relative importance.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which various embodiments of the invention belong. The terms (such as those defined in commonly used dictionaries) will be interpreted as having a meaning that is the same as the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein in connection with the various embodiments of the invention.
Referring to fig. 1, a method flow diagram of a data processing method provided in an embodiment of the present application is shown, and fig. 2 and fig. 3 are schematic diagrams of interaction scenarios to which the provided data processing method is applied. The embodiment of the application provides a data processing method, which is applied to data storage equipment, as shown in fig. 2 and 3, wherein the data storage equipment comprises a first space and a second space, and the second space is an encryption space;
as shown in fig. 1, the data processing method includes:
step S101, receiving a data processing password;
in a specific embodiment, as shown in fig. 2, the disc layer of the data storage device in this embodiment of the present application is divided into a first space and a second space, where the first space adopts a transparent mode, and no encryption operation is performed on the data content stored in the first space, so that a user may store general data content such as a general operating system or a general software storage in the first space. The first space may be an open area (a area) portion as shown in fig. 2, and the logical block address interval of the first space map is LBA0 to LBA MAX/2-1.
The second space is an encryption space, the data content stored in the second space must be encrypted, the encryption operation can be performed by the disc side in a self-defined manner, or the data content can be mapped into the second space after being encrypted at the host side, and any general encryption operation of the computer is within the protection scope of the scheme, and the encryption operation is not particularly limited here. The second space may be a dense (B-zone) portion as shown in fig. 2, and the logical block address interval of the second space map is LBA MAX/2 to LBA MXA-1.
As shown in fig. 2 and 3, the space address size of the first space and the space address size of the second space may be the same or different, which is not particularly limited herein.
The disc logic processing layer is in data communication with the corresponding host side and disc layer, wherein the disc logic processing layer can be a control chip corresponding to the data storage device and is used for receiving a data processing password sent by the host side and controlling the logical address space of the disc side to map the physical address space of the appointed area according to the data processing password.
When the data storage device accesses the first space according to the data processing password, that is, when the logical address mapped by the disc logical processing layer is the space address of the first space, the host side can only use the space address in the first space, and the space address of the second space is invisible to the host side view and the user side view. When the logical address mapped by the disk logical processing layer is a space address of a second space, the address used by the host side is the space address in the second space, but the first space address is visible to the host side view and the user side view.
In particular, when the logical address mapped by the disc logical processing layer is a space address of the second space, the space address in the first space and the space address in the second space can be used at the same time.
In general, the disk logical processing layer controls the logical address space of the data storage device to address map to the first space. When the disc logic processing layer receives a data processing password from a host, the disc logic processing layer firstly judges whether a logic address space should map addresses to a first space or a second space according to whether the data processing password comprises password information.
Step S102, when the data processing password does not comprise password information, accessing the first space according to the data processing password;
in a specific embodiment, when the disc logic processing layer receives that the data processing password sent by the host side does not include any password information, the disc logic processing layer defaults the logical space of the data storage device to map an address to the first space, that is, maps the data content in the data processing password to the first space.
At this time, the second space is invisible to the host side view and the user side view. When a user views the contents of the data storage device at the host side, only the contents stored in the first space can be viewed. And performing storage mapping on various data operations executed by the user to the first space.
Step S103, when the data processing password comprises password information, judging a target operation type of the data processing password according to the password information;
in a specific embodiment, when the host side interacts with the disc side, the host side sends a data processing password to a disc logic processing layer of the disc side, and the data processing password received by the disc logic processing layer comprises password information and data operation content. The password information is used for indicating the operation type which needs to be applied to the data operation content by the host side, and the implementation mode can be a password which is added by user definition after type judgment, or can be a password which is set by a user when the data operation content is input. The cryptographic information is typically used on the disc side for authentication against the type of operation of the host.
The data operation contents include specific data to be extracted from the space address of the disc layer or specific data to be stored into the space address of the disc layer, such as general-purpose operating system contents and special-purpose secure operating system contents.
The disc logic processing layer judges whether address mapping is performed through the first space or the second space according to the data processing password sent by the host side.
In a specific embodiment, when the host side stores or extracts data to the disc side, a data processing password is sent to the disc logic processing layer, and the data processing password comprises password information generated by the host side in a self-defining mode. Of course, the password information may also be set by the user in a customized manner, which is not limited herein.
And the disc logic processing layer judges whether to carry out address mapping to the first space or address mapping to the second space according to the password information in the data processing password.
According to a specific implementation manner of the embodiment of the present application, the step of determining, according to the password information, a target operation type of the data processing password includes:
searching a password matched with the password information in a preset encryption password library;
if the password matched with the password information is not found in the preset encryption password library, judging that the target operation type of the data processing password belongs to a first preset type;
and if the password matched with the password information is matched in the preset encryption password library, judging that the target operation type of the data processing password belongs to a second preset type.
In a specific embodiment, the preset encryption password library is set in a basic input output system (Basic Input Output System, abbreviated as BIOS) in advance by a user, and the password bound with the second space is stored in the preset encryption password library.
After the disc logic processing layer receives the data processing password sent by the host side, searching a password matched with the password information of the data processing password in the preset encryption password library. If the password information in the data processing password is not stored in the encryption password library, determining that the target address mapped by the data processing password is the address of the first space, namely determining that the target operation type of the data processing password belongs to a first preset type, and performing data interaction on conventional general data.
If the password information in the data processing password is stored in the encryption password library, determining that the target address mapped by the data processing password is the address of the second space, namely determining that the target operation type of the data processing password belongs to a second preset type, and performing data interaction on data to be encrypted.
Step S104, if the target operation type of the data processing password belongs to a first preset type, accessing the first space according to the data processing password;
in a specific embodiment, when the target operation type of the data processing password belongs to the first preset type, it may be determined that the data contents included in the data processing password are all conventional general-purpose data contents, for example, a general-purpose operating system is installed or general-purpose software is installed. The disc logic processing layer controls the host side to map the data content to the first space, and a user can only read the space address information in the first space at the host side.
For example, when the target type of the data processing password sent by the host side belongs to the first preset type, the space address of the disc side is 240G, the space address of the first space is 130G, the space address of the second space is 110G, and the space address of the hard disk displayed on the host side is only 130G.
According to a specific implementation manner of the embodiments of the present application, if the target operation type of the data processing password belongs to a first preset type, the method further includes:
if the logical block address to be occupied by the data content to be processed corresponding to the data processing password is larger than the residual address of the first space, after all the residual addresses of the first space are mapped, stopping mapping the data content to be processed corresponding to the residual data processing password.
In a specific embodiment, the logical block address to be occupied by the data content to be processed may be smaller than the remaining address of the first space, or may be larger than the remaining address of the first space.
When the host side maps the data content to be processed to the first space, if the address of the logic block to be occupied by the data content to be processed is smaller than or equal to the rest address of the first space, all the data content to be processed is mapped to the space address of the first space.
And if the logical block address to be occupied by the data content to be processed is larger than the residual address of the first space, mapping the data content to be processed to the space address of the first space until the space address of the first space is completely mapped, and sending an instruction by the disc logic processing layer to stop mapping the residual data content to be processed. Thereby avoiding the situation that the data stored in the disc layer is excessive to cause data loss.
Step S105, if the target operation type of the data processing password belongs to a second preset type, accessing the second space according to the data processing password.
In a specific embodiment, if the host side stores or extracts the data operation content to be encrypted, for example, installs a dedicated encryption system or installs a dedicated encryption software, the target operation type of the data processing password is made to belong to a second preset type by setting the password information in the data processing password in advance, and the host side maps the data content to the second space.
When the target operation type of the data processing password belongs to a second preset type, the host side can only display the space address of the second space. For example, if the space address of the disc side is 240G, the space address of the first space is 130G, the space address of the second space is 110G, and the space address displayed on the host side is 110G.
Specifically, if the target operation type of the data processing password belongs to a second preset type, the step of accessing the second space according to the data processing password includes:
carrying out data encryption on the data content to be processed corresponding to the data processing password;
and mapping the encrypted data content to be processed to the second space.
In a specific embodiment, all data to be mapped to the second space need to be encrypted in a basic input/output system, and after the data of the data content to be processed is encrypted, the encrypted data content is mapped to a space address of the second space.
As shown in fig. 4, according to a specific implementation manner of the embodiment of the present application, if the target operation type of the data processing password belongs to a second preset type, the step of accessing the second space according to the data processing password further includes:
if the target address interval in the first space stores partial data in the data content to be processed corresponding to the data processing password, selecting a partial encryption address mark as a transition address in the second space;
and accessing the target address interval in the first space through the transition address of the second space.
In a specific embodiment, when part of the data in the data content to be mapped is already stored in the target address interval in the first space, the disc logic processing layer may also select a part of the encryption address in the second space to mark as a transitional address, and access the target address interval in the first space through the transitional address, so that part of the data to be used can be directly obtained from the first space.
It should be noted that when the disc logic processing layer marks the transition address in the second space, the target address interval of the physical address space in the first space is indicated by marking the partial encryption address in the logic address space of the second space, so that the corresponding data content can be extracted from the physical address space of the first space, and the space address size of the second space is saved.
Specifically, after the step of accessing the target address interval in the first space through the transitional address of the second space, the method further includes:
and after the transition address of the second space is accessed to the target address interval of the first space, restoring the transition address to the encrypted address of the second space.
After the partial data in the first space is used, that is, after the mapping process from the transition address of the second space to the target address interval of the first space is completed, the transition address is restored to the encryption address of the second space before occupation.
By setting the first space and the second space, complete isolation of the transparent data and the encrypted data on the disc side is completed, and the situation that a user can directly see all the transparent data and the encrypted data from the host side is avoided. After the password information for converting the mapping object is set in the basic input/output system, the corresponding mapping switching can be performed through the disc logic processing layer according to the data operation password of the host side in real time, so that the use and the safety of data storage and communication in the computer system are ensured.
Referring to fig. 5, a schematic device module diagram of a data processing device 500 according to an embodiment of the present application is provided. The data processing apparatus 400 provided in the embodiment of the present application is applied to a data storage device, as shown in fig. 2 and fig. 3, where the data storage device includes a first space and a second space, and the second space is an encrypted space;
as shown in fig. 5, the data processing apparatus 500 includes:
a receiving module 501, configured to receive a data processing password;
a first processing module 502, configured to access the first space according to the data processing password when the data processing password does not include password information;
a second processing module 503, configured to determine, when the data processing password includes password information, a target operation type of the data processing password according to the password information;
a first mapping module 504, configured to access the first space according to the data processing password if the target operation type of the data processing password belongs to a first preset type;
and a second mapping module 505, configured to access the second space according to the data processing password if the target operation type of the data processing password belongs to a second preset type.
According to a specific implementation manner of the embodiment of the present application, the second processing module 503 is specifically configured to search a preset encryption password library for a password that matches the password information, determine that the target operation type of the data processing password belongs to a first preset type if the password that matches the password information is not found in the preset encryption password library, and determine that the target operation type of the data processing password belongs to a second preset type if the password that matches the password information is matched in the preset encryption password library.
In addition, the embodiment of the application also provides a data storage device, which comprises a first space, a second space and the data processing device in the embodiment, wherein the second space is an encryption space.
The embodiment of the application also provides the terminal equipment, which comprises the data storage equipment in the embodiment.
In summary, the embodiments of the present disclosure provide a data processing method, apparatus, data storage device, and terminal device, which implement data isolation between a transparent area and an encrypted area on a disc side through the arrangement of a first space and a second space, so as to avoid a situation that a user can directly obtain a partition of a secure partition on the disc side on a host side. And the operation of switching the mapping object is performed by setting the password in the basic input and output system in advance, so that the host can switch the mapping object in real time according to the type of the data operation content in the using process. The user can store the special safe operating system in the second space so as to realize the isolated use of the safe operating system and ensure the safety of the system data. And through the arrangement of the first space and the second space, the problem of system installation compatibility is avoided, and the system installation method can be suitable for the installation and use of various general systems and general software. The specific implementation process of the data processing apparatus, the data storage device and the terminal device provided can be referred to the specific implementation process of the above method embodiment, and will not be described herein in detail.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, of the flow diagrams and block diagrams in the figures, which illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules or units in various embodiments of the invention may be integrated together to form a single part, or the modules may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a smart phone, a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention.
Claims (9)
1. A data processing method, characterized in that the method is applied to a data storage device, the data storage device comprises a first space and a second space, and the second space is an encryption space; the method comprises the following steps:
receiving a data processing password;
when the data processing password does not comprise password information, accessing the first space according to the data processing password;
when the data processing password comprises password information, judging a target operation type of the data processing password according to the password information;
if the target operation type of the data processing password belongs to a first preset type, accessing the first space according to the data processing password;
if the target operation type of the data processing password belongs to a second preset type, accessing the second space according to the data processing password;
if the target operation type of the data processing password belongs to a second preset type, the step of accessing the second space according to the data processing password further comprises:
if the target address interval in the first space stores partial data in the data content to be processed corresponding to the data processing password, selecting a partial encryption address mark as a transition address in the second space;
and accessing the target address interval in the first space through the transition address of the second space.
2. The data processing method according to claim 1, wherein the step of judging the target operation type of the data processing password based on the password information comprises:
searching a password matched with the password information in a preset encryption password library;
if the password matched with the password information is not found in the preset encryption password library, judging that the target operation type of the data processing password belongs to a first preset type;
and if the password matched with the password information is matched in the preset encryption password library, judging that the target operation type of the data processing password belongs to a second preset type.
3. The data processing method according to claim 1, wherein the step of accessing the second space according to the data processing password if the target operation type of the data processing password belongs to a second preset type comprises:
carrying out data encryption on the data content to be processed corresponding to the data processing password;
and mapping the encrypted data content to be processed to the second space.
4. The data processing method according to claim 1, wherein the second space is in an invisible state when the first space is accessed according to the data processing password;
if the target operation type of the data processing password belongs to a first preset type, the method further comprises:
if the logical block address to be occupied by the data content to be processed corresponding to the data processing password is larger than the residual address of the first space, after all the residual addresses of the first space are mapped, stopping mapping the data content to be processed corresponding to the residual data processing password.
5. The data processing method of claim 1, wherein after the step of accessing the target address interval in the first space through the transition address of the second space, the method further comprises:
and after the transition address of the second space is accessed to the target address interval of the first space, restoring the transition address to the encrypted address of the second space.
6. A data processing apparatus, characterized by being applied to a data storage device, the data storage device comprising a first space and a second space, the second space being an encrypted space; the device comprises:
the receiving module is used for receiving the data processing password;
the first processing module is used for accessing a first space according to the data processing password when the data processing password does not comprise password information;
the second processing module is used for judging the target operation type of the data processing password according to the password information when the password information is included in the data processing password;
the first mapping module is used for accessing a first space according to the data processing password if the target operation type of the data processing password belongs to a first preset type;
the second mapping module is used for accessing a second space according to the data processing password if the target operation type of the data processing password belongs to a second preset type;
the second mapping module is further configured to select a partial encryption address label as a transition address in the second space if the target address interval in the first space stores partial data in the data content to be processed corresponding to the data processing password; and accessing the target address interval in the first space through the transition address of the second space.
7. The apparatus of claim 6, wherein the second processing module is specifically configured to search a preset encryption password library for a password that matches the password information, determine that a target operation type of the data processing password belongs to a first preset type if the password that matches the password information is not found in the preset encryption password library, and determine that the target operation type of the data processing password belongs to a second preset type if the password that matches the password information is found in the preset encryption password library.
8. A data storage device comprising a first space, a second space and the data processing apparatus of any of claims 6-7, wherein the second space is an encrypted space.
9. A terminal device, characterized in that it comprises a data storage device according to claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111463477.XA CN114153396B (en) | 2021-12-03 | 2021-12-03 | Data processing method and device, data storage device and terminal device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111463477.XA CN114153396B (en) | 2021-12-03 | 2021-12-03 | Data processing method and device, data storage device and terminal device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114153396A CN114153396A (en) | 2022-03-08 |
| CN114153396B true CN114153396B (en) | 2024-03-19 |
Family
ID=80456047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111463477.XA Active CN114153396B (en) | 2021-12-03 | 2021-12-03 | Data processing method and device, data storage device and terminal device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114153396B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115994370B (en) * | 2023-01-29 | 2023-12-19 | 紫光同芯微电子有限公司 | Software encryption processing method, device, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1534655A (en) * | 2003-03-28 | 2004-10-06 | ������������ʽ���� | Method and apparatus for encrypting input and output of data to be hidden |
| CN102542211A (en) * | 2010-12-27 | 2012-07-04 | 北京爱国者信息技术有限公司 | Multi-media file protecting system and access method thereof |
| KR20170092177A (en) * | 2016-02-02 | 2017-08-11 | 삼성전자주식회사 | System on chip and operation method thereof |
| CN112083879A (en) * | 2020-08-13 | 2020-12-15 | 杭州电子科技大学 | Physical partition isolation and hiding method for storage space of solid state disk |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008009933A (en) * | 2006-06-30 | 2008-01-17 | Toshiba Corp | Memory device and its control method |
| TWI454959B (en) * | 2011-12-08 | 2014-10-01 | Phison Electronics Corp | Storage device proection system and methods for lock and unlock storage device thereof |
| TWI652592B (en) * | 2017-04-20 | 2019-03-01 | 周宏建 | Storage device and access control method thereof |
-
2021
- 2021-12-03 CN CN202111463477.XA patent/CN114153396B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1534655A (en) * | 2003-03-28 | 2004-10-06 | ������������ʽ���� | Method and apparatus for encrypting input and output of data to be hidden |
| CN102542211A (en) * | 2010-12-27 | 2012-07-04 | 北京爱国者信息技术有限公司 | Multi-media file protecting system and access method thereof |
| KR20170092177A (en) * | 2016-02-02 | 2017-08-11 | 삼성전자주식회사 | System on chip and operation method thereof |
| CN112083879A (en) * | 2020-08-13 | 2020-12-15 | 杭州电子科技大学 | Physical partition isolation and hiding method for storage space of solid state disk |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114153396A (en) | 2022-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7415571B1 (en) | Disk drive and method for using a mailbox file associated with a disk storage medium for performing a function characterized by contents of the mailbox file | |
| CN111723383B (en) | Data storage and verification method and device | |
| US7543117B1 (en) | Method for installing a mailbox file associated with a disk storage medium | |
| CN100464313C (en) | Mobile memory device and method for accessing encrypted data in mobile memory device | |
| CN100419713C (en) | Mothed of dividing large volume storage stocking device | |
| US8868929B2 (en) | Method of mass storage memory management for large capacity universal integrated circuit cards | |
| US7584198B2 (en) | Data storage | |
| US20070028121A1 (en) | Method of protecting confidential data using non-sequential hidden memory blocks for mass storage devices | |
| CN106155596B (en) | Data writing method and device | |
| US20090164709A1 (en) | Secure storage devices and methods of managing secure storage devices | |
| US9454663B2 (en) | Data processing method and device | |
| JP2000148567A (en) | Method for storing data object in memory of smart card | |
| CN105554908A (en) | Method, master device, slave device and system for achieving code scanning automatic bluetooth connection | |
| CN102598011B (en) | Method and the memory device of file protection strategy is strengthened by memory device | |
| CN109408403A (en) | Mapping method, device, system and storage medium based on storage equipment bottom | |
| CN114153396B (en) | Data processing method and device, data storage device and terminal device | |
| CN101218609A (en) | Portable data carrier featuring secure data processing | |
| CN103473512B (en) | A kind of mobile memory medium management method and device | |
| KR20110090067A (en) | Method for transferring data between disk device and external storage device and system using the method | |
| CN104796531A (en) | Method and system for protecting information privacy | |
| CN105279458A (en) | Storage apparatus, communication apparatus, and storage control system | |
| CN102301369B (en) | Data storage device access method and device | |
| CN105871840A (en) | Certificate management method and system | |
| CN106559385A (en) | A kind of data authentication method and apparatus | |
| CN106998355B (en) | Data transmission method between electronic devices, electronic device and data transmission system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |