CN1223406A - Computer hardware controlled partitioned storage protection technology - Google Patents

Computer hardware controlled partitioned storage protection technology Download PDF

Info

Publication number
CN1223406A
CN1223406A CN 98125922 CN98125922A CN1223406A CN 1223406 A CN1223406 A CN 1223406A CN 98125922 CN98125922 CN 98125922 CN 98125922 A CN98125922 A CN 98125922A CN 1223406 A CN1223406 A CN 1223406A
Authority
CN
China
Prior art keywords
protection
memory
computer
storer
hardware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 98125922
Other languages
Chinese (zh)
Inventor
林光荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN 98125922 priority Critical patent/CN1223406A/en
Publication of CN1223406A publication Critical patent/CN1223406A/en
Pending legal-status Critical Current

Links

Abstract

The present invention relates to a computer information storage protection technology capable of preventing computer virus from making inroads on computer. It is characterized by that under the control of memory partition protection controller formed from hardware mechanism controlled by manual operation, the computer storage space is divided into protected zone and unprotected zone, the program code information and data information with fixed contents which have need of protection are placed in the protected zone, and the software program can be started and operated, and the radom data information used in the course of operation is placed in the unprotected zone, and the reading and writing operation of the random data can be implemented in the unprotected zone, so that it not only can make computer system implement normal operation, but also can protect the computer from inroads of computer virus and hacker.

Description

Computer hardware controlled partitioned storage protection technology
The present invention; it is a kind of computerized information memory protection technology; be to adopt under the control of the storage protection mechanism that manually-operated hardware mechanism constitutes; method to computer memory and infosystem implementation partitioned storage protection thereof; reach computer system can normally be moved, can avoid computer virus again, the computer hacker attacks and other reason and ruined information Security Protection Technology.
Storer that the present invention is alleged and infosystem partitioned storage protection method thereof; be the data recorded at random medium-computing machine that constitutes the computer based native system can unified management one or a class storage space; hard disk for example; or two physical hard disk C: dish and D: dish; or several physical hard disks and a physics protein storer; or a main memory RAM (goes up overlapping though it is divided into addressing sometimes; but several memory banks that can switch with soft switch); be divided into two parts of protected location and non-protection area; corresponding separately two two parts that deposit in the zone of contents of program information of same random data content information that are divided into of the software systems of operation therein; the data message of the contents of program information that does not allow to rewrite and the content that immobilizes is left in the protected location; the ephemeral data content information that changes data recording in the software running process is at random left in non-protection area; computer system can normally be moved, can avoid computer virus and computer hacker's attack again.
The storage protection mechanism that the alleged manually-operated hardware mechanism of the present invention constitutes is meant that by hardware device wherein mainly be memory partition memory protection controlling mechanism that electron device constitutes, the on-the-spot true-time operation control of operator; For software systems, be the programmer of user software can't be with the random hardware capability system of operation of software program order.It comprises the registers group of hardware " switch " parts, latched memory partitioned storage protection parameter and requires execute store " to read " " writing " required logic control circuit or (monolithic) computing machine and program curing instruction stream etc. according to the memory protection of the parameter defined of the state of " switch " and registers group.Hardware " switch " parts can be mechanical switchs, also can be electronic switches; Constitute with mechanical key and electronic register, gate circuit in an embodiment of the present invention.Operator's operation push-button triggers the upset and the carry of electronic register, forms " switch " state.The state of this hardware " switch " parts by the on-the-spot true-time operation control of operator forms the original Controlling Source of memory partition storage protection mechanism.Control hardware circuit and program curing are according to the requirement of " switch " state and registers group parameter again for the state of " switch " parts and the memory protection parameter of registers group, and control computer " is write " operation to storer " reading ".
In the present invention; the subregion of storer " is read " " writing " protection control (dominating power) grasp under the control of hardware mechanism (program curing that comprises hardwareization), and these hardware mechanisms are under the control of on-the-spot true-time operation hardware " switch " parts of operator.There is not the on-the-spot true-time operation of operator to change the memory protection duty of hardware mechanism; make hardware mechanism provide restriction, right to participate in good conditionsi; any software program comprises that Virus and computer hacker's operated from a distance all can't participate in setting or change protection mechanism, thereby makes computer virus and the computer hacker can't destruction of computer systems.The method that this " the partitioned storage protection method of storer and infosystem thereof " and " the memory protection controlling mechanism that manually-operated hardware mechanism constitutes " combines; being a kind of information Security Protection Technology of active of soft, combination of hardware, is major technology feature of the present invention.
The memory protection that the present invention is alleged is meant memory partition is carried out respectively: read-only (write-protect), only write (read protection), and prohibit to read to prohibit and write (full guard), read/write (unprotect); This is four kinds of basic protection types.Only writing (read protection) and still not knowing to have what practical use at present wherein but.
The setting of storage protection district and non-protection area and change can be undertaken by the computer user.The protected location can be divided into littler subregion again, and their size and address location (or mouthful position, memory bank position) can be selected to be provided with by the user, and each subregion can be provided with or remove " protection " respectively.
Method of the present invention and technology, one of purposes that it is important is to adopt the method for subregion " write-protect " to realize both to computer virus and hacker's safety precaution computer system normally being moved to external storage (mainly being hard disk at present).Virus and hacker destroy mainly to as if external storage in infosystem, external storage has been implemented the present invention, virus and hacker have just lost the effect of causing harm substantially.The present invention is hopeful to make computing machine to enter the virus-free epoch.
In the prior art; (if no special instructions following at computer memory; what " storer " or " internal memory ", " external memory " all referred to constitute the computer based native system can erasable at random storer; as main memory RAM; external memory hard disk, floppy disk etc.) in; have only floppy disk to be provided with the write-protect window, available method setting " write-protect " or " de-preservation " that opens or closes the write-protect window.This is the write-protect that a kind of hardware approach is provided with; as if on initial Controlling Source, it and " control of manually-operated hardware mechanism " of the present invention method are consistent (but popular 8 computers of apple II type of the eighties remain with software approach declare survey floppy disk write-protect window).But in the prior art, the floppy disk write-protect is at whole floppy disk, promptly is not at the subregion in the floppy disk storage space; After write-protect was set, whole dish information all can only " be read ", can not " write ".The write-protected technology of this whole dish can not be used to constitute the ultimate system of computing machine.Constitute the storer of computer based native system, necessary various files of reading and writing at any time and random data the storage area that can write at random must be arranged, otherwise computer system can't be moved.
Want to protect memory contents, reading and writing at random again have only the method for carrying out partition protecting, and control combines method just of the present invention with the manually-operated hardware mechanism.
In the prior art, hard disk and main memory (RAM) do not have the hardware writing protection setting; Even the bios program storer (electric erasable EEPROM) of CMOS (systematic parameter storer) and upgrading does not certainly all have the write-protect setting.In this case, they all can be region-wide be rewritten at random, and this makes computer virus and the computer hacker computer system that can wildness causes harm, and the computer user is sustained a great loss.And if be not with the design mistake of malicious software own, also can be owing to misoperation destruction of computer systems, the computer user is sustained a loss.This point is even more important for the software developer, because software development can be experienced such-and-such design mistake unavoidably.
In the prior art, not having under the situation of hardware writing protection,, be to adopt the method that file attribute is set to the method that disk file is protected, attribute mark's byte is added in the file name list item of disk file.For example to not allowing file setting " read-only " attribute of " writing "; Attribute " is implied " in the file setting that does not allow to tabulate.Computer operation person is provided with file attribute by computer operating system with software command, also is to detect file attribute with software command simultaneously.Computer operating system is to " read-only " file refusal " writing " operation, to " implying " file refusal row catalogue ...This but " attribute mark " and method of operating thereof belong to software approach, and any computer virus can both be rewritten attribute easily, and then destroy disk file.
In the prior art, to the guard method of information among the main frame internal storage RAM, be the method that adopts the regulation access right.In 80 * 86 serial CPU, in 80286CPU and later this series CPU, adopted this kind method.This CPU takes sectional management to internal memory, loads the software of internal memory operation, and partly separately in the storage space of three sections, the address in each section space adds the side-play amount formation with segment base program code part and data division and storehouse.Information in each sector address space has all been stipulated specific access right, for example the program code segments regulation is only allowed " RUN ", only allows " reading " not allow " writing " to font Dot Matrix Library, icon database data section regulation, or the like.Access right sign combination of bytes is formulated by software programmer in segment descriptor, conveys to CPU, as the access right basis in each section of CPU access memory space.This guard method of memory information meets the method for partition protecting, but it does not have and the alleged manually-operated hardware mechanism control method of the present invention combines, and belongs to the pure software method.Virus can be rewritten access right byte and then destruction of computer systems without restriction at any time.
Computer system can normally be moved, can avoid computer virus and computer hacker's etc. harm again, only under the control of manually-operated hardware mechanism, storer and infosystem thereof are carried out partition protecting; Software systems are carried out the technology that subregion is deposited, moved.The present invention is exactly for such thinking.Wherein, be means to the partition protecting of storer, then be purpose to the protection of infosystem (comprising software and data file).Generally speaking, its overall goal is the protection that realizes whole computer system.
The present invention under the control of hardware mechanism, is divided into two parts to (or a class) storage entity, and a part is arranged to the protected location, and another part is arranged to non-protection area; The size of protected location and address location are selectable.The program information and the data message that do not allow to rewrite that need protection are left in the memory block of shielded " forbidding writing "; the temporary information of reading and writing leaves in the unprotected memory block and need at random; reach computer system can normally be moved, can not be subjected to the purpose of virus and hacker's attack again.This method or technology are applicable to that institute's handlebar storage medium and controller are installed on storer together, mainly are external memory hard disk, main memory RAM at present; Comprise in the future protein storer, the light holographic memory that may develop ...
Enforcement of the present invention can be divided into three parts:
One, the hardware controlled partitioned storage protection technology of external storage;
Two, the hardware controlled partitioned storage protection technology of internal storage;
Three, the technology of software systems partition protecting (subregion is deposited and subregion loads) operation;
Wherein, first and second parts can be implemented respectively, bring into play purposes respectively; Third part palpus and preceding two parts cooperate enforcement respectively, otherwise can not bring into play purposes.
Be that example specifies technical application of the present invention with a hard disk below.The technical application of internal memory is fairly simple comparatively speaking because 80286 and later CPU possessed the memory partitioning defencive function, be not difficult to add hardware mechanism control.And what virus and hacker destroyed is main to liking the infosystem of external storage; External storage has been implemented the present invention, and virus has just been done evil basically nowhere.
The cooperation of hard disk hardware controls subregion write-protect technology and file system thereof:
The harddisk memory write-protect is provided with and must makes initial Controlling Source with hardware " switch " parts, and hardware " switch " parts only allow to operate control manually, and do not allow software command or soft switch to control.The superb viral author of technical ability can decode soft switch password, and then destruction of computer systems.Hardware " switch " parts have only the operation of operator's on-site manual could change its state, and system software, bogusware and computer hacker's operated from a distance all can't change its state, thereby the content that also can't rewrite Guared memory.
Hardware " switch " parts use mechanical key and gated semiconductor circuit and some bit registers to constitute.Button whenever clicks, and sends a monostable triggering level, the upset of trigger register and carry.The semiconductor register should be able to continue the long preservation on off state after outage, should adopt the manufacturing of CMOS and so on circuit; Cmos circuit still can preservation information reach 40 years under the non-transformer situation.
Hardware " switch " parts are provided with two, undertake different operation control function respectively.
" switch " control " protection parameter register " whether permission to be set, it has several on off states: 1, " allow to be provided with the address, protected location "; 2, " allow to be provided with guard mode " and 3, " forbid be provided with " state.The setting of another operation " guard mode "." be provided with and allow gauge tap ", latter's " guard mode is provided with key " to call the former in the following text; They are collectively referred to as " protection is provided with switch ".For each hardware " switch " parts, the result that nixie display (for example light emitting diode nixie display) feedback shows trigger action all should be set.
Button and nixie display are arranged on the hard disk housing, but should be installed in the computer housing opening part to hard disk, and this opening cover plate at ordinary times covers, and open cover plate and can operate (if cover plate refills door lock, with safer).This one side of button and nixie display etc. is housed on the hard disk housing, below is called hard disk " protection guidance panel ".Hard disk " protection guidance panel " also can be made independent panel and hard disk entity separation, is contained on the computer housing, connects with cable between the two.
The computer casing structure layout should corresponding making a change.
The status information of " be provided with allow gauge tap " realizes that at hard disk controller whether " to allow to be provided with " of following " the protection parameter register " introduced of control, in order to the setting operation of control register under the control of hardware mechanism of memory protection.
A registers group is set in the hard disk controller; in order to the information such as address, size and guard mode of depositing the harddisk memory protected location; this registers group is divided into three parts; be called " protection address register ", " protected location capacity (size) register " and " guard mode register " respectively, they are collectively referred to as " protection parameter register ".The storage space of harddisk memory is divided into magnetic track (cylinder) and sector, and file storage location comes mark with track number and sector number.The protected location can physical track be a unit, continuous physical track (cylinder) zone of a part is set is the protected location, and another part is a non-protection area.The initial Taoist monastic name of protected location and termination Taoist monastic name leave in " protection address register ".Big capacity hard disk has thousands of physical tracks at present, needs 13~14 bits to write down a track number approximately, adds 2 " guard mode registers ", needs 30 bit registers." protected location capability register " as being unit with " megabyte ", available 12 (4,096 million) registers, but this register can be established also and can not establish.These registers all must be made with the circuit of CMOS type, make them also can keep information after outage.
The information of " guard mode register " (2 s') content decision hard disk storage medium protected location is in " protection " state and still is in " de-preservation " (i.e. " unprotect ") state.The information content of " guard mode register " is provided with by " guard mode is provided with key ".It is that soft switch is provided with that this register does not allow software program, only depends on the operating result of operation " guard mode is provided with key " manually.The control of manually-operated hardware mechanism just can be avoided software virus or computer hacker's destruction down just, guarantees the safety of system.
The content that " protection address register " reaches " protected location capability register " is provided with from the keyboard input by the user; But, only operating in and allow to be provided with under the state " be provided with allow gauge tap ", hard disk controller just receives the keyboard input and is provided with.When register was set, operation push-button made " be provided with and allow gauge tap " be in " allowing to be provided with the address, protected location " state.Under this state; hard disk controller is checked earlier current hard disk and main frame I/O whether " free time "; if it is idle; " allowing to be provided with the address, protected location " state that then response " is provided with and allows gauge tap "; " reading ", " writing " operation to hard disk storage medium is forbidden in setting, allows to receive data from keyboard and reaches " protected location capability register " to " protection address register " and be provided with or change its content.During this period, host CPU can't carry out " reading " to hard disk storage medium and " writes " operation; The hardware mechanism of the realization memory protection feature of hard disk controller allows host software program to participate in the memory protection setting conditionally, with limitation, but ownership (dominating power) is on this one side of hardware mechanism of hard disk controller.After setting operation was finished, the operator pressed back " forbidding being provided with " state to " be provided with and allow gauge tap "; At this moment, the content of register is " effectively ".Under the control of hard disk controller, host computer system can be operated " reading ", " writing " that protection zone and other zone of harddisk memory " protection address register " regulation carry out being allowed.For example the content of " guard mode register " is set to " write-protect ", and then the storage protection block that limited for " protection address register " of hard disk controller is forbidden " writing " operation, realizes the function of " write-protect "; Error message code of host computer system is given in loopback simultaneously.If the content of " guard mode register " is set to " unprotect ", the same use of common hard disk of harddisk memory then of the present invention and prior art do not have difference.
In hard disk controller, in order to differentiate magnetic track that hard disk " reads " " writing " at which storage area and belong to which kind of protection type? can adopt logical circuit control or the control of one-chip computer program curing.Present embodiment should adopt the control of one-chip computer program curing; is the zone relatively differentiated initial Taoist monastic name, is stopped whether target area of Taoist monastic name one by one? whether do satisfactory " reading " " write " the protection type that operation is allowed? one-chip computer program in the hard disk controller is solidified; Virus can't be rewritten it, thereby also can't destroy memory protection.
In order to make hard disk controller can receive keyboard data in order to " protection address register " etc. to be set, the hard disk manufacturing merchant must design a utility routine and offer the user with hard disk.After the user starts computer, under manual operation hardware mechanism " permission ", move this program hard disk " protection address register " etc. can be set.This is called " protection setting program " below program.This program function also can be by hereinafter the hard disk partitioning program mentioned being finished when the subregion in the lump.
In order to confirm to be provided with correctly, can on hard disk " protection guidance panel ", add nixie display (for example light emitting diode nixie display), directly show the content of " protection parameter register "; Sexadecimal shows that " protection address register " needs eight (start channels and stop each four in roads), shows that " guard mode register " only needs one, and " protected location capability register " needs three.
If " protection setting program " damages, can be to other user's copies (this software should be classified common software as).If copy also can be removed hard disk " protection " state less than program, equally use as common hard disk of the prior art.Method of operating, operation earlier " is provided with and allows gauge tap " " allowing the to be provided with guard mode " state that places.Under this state; hard disk controller is checked earlier between current hard disk and the main frame I/O whether " free time "; if it is idle; " allowing to be provided with guard mode " state that then response " is provided with and allows gauge tap "; " reading ", " writing " operation to hard disk storage medium forbidden in setting; allow to receive the trigger pip of " guard mode is provided with key "; observe nixie display and show " unprotect " i.e. " de-preservation " state, and then " be provided with and allow gauge tap " answer " is forbidden setting ", and state gets final product.Behind the de-preservation, hard disk promptly is in can " be read ", can " write " state and common hard disk of the prior art is just the same.
In the present invention; because hard disk both can be used as the storer with partitioned storage protection function and used, the common hard disk that also can be used as prior art uses, therefore; the hard disk hardware controlled partitioned storage protection technology can be implemented separately, does not rely on the performance of other parts.
The division of hard disk protection district and non-protection area will be that unit makes a distinction at least with the Logical Disk.Protected location and non-protection area can not coexist as in the Logical Disk, because a common leader record, directory area and a file allocation (memory address) table etc. of using of the canned data of a Logical Disk.Information the time, will " write " directory area and file allocation table simultaneously in " writing " operation non-protection area, this requires these hard disk management information can not be in " write-protect " state.And these management information are being managed the information that is in a protected location in the Logical Disk together simultaneously, and in fact the information of protected location can not get effective protection as a result.
In hard disk storage medium; memory block between the Logical Disk has a common boundary should be between magnetic track; and between should the sector in magnetic track; because the start address of latter protected location and termination address will comprise sector number; the register figure place of " protection parameter register " group need increase, and certainly will increase the complicacy and the cost of hardware circuit design.
In the prior art, the division of Logical Disk is carried out with hard disk partitioning program.In Microsoft's dos operating system, the hard disk partitioning program filename is " FDISK ".Consider the requirement that " protection parameter register " is provided with; the function of partition programs FDISK; except guaranteeing that subregion has a common boundary between magnetic track, also should be able to the initial Taoist monastic name of subregion and stop Taoist monastic name and the subregion capacity automatically " writing " go into hard disk controller " protection address register " and reach " protected location capability register ".This work can be improved on " FDISK " procedure basis by the hard disk manufacturing merchant, and filename can change " NEWFDISK " into, offers the user with the hard disk product.
In microsoft operation system, distribute a logical DOS drives can for each subregion.Logical DOS drives is represented with English alphabet, from " C " to " Z " maximum 24, so fdisk can reach 24 at most.Each subregion corresponding one " protection parameter register " group adds the Main Boot Record district, and " protection parameter register " group should have 25 groups at most.
Also should increase a button on the hard disk " protection guidance panel ", operate this button, nixie display on the panel can be circulated show the content of 25 groups " protection parameter registers ".This button can be called " partition protecting parameter circulation display key ", hereinafter to be referred as " circulation key ", all can operate demonstration partition protecting information all capable of circulation at any time no matter this key answers " be provided with and allow gauge tap " to be in what state.Nixie display should increase the sequence number of a demonstration " protection parameter register " group again, or direct display logic drive.
Like this, up to the present, on the hard disk " protection guidance panel ", establish three buttons altogether, 11 or ten groups of four figures (character) demonstration.
In the present invention, after the user takes new hard disk, will how to use? is infosystem in the hard disk at first how software systems lay?
Done low-level formatting before general hard disk dispatches from the factory, the user only needs subregion, high-level formatting, just can use.The default contents of " protection parameter register " should be in " 0 " state entirely when simultaneously, hard disk of the present invention dispatched from the factory; " the permission gauge tap is set " and is in " forbidding being provided with " state, promptly do not have subregion unprotect state.After taking new hard disk, according to the interface cable method of attachment the same the access computer is installed with prior art, notice that hard disk " protection guidance panel " is towards the cabinet opening part.Start computer, enter BIOS setup program, CMOS hard disk praameter (or by the automatic testing hard disk of system bios and setting) is set.Restart, enter operating system after, the software diskette that the hard disk manufacturing merchant provides is put into floppy disk, the newly-increased protection of operation is provided with the partition programs NEWFDISK of function.After subregion is finished, the NEWFDISK prompting:
Will " fdisk protection parameter register be set not?
Please " be provided with and allow gauge tap " placed " allowing to be provided with the address, protected location "
Please " be provided with and allow gauge tap " placed " forbidding being provided with " " at this moment, operation " is provided with and allows gauge tap " key and places " allowing to be provided with the address, protected location " state, and operation cursor bar is at " YES " OK, then by carriage return.Under the control of hard disk controller, NEWFDISK is about to partition address (track number) and capacity information is write into hard disk controller " protection parameter register ".Here, partition programs " is write " information channel of hard disk " protection parameter register " and is still used the hard-disk interface the same with prior art, need not increase cable connection.Are data write into hard disc or are write into " protection parameter register "? carry out according to the condition discrimination of " be provided with and allow gauge tap " by hard disk controller.At this moment, the i.e. announcement work of NEWFDISK is finished, can be out of service; Operation " is provided with and allows gauge tap " key and replys " forbidding being provided with " state.But this moment, each subregion of hard disk can't be provided with " protection " state, because also do not write into any fileinfo.This moment hard disk can only with the same use of common hard disk of the prior art.
Then need and plan and various softwares and file are installed to each subregion of hard disk according to the user.After the installation, " protection " state just can be set.Earlier " be provided with and allow gauge tap " placed " allowing to be provided with guard mode " state, press " guard mode is provided with key " and reach " circulation key ", the subregion that needs protection is provided with needed " protection " state.In general, Main Boot Record district and main partition are most important object of protections, should be set to " write-protect " district.In view of present most of software installation targets path all is installed to C automatically: dish, the main partition should be located at D: dish is advisable later.The main partition should not reinstall alternative document, so that guarantee the safety of operating system in the main partition.Press " circulation key ", confirm each subregion be provided with errorless after, " be provided with allow gauge tap " answers " forbidden setting " state; All work is promptly accused and is finished, and can use memory protection feature.Later on if need increase written document to " write-protect " district, need be this subregion elder generation de-preservation (operation gets final product to hard disk " protection guidance panel ", and is very simple), increase written document after, recovery and protection again.Operating process is no longer sewed and is stated with reference to above.
In the present invention, how will the software in the hard disk write-protecting district move?
In general, software systems should cooperate enforcement, promptly need the software author to revise software design a little.In the prior art, software systems program file and ephemeral data document storage are in same directory path, and they are in the same Logical Disk.In the present invention, require them separately in different Logical Disk, to deposit.Set up companion's directory path of and former software catalog path correspondence in unprotected Logical Disk; its directory pathname is consistent with former directory pathname; in this companion's directory path dish, other file (data file that comprises program file and immobilized substance) then still leaves in the Logical Disk directory path of original being provided with " write-protect " the ephemeral data document storage.The operation of software starts from the Logical Disk of " write-protect "; When needing " reading ", " writing " ephemeral data file in the software running process, then companion's catalogue file of non-protection area is operated.
The ephemeral data file can be divided into two kinds again; a kind of is the data that completely random changes; do not need to be preserved with remaining unchanged for a long period of time; the intermediate result of mathematical computations for example; window layout when finished operation last time in the WINDOWS system; this data file is not afraid of virus and is distorted, and can leave non-protection area in.Also having a kind of is the software parameter data, and it needs to revise in running software sometimes, but later on for a long time according to this parameter operation, does not need to revise, and answers long preservation, for example parameter such as screen color, resolution.Be that anti-virus destroys, this data file is " write-protect " in addition.But for the safety of program file, it should not be kept at again in the directory path identical with program file, can only be kept in another one " write-protect " district.Like this, companion's directory path dish may need two or more.
Set up the feature operation of " companion's catalogue file ", revising software by the software author increases this function, seeks non-protection area automatically by software and sets up; Also can point out the user to import unprotected Logical Disk path sets up.
Also can develop an interrupt handling routine and offer the user with hard disk by the hard disk manufacturing merchant, this program intercepts hard disk interrupts, the ephemeral data file " is write " gone back to the path identical but during the Logical Disk of " write-protect " when detecting memory-resident program with the memory-resident program boot disk, does automatically whether searching set up " companion's catalogue file " at non-protection area earlier? if do not set up, then set up automatically; Or point out the user to import unprotected Logical Disk path and set up.After, all " reading ", " writing " this document all are rerouted to the companion automatically and coil catalogue file.This " companion's dish " technology exists in the prior art, and for example CD companion QZCD.EXE software is exactly.
In the present invention, have the hard disk of partitioned storage protection function, can be used as the backup file purposes at least, vital document is backuped to " write-protect " district.When working document damages, can recover from " write-protect " district copy.This is more convenient on the floppy disk, reliably many than being saved in stand-by program BACKUP backup: the easy physical damage of floppy disk, and unreliable, and need a lot of dishes, speed is slow; And hard disk is that sealing is dustless, the high speed high power capacity, and reliability is very high.

Claims (3)

  1. One, in computing machine; employing is under the control of the storage protection mechanism that manually-operated hardware mechanism constitutes; storer and infosystem thereof are divided into protected location and two parts of non-protection area; the data message that needs protection, do not allow to change the program information of its content and the content that immobilizes is left in the protected location; the data message of random variation is left in non-protection area; reach computer system is normally moved, be not subjected to the computerized information memory protection technology of the purpose of computer virus and assault again.It is characterized in that: the memory protection technology of said computerized information be by
    1. the memory partition memory protection controlling mechanism that manually-operated hardware mechanism constitutes,
    2. the partitioned storage protection technology of storer and infosystem thereof, two parts combine and form.
  2. Two, according to claim one, the memory partition memory protection controlling mechanism that the alleged manually-operated hardware mechanism of the present invention constitutes is meant that by hardware device wherein mainly be memory partition memory protection controlling mechanism that electron device constitutes, the on-the-spot true-time operation control of operator; For software systems, be the programmer of user software can't be with the random hardware capability system of operation of software program order.It comprises that hardware " switch " parts (are made of the button of machinery and register, the gate circuit of electronics among the embodiment.See instructions), the registers group of latched memory partitioned storage protection parameter, and carry out required logic control circuit or (monolithic) computing machine and the program curing instruction stream etc. of storage protection mechanism.It is original Controlling Source by operator's execute-in-place hardware " switch " parts, controls its memory protection duty; Unless the operator changes the state of hardware " switch " parts; so that hardware mechanism is had ready conditions, allow the user software program to participate in the setting or the change of memory protection with limitation, any software program order comprises that Virus and computer hacker all can't change memory partition storage protection mechanism (seeing instructions).It is characterized by:
    1. the memory partition memory protection controlling mechanism that alleged manually-operated hardware mechanism constitutes is the partitioned storage protection function system of the hardware (program instruction streams that comprises curing) that mainly is made of electron device, the programmer of user software institute can't arbitrarily operate with the software program order;
    2. the memory partition memory protection controlling mechanism that alleged manually-operated hardware mechanism constitutes is that the partitioned storage protection technology with storer and infosystem thereof combines, and is the control that is used for the partitioned storage protection of storer and infosystem thereof;
    3. the memory partition memory protection controlling mechanism that alleged manually-operated hardware mechanism constitutes, can, also can only change its partitioned storage protection parameter and partition protecting state (type), wherein comprise at least: partition size and address location (or mouthful position, memory bank position) by the on-the-spot true-time operation of operator; Read-only, only write, prohibit read to prohibit write, four kinds of basic protection types (, seeing instructions) of read/write though wherein " only writing " do not know still that at present what practical use is arranged.
  3. Three; according to claim one and claim two; the alleged storer and the partitioned storage protection technology of infosystem thereof; be meant under the control of the storage protection mechanism that manually-operated hardware mechanism constitutes; the data recorded at random medium-computing machine that constitutes the computer based native system can unified management one or a class storage space; hard disk for example; or two physical hard disk C: dish and D: dish; or several physical hard disks and a physics protein storer; or a main memory RAM (goes up overlapping though it is divided into addressing sometimes; but several memory banks that can switch with soft switch); be divided into two parts of protected location and non-protection area; corresponding separately two two parts that deposit in the zone of contents of program information of same random data content information that are divided into of the software systems of operation therein; the data message of the contents of program information that does not allow to rewrite and the content that immobilizes is left in the protected location; the ephemeral data content information that changes data recording in the software running process is at random left in non-protection area; computer system can normally be moved, can avoid the computer information safe resist technology that computer virus and computer hacker attack again.Here alleged memory protection is meant memory partition is carried out respectively: read-only (write-protect), only write (read protection), prohibit to read to prohibit and write (full guard), read/write (unprotect) etc., this is four kinds of basic protection types.It is characterized by:
    1. the alleged storer and the partitioned storage protection technology of infosystem thereof are that the memory partition memory protection controlling mechanism that constitutes with manually-operated hardware mechanism combines and guarantee the reliability of storer and infosystem partitioned storage protection thereof under the control of this controlling mechanism;
    2. the alleged storer and the partitioned storage protection technology of infosystem thereof, be under the control of the storage protection mechanism that manually-operated hardware mechanism constitutes, computing machine can unified management or a class random data storage space have been divided into protected location and non-protection area;
    3. the alleged storer and the partitioned storage protection technology of infosystem thereof, the storage space of its storer can be provided with partition size, memory bank position and the partition protecting state (type) of partitioned storage protection under the control of the memory protection controlling mechanism that manually-operated hardware mechanism constitutes;
    4. the alleged storer and the partitioned storage protection technology of infosystem thereof, the subregion of its storer and partitioned parameters and partition protecting state (type) etc. be, also only under the control of the memory protection controlling mechanism that manually-operated hardware mechanism constitutes, just can be provided with.
CN 98125922 1998-12-12 1998-12-12 Computer hardware controlled partitioned storage protection technology Pending CN1223406A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 98125922 CN1223406A (en) 1998-12-12 1998-12-12 Computer hardware controlled partitioned storage protection technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 98125922 CN1223406A (en) 1998-12-12 1998-12-12 Computer hardware controlled partitioned storage protection technology

Publications (1)

Publication Number Publication Date
CN1223406A true CN1223406A (en) 1999-07-21

Family

ID=5229415

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 98125922 Pending CN1223406A (en) 1998-12-12 1998-12-12 Computer hardware controlled partitioned storage protection technology

Country Status (1)

Country Link
CN (1) CN1223406A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101908108A (en) * 2010-07-08 2010-12-08 福建升腾资讯有限公司 Write-protection method of NOVELL mirror image of local DOS (Disk Operating System) disc
CN102650948A (en) * 2012-03-31 2012-08-29 福建升腾资讯有限公司 Method for realizing data update and storage in Windows Xpe system internal storage protection mode
US8474021B2 (en) 2001-06-29 2013-06-25 Secure Systems Limited Security system and method for computers
CN103617404A (en) * 2013-12-17 2014-03-05 天津赢达信科技有限公司 Storing device of safety partitions
CN104081365A (en) * 2012-01-27 2014-10-01 京瓷办公信息系统株式会社 Memory management device and image processing device
CN106131072A (en) * 2016-08-28 2016-11-16 姜俊 A kind of computer information safe system
CN107247618A (en) * 2017-05-13 2017-10-13 成都长天信息技术有限公司 A kind of disk reorientation method under the outside acquisition framework based on instruction
CN107908439A (en) * 2017-11-16 2018-04-13 南京轩世琪源软件科技有限公司 The operation and protection of a kind of large data processing software on movable storage device
CN108229178A (en) * 2018-01-26 2018-06-29 郑州云海信息技术有限公司 BIOS Write-protection methods, device, equipment and computer readable storage medium
CN108399135A (en) * 2018-03-02 2018-08-14 郑州云海信息技术有限公司 A kind of control method and relevant apparatus of disk unit identification
CN110968254A (en) * 2018-09-29 2020-04-07 北京嘉楠捷思信息技术有限公司 Partition protection method and device for nonvolatile memory

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8474021B2 (en) 2001-06-29 2013-06-25 Secure Systems Limited Security system and method for computers
CN101908108A (en) * 2010-07-08 2010-12-08 福建升腾资讯有限公司 Write-protection method of NOVELL mirror image of local DOS (Disk Operating System) disc
CN104081365A (en) * 2012-01-27 2014-10-01 京瓷办公信息系统株式会社 Memory management device and image processing device
CN104081365B (en) * 2012-01-27 2016-09-28 京瓷办公信息系统株式会社 Memory management unit and image processing apparatus
CN102650948A (en) * 2012-03-31 2012-08-29 福建升腾资讯有限公司 Method for realizing data update and storage in Windows Xpe system internal storage protection mode
CN103617404A (en) * 2013-12-17 2014-03-05 天津赢达信科技有限公司 Storing device of safety partitions
CN106131072A (en) * 2016-08-28 2016-11-16 姜俊 A kind of computer information safe system
CN107247618A (en) * 2017-05-13 2017-10-13 成都长天信息技术有限公司 A kind of disk reorientation method under the outside acquisition framework based on instruction
CN107247618B (en) * 2017-05-13 2021-01-15 成都长天信息技术有限公司 Disk redirection method based on instruction external acquisition architecture
CN107908439A (en) * 2017-11-16 2018-04-13 南京轩世琪源软件科技有限公司 The operation and protection of a kind of large data processing software on movable storage device
CN108229178A (en) * 2018-01-26 2018-06-29 郑州云海信息技术有限公司 BIOS Write-protection methods, device, equipment and computer readable storage medium
CN108399135A (en) * 2018-03-02 2018-08-14 郑州云海信息技术有限公司 A kind of control method and relevant apparatus of disk unit identification
CN108399135B (en) * 2018-03-02 2021-05-18 郑州云海信息技术有限公司 Control method for disk equipment identification and related device
CN110968254A (en) * 2018-09-29 2020-04-07 北京嘉楠捷思信息技术有限公司 Partition protection method and device for nonvolatile memory

Similar Documents

Publication Publication Date Title
CN1241120C (en) Method for backing up and recovering data in hard disk of computer
CN1506813A (en) Reliably and safelf refreshing and recovering firmware from large scale memory equipment
US7844855B2 (en) Stored memory recovery system
US20020133702A1 (en) Methods of granting access to a protected area
US20120099219A1 (en) Secure data storage device
US20070094471A1 (en) Method and system for providing restricted access to a storage medium
US9152823B2 (en) Systems, methods, and computer readable media for computer data protection
CN100389408C (en) Fixed disk data enciphering back-up and restoring method
CN1223406A (en) Computer hardware controlled partitioned storage protection technology
WO2011076464A1 (en) Method and system for protecting an operating system against unauthorized modification
CN1831701A (en) Operation system protection method based on virtual file system
US20080140946A1 (en) Apparatus, system, and method for protecting hard disk data in multiple operating system environments
US20040148478A1 (en) Method and apparatus for protecting data in computer system in the event of unauthorized data modification
CN1173669A (en) Method and appts. of transparent protection for computer rigid disk storage contents
CN1308846C (en) Method and apparatus for realizing protection of computer operation system in hard disk
CN1053507C (en) Method and device for controlling read and write of hard disc in computer
RU2067313C1 (en) Device for protection against unauthorized access to information that is stored in personal computer
CN1277219C (en) Method for protecting data of storage unit and system
US20030131112A1 (en) Computer firewall system
CN100424652C (en) Had disk self-recovery protecting method based on embedded operation system
EP3979111A1 (en) File system protection apparatus and method in auxiliary storage device
US11386219B2 (en) Detection of an unauthorized modification to storage and restoration of the storage
CN1265493A (en) Computer memory system with high safety
CN1081363C (en) Safety tech. for computer
CN1371055A (en) Computer hard disk protecting method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication