TWI646425B - Virtual disk protection system - Google Patents

Abstract

A virtual disk protection system includes a virtual disk mount program for mounting a file intended to be protected by a storage device; a virtual disk mount drive for simulating the file to generate a virtual disk; A magnetic disk for the file access; and a file system protection drive for preventing files mounted on the virtual disk from being stored on a second disk outside the virtual disk.

Description

Virtual disk protection system

The invention relates to a technology of a virtual disk, and in particular to a system and method for protecting a virtual disk, in which a user can mount electronic files or files on a specific host.

With the development of computer technology, modern people use computers as an important tool whether they are at work, study or other applications. Therefore, in modern life, whether it is homes, schools, government agencies, military, commercial organizations or other various units, a large number of electronic files are being generated every day. Many of them contain important confidential documents, including military secrets, trade secrets, test information, and more. In addition, due to the development of the Internet, the development of various wired / wireless networks and the application of storage devices, the confidentiality of these electronic files has become quite difficult. Because the operating system of modern computers can accommodate multiple groups of user accounts, or sharing by web servers, it is necessary to distinguish between various documents with different levels of confidentiality when multiple users share at the same time.

In addition, traditional electronic archives have multiple methods of confidentiality. The most common is to use software programs to set users based on the creator of the file or use groups to grant specific permissions when storing electronic files. When the electronic file is opened, it is determined whether the user or the use group has given permission to process the file according to the user name and password. Unauthorized users or user groups will not be able to process electronic files to prevent leakage of confidential electronic files.

The above electronic file storage process is to first select whether to set the use permission when the electronic file is stored. If not, then archive directly; if so, first set up users or use groups, and then set usage rights to complete the electronic file archiving process. Furthermore, the electronic file opening process is a software program that first determines whether the opener is the file producer when opening the electronic file. If it is, then directly open and execute the operation; if not, determine whether it is a recognized user or use group; if so, open the electronic file and perform the operation according to the permissions granted; if not, refuse to open.

In the computer system, some applications, such as the Encrypted Device Application (EDA), can encrypt a specific file space and encrypt the encrypted file. The case is attached as a virtual disk. Virtual disks can use different encryption algorithms to store user information to avoid malicious attacks by viruses or hackers.

In the conventional technology, during the process of creating an encrypted file, the encryption device application program encrypts the file according to a password set by the user. In the process of attaching the encrypted file, the encryption device application also determines whether the password is correct to decide whether to attach the encrypted file as a virtual disk. Because the file is encrypted based on a single password set by the user. Passwords are very likely to be cracked by others, making encrypted files available to others. In addition, since the conventional virtual disk does not have any control mechanism, it cannot provide access flexibility for different users. In addition, because the known virtual disk management mechanism cannot identify the host to which the encrypted file belongs, the encrypted file may also be copied to other hosts for use.

As mentioned earlier, the conventional technologies are all about protecting the files with the encryption method and thinking using the password set by the user. If the password is cracked, the encrypted file may be used by others without protection.

In view of the shortcomings of the above-mentioned conventional technologies, the present invention provides a new virtual disk protection system and method to overcome the above shortcomings.

The invention provides a virtual disk protection system, which includes: a storage device; a virtual disk mount program for mounting a file intended to be protected by one of the storage devices; a virtual disk mount drive for emulating The file to generate a virtual disk for accessing the file; and a file system protection drive to prevent a file mounted on the virtual disk from being stored in a second outside the virtual disk Disk.

According to an aspect of the present invention, the virtual disk indicates the mounted file.

According to an aspect of the present invention, the file system protection drive can be used to prevent a file manager or other applications from storing the second file in the second disk into the virtual disk.

According to another aspect of the present invention, the file system protection drive prevents a protection program used to protect a virtual disk path from being deleted.

According to another aspect of the present invention, the system further includes a protection software to prevent the content of the file mounted on the virtual disk from being pasted and dragged into an application program that does not open the file by default.

According to still another aspect of the present invention, the protection software is used to prevent the software from being mounted on the virtual machine. The files on the disk are stored in a cloud server.

According to an aspect of the present invention, the protection software is configured to prevent data in a file mounted on the virtual disk from being output by an external device. The external device is a printer.

According to an aspect of the present invention, the file system protection drive can protect a protection program for protecting a virtual disk path from being deleted by a user.

According to an aspect of the present invention, the system further includes a protection software for generating a screen watermark or a printer watermark, or preventing data of the file in the virtual disk from being copied, deleted, dragged, and previewed. , Or a printer.

These advantages and other advantages will make the reader understand the present invention clearly from the description of the following preferred embodiments and the scope of patent application.

100‧‧‧archive director

105‧‧‧Files

110‧‧‧Mounting Module

120‧‧‧Virtual Disk Mounter

130‧‧‧ Virtual Disk Mount Drive

140‧‧‧File System Protection Driver (Program)

150‧‧‧File System Protection Public File

160‧‧‧ mount public files

165‧‧‧Right public file

170‧‧‧Protection software

175‧‧‧Edit Program

180‧‧‧ Link public file

190‧‧‧Virtual Disk Common File

195‧‧‧Protection Program

200‧‧‧Virtual Disk Path (E :)

300‧‧‧disk (C: \)

400‧‧‧File Explorer or other applications

500‧‧‧ Cloud Server

600‧‧‧ device

The detailed description of the present invention and the schematic diagrams of the embodiments described below should make the present invention more fully understood; however, it should be understood that this is only used as a reference for understanding the application of the present invention, rather than limiting the present invention to a specific implementation. Example.

The first figure shows a schematic diagram of a virtual disk protection system according to an embodiment of the present invention; the second figure shows a schematic diagram of a virtual disk protection process according to an embodiment of the present invention.

The present invention will be described in detail herein with regard to specific embodiments of the invention and their perspectives. Such descriptions are intended to explain the structure or flow of steps of the present invention, and are intended to be illustrative and not to limit the scope of patent application of the present invention. Therefore, in addition to the specific embodiments and preferred embodiments in the description, the present invention can be widely implemented in other different embodiments.

The first figure is a schematic diagram of a virtual disk protection system according to an embodiment of the present invention. The protection system of the virtual disk is included in a computer or a computing device. In this embodiment, the programs or components related to the virtual disk are listed. In one embodiment, the virtual disk is a protected disk, in which files or electronic files are locked and cannot be copied to other storage devices, and the content of the files is in plain text, without encryption, and only on the host where it is located. Edit, save; therefore, the effect of endpoint protection can be achieved. In one embodiment, one file or electronic file corresponds to one virtual disk path. In another embodiment, multiple files or electronic files correspond to a virtual magnetic file. Disk path, and each file has a different file name in the virtual disk path. The protection process of a virtual disk includes: after a file is mounted as a virtual disk, a virtual disk path E will be displayed on the terminal screen (for example, an LCD display). In fact, the virtual disk path E indicates the mounted disk. The file; then, among the displayed virtual disk paths E, the user clicks the virtual disk path E, and the file is actually opened, for example, a PowerPoint file (E: \ A.PPTX) is opened.

In the present invention, the virtual disk technology refers to the use of a virtual disk driver to simulate the structure of a general information storage device (for example, a hard disk with a hard disk file configuration table), and uses it in The file in the plain text area stores the data of the virtual disk path, so the operating system and the virtual disk mount driver can obtain the address through the hard disk file configuration table, and the user accesses the plain text information in the virtual disk path. In fact, it is access to this file; while the plaintext information is written to the virtual disk path, it is essentially that the plaintext information is written into the file to protect the information. In one embodiment, a protection program can be used to prohibit the deletion of information in the virtual disk.

Please refer to the first figure, which is a functional block diagram of the virtual disk protection system of the present invention. As shown in the first figure, it only lists the functional scope related to the virtual disk. Of course, other useful software, programs, or public files (dynamic link library: DLL) can also be added as needed. First, the installation module 110 starts to install a virtual disk mounter 120, for example, by right-clicking the public file 165 to start installation. When a user uses the virtual disk mounter 120 to mount a file to be protected, the file is a file stored in the file manager 100 of the hard disk. Then, the file is simulated through a virtual disk mounting drive (application) 130 to generate a virtual disk path for the file to access. The to-be-protected information accessed in the virtual disk path will be automatically transferred to the file of the virtual disk, and the to-be-protected information in the virtual disk will be stored therein to prevent the random distribution of data Tampering. In one embodiment, one file or electronic file corresponds to one virtual disk path. Therefore, if there are multiple files to be protected, the virtual disk mounter 120 can mount these files to be protected at one time, and simulate the files through the virtual disk mount drive 130, each file corresponding to a virtual disk Paths, so multiple virtual disk paths are generated and displayed on the terminal screen (for example, the file manager 100 in the original hard disk listed the C disk path and D disk path, and the virtual disk path is displayed on the terminal screen. E: \, virtual disk path F: \, virtual disk path G: \ ...). In another example, the virtual disk mount program 120 mounts these files one by one in a file-by-file manner. The virtual disk mount driver 130 is used to simulate the files, and multiple virtual disk paths are also generated. Displayed on the terminal screen. The above virtual disk mounter 120 protects the virtual disk while mounting it. The system will also notify the virtual disk utility 190 to assist it in mounting or performing other tasks.

Among the multiple virtual disk paths, each of the files in these virtual disk paths corresponds to a virtual disk path, each virtual disk path is independent, and the virtual disk paths are mutually irrelevant. In another embodiment, multiple files correspond to a virtual disk path, and each file in the virtual disk path has a different file name (for example, E: \ A.PPTX, E: \ B .PPTX, E: \ C.PPTX ...).

The files to be protected in the virtual disk path need to be protected by a file system protection drive (program) 140 to prevent the file data from being randomly distributed and tampered with. That is, while the virtual disk mount program 120 is mounted, the virtual disk public file 190 is linked to the file system protection public file 150, and the file system protection drive 140 is notified to start, so as to protect the virtual disk mount drive 130 from being simulated. Files mounted in the virtual disk path. For example, using the file system protection drive 140 can prevent: (1) files mounted in the virtual disk path from being stored in a disk path other than the virtual disk path (for example, the C disk in a hard disk) (Disk path, D disk path), (2) File Explorer or other applications save the files in the virtual disk path, and (3) the protection program 195 is deleted. That is, once the virtual disk path is generated, the protection program 195 can protect files in the virtual disk path without itself being deleted. In addition, the link public file 180 can link the mount public file 160, which can assist the connection and mounting of the above-mentioned protection system of the virtual disk.

In one embodiment, the protection software 170 can be used to prevent: the content of the file mounted in the virtual disk path from being pasted and dragged into an application of a different type from the file, and the virtual disk path The files in the file are saved to the cloud server through the network (Internet or wireless network), and the file data in the virtual disk path is output by the external device (for example: the printer prints the file data, projects it Projector will project the file data). In other words, in one embodiment, the protection software 170 can prevent: the file data in the virtual disk path from being copied, cut, drag dropped, previewed, and printed. Printer to print, or produce screen watermark, printer watermark.

In one embodiment, the editing program 175 is used to link the installation module 110 and the virtual disk mount program 120 to modify or edit the parameter settings or parameter presets in the installation module 110 and the virtual disk mount program 120. .

The second figure shows a flowchart of protection of a virtual disk path according to an embodiment of the present invention. In this embodiment, the protection paths related to the virtual disk are listed. In the present invention, since the content of the file is in plain text and is not encrypted, the user does not need to enter a user password, and the user indicates Pattern or user personal information to verify, you can open the virtual disk file or edit the file. The protection process of the virtual disk includes: after a file 105 is mounted as a virtual disk, for example, the virtual disk mount program 120 of the first figure is used to perform a mount operation, and the terminal screen (for example, an LCD monitor) will be mounted. A virtual disk path (E :) 200 is displayed. In fact, the virtual disk path (E :) 200 indicates the file 105 mounted. After that, in the displayed virtual disk path (E :) 200, the user clicks the virtual disk path (E :) 200, and the file 105 is actually opened, for example, a PowerPoint file (E: \ A .PPTX) 105. In a protection process (a), the PowerPoint file (E: \ A.PPTX) 105 cannot save the content data (A.PPTX) to a disk other than the virtual disk path (E :) 200 (for example, to Disk C: \) 300. In this protection process (a), for example, protection is performed by the file system protection driver 140 in the first figure.

In a protection process (b), the file manager or other applications 400 cannot save the files in the virtual disk path (E :). In this protection process (b), for example, protection is performed by the file system protection driver 140 in the first figure.

In a protection process (c), the content (data) in the PowerPoint file (E: \ A.PPTX) 105 of the virtual disk path (E :) is prohibited from being pasted and dragged to other applications (for example: Paste and drag into Word file) 400. In this protection process (c), for example, protection is performed by the protection software 170 of the first figure. In addition, according to the user's protection policy, it can also be opened to let the content (data) in the PowerPoint file (E: \ A.PPTX) 105 of the virtual disk path (E :) be pasted and dragged to other applications (For example: paste, drag and drop into a Word file).

In addition, during a protection process (d), the content (data) in the PowerPoint file (E: \ A.PPTX) 105 of the virtual disk path (E :) cannot be stored in the cloud server 500. In this protection process (d), for example, protection is performed by the protection software 170 of the first figure. In addition, according to the protection strategy of the user, the content in the PowerPoint file (E: \ A.PPTX) 105 of the virtual disk path (E :) can also be opened and stored in the cloud server 500.

Furthermore, in a protection process (e), the data content in the PowerPoint file (E: \ A.PPTX) 105 of the virtual disk path (E :) cannot be output by the device 600 connected to the host computer ( For example: the printer prints the data of file 105, and the projector projects the data of file 105). In this protection process (e), for example, protection is performed by the protection software 170 of the first figure. In addition, according to the user's protection strategy, it can also be opened so that the data content in the PowerPoint file (E: \ A.PPTX) 105 of the virtual disk path (E :) is output by the device 600 connected to the host computer ( Example: India The table printer prints the file 105 data, and the projector projects the file 105 data).

Finally, in a protection process (f), the protection program 195 can protect the PowerPoint file (E: \ A.PPTX) 105 of the virtual disk path (E :) without being deleted by the user. In this protection flow (f), for example, the protection program 195 is protected by the file system protection driver 140 of the first figure from being deleted by the user.

Therefore, through the protection process and system of the virtual disk in this case, the user can attach a file or electronic file on a specific host. In addition, the control mechanism of the virtual disk can be strengthened to increase the access flexibility of the virtual disk.

The specific system or part of the virtual magnetic disk protection system of the present invention may be included in the physical media in the form of code, such as: a floppy disk, an optical disk, a hard disk, or any other machine. Reading (eg, computer-readable) storage media; wherein when a code is loaded and executed by a machine, such as a computer, the machine becomes a device for implementing the present invention. The method and device of the present invention can also be transmitted in code form through some transmission media, such as: wire or cable, optical fiber, or any transmission type, wherein when the code is received, loaded, and executed by a machine, such as a computer At this time, the machine becomes a device for implementing the present invention. When implemented on a general-purpose processor, the code in combination with the processor provides a unique device that operates similarly to application-specific logic circuits.

In addition to the descriptions here, different improvements that can be achieved by the examples and implementations described in the present invention should be covered in the scope of the present invention. Therefore, the above description is a preferred embodiment of the present invention. Those skilled in the art should understand that it is used to explain the present invention and not to limit the scope of the patent rights claimed by the present invention. The scope of its patent protection shall depend on the scope of the attached patent application and its equivalent fields. Anyone skilled in this field can make changes or modifications without departing from the spirit or scope of this patent, which belong to the equivalent changes or designs made in the spirit disclosed by the present invention, and should be included in the scope of patent application described below. Inside.

Claims (7)

A virtual disk protection system includes: a virtual disk mount program for mounting a file intended to be protected by a storage device; a virtual disk mount drive for simulating the file to generate a file; A virtual disk for accessing the file; a protection program to prohibit deletion of information in the virtual disk to protect the file mounted on the virtual disk; and a file system protection drive to prevent hanging The file contained in the virtual disk is stored on a second disk other than the virtual disk to prevent the file manager or other applications from storing the second file in the second disk into the second disk. Virtual disks, and to prevent the protection program from being deleted or keep it from being deleted by the user. The protection system for a virtual disk according to claim 1, wherein the virtual disk indicates the file mounted. The protection system for a virtual disk as described in claim 1, further comprising a protection software to prevent the content of the file mounted on the virtual disk from being pasted and dragged to a file that is not opened by default. Application. The protection system for a virtual disk according to claim 3, wherein the protection software is used to prevent the file mounted on the virtual disk from being stored in a cloud server. The protection system for a virtual disk according to claim 3, wherein the protection software is used to prevent data in the file mounted on the virtual disk from being output by an external device. The protection system for a virtual disk according to claim 5, wherein the external device is a printer. The protection system for a virtual disk as described in claim 1, further comprising a protection software for generating a screen watermark or a printer watermark, or preventing data of the file in the virtual disk from being copied or deleted. Reduce, drag, preview, or print to the printer.