CN1794210A - Data safety storage and processing method of mobile storage equipment - Google Patents
Data safety storage and processing method of mobile storage equipment Download PDFInfo
- Publication number
- CN1794210A CN1794210A CN 200610000047 CN200610000047A CN1794210A CN 1794210 A CN1794210 A CN 1794210A CN 200610000047 CN200610000047 CN 200610000047 CN 200610000047 A CN200610000047 A CN 200610000047A CN 1794210 A CN1794210 A CN 1794210A
- Authority
- CN
- China
- Prior art keywords
- data
- storage device
- security
- movable storage
- catalog
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
This invention relates to a safely storage and a process method for data of a mobile storage device, which utilizes tools of a mobile safe system to set up virtual ciphered file catalogs belonging to legal users only to data necessary to be ciphered in the mobile storage device and legal users can set up, modify and delete files in it, put the un-ciphered data in the device to the safe to be ciphered and puts the ciphered data in the safe to the un-ciphered public region in the device to be deciphered, yet illegal users cannot open it or get content from the safe forever.
Description
Technical field
The present invention relates to the data protection technology of movable storage device, particularly be independent of intelligent code key and the data storage and the disposal route of the independent special mobile memory device that uses.
Background technology
Narrowly, movable storage device mainly comprises the movable storage device that flash disk, portable hard drive etc. are special-purpose.Wherein, flash disk adopts flash memory storage medium (Flash Memory) and USB (universal serial bus) (USB) interface, the data file that can be used for storing any form, can with computing machine swap data easily.The memory capacity of flash disk can reach 2GB, considerably beyond floppy disk.Flash disk adopts USB interface, and read or write speed is considerably beyond floppy disk.And flash disk does not have mechanical read-write equipment, is not easy to be damaged.Portable hard drive is a storage medium with the hard disk then, and storage space is considerably beyond flash disk.Portable hard drive adopts transmission speeds such as USB, IEEE1394 interface faster more, and the exchanges data between the computing machine is very convenient.Broadly, movable storage device not only comprises the movable storage device of above-mentioned special use, also comprises mobile phone, recording pen, digital camera, electronic products such as MP3, MP4 with Mobile Storage Function MSF.For example, the mobile storage space of some hard disk formula MP4 player is up to 100GB, and any computing machine that can be communicated with it exchanges a large amount of electronic data.Along with popularizing of various special uses, non-special mobile memory device; how the data of its storage are protected; prevent that it is subjected to unauthorized encryption and decryption, deletion, modification, illegal operation such as moves, duplicates, propagates, reads; how the data that copy to local computer disk from movable storage device are protected; prevent that it is subjected to unauthorized encryption and decryption, deletion, modification, illegal operation such as moves, duplicates, propagates, reads, this has all become technical barrier anxious to be solved.
In the prior art, mainly contain the data security that two class technology are used to safeguard movable storage device: the first, single file encryption is deposited.According to the method, the user must copy in the movable storage device behind each file encryption of unencrypted.This method operates very inconvenient, thereby is seldom adopted by the user.The second, with the form of device driver conversion memory device institute store data.When the driving of movable storage device is installed, operating system will at first format movable storage device, and after the format, equipment could use.But when the movable storage device after formatted was connected to the computing machine that same program is not installed, this movable storage device can not be by this computer Recognition.Like this, the data in the movable storage device can not be by other computer system institute accesses.But this method has seriously limited the adaptivity of movable storage device plug and play, and inconvenient user operates movable storage device with any computing machine on the basis of service data safety.In addition, two kinds of methods are mainly used in the data of protecting in the movable storage device more than.They are not suitable for protects the data that copy to local computer disk from movable storage device.In a word, because shortage data protection technology easily and effectively, present most of movable storage device has been safeguarded the convenience of plug and play, but has sacrificed safety of data.Use data leak that movable storage device causes, damage, lose etc. quite general.This has had a strong impact on the economic security of enterprises and institutions, has also threatened a lot of individuals' financial privacy, the privacy of living etc.
Therefore; people are badly in need of a kind of safer, data protection technology easily; protect the data in the movable storage device, the data of guaranteeing to leave in the movable storage device can not implemented encryption and decryption, deletion, modification by unauthorized user, illegal operation such as move, duplicate, propagate, read.Simultaneously, it also will provide protection to the data that copy to local computer disk from movable storage device, prevents that it is subjected to unauthorized encryption and decryption, deletion, modification, illegal operation such as moves, duplicates, propagates, reads.When guaranteeing data security, new technology to guarantee validated user can be in various computer systems easily and fast, safely heap file is implemented encryption and decryption, deletion, modification, various legal operations such as is moved, duplicates, propagates, reads, thereby overcome the defective that prior art exists.
Summary of the invention
The objective of the invention is to avoid above-mentioned the deficiencies in the prior art part, and propose a kind of new method of protecting the movable storage device data security.It has used mobile insurance cabinet technology, and making people can be to need the data creation of encipherment protection to be specific to user's virtual encrypt file catalogue (being the mobile insurance cabinet) in the movable storage device with mobile insurance cabinet system instrument.Mobile insurance cabinet form with file directory on physical disk exists, and the user that can be created it opens.After being opened; the mobile insurance cabinet is mapped as a virtual file directory; the user can create therein, modification and deleted file; can be dragged and dropped into the data of unencryption protection in the movable storage device and implement in the mobile insurance cabinet to encrypt; also the data of encrypted protection in the mobile insurance cabinet can be dragged and dropped into the public domain of unencryption protection in the movable storage device, to implement deciphering.For validated user, to the use of mobile insurance cabinet with to the use of ordinary magnetic disc subregion without any difference.But for other users as non-founder, the mobile insurance cabinet is the disk file of an encryption forever, can not open, and can not obtain content wherein.
Purpose of the present invention can be by realizing by the following technical solutions: propose a kind of storage of movable storage device data security and disposal route of integrating mobile insurance cabinet technology, comprise the steps:
1, the drive of hinting obliquely in the computing machine at movable storage device is set up security catalog, adopt mobile insurance cabinet system instrument that this catalogue is invented NameSpace Extension (proof box) object, with this object naming is titles such as proof box, safety cabinet, this object will appear on the desktop of Windows as this object of called after " proof box " automatically;
2, NameSpace Extension is made up of two objects: data management system, the interface between data management system and Windows Explorer, validated user sees through NameSpace Extension and realizes the file operation under the security catalog, enciphered data when preserving data, data decryption in the time of reading of data, encryption or data decryption are transparent fully to validated user;
3, validated user is operated other catalogues (as public directory, non-security catalog) of movable storage device, the not encrypted preservation of data in these catalogues, when the proof box store data, data are encrypted automatically from this public directory or non-security catalog, otherwise, then deciphering automatically;
4, validated user is operated the security catalog of movable storage device by the file manager of operating system, and this catalogue deposit data is then encrypted, the then deciphering of fetching data, and the encryption and decryption process is transparent fully to validated user;
5, the user unloads movable storage device, and NameSpace Extension disappears on windows desktop automatically, and mobile insurance cabinet system instrument is out of service automatically.
Based on above-mentioned data security storage and disposal route, the present invention can make following improvement, thereby adopts more technological means, enlarges the scope of application, the application of the technical program.For example, the user can set up one or more mobile insurance cabinet on movable storage device, and sets different levels of confidentiality respectively, perhaps keeps a common data storage area of not encrypting; The user can determine the size of single or a plurality of safety cabinets according to the needs of oneself, can store the file of various forms and can freely set up file in safety cabinet; Under the situation that the mobile insurance cabinet is opened, the user can set automatic cut-out computer network port, prevents to divulge a secret on the net; The user can be used mobile insurance cabinet and vpn gateway, VRC, obtains bigger mobile storage freedom on the basis that guarantees data security; The user can land computer system with intelligent code key, the mobile insurance cabinet of creating with specific key can be distributed on local computer disk and the movable storage device, the data of legal key user in can free operant mobile insurance cabinet, exchanges data between movable storage device and the computing machine can be carried out between their mobile insurance cabinet, thus protected data safety; The intelligent code key that is used to land computer system can be divided into a plurality of levels; subordinate's key can be used to operate the mobile insurance cabinet that it is created in person; after subordinate's key loss or the damage; higher level's key user can reissue subordinate's key; make the data in the mobile insurance cabinet that latter's free operant was lost originally or subordinate's key of damaging was once created; exchanges data between movable storage device and the computing machine can be carried out between their mobile insurance cabinet, thus protected data safety.
Compare with prior art, the present invention is used for the storage of movable storage device data security and has following advantage with the method for handling: it does not need storing movable storage device into behind the single file encryption, can be to the quick encryption and decryption of batch documents; It does not change the original saving format of movable storage device, does not influence the use of movable storage device in other computer systems; It has adopted cryptographic algorithm and technology in the mobile insurance cabinet, realize the data encryption storage, guarantees that the disabled user can't open encrypt file; After the encryption, the required storage space of file does not enlarge, and both expressly equal with the shared disk space of ciphertext, the enciphered data redundancy is zero; Processing speed is very fast, and data add, decipher the ratio of access time and plaintext access time near 1: 1, and generic-document is handled the sensation that not have wait; It can cooperate intelligent code key, realizes various expanded data safe operations.In a word, the present invention is applicable to the data security storage and processing operation of various movable storage devices, be fit to be independent of intelligent code key and the data security storage and processing of the independent special mobile memory device that uses, after being more suitable for the user and enabling intelligent code key and log on specific computer software and Database Systems, to the safe operation of movable storage device.
Embodiment
The present invention is described in further detail below in conjunction with two specific embodiments.
A preferred embodiment of the present invention is a kind of data security storage and disposal route of the movable storage device that is independent of intelligent code key and independently uses, and it comprises the steps:
1, the computer background process detects the access situation of movable storage device, has movable storage device to insert as finding, then sets up security catalog in the drive that movable storage device is hinted obliquely at, and exists as security catalog, does not then set up; As find that movable storage device shifts out, then this process is cancelled mobile insurance cabinet;
2, the design of mobile insurance cabinet
(1) " mobile insurance cabinet " is designed to a Shell Namespace Extension object, set COM and a standard DLL are in the dynamic link library of one;
(2) according to file system structure design NameSpace Extension, make NameSpace Extension comprise two basic objects, Folder (clip) and File (file).Folder is the node of tree, is the container of other Folder and File, and File is the leaf of tree, and the both can be file on the disk or virtual object:
(3) NameSpace Extension comprises two basic ingredients: data management system and the interface between data management system and WindowsExplorer, this interface is dressed up the Folder object with " mobile insurance cabinet " packet, and handles mutual between itself and the Windows Explorer.Windows Explorer calls these com interfaces allows the user can virtual data carry out alternately, just look like these objects be exactly that catalogue is the same with file;
(4) Windows system resource management device starts, automatically load document safety cabinet interface;
(5) enter " mobile insurance cabinet " (NameSpace Extension) when the user browses, realize management the data file by ShellFolder and IShellView;
(6) encryption and decryption of realization data in ShellFolder and IShellView;
3, the operation of mobile insurance cabinet
Validated user sees through the mobile insurance cabinet and realizes the file operation under the security catalog, enciphered data when preserving data, and data decryption in the time of reading of data is encrypted or data decryption is fully transparent to validated user; Validated user can be operated other catalogues (as public directory, non-security catalog) of movable storage device, the not encrypted preservation of data in these catalogues, when the proof box store data, data are encrypted automatically from this public directory or non-security catalog, otherwise, then deciphering automatically; Validated user also can be operated the security catalog of movable storage device by the file manager of operating system, and this catalogue deposit data is encrypted, and fetches data and deciphers, and the process of encryption and decryption is transparent to validated user; The user unloads movable storage device, and the mobile insurance cabinet of mapping movable storage device secure file catalogue is identified on the windows desktop and disappears automatically, and mobile insurance cabinet system instrument is out of service automatically.
Second preferred embodiment of the present invention is a kind of data security storage and disposal route that cooperates the movable storage device of intelligent code key use, and it comprises the steps:
1, enables intelligent code key
The user enables intelligent code key, lands computer system.If the user once created security catalog with this key in local computer disk, the file at this security catalog place of mobile insurance cabinet system instrument start-up so.If the user did not create security catalog with this key in local computer disk, mobile insurance cabinet system instrument can be called at any time to create this catalogue so;
2, enable the mobile insurance cabinet for movable storage device
The computer background process detects the access situation of movable storage device, has movable storage device to insert as finding, then sets up security catalog in the drive that movable storage device is hinted obliquely at, and exists as security catalog, does not then set up; As find that movable storage device shifts out, then this process is cancelled mobile insurance cabinet;
3, the design of mobile insurance cabinet
(1) " mobile insurance cabinet " is designed to a Shell Namespace Extension to picture, set COM and a standard DLL are in the dynamic link library of one;
(2) according to file system structure design NameSpace Extension, make NameSpace Extension comprise two basic objects, Folder and File.Folder is the node of tree, is the container of other Folder and File, and File is the leaf of tree, and the both can be file on the disk or virtual object;
(3) NameSpace Extension comprises two basic ingredients: data management system and the interface between data management system and WindowsExplorer, this interface is dressed up the Folder object with " mobile insurance cabinet " packet, and handles mutual between itself and the Windows Explorer.WindowsExplorer calls these com interfaces allows the user can virtual data carry out alternately, just look like these objects be exactly that catalogue is the same with file;
(4) Windows system resource management device starts, automatically load document safety cabinet interface;
(5) enter " mobile insurance cabinet " (NameSpace Extension) when the user browses, realize management the data file by ShellFolder and IShellView;
(6) encryption and decryption of realization data in ShellFolder and IShellView;
4, the operation of mobile insurance cabinet
No matter security catalog is present on computing machine local hard drive or the movable storage device, the data of intelligent code key user in can free operant mobile insurance cabinet, the exchanges data between movable storage device and the computing machine can be carried out between their mobile insurance cabinet; Validated user sees through the mobile insurance cabinet and realizes the file operation under the security catalog, enciphered data when preserving data, and data decryption in the time of reading of data is encrypted or data decryption is fully transparent to validated user; Validated user can be operated other catalogues (as public directory, non-security catalog) of movable storage device, the not encrypted preservation of data in these catalogues, when the proof box store data, data are encrypted automatically from this public directory or non-security catalog, otherwise, then deciphering automatically; Validated user also can be operated the security catalog of movable storage device by the file manager of operating system, and this catalogue deposit data is encrypted, and fetches data and deciphers, and the process of encryption and decryption is transparent to validated user; The user unloads movable storage device, and the mobile insurance cabinet of mapping movable storage device secure file catalogue is identified on the windows desktop and disappears automatically, and mobile insurance cabinet system instrument is out of service automatically; The user unloads intelligent code key, and does not unload movable storage device, and then the data under the security catalog can't read and operate in the movable storage device, and the file under public directory or the non-security catalog still can freely read and operate in the movable storage device.
Claims (8)
1. the data security of a movable storage device is stored and disposal route, comprising:
(1) after movable storage device inserts computer system, sets up security catalog, adopt mobile insurance cabinet system instrument that this catalogue is invented NameSpace Extension object at the drive that movable storage device is hinted obliquely in the computing machine;
(2) user operates the security catalog of movable storage device through NameSpace Extension.
2. according to described data security storage of claim 1 and disposal route, it is characterized in that, the user moves safety cabinet system tool enciphered data when the security catalog store data of movable storage device, move safety cabinet system tool data decryption during from this security catalog reading of data.
3. according to described data security storage of claim 1 and disposal route, it is characterized in that:
(1) user sets up the not public directory of encrypted preservation of data in movable storage device;
(2) from public directory when security catalog is deposited file, mobile insurance cabinet system instrument enciphered data, and from security catalog when public directory is deposited file, mobile insurance cabinet system instrument data decryption.
4. according to described data security storage of claim 1 and disposal route, it is characterized in that before the data security storage and processing module of startup movable storage device, computer system is enabled intelligent code key earlier.
5. storage of the data security of a movable storage device and disposal route comprise the steps:
(1) drive of hinting obliquely in the computing machine at movable storage device is set up security catalog, adopts mobile insurance cabinet system instrument that this catalogue is invented NameSpace Extension object;
(2) user operates the security catalog of movable storage device by the file manager of operating system.
6. according to described data security storage of claim 5 and disposal route, it is characterized in that, the user moves safety cabinet system tool enciphered data when the security catalog store data of movable storage device, move safety cabinet system tool data decryption during from this security catalog reading of data.
7. according to described data security storage of claim 5 and disposal route, it is characterized in that:
(1) user sets up the not public directory of encrypted preservation of data in movable storage device;
(2) from public directory when security catalog is deposited file, mobile insurance cabinet system instrument enciphered data, and from security catalog when public directory is deposited file, mobile insurance cabinet system instrument data decryption.
8. according to described data security storage of claim 5 and disposal route, it is characterized in that before the data security storage and processing module of startup movable storage device, computer system is enabled intelligent code key earlier.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610000047 CN1794210A (en) | 2006-01-05 | 2006-01-05 | Data safety storage and processing method of mobile storage equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610000047 CN1794210A (en) | 2006-01-05 | 2006-01-05 | Data safety storage and processing method of mobile storage equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1794210A true CN1794210A (en) | 2006-06-28 |
Family
ID=36805663
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610000047 Pending CN1794210A (en) | 2006-01-05 | 2006-01-05 | Data safety storage and processing method of mobile storage equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1794210A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100418320C (en) * | 2006-10-20 | 2008-09-10 | 清华大学 | Active obtaining method for internet data based on mobile storage device |
| CN100446024C (en) * | 2007-01-26 | 2008-12-24 | 北京飞天诚信科技有限公司 | Protection method and system of electronic document |
| CN101350034B (en) * | 2008-09-10 | 2012-05-23 | 普天信息技术研究院有限公司 | Mobile memory apparatus and method for visiting file |
| CN102789555A (en) * | 2011-05-17 | 2012-11-21 | 腾讯科技(深圳)有限公司 | Method and system for safely moving file |
| WO2013040915A1 (en) * | 2011-09-22 | 2013-03-28 | 腾讯科技(深圳)有限公司 | File encryption method and device, file decryption method and device |
| CN104732162A (en) * | 2015-04-02 | 2015-06-24 | 努比亚技术有限公司 | File encryption processing method and device |
| CN106570417A (en) * | 2016-10-28 | 2017-04-19 | 郑建钦 | Data security storage method |
| CN108228100A (en) * | 2017-12-27 | 2018-06-29 | 郑州云海信息技术有限公司 | A kind of data safety processing method and system based on mass storage system (MSS) |
-
2006
- 2006-01-05 CN CN 200610000047 patent/CN1794210A/en active Pending
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100418320C (en) * | 2006-10-20 | 2008-09-10 | 清华大学 | Active obtaining method for internet data based on mobile storage device |
| CN100446024C (en) * | 2007-01-26 | 2008-12-24 | 北京飞天诚信科技有限公司 | Protection method and system of electronic document |
| CN101350034B (en) * | 2008-09-10 | 2012-05-23 | 普天信息技术研究院有限公司 | Mobile memory apparatus and method for visiting file |
| CN102789555A (en) * | 2011-05-17 | 2012-11-21 | 腾讯科技(深圳)有限公司 | Method and system for safely moving file |
| CN102789555B (en) * | 2011-05-17 | 2015-11-18 | 腾讯科技(深圳)有限公司 | A kind of method and system of safety moving file |
| WO2013040915A1 (en) * | 2011-09-22 | 2013-03-28 | 腾讯科技(深圳)有限公司 | File encryption method and device, file decryption method and device |
| CN103020537A (en) * | 2011-09-22 | 2013-04-03 | 腾讯科技(深圳)有限公司 | Data encrypting method, data encrypting device, data deciphering method and data deciphering device |
| US9224002B2 (en) | 2011-09-22 | 2015-12-29 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for file encryption/decryption |
| CN104732162A (en) * | 2015-04-02 | 2015-06-24 | 努比亚技术有限公司 | File encryption processing method and device |
| CN106570417A (en) * | 2016-10-28 | 2017-04-19 | 郑建钦 | Data security storage method |
| CN108228100A (en) * | 2017-12-27 | 2018-06-29 | 郑州云海信息技术有限公司 | A kind of data safety processing method and system based on mass storage system (MSS) |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1794210A (en) | Data safety storage and processing method of mobile storage equipment | |
| US10268827B2 (en) | Method and system for securing data | |
| Hasan et al. | Toward a threat model for storage systems | |
| CN100449561C (en) | Divulging secrets prevention system of USB storage device date based on certificate and transparent encryption technology | |
| US7877602B2 (en) | Transparent aware data transformation at file system level for efficient encryption and integrity validation of network files | |
| CN102254117B (en) | Virtualized technology-based data anti-disclosure system | |
| US20030208686A1 (en) | Method of data protection | |
| US8234496B1 (en) | Image leak prevention using digital watermark | |
| CN100585608C (en) | Data file safe treatment method and system | |
| US20080016127A1 (en) | Utilizing software for backing up and recovering data | |
| CN103106372A (en) | Lightweight class privacy data encryption method and system for Android system | |
| CN1928881A (en) | Computer data security protective method | |
| JP2010530562A (en) | Data confidentiality preservation method in fixed content distributed data storage system | |
| CN103218575A (en) | Host file security monitoring method | |
| CN1776563A (en) | File encrypting device based on USB interface | |
| CN104298472A (en) | Layered computing virtualization implementing method and device | |
| KR20100031248A (en) | Method for protecting private information of personal computer and computer readable recording medium therefor | |
| CN100452076C (en) | Method for constructing transparent coding environment | |
| JP2002351742A (en) | Data protecting device | |
| Ballou | Electronic crime scene investigation: A guide for first responders | |
| CN1293483C (en) | Multistorage type physical buffer computer data safety protection method and device | |
| US9697372B2 (en) | Methods and apparatuses for securing tethered data | |
| WO2004001561A2 (en) | Computer encryption systems | |
| CN101339589A (en) | Method for implementing information safety by dummy machine technology | |
| Srinivasan et al. | Steganographic information hiding that exploits a novel file system vulnerability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhang Liqing Document name: Notice of first review |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |