CN1991799A - Safety memory device and data management method - Google Patents
Safety memory device and data management method Download PDFInfo
- Publication number
- CN1991799A CN1991799A CN 200510132998 CN200510132998A CN1991799A CN 1991799 A CN1991799 A CN 1991799A CN 200510132998 CN200510132998 CN 200510132998 CN 200510132998 A CN200510132998 A CN 200510132998A CN 1991799 A CN1991799 A CN 1991799A
- Authority
- CN
- China
- Prior art keywords
- data
- partition
- fingerprint
- user
- storage apparatus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A safe memory device and data managing method are disclosed. The memory device possesses controller (2) and memory (4); said memory (4) includes safe area (6) and at least one data area (5). Said safe area (6) includes fingerprint identification unit (7) which is used to fingerprint identification register, fingerprint identification enroll and fingerprint data manage for user who reads and writes data stored in said safe memory device; the encryption and deciphering unit (8) which is used to encrypt and decipher data in data area. Said controller (2) includes area managing unit (3) which is used to set the safe area (6) and the data area (5) in said memory (4), and overwrite the safe area (6) and the data area (5) in said memory (4). The invention also provides a safe data managing method. It can increase the safety of the memory device.
Description
Technical field
The present invention relates to the consumer electronics field, particularly relate to safe storage device and data managing method that a kind of fingerprint identification technology combines with other encryption technology.
Background technology
Fierce degree raising along with commercial competition; people are more and more higher to the security requirements of personal information and important documents, and it is increasingly important that the security of various electronic products also becomes, therefore; produced the information safety device of various protection device securities, wherein a kind of is exactly encryption device.
Encrypt to be exactly being that file or data are expressly handled by certain algorithm originally; make it become unreadable one section code; be commonly referred to " ciphertext "; make it after the corresponding key of input, just can demonstrate original content, reach the purpose that protected data is not stolen, read by juridical-person by such approach.
The inverse process of this process is deciphering, is about to the process that this coded message is converted into its original data.
The encryption method of encryption device employing at present mainly contains:
(1) digital signature: claim Electronic Coding again, it utilizes the public key encryption technology to realize.The sender uses private key of oneself and hash function message digest to be encrypted the digital signature that forms the sender.The recipient at first calculates message digest from the original message that receives, then be decrypted with sender's the public-key cryptography digital signature to COM Continuation of Message again.If two message digests are identical, the take over party just can confirm that this digital signature is a transmit leg so.
(2) digital certificate: claim again that public-key cryptography proves, digital ID, digital passport.If first and second need authenticate key each other.First can not be inquired its public-key cryptography to second simply, because may exist the third party to intercept and capture the request of first on network, and sends his public-key cryptography, and like this, the third party just can read all message that first sends second to.Therefore, need a third-party certification authority (CA),, also can obtain the public-key cryptography of second reliably by it even make first by incomplete channel.CA is that the public-key cryptography of second generates a certificate (digital signature).Anyone can obtain the public-key cryptography of second, and utilizes the basis of this certificate as the checking public-key cryptography.On network, the effect that proves is just as citizen's passport, and some online service only provides the user of proof of possession.
But all there are many limitation in these encryption technologies.For example, password passes out of mind easily or is stolen, cracks or the like by others.Although prevailing system prevents the cipher stealing problem by requiring the timely replacement port of user the present, this method has not only increased user's memory burden, can not tackle the problem at its root.And most importantly,, promptly can not carry out any operation to the enciphered data in the mobile storage product if the user forgets Password.Can only carry out initial work to it, cause the destroyed disappearance of data.
(3) fingerprint technique
Though the computer encipher technology is of a great variety at present, encrypting fingerprint can be described as its final direction, because people's fingerprint is different, and extremely difficult imitation.Possibility that password has is stolen, decode, magnetic card also may be stolen, and the computer fingerprint scanner can be distinguished people's the finger and the wax system or the rubber fingerprint of forgery, so have broad application prospects.
The cipher mode of encrypting fingerprint memory device is to do password with fingerprint at present, gets final product the file in the access hard disk after fingerprint is logined successfully, and the fingerprint in this scheme is equivalent to common password.
Chinese patent application CN00104622.5 discloses a kind of finger print hard disc, comprises Fingerprint Identification Unit and hard disk, and Fingerprint Identification Unit has control interface, and hard disk has power interface and signaling interface, is connected by electric-controlled switch between Fingerprint Identification Unit and the hard disk.It has solved the data information security problem that is stored in the hard disk, thereby has fundamentally realized the data confidentiality of computing machine by the combination with Fingerprint Identification Unit and hard disk.
But the memory device of existing these encrypting fingerprints just with fingerprint as password, the data storage subregion is non-hiding, for safety stays hidden danger; To the application program in the data partition holding, be very easy to see, cause the hidden danger of by mistake being deleted easily; In addition, cryptographic algorithm is to depend on the PC performance of being moved, and divulge a secret easily, and speed is slower; Algorithm of Cai Yonging and key are more single simultaneously, crack relatively easily, in case encrypting fingerprint has been subjected to destruction, its data security just can not get protection.
Summary of the invention
Safe storage device and data managing method that a kind of fingerprint identification technology that the objective of the invention is to overcome above-mentioned defective and provide combines with encryption technology.
A kind of safe storage device for realizing that the object of the invention provides has controller and storer, and described storer comprises security partitioning and at least one data partition;
Described security partitioning comprises:
Fingerprint identification unit is used for utilizing fingerprint identification method to carry out fingerprint recognition registration, fingerprint recognition login and finger print data management to the user of the information data of reading and writing described safety storage apparatus;
Encryption/decryption element is used for utilizing encipher-decipher method that the information data of data subregion is carried out encryption and decryption.
Described controller comprises the partition management unit, is used for being provided with the security partitioning and the data partition of described storer, and the partition table of security partitioning in the storer and data partition is rewritten.
Described safety storage apparatus also comprises fingerprint collecting unit (9), is used to gather the user fingerprints information data.
Described storer is hard disk or flash memory particle.
The present invention also provides a kind of secure data management method, comprises the following steps:
Steps A) safety storage apparatus links to each other with computing machine, and is initialised;
Step B) fingerprint identification unit of security partitioning and encryption/decryption element in the run memory, fingerprint identification unit utilize fingerprint identification method that the user of operational administrative safety storage apparatus is carried out the fingerprint recognition management; Encryption/decryption element utilizes encipher-decipher method to read and write information data in the corresponding data partition by key;
Step C) the partition management unit is according to agreement identification being set and the partition table of data partition and security partitioning in the storer being set.
Described steps A) comprises the following steps:
Steps A 1) safety storage apparatus links to each other with computing machine, the safety storage apparatus that computer Recognition links to each other with computing machine by port;
Steps A 2) start-up control device and call the partition management unit carries out the safety storage apparatus initialization, and partition management unit security partitioning is set to visible partition, and data partition is set to hidden partition.
Described step B) comprises the following steps:
Step B1) when the user manages operation to safety storage apparatus, judges at first whether the user fingerprints data are registered, if then enter the fingerprint login interface, the input fingerprint; Otherwise the user carries out fingerprint register;
Whether step B2) discern the fingerprint of being imported according to the finger print data judgement of user's input correct, if; Then as seen the data partition of partition management unit correspondence is set to; Otherwise whether the finger print data number of times of judging input reaches limit value, then withdraws from the fingerprint login when reaching limit value, and the user haves no right to the information data bookkeeping in the safety storage apparatus; If do not reach limit value then return login interface again, the user re-enters finger print data;
Step B3) utilize encipher-decipher method to read and write corresponding data partition by key;
Step B4) Card read/write in the data subregion is finished, withdraw from safety storage apparatus, end operation.
Described step B1) also comprises the following steps:
Step B11) when the data in user's operational administrative safety storage apparatus, fingerprint identification unit in the computer starting security partitioning and encryption/decryption element;
Step B12) security partitioning is set is hidden partition in the partition management unit, and data partition is set to visible partition.
Described fingerprint identification method is VeriFinger algorithm for recognizing fingerprint or Biokey algorithm.
Described described encipher-decipher method is a data encryption standard algorithm, perhaps RSA Algorithm, perhaps DSA algorithm, perhaps DiffieHellman algorithm, perhaps elliptic curve cryptography.
The invention has the beneficial effects as follows: the present invention is directed to the problem that can not get protecting after the deciphering of encrypting fingerprint memory storage; with fingerprint identification technology and other encryption technology protected data safety that combines; increased the security of memory device; make the function that safety storage apparatus of the present invention cipher mode relatively in the past can better be realized; improve its security, have the function of identification simultaneously again.
Description of drawings
Fig. 1 is a safe storage device structural representation of the present invention;
Fig. 2 is a method for secure storing process flow diagram of the present invention.
Embodiment
Further describe safe storage device of the present invention and data managing method below in conjunction with accompanying drawing 1,2.
As shown in Figure 1, safe storage device of the present invention comprises controller 2, storer 4 and fingerprint identification unit 9.
Described controller 2 comprises partition management unit 3, and it has partition management functions, and whether the subregion in the storer 4 is set to hide or is readable.
Described storer 4 comprises security partitioning 6 and at least one data partition 5.The partition table of these subregions is provided with according to specific algorithm when dispatching from the factory, the partition table of data partition and security partitioning in the storer can be discerned and can be continued to be provided with in the partition management unit according to agreement is set, at present, production firm or user are in memory device process safe in utilization, utilize known partitioning technique, safety storage apparatus is carried out subregion and format (Format) becoming to store the form of data as Fdisk technology, Partition Magic technology.Preferably, the subregion among the present invention, the capacity of security partitioning 6 is less, and it is used to store fingerprint recognition ciphering unit and encryption/decryption element related to the present invention; And data partition 5 capacity are bigger, are used to store a large amount of information datas, and this information data can be a document data, also can be software program data, perhaps picture, flow data or the like.
Partition management of the present invention unit 3 leaves in the controller 2; Fingerprint identification unit 7 and encryption/decryption element 8 are stored in the security partitioning 6 of storer 4.
The user of the information data in 7 pairs of described safety storage apparatus of fingerprint identification unit utilizes fingerprint identification method to carry out fingerprint register management, fingerprint login, fingerprint collecting, fingerprint comparison.
Encryption/decryption element 8 is used for utilizing encipher-decipher method that the information data of data subregion is carried out encryption and decryption.
These data partitions 5 and security partitioning 6 can be the actual physical subregions, and promptly manufacturer utilizes partitioning technique data storage areas to be divided into the form that can store data according to the physical arrangement of memory device; Also can be the virtual partition technology of utilizing, with the file in the Physical Extents virtual be subregion, and the original physical subzone hiding is got up.
The virtual partition technology is a kind of active computer storage device data administrative skill, its can with the file in the memory device virtual be subregion and can be on graphoscope by icon display.
When above-mentioned data partition was virtual partition, partition management unit 3 demonstrated virtual partition and hides described memory device corresponding physical subregion.
In this case, partition management unit 3 also comprises dummy unit, be used for finding the partition name of the data structure of virtual partition, and map out data partition icon, and corresponding physical partition table data and this Physical Extents are set to hide with this title.
For example, with the file 1 among the Physical Extents H in the mobile storage hard disk, file 2 and file 3, virtual respectively is virtual partition J, K and L, and original Physical Extents H is hidden, the user is when checking memory device, can only see drive and the corresponding information data of subregion J, K and L, and can't see the drive of Physical Extents H.
When creating the division, the user comprises the establishment order of partitioned data organization to computing machine input, and this data structure is generally: the size of subregion, partition name, the subregion path in memory device etc.
After partition management unit 3 is received and is created order, judge whether the described partition size of input has surpassed the free space of memory device, if surpass, 3 of partition management unit send false alarm in modes such as dialog box or warning tones to the user, further can also eject prompting frame, require the user to re-enter the data structure of the subregion that will create; If do not surpass, the described data structure that 3 bases in partition management unit receive creates the division in described movable storage device with forms such as files, sends establishment in modes such as dialog boxes to the user afterwards and successfully points out.
If the number of data partition 5 is more than one, different pieces of information subregion 5 pairing cryptographic algorithm can be different with key so.
When memory device was linked into computing machine, the beginning initialization procedure: the partition management unit 3 in the controller 2 was set to visible partition with security partitioning 6; And data partition 5 is set to hidden partition.
After initialization procedure was finished, controller 2 started fingerprint identification unit 7 and encryption/decryption element 8, and partition management unit 3 hides security partitioning 6 simultaneously, can prevent the user like this to the data maloperation in the security partitioning 6, for example format or deletion etc.
Before dispatching from the factory, utilize known partitioning technique earlier, as Fdisk technology, Partition Magic technology safety storage apparatus is carried out subregion, adopt specific algorithm with the partial content in the partition table or all rewrite then, this algorithm can be " negate by turn " or " utilizing data bit cell that data bit is carried out computing ", for example: " odd address data bit negate, the even address data bit is constant ", " every n data bit negate " etc.Partition management unit 3 can be discerned according to this algorithm also can continue to be provided with storer 4 partition tables, like this, when storer 4 separates with controller 2, even link to each other with other controller, the user also can't see the data in the storer 4, because partition table can only be discerned by controller 2 of the present invention, only just can read data in this storer 4 according to algorithm of the present invention.
Controller 2 manages security partitioning 6 and data partition 5 respectively, could utilize security partitioning 6 to carry out fingerprint recognition and data encrypting and deciphering from data partition 5 through controller 2; Can not directly carry out reading and writing data between data partition 5 and the security partitioning 6.
During fingerprint identification unit 7 operations, the user carries out fingerprint register; After succeeding in registration, just the user can import fingerprint recognition, if the input fingerprint is correct, then controller 2 calls partition management unit 3, and data partition 5 is set to visible partition.
The algorithm for recognizing fingerprint that the described fingerprint identification unit 7 of present embodiment adopts can be the VeriFinger algorithm for recognizing fingerprint, Biokey algorithm etc.
After a finger-print cipher identification in the fingerprint identification unit 7, can call partition management unit 3 simultaneously corresponding a plurality of different data partitions 5 are set; Perhaps by a plurality of finger-print cipher identifications in the fingerprint identification unit 7, wherein each finger-print cipher identification can both be called same data partition 5; Perhaps by after a plurality of finger-print cipher identifications in the fingerprint identification unit 7, just can call corresponding same data partition 5, and other data partition 5 is hidden still, the user is invisible.
The user calls encryption/decryption element 8 by the controller 2 that links to each other with computing machine, and the user visits different data partition 5 according to the authority of oneself.
To different data partition 5, can adopt identical encipher-decipher method, also can adopt different encryption and decryption methods.When adopting the same method, encryption/decryption element 8 is simple relatively, and the resource that takies during operation is less; And adopting different encipher-decipher methods, the resource that takies during operation can be more, but its security is further enhanced, and the difficulty that is cracked has doubled.
Encipher-decipher method can be symmetrical encipher-decipher method, as data encryption standard (DataEncryptionStandard, DES) algorithm; Or asymmetric encipher-decipher method, as RSA (Ron Rivest, Adi Shamir, Len Adleman) algorithm, DSA (Digital SignatureAlgorithm) algorithm, DiffieHellman algorithm, elliptic curve cipher (Elliptic CurvesCryptography, ECC) algorithm.
Describe secure data management method of the present invention below in detail.
The secure data management method of present embodiment comprises the following steps: as shown in Figure 2
(1) safety storage apparatus links to each other with computing machine, and is initialised.
Step 101: the user links to each other safety storage apparatus with computing machine, personal computer (PC) normally, and this computing machine has started operation or at safety storage apparatus with after computing machine links to each other, start by known general knowledge by the user, and move known operating system on computers, as Windows, Unix system, the safety storage apparatus that this operating system can utilize driver identification to link to each other with computing machine by port, this port is USB port or 1394 ports normally.
Step 102: after safety storage apparatus links to each other with computing machine and is identified, start-up control device 2 also calls partition management unit 3, carry out the safety storage apparatus initialization, partition management unit 3 is set to visible partition with security partitioning 6, and data partition 5 is set to hidden partition.
Further, when above-mentioned data partition 5 was virtual partition, the dummy unit in the partition management unit 3 at first found the partition name in the data structure of virtual partition, maps out the data partition icon with this title.
Dummy unit in the partition management unit 3 is searched memory device corresponding physical partition table data and this Physical Extents is set to hide.
(2) fingerprint identification unit 7 of security partitioning 6 and encryption/decryption element 8 in the run memory 4, the user of 7 pairs of operational administrative safety storage apparatus of fingerprint identification unit carries out the fingerprint recognition management; Encryption/decryption element 8 is read and write information data in the corresponding data partition 5 by key.
After initialization is finished, show common icon and the drive of security partitioning 6 in the safety storage apparatus on computers, as drive I.
Step 201: when the user checks, calls, reads and writes data in the safety storage apparatus, fingerprint identification unit 7 in the computer starting security partitioning 6 and encryption/decryption element 8.
Fingerprint identification unit 7 shows the fingerprint recognition interfaces, gathers fingerprints by fingerprint collecting unit 9, and the user of the information data in the described safety storage apparatus is carried out the fingerprint recognition registration; The fingerprint recognition login; The finger print data management.
The algorithm for recognizing fingerprint that described fingerprint identification unit 7 adopts can be the VeriFinger algorithm for recognizing fingerprint, Biokey algorithm etc.
Fingerprint identification unit 7 can only be permitted user's registered fingerprint data, also can permit a plurality of user's registered fingerprint data; The finger print data of a registration can be managed a plurality of data partitions 5, and finger print data that also can a plurality of registrations is only managed a data subregion 5.
When the user utilizes the finger print data of registering to sign in to safety storage apparatus by fingerprint identification unit 7, can only carry out operational administrative to corresponding data partition 5.
Encryption/decryption element 8 is used for utilizing encipher-decipher method that the information data of data subregion is carried out encryption and decryption.
The method of encryption and decryption can be symmetrical encipher-decipher method, as data encryption standard (DataEncryptionStandard, DES) algorithm; Or asymmetric encipher-decipher method, as RSA (Ron Rivest, Adi Shamir, Len Adleman) algorithm, DSA (Digital SignatureAlgorithm) algorithm, DiffieHellman algorithm, elliptic curve cipher (Elliptic CurvesCryptography, ECC) algorithm.
Step 202: simultaneously, partition management unit 3 is provided with security partitioning 6 and is hidden partition, data partition 5 is set to visible partition, make the user both can carry out operational administrative to the information data in the data subregion 5, guarantee the safety of data in the security partitioning 6 again, prevent that the user from carrying out maloperation to security partitioning 6 data, as format, deletion etc.
Step 203: when the user manages operation to safety storage apparatus, judge at first whether the user fingerprints data are registered, if then carry out the fingerprint login interface, the input fingerprint; Otherwise the user carries out fingerprint register.
If use this mobile device for the first time, need first registered fingerprint, the user as icon H, double-clicks icon H according to the supervisory routine icon of safety storage apparatus, call fingerprint identification unit 7, show the fingerprint register interface, carry out fingerprint register, after the registered fingerprint success, the user just can import fingerprint, and corresponding data partition 5 is conducted interviews.
Step 204: whether correct according to the fingerprint that the finger print data judgement identification of user's input is imported, if; Then as seen partition management unit 3 is set to the data partition 5 of correspondence; Otherwise whether the finger print data number of times of judging input reaches limit value, then withdraws from the fingerprint login when reaching limit value, and the user haves no right to the information data bookkeeping in the safety storage apparatus; If do not reach limit value then return login interface again, the user re-enters finger print data.
Preferably, described limit value is 3.
Step 205: the user utilizes encipher-decipher method to read and write corresponding data partition 5 by key.
The user can see below corresponding data partition 5 by fingerprint recognition, and controller 2 calls encryption/decryption element 8, and the prompting user reads and writes information data in the corresponding data partition 5 by key.
After the user imports key, judge at first whether key is correct, if, perhaps call corresponding encipher-decipher method the data decryption in the data partition 5 is read then according to the key authority; Perhaps call corresponding encipher-decipher method and information data is encrypted and write data partition 5; After perhaps calling corresponding encipher-decipher method the data decryption in the data subregion 5 being read, information data is made amendment, and will revise in the back data encryption and write data partition 5.
Same finger print data can corresponding several different data partitions 5, the corresponding same data partition 5 of perhaps several finger print datas.
Visit different data partitions 5, cryptographic algorithm, key can be identical, also can be different.When adopting with a kind of enciphering and deciphering algorithm, simple relatively, the resource that takies during operation can be less; When adopting different enciphering and deciphering algorithms, relative complex, the resource that takies during operation is very big, but the probability that is cracked can significantly reduce.
Step 206: the Card read/write in the data subregion 5 is finished, withdraw from safety storage apparatus, end operation.
(3) partition table of data partition 5 and security partitioning 6 is rewritten in the 3 pairs of storeies 4 in partition management unit, makes that even link to each other with other controller, the user can't see the data in the subregion after storer 4 and controller 2 partition.
The data partition 5 in the 3 pairs of storeies 4 in partition management unit in the controller 2 and the partition table of security partitioning 6 are rewritten, make in the information data visit in the data partition 5 in 2 pairs of storeies 4 of controller and adopt new communication protocol, like this, because these partition tables are to be provided with by the partition management unit in the controller 23, communication protocol between controller 2 and the storer 4 is the non-standard communication agreement, after storer 4 and controller 2 partition, even link to each other with other controller, the user can't see the data in the subregion.
The present invention is directed to the problem that can not get protecting after the deciphering of encrypting fingerprint memory storage; with fingerprint identification technology and other encryption technology protected data safety that combines; increased the security of memory device; make the function that safety storage apparatus of the present invention cipher mode relatively in the past can better be realized; improve its security, have the function of identification simultaneously again.
Present embodiment is to make those of ordinary skills understand the present invention; and to detailed description that the present invention carried out; but can expect; in the scope that does not break away from claim of the present invention and contained, can also make other variation and modification, these variations and revising all in protection scope of the present invention.
Claims (14)
1. a safe storage device has controller (2) and storer (4), it is characterized in that, described storer (4) comprises security partitioning (6) and at least one data partition (5);
Described security partitioning (6) comprising:
Fingerprint identification unit (7) is used for utilizing fingerprint identification method to carry out fingerprint recognition registration, fingerprint recognition login and finger print data management to the user of the information data of reading and writing described safety storage apparatus;
Encryption/decryption element (8) is used for utilizing encipher-decipher method that the information data of data subregion (5) is carried out encryption and decryption.
2. safe storage device according to claim 1, it is characterized in that, described controller (2) comprises partition management unit (3), be used for being provided with the security partitioning (6) and the data partition (5) of described storer (4), and the partition table of security partitioning (6) in the storer (4) and data partition (5) is rewritten.
3. safe storage device according to claim 1 and 2 is characterized in that, also comprises fingerprint collecting unit (9), is used to gather the user fingerprints information data.
4. safe storage device according to claim 1 and 2 is characterized in that, described storer (4) is hard disk or flash memory particle.
5. safe storage device according to claim 2 is characterized in that, described data partition (5) is a virtual partition.
6. safe storage device according to claim 5, it is characterized in that, described partition management unit (3) also comprises dummy unit, be used for finding the partition name of the data structure of virtual partition, and map out data partition icon, and corresponding physical partition table data and this Physical Extents are set to hide with this title.
7. a secure data management method is characterized in that, comprises the following steps:
Steps A) safety storage apparatus links to each other with computing machine, and is initialised;
Step B) fingerprint identification unit (7) and the encryption/decryption element (8) of security partitioning (6) in the run memory (4), fingerprint identification unit (7) utilize fingerprint identification method that the user of operational administrative safety storage apparatus is carried out the fingerprint recognition management; Encryption/decryption element (8) utilizes encipher-decipher method to read and write information data in the corresponding data partition (5) by key.
8. secure data management method according to claim 7 is characterized in that, also comprises the following steps:
Step C) partition table of data partition in the storer (5) and security partitioning (6) is discerned and be provided with in partition management unit (3) according to agreement is set.
9. secure data management method according to claim 8 is characterized in that, described steps A) comprise the following steps:
Steps A 1) safety storage apparatus links to each other with computing machine, the safety storage apparatus that computer Recognition links to each other with computing machine by port;
Steps A 2) start-up control device and call partition management unit (3) carries out the safety storage apparatus initialization, and partition management unit (3) are set to visible partition with security partitioning (6), and data partition (5) is set to hidden partition.
10. secure data management method according to claim 9 is characterized in that, described steps A 2) also comprise the following steps:
Steps A 21) when described data partition (5) is virtual partition, the dummy unit in partition management unit (3) at first finds the partition name in the data structure of virtual partition, maps out the data partition icon with this title.
Steps A 22) dummy unit in partition management unit (3) is searched memory device corresponding physical partition table data and this Physical Extents and is set to hide.
11. secure data management method according to claim 8 is characterized in that, described step B) comprise the following steps:
Step B1) when the user manages operation to safety storage apparatus, judges at first whether the user fingerprints data are registered, if then enter the fingerprint login interface, the input fingerprint; Otherwise the user carries out fingerprint register;
Whether step B2) discern the fingerprint of being imported according to the finger print data judgement of user's input correct, if; Then as seen partition management unit (3) are set to the data partition (5) of correspondence; Otherwise judge whether input finger print data number of times reaches limit value, then withdraws from the fingerprint login when reaching limit value, and the user haves no right to the information data bookkeeping in the safety storage apparatus; If do not reach limit value then return login interface again, the user re-enters finger print data;
Step B3) utilize encipher-decipher method to read and write corresponding data partition (5) by key;
Step B4) Card read/write in the data subregion (5) is finished, withdraw from safety storage apparatus, end operation.
12. secure data management method according to claim 11 is characterized in that, described step B1) also comprise the following steps:
Step B11) when the data in user's operational administrative safety storage apparatus, fingerprint identification unit (7) in the computer starting security partitioning (6) and encryption/decryption element (8);
Step B12) partition management unit (3) security partitioning (6) is set is hidden partition, and data partition (5) is set to visible partition.
13., it is characterized in that described fingerprint identification method is VeriFinger algorithm for recognizing fingerprint or Biokey algorithm according to claim 7 or 8 described secure data management methods.
14., it is characterized in that described described encipher-decipher method is a data encryption standard algorithm according to claim 7 or 8 described secure data management methods, perhaps RSA Algorithm, perhaps DSA algorithm, perhaps DiffieHellman algorithm, perhaps elliptic curve cryptography.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101329981A CN100476762C (en) | 2005-12-31 | 2005-12-31 | Safety memory device and data management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101329981A CN100476762C (en) | 2005-12-31 | 2005-12-31 | Safety memory device and data management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1991799A true CN1991799A (en) | 2007-07-04 |
| CN100476762C CN100476762C (en) | 2009-04-08 |
Family
ID=38214061
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101329981A Expired - Fee Related CN100476762C (en) | 2005-12-31 | 2005-12-31 | Safety memory device and data management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100476762C (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102053926A (en) * | 2009-10-30 | 2011-05-11 | 鸿富锦精密工业(深圳)有限公司 | Storage device and data security control method thereof |
| CN102426853A (en) * | 2011-05-30 | 2012-04-25 | 上海市电力公司 | Encryption method of power quality monitoring equipment |
| CN101552031B (en) * | 2008-03-31 | 2012-05-23 | 联想(北京)有限公司 | Portable memorizer and partitioned data protecting method |
| CN103093146A (en) * | 2011-10-27 | 2013-05-08 | 上海工程技术大学 | Method and device for encrypting and decrypting Windows system partitions by fingerprints |
| CN103455426A (en) * | 2012-05-28 | 2013-12-18 | 联想(北京)有限公司 | Data processing method and device |
| CN103604729A (en) * | 2013-11-19 | 2014-02-26 | 西安电子科技大学 | Predication method for macroscopic effective properties of composite material with randomly distributed particles |
| WO2014032517A1 (en) * | 2012-08-30 | 2014-03-06 | Tencent Technology (Shenzhen) Company Limited | A video file encryption and decryption method, device, and mobile terminal |
| CN103886234A (en) * | 2014-02-27 | 2014-06-25 | 浙江诸暨奇创电子科技有限公司 | Safety computer based on encrypted hard disk and data safety control method of safety computer |
| CN104169893A (en) * | 2012-03-09 | 2014-11-26 | 邵通 | Apparatus and method for securely hiding memory |
| CN104169894A (en) * | 2012-03-09 | 2014-11-26 | 邵通 | Apparatus and method for implementing secure storage area |
| CN104573573A (en) * | 2014-11-14 | 2015-04-29 | 深圳市芯海科技有限公司 | Data protection system and method for mobile storage |
| CN104657671A (en) * | 2013-11-19 | 2015-05-27 | 研祥智能科技股份有限公司 | Access authority management method and system for mobile storage device |
| CN104866437A (en) * | 2015-06-03 | 2015-08-26 | 杭州华澜微科技有限公司 | BIOS authentication-based safety hard disk and data authentication method |
| CN105653991A (en) * | 2015-12-25 | 2016-06-08 | 北京奇虎科技有限公司 | Processing method and apparatus for mobile storage device |
| CN106126984A (en) * | 2016-06-23 | 2016-11-16 | 珠海市魅族科技有限公司 | The method of adjustment of information attribute and device |
| CN108804930A (en) * | 2018-05-04 | 2018-11-13 | 中国信息安全研究院有限公司 | A kind of mobile phone storage system of anti-information stealth |
| CN109409073A (en) * | 2018-12-13 | 2019-03-01 | 杭州华澜微电子股份有限公司 | A kind of safe hard-disk cartridge of finger print identifying and its mobile hard disk |
| CN110321302A (en) * | 2019-06-28 | 2019-10-11 | 兆讯恒达微电子技术(北京)有限公司 | A kind of embedded system data memory area management method |
| CN110489956A (en) * | 2019-08-26 | 2019-11-22 | 顺德职业技术学院 | A kind of security protection method and system of computer data |
-
2005
- 2005-12-31 CN CNB2005101329981A patent/CN100476762C/en not_active Expired - Fee Related
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101552031B (en) * | 2008-03-31 | 2012-05-23 | 联想(北京)有限公司 | Portable memorizer and partitioned data protecting method |
| CN102053926A (en) * | 2009-10-30 | 2011-05-11 | 鸿富锦精密工业(深圳)有限公司 | Storage device and data security control method thereof |
| CN102426853A (en) * | 2011-05-30 | 2012-04-25 | 上海市电力公司 | Encryption method of power quality monitoring equipment |
| CN103093146A (en) * | 2011-10-27 | 2013-05-08 | 上海工程技术大学 | Method and device for encrypting and decrypting Windows system partitions by fingerprints |
| CN104169893A (en) * | 2012-03-09 | 2014-11-26 | 邵通 | Apparatus and method for securely hiding memory |
| CN104169894A (en) * | 2012-03-09 | 2014-11-26 | 邵通 | Apparatus and method for implementing secure storage area |
| CN103455426A (en) * | 2012-05-28 | 2013-12-18 | 联想(北京)有限公司 | Data processing method and device |
| CN103455426B (en) * | 2012-05-28 | 2018-08-10 | 联想(北京)有限公司 | Data processing method and device |
| KR20140131586A (en) * | 2012-08-30 | 2014-11-13 | 텐센트 테크놀로지(센젠) 컴퍼니 리미티드 | A video file encryption and decryption method, device, and mobile terminal |
| US9014372B2 (en) | 2012-08-30 | 2015-04-21 | Tencent Technology (Shenzhen) Company Limited | Video file encryption and decryption method, device, and mobile terminal |
| WO2014032517A1 (en) * | 2012-08-30 | 2014-03-06 | Tencent Technology (Shenzhen) Company Limited | A video file encryption and decryption method, device, and mobile terminal |
| KR101597930B1 (en) * | 2012-08-30 | 2016-02-25 | 텐센트 테크놀로지(센젠) 컴퍼니 리미티드 | A video file encryption and decryption method, device, and mobile terminal |
| CN104657671A (en) * | 2013-11-19 | 2015-05-27 | 研祥智能科技股份有限公司 | Access authority management method and system for mobile storage device |
| CN104657671B (en) * | 2013-11-19 | 2019-03-19 | 研祥智能科技股份有限公司 | The access authority management method and system of movable storage device |
| CN103604729A (en) * | 2013-11-19 | 2014-02-26 | 西安电子科技大学 | Predication method for macroscopic effective properties of composite material with randomly distributed particles |
| CN103886234A (en) * | 2014-02-27 | 2014-06-25 | 浙江诸暨奇创电子科技有限公司 | Safety computer based on encrypted hard disk and data safety control method of safety computer |
| CN103886234B (en) * | 2014-02-27 | 2017-01-04 | 浙江诸暨奇创电子科技有限公司 | A kind of fail-safe computer based on encryption hard disk and data security control method thereof |
| CN104573573B (en) * | 2014-11-14 | 2017-09-29 | 深圳市芯海科技有限公司 | The data protection system and method for a kind of mobile storage |
| CN104573573A (en) * | 2014-11-14 | 2015-04-29 | 深圳市芯海科技有限公司 | Data protection system and method for mobile storage |
| CN104866437A (en) * | 2015-06-03 | 2015-08-26 | 杭州华澜微科技有限公司 | BIOS authentication-based safety hard disk and data authentication method |
| CN104866437B (en) * | 2015-06-03 | 2018-11-20 | 杭州华澜微电子股份有限公司 | A kind of safe hard disk and data authentication method based on BIOS authentication |
| CN105653991B (en) * | 2015-12-25 | 2019-03-08 | 北京奇虎科技有限公司 | A kind for the treatment of method and apparatus of movable storage device |
| CN105653991A (en) * | 2015-12-25 | 2016-06-08 | 北京奇虎科技有限公司 | Processing method and apparatus for mobile storage device |
| CN106126984A (en) * | 2016-06-23 | 2016-11-16 | 珠海市魅族科技有限公司 | The method of adjustment of information attribute and device |
| CN108804930A (en) * | 2018-05-04 | 2018-11-13 | 中国信息安全研究院有限公司 | A kind of mobile phone storage system of anti-information stealth |
| CN108804930B (en) * | 2018-05-04 | 2023-10-24 | 中国信息安全研究院有限公司 | Mobile phone storage system capable of preventing information from being stolen |
| CN109409073A (en) * | 2018-12-13 | 2019-03-01 | 杭州华澜微电子股份有限公司 | A kind of safe hard-disk cartridge of finger print identifying and its mobile hard disk |
| CN110321302A (en) * | 2019-06-28 | 2019-10-11 | 兆讯恒达微电子技术(北京)有限公司 | A kind of embedded system data memory area management method |
| CN110489956A (en) * | 2019-08-26 | 2019-11-22 | 顺德职业技术学院 | A kind of security protection method and system of computer data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100476762C (en) | 2009-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1991799A (en) | Safety memory device and data management method | |
| CN110300112B (en) | Block chain key hierarchical management method | |
| CN1219260C (en) | Method for controlling storage and access of security file system | |
| CN1256633C (en) | A system and method for authenticating electronic documents | |
| US7802293B2 (en) | Secure digital credential sharing arrangement | |
| CN102646077B (en) | A kind of method of the full disk encryption based on credible password module | |
| CN1280737C (en) | Safety authentication method for movable storage device and read and write identification device | |
| CN1234081C (en) | Method and device for realizing computer safety and enciphering based on identity confirmation | |
| CN1801029A (en) | Method for generating digital certificate and applying the generated digital certificate | |
| CN1602600A (en) | Content processing apparatus and content protection program | |
| CN1777097A (en) | Enciphered data issuing method, enciphering device and programe, deciphering device and programe, | |
| CN101039186A (en) | Method for auditing safely system log | |
| CN1889426A (en) | Method and system for realizing network safety storaging and accessing | |
| CN101470783A (en) | Identity recognition method and device based on trusted platform module | |
| CN1422399A (en) | System and process for storing securely secret information, apparatus and server to be used in such a system and method for distribution of a digital content | |
| CN1934821A (en) | Authentication between device and portable storage | |
| US20120284534A1 (en) | Memory Device and Method for Accessing the Same | |
| CN1991800A (en) | Fingerprint identification storage device and fingerprint identification method | |
| CN103440463A (en) | Electronic file protection method based on label | |
| CN107911221B (en) | Key management method for secure storage of solid-state disk data | |
| CN112565265A (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| CN111949999A (en) | Apparatus and method for managing data | |
| CN1898623A (en) | Software execution protection using an active entity | |
| CN1889431A (en) | Multifunction intelligent key equipment and safety controlling method thereof | |
| CN1801699A (en) | Method for accessing cipher device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090408 Termination date: 20201231 |