CN1877549A - Method for automatic protection of U disc by using filtering driver and intelligent key device - Google Patents
Method for automatic protection of U disc by using filtering driver and intelligent key device Download PDFInfo
- Publication number
- CN1877549A CN1877549A CNA2006100901855A CN200610090185A CN1877549A CN 1877549 A CN1877549 A CN 1877549A CN A2006100901855 A CNA2006100901855 A CN A2006100901855A CN 200610090185 A CN200610090185 A CN 200610090185A CN 1877549 A CN1877549 A CN 1877549A
- Authority
- CN
- China
- Prior art keywords
- flash disk
- usb flash
- intelligent key
- key apparatus
- driving program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a method for protecting U disk by employing filter driving program combined with intelligent secret key device. The method comprises the steps of: sending operation request via USB Mass Storage driving program; detecting whether the intelligent secret key being plugged into computer with U disk filter driving program; judging whether customer has passed identity authentication; deciding whether to process or not according to the operation requests after the customer identity authentication. The invention is characterized in that it performs protection on the U disk with the monitoring program by inserting filter driving program between USB Mass Storage driving program and USB general driving program, and by the association of the filter driving program and the intelligent secret key device; customer identity authentication and encryption/decryption are needed if customer want to operate the protected U disk.
Description
Technical field
The present invention relates to a kind of method of USB flash disk protection, particularly a kind of method of utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically.
Background technology
Along with the fast development of computer technology and information storage technology, USB flash disk has become people's daily life, office and study imperative equipment.Increasing user gets used to a large amount of document storages among USB flash disk, transmit file at an easy rate by it, this improvement offers convenience to people undoubtedly, but also bring the problem of security simultaneously---a lot of USB flash disk information have confidentiality, can not or distort by desultory reading, the insecurity of USB flash disk has brought great hidden danger for sensitive information safety.General USB flash disk does not possess to be encrypted and identity authentication function, and anyone can see wherein content by USB flash disk.
People mainly utilize encryption and authentication techniques to control the visit of disabled user to sensitive information at present, for example utilize various key mechanisms that USB flash disk is encrypted, thereby prevent that the disabled user from reading; Perhaps utilize digital certificate to come the identity of authenticated, the control disabled user visits USB flash disk.
People also utilize existing filtration drive technical protection sensitive information, and the protected mode of this kernel level has the security of great convenience property and Geng Gao.Filtration drive is mainly based on the thought of WDM (Windows Driver Model) layered model, in this layered model, have two drivers on the hardware device at least, be respectively function driver (function driver) and bus driver (bus driver), function driver is realized the concrete function (function driver of USB flash disk carries at Windows2000 and above operating system) of equipment.An equipment also may increase filter drive program (filter driver) layer, the behavior that is used for changing standard device drivers.These drivers of serving same equipment have been formed a device stack.In device stack, filter drive program is attached to the upper strata or the lower floor of function driver, tackles corresponding IRP (I/O request package, I/O Request Packet), and does corresponding processing, with the behavior that changes equipment or add new function.Filter drive program is only handled those its I/O request of being concerned about, and other I/O request is not dealt with, and can change the behavior of equipment so very flexibly, and IRP will transmit from top to bottom and return along certain sequence.Therefore, we can use filter drive program inspection, revise, finish the IRP that it is intercepted and captured, perhaps the IRP of structure oneself.
But, utilize filtration drive technology and intelligent key apparatus to combine to realize not perfect in the prior art to the protection of USB flash disk.
Summary of the invention
In order to solve the problem of above-mentioned existence, the invention provides a kind of method, intelligent key apparatus and USB flash disk filter drive program are combined, a kind of safer USB flash disk guard method is provided.
The present invention realizes by following scheme: a kind of method of utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically comprises the steps:
1.USB Mass Storage driver issues the operation requests to USB flash disk;
2.U the dish filter drive program detects intelligent key apparatus and whether has inserted computing machine;
3. judge that whether the user is by authentication;
4. after authenticating user identification passes through, handle or do not process according to operation requests.
Described USB flash disk filter drive program is associated with intelligent key apparatus by the device object that obtains the intelligent key apparatus driving, finishes the protection to USB flash disk jointly.
USB Mass Storage in the described step 1 is a large amount of memory devices of USB.
If described step 2 does not detect intelligent key and inserts computing machine, then carry out fault processing; Described fault processing is by using watchdog routine ejection interface or carrying out internal error and return;
If described step 3 not by authentication, is then carried out authentication by intelligent key apparatus to the user.
Described authentication process is: the filtration drive notice is used the watchdog routine display interface, and this interface prompt user carries out authentication, and described subscriber authentication includes but not limited to following method, also can be one of following method:
1) whether the PIN code of user's input can be by the checking of intelligent key apparatus;
2) user's biological characteristic can be by the checking of intelligent key apparatus;
3) whether comprise specific data in the intelligent key apparatus that the user provides; 4) some data are sent to intelligent key apparatus and carry out computing, check whether operation result is expected.Described application watchdog routine is used to monitor described USB flash disk filter drive program and carries out data communication with intelligent key apparatus.
Described step 3 is if the user then carries out fault processing not by authentication.
In the described step 4, described operational processes can be the read-write operation request to USB flash disk, by described intelligent key apparatus data is decrypted or encryption; Its process shows as: described USB flash disk filter drive program is sent to the intelligent key apparatus driver according to described intelligent key physical unit driving arrangement object with data content, and then realizes deciphering or the encryption of described intelligent key apparatus to data.
If write the USB flash disk operation requests, by described intelligent key apparatus data are carried out encryption, if read the USB flash disk operation requests, data are decrypted processing by described intelligent key apparatus.
The processing of above-mentioned read-write operation request at USB flash disk can also be encrypted or decryption processing data by described USB flash disk filter drive program.
To USB flash disk other operation requests except that read-write, as write-protect or get the request of USB flash disk information operating, do not need intelligent key apparatus to handle, by the USB flash disk filter drive program corresponding sign among the IRP is set directly, make corresponding filtration treatment; After finishing corresponding filtration, the USB flash disk filter drive program sends to usb bus driver or USB MassStorage driver with filter result information.
The present invention is by inserting filter drive program between USB Mass Storage driver and usb bus driver; and be associated with intelligent key apparatus by this filter drive program; the common protection that realizes USB flash disk under the monitoring of using watchdog routine; the user has improved the security of use USB flash disk if wanting shielded USB flash disk operated and to add by authentication separates/close processing.
Description of drawings
Fig. 1 is a theory diagram of the present invention.
Fig. 2 is realization flow figure of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments the present invention is described in more detail.
The present invention is associated intelligent key apparatus with the USB flash disk filter drive program, the common protection that realizes USB flash disk.
Fig. 1 is a theory diagram of the present invention.As shown in the figure, when Windows operating system conducts interviews to USB flash disk 104, between USB Mass Storage (USB mass storage) driver 101 and usb bus driver 103, comprise that is used to driver---a USB flash disk filter drive program 102 of realizing operations such as USB flash disk 104 read-writes are filtered.When usb bus driver 103 detected a USB device, PnP (plug and play) manager was just set up a PDO (Physical Device Object is the USB flash disk relevant device) at once.After having set up PDO, the PnP manager is by searching filter drive program and the function driver that registration table finds other.The installation procedure of equipment is responsible for setting up the list item in these registration tablies, and the installation of driver is to carry out according to the instruction in the INF file (Information File is the drive installation file).List item in the registration table has indicated the position of various drivers in the data object storehouse, so the PnP manager begins to load the filter drive program of lowermost layer, and calls the AddDevice function of this driver.This function is set up a FiDO (Filter Device Object is a filter plant) in the data object storehouse, also PDO and this FiDO that sets up previously linked together simultaneously.
When the user operates USB flash disk 104; USB flash disk filter drive program 102 is intercepted and captured corresponding IRP; and judge whether it is operation to protected USB flash disk 104 according to the content in the request package; if then read data content in the request package; and obtain the device object of intelligent key apparatus driver 106; if obtain failure; illustrate that then intelligent key apparatus 107 does not exist; can not carry out corresponding operating to protected USB flash disk 104, and notice is used watchdog routine 105 ejection interfaces requirement insertion intelligent key apparatus 107.If obtain success, illustrate that then intelligent key apparatus 107 has existed in the system, next verify intelligent key apparatus holder's identity, if having verified intelligent key apparatus holder's identity and checking passes through, then do not need to verify again, otherwise USB flash disk filter drive program 102 notices are used watchdog routine 105 ejection interfaces and are required the user to carry out authentication, and will verify that the result returns USB flash disk filter drive program 102, if authentication is unsuccessful, USB flash disk filter drive program 102 notices are used watchdog routine 105 and are ejected the prompting that authentication is not passed through; If authentication success, USB flash disk filter drive program 102 is forwarded to intelligent key apparatus 107 to data content according to the device object of intelligent key apparatus driver 106, make it finish encryption or deciphering to data, this process also can be finished by USB flash disk filter drive program 102.When encrypt or deciphering after data content turn back to USB flash disk filter drive program 102 after, replace data content in the original request package with this data content.After finishing replacement, the direction of transfer original according to request package is sent to upper strata or the lower floor that USB flash disk is filtered driver 102 to data, realizes that finally the present invention protects the purpose of USB flash disk.
USB flash disk 104 is a kind of special USB device, when usb bus detects the insertion of USB flash disk 104, automatically at subregion of system virtualization, the user is during to this division operation, be actually USB flash disk 104 is operated, the data interaction that main frame and USB flash disk are 104 finally just can be finished by USBMass Storage driving (usbstor.sys) and read write-in functions normally.In the present embodiment filter drive program is carried between USB Mass Storage driver and the usb bus driver, catch the IRP that type is IRP_MJ_SCSI, related content among the IRP is filtered or analyzed, thereby realize that read-write is monitored to USB flash disk.In the present embodiment, the encrypting and decrypting of data is all finished in intelligent key apparatus.
As shown in Figure 2: step 201, USB Mass Storage driver issues operation requests.In the present embodiment, the function that described USB Mass Storage driver is a USB flash disk drives, and realizes the concrete function of equipment.
Step 202, the USB flash disk filter drive program detects intelligent key apparatus and whether has inserted computing machine.If insert, then execution in step 203, otherwise execution in step 206.
Step 203, intelligent key apparatus judge that whether the user is by authentication.If the user has passed through the authentication of intelligent key apparatus, then do not need to carry out authentication, directly by the action type of filter drive program judgement to USB flash disk, promptly execution in step 207, otherwise execution in step 204.
Step 204, the user carries out authentication by intelligent key apparatus to the user not by authentication.
Described authentication process is: the filtration drive notice is used the watchdog routine display interface, and this interface prompt user carries out authentication, and described subscriber authentication includes but not limited to following method, also can be following method combination:
1) whether the PIN code of user's input can be by the checking of intelligent key apparatus;
2) user's biological characteristic can be by the checking of intelligent key apparatus, for example fingerprint, sound, retina or the like.
3) whether comprise specific data in the intelligent key apparatus that the user provides;
4) give intelligent key apparatus with some data and carry out computing, check whether operation result is expectation value; Intelligent key apparatus is finished after the checking of user identity the card result being turned back to filter drive program, begins to do next step processing by filter drive program.
In the present embodiment, be associated with using watchdog routine by the USB flash disk filter drive program, realization is mutual with the user's, and the user can be by using the protection strategy that watchdog routine disposes USB flash disk; Monitoring USB flash disk filter drive program, the incident that the wait driver is sent is also handled accordingly.In addition, use that watchdog routine can realize installing, the unloading filter drive program, specify protected item of hardware, and the function of rule between control USB flash disk filter drive program and the intelligent key apparatus driver.
Step 205, USB flash disk filter drive program confirm whether authentication is passed through.If pass through then execution in step 207.Otherwise execution in step 206.
Step 206, the user points out mistake not by authentication.
Step 207, USB flash disk filter drive program are analyzed the SRB bag type among the IRP behind the IRP that intercepts from USB Mass Storage driver, which kind of scsi command judgement is.
1) if SCSIOP_READ or SCSIOP_READ6, step 208 is submitted to the usb bus driver with request.
Step 209, the data that the usb bus driver will read return to the USB flash disk filter drive program.
Step 210 is utilized the secret key decryption data in the intelligent key apparatus, and decryption method and encryption method are similar, exactly encrypt data is mail to the intelligent key apparatus device driver after, be decrypted into expressly through intelligent key apparatus.
Step 211 expressly turns back to the USB flash disk filter drive program, returns to USB Mass Storage driver by the USB flash disk filter drive program then.
1) if SCSIOP_WRITE or SCSIOP_WRITE6, step 212, use intelligent key apparatus that data are carried out encryption, the method of encryption is obtained intelligent key apparatus driver device object by the USB flash disk filtration drive exactly, by this device object the clear data in the request package is mail to the intelligent key apparatus device driver, thereby make clear data after the intelligent key apparatus encryption, convert ciphertext to, the intelligent key apparatus device driver turns back to the USB flash disk filter drive program with ciphertext, clear data content during the USB flash disk filter drive program please wrap originally with the encrypt data replacement is submitted to request package usb bus driver 215 at last.
3) if some specific scsi command (according to user's particular requirement), as SCSIOP_MODE_SENSE, step 213 does not need related intelligent key apparatus, revises the sign of SRB by the USB flash disk filter drive program, and IRP is passed to usb bus driver 215.
4) if other operations, step 214 is not done any processing to request, transmits IRP to usb bus driver 215.
More than protect the method for USB flash disk to be described in detail automatically to the filter driving program combined with intelligent key device that utilizes provided by the present invention, used specific case herein principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (9)
1. a method of utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically comprises the steps:
(1) USB Mass Storage driver issues the operation requests to USB flash disk;
(2) the USB flash disk filter drive program detects intelligent key apparatus and whether has inserted computing machine;
(3) identifying user identity;
(4) after authenticating user identification passes through, handle or do not process according to operation requests.
2. the method for utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically according to claim 1; it is characterized in that: described USB flash disk filter drive program is associated with intelligent key apparatus by the device object that obtains the intelligent key apparatus driver, finishes the protection to USB flash disk jointly.
3. the method for utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically according to claim 1 is characterized in that: do not insert computing machine if described step 2 detects intelligent key, then carry out fault processing; Described fault processing is by using watchdog routine ejection interface or carrying out internal error and return.
4. the method for utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically according to claim 1 is characterized in that: described step 3 is by the intelligent key apparatus identifying user identity.
5. the method for utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically according to claim 1; it is characterized in that: described authentication process is: USB flash disk filter drive program notice is used the watchdog routine display interface; this interface prompt user carries out authentication, and described subscriber authentication comprises one of following method:
1) whether the PIN code of user's input can be by the checking of intelligent key apparatus;
2) user's biological characteristic can be by the checking of intelligent key apparatus;
3) whether comprise specific data in the intelligent key apparatus that the user provides;
4) some data are sent to intelligent key apparatus and carry out computing, check whether operation result is expectation value.
6. the method for utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically according to claim 4 is characterized in that: if the user then carries out fault processing not by authentication.
7. the method for utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically according to claim 1; it is characterized in that: in the described step 4; if described operational processes to the read-write operation request of USB flash disk, then is decrypted or encryption data by described intelligent key apparatus.
8. the method for utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically according to claim 1; it is characterized in that: in the described step 4; if described operational processes to the read-write operation request of USB flash disk, then is decrypted or encryption data by described USB flash disk filter drive program.
9. the method for utilizing filter driving program combined with intelligent key device to protect USB flash disk automatically according to claim 1, it is characterized in that: in the described step 4, if described operational processes is to USB flash disk other operation requests except that read-write, then do not need intelligent key apparatus to handle, directly make corresponding filtration treatment by the USB flash disk filter drive program; After finishing corresponding filtration, the USB flash disk filter drive program sends to usb bus driver or USB Mass Storage driver with filter result information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100901855A CN100419719C (en) | 2006-07-05 | 2006-07-05 | Method for automatic protection of U disc by using filtering driver and intelligent key device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100901855A CN100419719C (en) | 2006-07-05 | 2006-07-05 | Method for automatic protection of U disc by using filtering driver and intelligent key device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1877549A true CN1877549A (en) | 2006-12-13 |
| CN100419719C CN100419719C (en) | 2008-09-17 |
Family
ID=37509990
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100901855A Active CN100419719C (en) | 2006-07-05 | 2006-07-05 | Method for automatic protection of U disc by using filtering driver and intelligent key device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100419719C (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100462993C (en) * | 2007-07-25 | 2009-02-18 | 郭发源 | Outer placed mobile storage in use for alete information processing |
| CN101237353B (en) * | 2007-09-07 | 2011-10-05 | 北京飞天诚信科技有限公司 | A method and system for monitoring mobile storage device based on USBKEY |
| CN102479091A (en) * | 2010-11-30 | 2012-05-30 | 深圳市金蝶友商电子商务服务有限公司 | Method and device for running software and moveable storage medium |
| CN102737174A (en) * | 2011-09-23 | 2012-10-17 | 新奥特(北京)视频技术有限公司 | Method and system for verifying data validity in data security prevention and control |
| CN102955745A (en) * | 2011-08-18 | 2013-03-06 | 北京爱国者信息技术有限公司 | Mobile storage terminal and data management method thereof |
| CN103440465A (en) * | 2013-08-29 | 2013-12-11 | 成都卫士通信息安全技术有限公司 | Mobile storage medium safety control method |
| CN106778326A (en) * | 2016-11-28 | 2017-05-31 | 福建升腾资讯有限公司 | A kind of method and system for realizing movable storage device protection |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101593252B (en) * | 2009-05-27 | 2015-04-15 | 飞天诚信科技股份有限公司 | Method and system for controlling access of computer to USB equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1286434A (en) * | 2000-09-13 | 2001-03-07 | 张巨洪 | Encrypting card for secrete file -IDE data channel |
| CN1287299C (en) * | 2004-03-25 | 2006-11-29 | 四川汇源光通信股份有限公司 | Logic magnetic disk authentication method |
| US20060085565A1 (en) * | 2004-10-18 | 2006-04-20 | First International Computer, Inc. | Method of configuring device property of storage device for a windows operating system |
-
2006
- 2006-07-05 CN CNB2006100901855A patent/CN100419719C/en active Active
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100462993C (en) * | 2007-07-25 | 2009-02-18 | 郭发源 | Outer placed mobile storage in use for alete information processing |
| CN101237353B (en) * | 2007-09-07 | 2011-10-05 | 北京飞天诚信科技有限公司 | A method and system for monitoring mobile storage device based on USBKEY |
| CN102479091A (en) * | 2010-11-30 | 2012-05-30 | 深圳市金蝶友商电子商务服务有限公司 | Method and device for running software and moveable storage medium |
| CN102479091B (en) * | 2010-11-30 | 2015-06-10 | 深圳市金蝶友商电子商务服务有限公司 | Method and device for running software and moveable storage medium |
| CN102955745A (en) * | 2011-08-18 | 2013-03-06 | 北京爱国者信息技术有限公司 | Mobile storage terminal and data management method thereof |
| CN102737174A (en) * | 2011-09-23 | 2012-10-17 | 新奥特(北京)视频技术有限公司 | Method and system for verifying data validity in data security prevention and control |
| CN103440465A (en) * | 2013-08-29 | 2013-12-11 | 成都卫士通信息安全技术有限公司 | Mobile storage medium safety control method |
| CN106778326A (en) * | 2016-11-28 | 2017-05-31 | 福建升腾资讯有限公司 | A kind of method and system for realizing movable storage device protection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100419719C (en) | 2008-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1877549A (en) | Method for automatic protection of U disc by using filtering driver and intelligent key device | |
| CN100429668C (en) | Electronic file automatic protection method and system | |
| US10078754B1 (en) | Volume cryptographic key management | |
| US8856521B2 (en) | Methods and systems for performing secure operations on an encrypted file | |
| JP4868614B2 (en) | Apparatus, system, and computer program for data protection by storage device | |
| CN101430752B (en) | Sensitive data switching control module and method for computer and movable memory device | |
| US20080022376A1 (en) | System and method for hardware access control | |
| US20060294105A1 (en) | Method and system for enabling enterprises to use detachable memory devices that contain data and executable files in controlled and secure way | |
| CN100399304C (en) | Method for automatic protecting magnetic disk data utilizing filter driving program combined with intelligent key device | |
| CN100367248C (en) | A encryption U disk system with journal and audits | |
| CN107003866A (en) | The safety establishment of encrypted virtual machine from encrypted template | |
| CN106203187B (en) | USB storage device limiting method and system driven by file filtering | |
| US20180159692A1 (en) | Solid state storage device with command and control access | |
| CN101180615A (en) | Usb secure storage apparatus and method | |
| CN101923678A (en) | Data security protection method of enterprise management software | |
| CN100419620C (en) | Method for command interaction and two-way data transmission on USB mass storage equipment by program and USB mass storage equipment | |
| CN101458666A (en) | Data access control method | |
| CN102831346B (en) | A kind of file protecting system carries out the method for file encryption-decryption | |
| WO2008001823A1 (en) | Computer data management method, program, and recording medium | |
| WO2011148224A1 (en) | Method and system of secure computing environment having auditable control of data movement | |
| CN106502927B (en) | Trusted end-user calculating and data inactivity security system and method | |
| CN1677302A (en) | Method and system for acquiring resource usage log and computer product | |
| CN102663313B (en) | Method for realizing information security of computer system | |
| CN105303093A (en) | Token verification method for cryptographic smart token | |
| CN109684866B (en) | Safe USB flash disk system supporting multi-user data protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN TECHNOLOGY CO., LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co., Ltd. Address before: 100083, Haidian District, Xueyuan Road, Beijing No. 40 research, 7A building, 5 floor Patentee before: Beijing Feitian Chengxin Science & Technology Co., Ltd. |