WO2022068298A1 - Usb flash disk access method and usb flash disk - Google Patents

Usb flash disk access method and usb flash disk Download PDF

Info

Publication number
WO2022068298A1
WO2022068298A1 PCT/CN2021/103492 CN2021103492W WO2022068298A1 WO 2022068298 A1 WO2022068298 A1 WO 2022068298A1 CN 2021103492 W CN2021103492 W CN 2021103492W WO 2022068298 A1 WO2022068298 A1 WO 2022068298A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
instruction
command
data
disk
Prior art date
Application number
PCT/CN2021/103492
Other languages
French (fr)
Chinese (zh)
Inventor
宁姣
张程程
袁艳芳
张磊
高志洲
杨峰
谷思庭
刘佳易
王晖南
Original Assignee
北京智芯微电子科技有限公司
国网信息通信产业集团有限公司
国网山西省电力公司营销服务中心
国家电网有限公司
北京智芯半导体科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京智芯微电子科技有限公司, 国网信息通信产业集团有限公司, 国网山西省电力公司营销服务中心, 国家电网有限公司, 北京智芯半导体科技有限公司 filed Critical 北京智芯微电子科技有限公司
Publication of WO2022068298A1 publication Critical patent/WO2022068298A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/077Constructional details, e.g. mounting of circuits in the carrier
    • G06K19/0772Physical layout of the record carrier
    • G06K19/07732Physical layout of the record carrier the record carrier having a housing or construction similar to well-known portable memory devices, such as SD cards, USB or memory sticks

Definitions

  • the invention relates to the technical field of mobile storage, in particular to a U disk access method and a U disk.
  • U disk adopts USB interface, supports hot swap, and has the characteristics of fast transmission speed, simple use, small size, large capacity and easy portability, and has become the most widely used mobile storage medium.
  • Root authority a type of system authority, also called root authority, is a super administrator in some systems. This account has the highest authority of the entire system, and can easily delete or change parts of the system. If the user obtains the root authority, he can easily flash the system, backup, restore and uninstall system files, etc. After the malware obtains the root authority, it will cause irreparable damage to the system, and all the privacy of the user stored on the host will be lost. exposed to malware.
  • the common practice of manufacturers is to set SecureLock security lock and limit root permissions. This approach limits the potential of the system to a certain extent while ensuring security.
  • APDU (ApplicationProtocolDataUnit)--Application Protocol Data Unit.
  • APDU is often used for data interaction of IC card and business development of IC card.
  • FAT (File Allocation Table) is the abbreviation of File Allocation Table, which is a linked list file organization structure proposed to facilitate the storage, addition and deletion of files.
  • the present invention aims to provide a U-disk access method and a U-disk to at least partially solve the above problems.
  • the first aspect of the present invention provides a U disk access method, the access method comprises: in response to a received access instruction to the U disk; determining that the access address of the access instruction is The specific address of the U disk; execute the APDU command related to the access command or return the data of the specified area to realize the response to the access command.
  • the specific address is obtained through the following steps: taking the address of the preset file in the file allocation table as the specific address.
  • the preset file is pre-stored in a preset directory of a preset partition of the U disk.
  • the executing the corresponding APDU instruction or returning the data in the designated area includes: if the access instruction is a "write instruction", executing the APDU instruction related to the access instruction; if the access instruction is " read command" to return the data in the specified area.
  • the method before returning the data in the designated area, the method further includes: judging whether there is valid data in the designated area, if there is, returning the data in the designated area, otherwise returning "null" or "error” .
  • the executing the APDU instruction related to the access instruction includes: extracting data in the data field of the access instruction; and executing the APDU instruction that has a mapping relationship with the data.
  • the method further includes: writing the execution result of the APDU instruction into the designated area.
  • a USB flash drive comprising an interface component, a storage component and a control component, the control component is configured to: determine that the access address of the access instruction acquired from the interface component is the A specific address in the storage unit; execute the APDU command related to the access command or return the data of the specified area to realize the response to the access command.
  • the storage component includes a preset file
  • the preset file is pre-stored in a preset directory of a preset partition of the storage component
  • the address of the preset file in the file allocation table is used as the address of the preset file. specific address.
  • the storage component includes a private partition invisible to the host operating system, and the private partition can only be accessed by the APDU command.
  • the present invention also provides a computer storage medium on which a computer program is stored, and when the computer program is executed by a processor, any one of the above U disk access methods is implemented.
  • the key data is stored in the private partition of the U disk, and the ciphertext method can be used for data transmission and storage according to the application requirements, which ensures the security of the data.
  • FIG. 1 is a schematic diagram of steps of a U disk access method in an embodiment of the present invention.
  • FIG. 2 is a flow chart of establishing a preset file in an embodiment of the present invention
  • FIG. 3 is a flow chart of determining a specific address in an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of a processing flow of a "write command" in an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of an APDU command type in an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a processing flow of a "read instruction" in an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a U disk in an embodiment of the present invention.
  • FIG. 1 is a schematic diagram of steps of a U-disk access method in an embodiment of the present invention. As shown in FIG. 1 , the U-disk access method includes:
  • the access command is a general command, specifically a SCSI general command.
  • the SCSI general command is used because the operating system generally uses a file system in the form of FAT16/FAT32/NTFS, etc.
  • the instruction set manages it. This U disk only needs to process the general instructions issued by the general operating system, so it does not need additional permissions.
  • the specific address in this embodiment includes one or a combination of a specific partition and a specific offset. For example, it is determined that the partition for the access operation is the first partition, and the access address is the same as the value of a preset global variable ADDR. The setting steps of the global variable ADDR will be described in detail later.
  • the intercepting or discarding specifically includes: firstly intercepting, then extracting the APDU, executing the APDU according to the mapping relationship, not executing if it is an illegal APDU instruction, and writing the error status to the specified address. Instead, the response to the access command is completed by executing the APDU command corresponding to the access command or directly returning the data of the designated area.
  • the use of APDU command utilizes its normativeness in data transmission, but also ensures its isolation from the general command of U disk. Through this step, the access to the U disk by the general instruction is avoided, and the technical effect of data security is realized on the premise of ensuring the access security of the U disk.
  • FIG. 2 is a flowchart of creating a preset file in an embodiment of the present invention, as shown in FIG. 2 .
  • the preset file is pre-stored in the preset directory of the preset partition of the U disk.
  • a preset designated directory is established in the preset fixed partition of the U disk (the first partition is used in this embodiment) through the host operating system.
  • the preset directory is under the first partition.
  • a file ZHIXINIO.CRD with a fixed name is created in the preset directory, and this file is the preset file, hereinafter referred to as the IO file.
  • FIG. 3 is a flowchart of determining a specific address in an embodiment of the present invention, as shown in FIG. 3 .
  • the specific address is obtained through the following steps: the address of the preset file in the file allocation table is used as the specific address.
  • the security chip completes a series of initialization operations and analyzes the FAT file system of the first partition to find the IO file: ZHIXINIO.CRD. If the file exists, assign the address of the file to a specific address: the global variable ADDR; otherwise, the global variable ADDR is assigned an empty value.
  • the enumeration process is completed according to the process of the host operating system.
  • the access of the IO file is equal to the matching judgment of the operation address, which simplifies the process of triggering judgment.
  • the executing the corresponding APDU command or returning the data of the designated area includes: if the access command is a "write command", executing the APDU command related to the access command; The command is a "read command", which returns the data in the specified area.
  • the writing process corresponding to the "write command” and the reading process corresponding to the "read command” will be described separately below.
  • FIG. 4 is a schematic diagram of a processing flow of a “write command” in an embodiment of the present invention, as shown in FIG. 4 .
  • the instruction to be sent is taken as the data to be written into the IO file, and the general WRITE command (0x2A) of the operating system is called.
  • the Judgment If the partition of the write operation is the first partition, and the access address is the same as the address of the global variable ADDR, the instruction will be intercepted.
  • the data field in the instruction is analyzed and processed, and the data in the data field of the access instruction is extracted; the APDU instruction having a mapping relationship with the data is executed to complete the function corresponding to the APDU instruction.
  • the APDU command can complete functions such as encryption, decryption, private partition storage, verification PIN and other personalized command processing. And further, save the processing result and the data to be returned in a designated area, such as the global variable Buff_CMD.
  • the setting of the subsequent steps is beneficial to enable the upper computer to obtain the execution result of the APDU instruction and return data.
  • the setting of the above APDU command can not only realize the data operation on the private partition of the secure USB flash drive, but also realize various customization functions.
  • FIG. 5 is a schematic diagram of an APDU command type in an embodiment of the present invention, as shown in FIG. 5 .
  • the personalized application instructions include: encryption, decryption, private partition storage, verification PIN and other personalized instructions.
  • FIG. 6 is a schematic diagram of a processing flow of a “read instruction” in an embodiment of the present invention, as shown in FIG. 6 .
  • the host computer software needs to obtain the instruction execution result or return data, it calls the general interface of the operating system, and sends the Read (0x28) instruction to the IO file.
  • the U disk After the U disk receives the read instruction, it makes a judgment: if the read operation If the partition is the first partition, and the access address is the same as the global variable ADDR address, then this instruction is intercepted, and the data in the file is not actually read, but the processing result of the instruction stored in the specified area (Buff_CMD) in the previous step and The data to be returned is used as the return data of the read command and returned to the host computer application.
  • Buff_CMD specified area
  • the host computer software can call the general interface of the operating system to access the partition of the U disk without additional authority. Processing, realize the transmission of private instructions, and then realize security and personalized applications.
  • FIG. 7 is a schematic structural diagram of a U disk according to an embodiment of the present invention, as shown in FIG. 7 .
  • a USB flash drive is also provided, including an interface component, a storage component and a control component, the control component is configured to: determine the access address of the access instruction obtained from the interface component as the storage component The specific address in the access command; execute the APDU command related to the access command or return the data of the specified area, so as to realize the response to the access command.
  • the interface component may be a USB interface; the storage component may be a security chip or other types of processor chips; the storage component may be a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) ) card, flash memory card (Flash Card), etc., preferably EMMC memory can be used.
  • SMC Smart Media Card
  • SD Secure Digital
  • Flash Card flash memory card
  • control unit can provide communication isolation between the high-speed USB and the EMMC bus.
  • the storage component includes a preset file
  • the preset file is pre-stored in a preset directory of a preset partition of the storage component
  • the preset file is stored in the file allocation table with the number of the preset file. address as the specific address.
  • a specified directory is created in the fixed partition of the U disk (the first partition is used in this solution), and a file with a fixed name is created under the specified directory, that is, the aforementioned IO file: ZHIXINIO.CRD, in this embodiment
  • the specified directory is ⁇ Android ⁇ data ⁇ com.example.sgskftest under the first partition.
  • the security chip parses the FAT file system of the first partition after completing a series of initialization operations, and finds the IO file: ZHIXINIO.CRD. If the file exists, assign the address of the file to the global variable ADDR; otherwise, assign ADDR to be empty. After the address resolution is completed, the enumeration process is completed according to the process of the host operating system.
  • the storage component includes a private partition not visible to the host operating system, the private partition being accessible only by the APDU instructions.
  • a third sub-storage partition is also provided: the invisible "private partition": only the security chip can access, the outside is invisible, the operating system and the host computer software are not directly accessible. Data can be read and written in plaintext or in ciphertext; it can be stored in plaintext or in ciphertext; it can be managed as a single storage area, or it can be divided into different functional areas according to the application, and different security attributes can be added for independent management. Since the private partition is invisible to the host operating system and cannot utilize the file system of the host operating system, it is necessary to use the private instructions in the SCSI instruction set to manage the partition through the security chip. In this embodiment, an APDU command is used to access it.
  • An embodiment of the present invention further provides a computer storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the U disk access method described in this embodiment is implemented.
  • Embodiments of the present invention provide a method for executing private instructions without root authority, implementing personalized application processing, and accessing private partitions through personalized applications.
  • the aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .
  • any combination of different implementations of the embodiments of the present invention may also be performed, as long as they do not violate the ideas of the embodiments of the present invention, they should also be regarded as the contents disclosed in the embodiments of the present invention.

Abstract

A USB flash disk access method and a corresponding USB flash disk. Said access method comprises: receiving an access instruction for the USB flash disk (S11); determining that the access address of the access instruction is a specific address of the USB flash disk (S12); and executing an APDU instruction related to the access instruction or returning data of a designated area, so as to respond to the access instruction (S13). The described USB flash disk access method can improve the reading security of a USB flash disk and implement the personalized application of the USB flash disk.

Description

U盘访问方法及U盘U disk access method and U disk 技术领域technical field
本发明涉及移动存储技术领域,特别涉及一种U盘访问方法及一种U盘。The invention relates to the technical field of mobile storage, in particular to a U disk access method and a U disk.
背景技术Background technique
随着信息时代的到来,移动存储介质已经成为人们日常工作中不可或缺的信息传输工具。U盘采用USB接口,支持热插拔,具有传输速度快、使用简单、体积小、容量大和便于携带等特点,成为应用最广泛的移动存储介质。With the advent of the information age, mobile storage media has become an indispensable information transmission tool in people's daily work. U disk adopts USB interface, supports hot swap, and has the characteristics of fast transmission speed, simple use, small size, large capacity and easy portability, and has become the most widely used mobile storage medium.
目前,在Windows下,操作系统上层应用可以正常使用SCSI私有指令,通过私有指令实现对U盘的私密分区的管理。但是在某些操作系统下,如Linux,使用私有指令需要Root权限。Root权限,系统权限的一种,也叫根权限,是某些系统中的超级管理员,该帐户拥有整个系统的最高权限,可以方便的对系统的部件进行删除或更改。如果用户获取了Root权限,可以轻松的对系统刷机、备份、还原和卸载系统文件等操作,恶意软件获取Root权限后,将对系统造成不可修复的破坏,用户存储在主机上的所有隐私都将暴露在恶意软件之下。为了避免在应用平台时的一些潜在风险,厂商的通用做法就是设置SecureLock安全锁定和限制Root权限,这种做法在保证安全的同时,一定程度上限制了系统潜能的发挥。At present, under Windows, the upper-layer application of the operating system can normally use the SCSI private command, and realize the management of the private partition of the U disk through the private command. However, under some operating systems, such as Linux, root privileges are required to use private commands. Root authority, a type of system authority, also called root authority, is a super administrator in some systems. This account has the highest authority of the entire system, and can easily delete or change parts of the system. If the user obtains the root authority, he can easily flash the system, backup, restore and uninstall system files, etc. After the malware obtains the root authority, it will cause irreparable damage to the system, and all the privacy of the user stored on the host will be lost. exposed to malware. In order to avoid some potential risks when applying the platform, the common practice of manufacturers is to set SecureLock security lock and limit root permissions. This approach limits the potential of the system to a certain extent while ensuring security.
APDU:(ApplicationProtocolDataUnit)--应用协议数据单元。APDU常用于IC卡的数据交互使用,以及IC卡的业务开发。APDU: (ApplicationProtocolDataUnit)--Application Protocol Data Unit. APDU is often used for data interaction of IC card and business development of IC card.
FAT:(File Allocation Table)是文件分配表的缩写,是为了方便文件的存储、添加和删除等操作而提出的一种链表式文件组织结构。FAT: (File Allocation Table) is the abbreviation of File Allocation Table, which is a linked list file organization structure proposed to facilitate the storage, addition and deletion of files.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本发明旨在提出一种U盘访问方法及U盘,以至少部分地解决以上问题。In view of this, the present invention aims to provide a U-disk access method and a U-disk to at least partially solve the above problems.
为达到上述目的,本发明的第一方面,提供了一种U盘访问方法,所述访问方法包括:响应于接收到的对所述U盘的访问指令;确定所述访问指令的访问地址为所述U盘的特定地址;执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。In order to achieve the above object, the first aspect of the present invention provides a U disk access method, the access method comprises: in response to a received access instruction to the U disk; determining that the access address of the access instruction is The specific address of the U disk; execute the APDU command related to the access command or return the data of the specified area to realize the response to the access command.
优选的,所述特定地址通过以下步骤得到:以预设文件在文件分配表中的地址作为所述特定地址。Preferably, the specific address is obtained through the following steps: taking the address of the preset file in the file allocation table as the specific address.
优选的,所述预设文件预存于所述U盘的预设分区的预设目录中。Preferably, the preset file is pre-stored in a preset directory of a preset partition of the U disk.
优选的,所述执行对应的APDU指令或者返回指定区域的数据,包括:若所述访问指令为“写入指令”,则执行与所述访问指令相关的APDU指令;若所述访问指令为“读取指令”,返回所述指定区域的数据。Preferably, the executing the corresponding APDU instruction or returning the data in the designated area includes: if the access instruction is a "write instruction", executing the APDU instruction related to the access instruction; if the access instruction is " read command" to return the data in the specified area.
优选的,在所述返回指定区域的数据之前,所述方法还包括:判断所述指定区域是否存在有效数据,若存在则返回所述指定区域的数据,否则返回“空值”或“错误”。Preferably, before returning the data in the designated area, the method further includes: judging whether there is valid data in the designated area, if there is, returning the data in the designated area, otherwise returning "null" or "error" .
优选的,所述执行与所述访问指令相关的APDU指令,包括:提取所述访问指令的数据域中的数据;执行与所述数据存在映射关系的APDU指令。Preferably, the executing the APDU instruction related to the access instruction includes: extracting data in the data field of the access instruction; and executing the APDU instruction that has a mapping relationship with the data.
优选的,在执行与所述数据存在映射关系的APDU指令之后,所述方法还包括:将所述APDU指令的执行结果写入所述指定区域。Preferably, after executing the APDU instruction that has a mapping relationship with the data, the method further includes: writing the execution result of the APDU instruction into the designated area.
在本发明的第二方面,还提供了一种U盘,包括接口部件、存储部件和控制部件,所述控制部件被配置为:确定从所述接口部件获取的访问指令的访问地址为所述存储部件中的特定地址;执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。In a second aspect of the present invention, a USB flash drive is also provided, comprising an interface component, a storage component and a control component, the control component is configured to: determine that the access address of the access instruction acquired from the interface component is the A specific address in the storage unit; execute the APDU command related to the access command or return the data of the specified area to realize the response to the access command.
优选的,所述存储部件包括一预设文件,所述预设文件预存于所述存储部件的预设分区的预设目录中,并以所述预设文件在文件分配表中的地址作为所述特定地址。Preferably, the storage component includes a preset file, the preset file is pre-stored in a preset directory of a preset partition of the storage component, and the address of the preset file in the file allocation table is used as the address of the preset file. specific address.
优选的,所述存储部件包括对主机操作系统不可见的私密分区,所述私密分区仅能被所述APDU指令访问。Preferably, the storage component includes a private partition invisible to the host operating system, and the private partition can only be accessed by the APDU command.
本发明还提供一种计算机存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述任意一项U盘访问方法。The present invention also provides a computer storage medium on which a computer program is stored, and when the computer program is executed by a processor, any one of the above U disk access methods is implemented.
本发明所述的U盘访问方法及U盘,具有以下有益效果:The U-disk access method and U-disk of the present invention have the following beneficial effects:
1)本实施例无需获取ROOT权限,而是使用操作系统提供的通用接口,执行个性化应用处理,并通过该应用处理实现访问私密分区,从而保证了系统的安全性及可靠性。1) In this embodiment, there is no need to obtain the ROOT authority, but the general interface provided by the operating system is used to execute personalized application processing, and access the private partition through the application processing, thereby ensuring the security and reliability of the system.
2)将关键数据存储到U盘的私密分区,数据的传输和存储都可以根据应用需求使用密文方式,保证了数据的安全。2) The key data is stored in the private partition of the U disk, and the ciphertext method can be used for data transmission and storage according to the application requirements, which ensures the security of the data.
本发明的其它特征和优点将在随后的具体实施方式部分予以详细说明。Other features and advantages of the present invention will be described in detail in the detailed description that follows.
附图说明Description of drawings
构成本发明的一部分的附图用来提供对本发明的进一步理解,本发明的示意性实施方式及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings constituting a part of the present invention are used to provide further understanding of the present invention, and the schematic embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute an improper limitation of the present invention. In the attached image:
图1为本发明一实施例中的U盘访问方法的步骤示意图;1 is a schematic diagram of steps of a U disk access method in an embodiment of the present invention;
图2为本发明一实施例中的预设文件建立流程图;FIG. 2 is a flow chart of establishing a preset file in an embodiment of the present invention;
图3为本发明一实施例中的特定地址确定流程图;3 is a flow chart of determining a specific address in an embodiment of the present invention;
图4为本发明一实施例中的对“写入指令”的处理流程示意图;FIG. 4 is a schematic diagram of a processing flow of a "write command" in an embodiment of the present invention;
图5为本发明一实施例中的APDU指令类型示意图;5 is a schematic diagram of an APDU command type in an embodiment of the present invention;
图6为本发明一实施例中的对“读取指令”的处理流程示意图;FIG. 6 is a schematic diagram of a processing flow of a "read instruction" in an embodiment of the present invention;
图7为本发明一实施例中的U盘结构示意图。FIG. 7 is a schematic structural diagram of a U disk in an embodiment of the present invention.
具体实施方式Detailed ways
以下结合附图对本发明实施例的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本发明实施例,并不用于限制本发明实施例。The specific implementations of the embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be understood that the specific implementation manners described herein are only used to illustrate and explain the embodiments of the present invention, and are not used to limit the embodiments of the present invention.
图1为本发明一实施例中的U盘访问方法的步骤示意图,如图1所示,该U盘访问方法包括:FIG. 1 is a schematic diagram of steps of a U-disk access method in an embodiment of the present invention. As shown in FIG. 1 , the U-disk access method includes:
S11、响应于接收到的对所述U盘的访问指令;S11, in response to the received access instruction to the U disk;
当该U盘通过其USB接口收到访问指令,该访问指令为通用指令,具体为SCSI通用指令,采用SCSI通用指令是因为操作系统一般采用FAT16/FAT32/NTFS等形式的文件系统,并通过SCSI指令集对其进行管理。本U盘只需要处理通用操作系统下发的通用指令即可,因此也不需要额外的权限。When the USB flash drive receives an access command through its USB interface, the access command is a general command, specifically a SCSI general command. The SCSI general command is used because the operating system generally uses a file system in the form of FAT16/FAT32/NTFS, etc. The instruction set manages it. This U disk only needs to process the general instructions issued by the general operating system, so it does not need additional permissions.
S12、确定所述访问指令的访问地址为所述U盘的特定地址;S12, determine that the access address of the access instruction is the specific address of the U disk;
本实施例中的特定地址包括特定分区和特定偏移中的一者或组合。例如,判断访问操作的分区为第一分区,并且访问地址与一个预设全局变量ADDR的值相同。全局变量ADDR的设定步骤将在后文详述。The specific address in this embodiment includes one or a combination of a specific partition and a specific offset. For example, it is determined that the partition for the access operation is the first partition, and the access address is the same as the value of a preset global variable ADDR. The setting steps of the global variable ADDR will be described in detail later.
S13、执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。S13. Execute the APDU instruction related to the access instruction or return the data of the specified area, so as to realize the response to the access instruction.
若符合上一步中的确定条件,则对该访问指令进行拦截或者丢弃,不再执行该访问指令的功能。其中拦截或者丢弃具体包括:首先进行拦截,然后提取出APDU,根据映射关系执行APDU,如果是非法的APDU指令则不执行,并将错误状态写入指定地址。而是通过执行该访问指令相对应的APDU指令或者直接返回指定区域的数据,以完成对所述访问指令的响应。采用 APDU指令利用了其在数据传输上的规范性,但是也保证了其与U盘通用指令的隔离。通过本步骤,避免了通用指令对于U盘的访问,在保证U盘访问安全的前提下,实现了数据安全的技术效果。If the determined conditions in the previous step are met, the access instruction is intercepted or discarded, and the function of the access instruction is no longer executed. The intercepting or discarding specifically includes: firstly intercepting, then extracting the APDU, executing the APDU according to the mapping relationship, not executing if it is an illegal APDU instruction, and writing the error status to the specified address. Instead, the response to the access command is completed by executing the APDU command corresponding to the access command or directly returning the data of the designated area. The use of APDU command utilizes its normativeness in data transmission, but also ensures its isolation from the general command of U disk. Through this step, the access to the U disk by the general instruction is avoided, and the technical effect of data security is realized on the premise of ensuring the access security of the U disk.
图2为本发明一实施例中的预设文件建立流程图,如图2所示。在本实施例中,预设文件预存于所述U盘的预设分区的预设目录中。具体的,在该U盘发行时,通过主机操作系统在U盘的预设的固定分区(本实施例中使用第一分区)建立预设的指定目录,例如:预设目录为第一分区下的\Android\data\com.example.sgskftest。并在该预设目录下建立固定名称的文件ZHIXINIO.CRD,该文件即为所述的预设文件,以下简称为IO文件。FIG. 2 is a flowchart of creating a preset file in an embodiment of the present invention, as shown in FIG. 2 . In this embodiment, the preset file is pre-stored in the preset directory of the preset partition of the U disk. Specifically, when the U disk is issued, a preset designated directory is established in the preset fixed partition of the U disk (the first partition is used in this embodiment) through the host operating system. For example, the preset directory is under the first partition. \Android\data\com.example.sgskftest. A file ZHIXINIO.CRD with a fixed name is created in the preset directory, and this file is the preset file, hereinafter referred to as the IO file.
图3为本发明一实施例中的特定地址确定流程图,如图3所示。在本实施例中,所述特定地址通过以下步骤得到:以预设文件在文件分配表中的地址作为所述特定地址。发行后的U盘在使用时,将其插入主机的USB口,U盘上电后安全芯片完成一系列初始化操作后对第一分区的FAT文件系统进行解析,查找IO文件:ZHIXINIO.CRD。若该文件存在,则将该文件的地址赋值给特定地址:全局变量ADDR;否则,全局变量ADDR赋值为空。完成地址解析后,根据主机操作系统的流程,完成枚举过程。通过以上步骤,将IO文件被访问等同于操作地址的匹配判断,简化了触发判断的流程。FIG. 3 is a flowchart of determining a specific address in an embodiment of the present invention, as shown in FIG. 3 . In this embodiment, the specific address is obtained through the following steps: the address of the preset file in the file allocation table is used as the specific address. When the released U disk is in use, insert it into the USB port of the host computer. After the U disk is powered on, the security chip completes a series of initialization operations and analyzes the FAT file system of the first partition to find the IO file: ZHIXINIO.CRD. If the file exists, assign the address of the file to a specific address: the global variable ADDR; otherwise, the global variable ADDR is assigned an empty value. After the address resolution is completed, the enumeration process is completed according to the process of the host operating system. Through the above steps, the access of the IO file is equal to the matching judgment of the operation address, which simplifies the process of triggering judgment.
在一实施例中,所述执行对应的APDU指令或者返回指定区域的数据,包括:若所述访问指令为“写入指令”,则执行与所述访问指令相关的APDU指令;若所述访问指令为“读取指令”,返回所述指定区域的数据。以下分别对“写入指令”对应的写入过程和“读取指令”对应的读取过程分别进行描述。In one embodiment, the executing the corresponding APDU command or returning the data of the designated area includes: if the access command is a "write command", executing the APDU command related to the access command; The command is a "read command", which returns the data in the specified area. The writing process corresponding to the "write command" and the reading process corresponding to the "read command" will be described separately below.
图4为本发明一实施例中的对“写入指令”的处理流程示意图,如图4所示。在本实施例中,上位机应用需要向U盘发送指令时,将要发送的指令作为要写入IO文件的数据,调用操作系统通用的WRITE命令(0x2A),U 盘收到WRITE命令后,进行判断:若写操作的分区为第一分区,且访问地址与全局变量ADDR地址相同,则对此指令进行拦截。对指令中的数据域进行分析处理,提取所述访问指令的数据域中的数据;执行与所述数据存在映射关系的APDU指令,完成APDU指令对应的功能。其中APDU指令可以完成加密、解密、私密分区存储、验证PIN和其他个性化指令处理等功能。以及进一步地,将处理结果和待返回数据保存到指定区域,例如全局变量Buff_CMD中。该后续步骤的设置,有利于使上位机获取APDU指令的执行结果和返回数据。以上APDU指令的设置,不仅可以可实现对安全优盘的私密分区的数据操作,还能实现多种定制功能。FIG. 4 is a schematic diagram of a processing flow of a “write command” in an embodiment of the present invention, as shown in FIG. 4 . In this embodiment, when the host computer application needs to send an instruction to the U disk, the instruction to be sent is taken as the data to be written into the IO file, and the general WRITE command (0x2A) of the operating system is called. After the U disk receives the WRITE command, the Judgment: If the partition of the write operation is the first partition, and the access address is the same as the address of the global variable ADDR, the instruction will be intercepted. The data field in the instruction is analyzed and processed, and the data in the data field of the access instruction is extracted; the APDU instruction having a mapping relationship with the data is executed to complete the function corresponding to the APDU instruction. The APDU command can complete functions such as encryption, decryption, private partition storage, verification PIN and other personalized command processing. And further, save the processing result and the data to be returned in a designated area, such as the global variable Buff_CMD. The setting of the subsequent steps is beneficial to enable the upper computer to obtain the execution result of the APDU instruction and return data. The setting of the above APDU command can not only realize the data operation on the private partition of the secure USB flash drive, but also realize various customization functions.
图5为本发明一实施例中的APDU指令类型示意图,如图5所示。从WRITE命令(0x2A)重解析出个性化应用指令后,执行该指令。其中,个性化应用指令包括:加密、解密、私密分区存储、验证PIN和其他个性化指令。FIG. 5 is a schematic diagram of an APDU command type in an embodiment of the present invention, as shown in FIG. 5 . After the personalized application instruction is reparsed from the WRITE command (0x2A), the instruction is executed. Among them, the personalized application instructions include: encryption, decryption, private partition storage, verification PIN and other personalized instructions.
图6为本发明一实施例中的对“读取指令”的处理流程示意图,如图6所示。在本实施例中,上位机软件需要获取指令执行结果或者返回数据时,调用操作系统通用接口,向IO文件发送Read(0x28)指令,U盘收到读指令后,进行判断:若读操作的分区为第一分区,且访问地址与全局变量ADDR地址相同,则此指令进行拦截,不实际读取文件中的数据,而是将之前步骤中保存在指定区域(Buff_CMD)的指令的处理结果和待返回数据作为读指令的返回数据,返回给上位机应用。当所述指定区域不存在有效数据时,则返回“空值”或“错误”。因此在所述返回指定区域的数据之前,增加判断所述指定区域是否存在有效数据的步骤,有利于系统的异常反馈,提升使用体验。FIG. 6 is a schematic diagram of a processing flow of a “read instruction” in an embodiment of the present invention, as shown in FIG. 6 . In this embodiment, when the host computer software needs to obtain the instruction execution result or return data, it calls the general interface of the operating system, and sends the Read (0x28) instruction to the IO file. After the U disk receives the read instruction, it makes a judgment: if the read operation If the partition is the first partition, and the access address is the same as the global variable ADDR address, then this instruction is intercepted, and the data in the file is not actually read, but the processing result of the instruction stored in the specified area (Buff_CMD) in the previous step and The data to be returned is used as the return data of the read command and returned to the host computer application. When there is no valid data in the specified area, "null" or "error" is returned. Therefore, before returning the data in the designated area, adding a step of judging whether there is valid data in the designated area is beneficial to the abnormal feedback of the system and improves the use experience.
从以上实施例可见,上位机软件调用操作系统通用接口可以访问U盘的分区,不需要额外的权限,本发明实施例对通用接口所用的通用指令进行 特殊处理,主要是对文件读写指令进行处理,实现私有指令的传输,进而实现安全性和个性化应用。It can be seen from the above embodiment that the host computer software can call the general interface of the operating system to access the partition of the U disk without additional authority. Processing, realize the transmission of private instructions, and then realize security and personalized applications.
图7为本发明一实施例中的U盘结构示意图,如图7所示。在本实施例中,还提供了一种U盘,包括接口部件、存储部件和控制部件,所述控制部件被配置为:确定从所述接口部件获取的访问指令的访问地址为所述存储部件中的特定地址;执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。其中,接口部件可为USB接口;存储部件可为安全芯片或其它型号的处理器芯片;存储部件可为插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等,优选的可采用EMMC存储器。FIG. 7 is a schematic structural diagram of a U disk according to an embodiment of the present invention, as shown in FIG. 7 . In this embodiment, a USB flash drive is also provided, including an interface component, a storage component and a control component, the control component is configured to: determine the access address of the access instruction obtained from the interface component as the storage component The specific address in the access command; execute the APDU command related to the access command or return the data of the specified area, so as to realize the response to the access command. The interface component may be a USB interface; the storage component may be a security chip or other types of processor chips; the storage component may be a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) ) card, flash memory card (Flash Card), etc., preferably EMMC memory can be used.
关于控制部件所实现功能的具体限定可以参见上文中对于U盘访问方法的限定,在此不再赘述。其中控制部件可以在高速USB和EMMC总线之间提供的通信隔离。For specific limitations on functions implemented by the control component, reference may be made to the limitations on the U-disk access method above, which will not be repeated here. Where the control unit can provide communication isolation between the high-speed USB and the EMMC bus.
在一实施例中,所述存储部件包括一预设文件,所述预设文件预存于所述存储部件的预设分区的预设目录中,并以所述预设文件在文件分配表中的地址作为所述特定地址。通过主机操作系统,在U盘的固定分区(本方案中使用第一分区)建立指定目录,并在指定目录下建立固定名称的文件,即前述的IO文件:ZHIXINIO.CRD,本实施例中的指定目录为第一分区下的\Android\data\com.example.sgskftest。发行后的安全U盘重新上电,安全芯片完成一系列初始化操作后对第一分区的FAT文件系统进行解析,查找IO文件:ZHIXINIO.CRD。若该文件存在,则将该文件的地址赋值给全局变量ADDR否则,ADDR赋值为空。完成地址解析后,根据主机操作系统的流程,完成枚举过程。In one embodiment, the storage component includes a preset file, the preset file is pre-stored in a preset directory of a preset partition of the storage component, and the preset file is stored in the file allocation table with the number of the preset file. address as the specific address. Through the host operating system, a specified directory is created in the fixed partition of the U disk (the first partition is used in this solution), and a file with a fixed name is created under the specified directory, that is, the aforementioned IO file: ZHIXINIO.CRD, in this embodiment The specified directory is \Android\data\com.example.sgskftest under the first partition. After the released security U disk is powered on again, the security chip parses the FAT file system of the first partition after completing a series of initialization operations, and finds the IO file: ZHIXINIO.CRD. If the file exists, assign the address of the file to the global variable ADDR; otherwise, assign ADDR to be empty. After the address resolution is completed, the enumeration process is completed according to the process of the host operating system.
在一实施例中,所述存储部件包括对主机操作系统不可见的私密分区,所述私密分区仅能被所述APDU指令访问。为了提升U盘的安全性,除了 普通分区和加密分区之外,还提供第三种分存储分区:不可见的“私密分区”:只有安全芯片可以访问,外部不可见,操作系统和上位机软件都无法直接访问。数据可以明文读写也可以密文读写;可以明文存储也可以密文存储;可以作为单一存储区域统一管理,也可以根据应用划分为不同的功能区域,并添加不同的安全属性,独立管理。由于私密分区对主机操作系统不可见,无法利用主机操作系统的文件系统,所以需要使用SCSI指令集中的私有指令,通过安全芯片对该分区进行管理。本实施例中采用APDU指令对其进行访问。In one embodiment, the storage component includes a private partition not visible to the host operating system, the private partition being accessible only by the APDU instructions. In order to improve the security of the U disk, in addition to the ordinary partition and the encrypted partition, a third sub-storage partition is also provided: the invisible "private partition": only the security chip can access, the outside is invisible, the operating system and the host computer software are not directly accessible. Data can be read and written in plaintext or in ciphertext; it can be stored in plaintext or in ciphertext; it can be managed as a single storage area, or it can be divided into different functional areas according to the application, and different security attributes can be added for independent management. Since the private partition is invisible to the host operating system and cannot utilize the file system of the host operating system, it is necessary to use the private instructions in the SCSI instruction set to manage the partition through the security chip. In this embodiment, an APDU command is used to access it.
本发明的实施例还提供一种计算机存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现本实施例所述的U盘访问方法。An embodiment of the present invention further provides a computer storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the U disk access method described in this embodiment is implemented.
本发明的实施例提供了一种不需要Root权限即可执行私有指令,实现个性化应用处理,并且通过个性化应用来访问私密分区的方法。Embodiments of the present invention provide a method for executing private instructions without root authority, implementing personalized application processing, and accessing private partitions through personalized applications.
以上结合附图详细描述了本发明实施例的可选实施方式,但是,本发明实施例并不限于上述实施方式中的具体细节,在本发明实施例的技术构思范围内,可以对本发明实施例的技术方案进行多种简单变型,这些简单变型均属于本发明实施例的保护范围。The optional embodiments of the embodiments of the present invention have been described in detail above with reference to the accompanying drawings. However, the embodiments of the present invention are not limited to the specific details of the above-mentioned embodiments. A variety of simple modifications are made to the technical solution of the invention, and these simple modifications all belong to the protection scope of the embodiments of the present invention.
另外需要说明的是,在上述具体实施方式中所描述的各个具体技术特征,在不矛盾的情况下,可以通过任何合适的方式进行组合。为了避免不必要的重复,本发明实施例对各种可能的组合方式不再另行说明。In addition, it should be noted that each specific technical feature described in the above-mentioned specific implementation manner may be combined in any suitable manner under the circumstance that there is no contradiction. To avoid unnecessary repetition, various possible combinations are not further described in this embodiment of the present invention.
本领域技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序存储在一个存储介质中,包括若干指令用以使得单片机、芯片或处理器(processor)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。Those skilled in the art can understand that all or part of the steps in the method of the above-mentioned embodiments can be completed by instructing the relevant hardware through a program, and the program is stored in a storage medium, and includes several instructions to make a single-chip microcomputer, a chip or a processor. (processor) executes all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .
此外,本发明实施例的不同实施方式之间也可以进行任意组合,只要其 不违背本发明实施例的思想,其同样应当视为本发明实施例所公开的内容。In addition, any combination of different implementations of the embodiments of the present invention may also be performed, as long as they do not violate the ideas of the embodiments of the present invention, they should also be regarded as the contents disclosed in the embodiments of the present invention.

Claims (10)

  1. 一种U盘访问方法,其特征在于,所述访问方法包括:A U disk access method, characterized in that the access method comprises:
    接收对所述U盘的访问指令;receiving an access instruction to the U disk;
    确定所述访问指令的访问地址为所述U盘的特定地址;Determine that the access address of the access instruction is the specific address of the U disk;
    执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。Execute the APDU command related to the access command or return the data of the specified area, so as to realize the response to the access command.
  2. 根据权利要求1所述的访问方法,其特征在于,所述特定地址通过以下步骤得到:The access method according to claim 1, wherein the specific address is obtained through the following steps:
    以预设文件在文件分配表中的地址作为所述特定地址。The address of the preset file in the file allocation table is used as the specific address.
  3. 根据权利要求2所述的访问方法,其特征在于,所述预设文件预存于所述U盘的预设分区的预设目录中。The access method according to claim 2, wherein the preset file is pre-stored in a preset directory of a preset partition of the U disk.
  4. 根据权利要求1所述的访问方法,其特征在于,所述执行与访问指令相关的APDU指令或者返回指定区域的数据,包括:The access method according to claim 1, wherein the executing an APDU instruction related to the access instruction or returning the data of the designated area comprises:
    若所述访问指令为“写入指令”,则执行与所述访问指令相关的APDU指令;If the access command is a "write command", execute the APDU command related to the access command;
    若所述访问指令为“读取指令”,则返回所述指定区域的数据。If the access command is a "read command", the data of the specified area is returned.
  5. 根据权利要求4所述的访问方法,其特征在于,在所述返回指定区域的数据之前,所述方法还包括:The access method according to claim 4, wherein before returning the data of the designated area, the method further comprises:
    判断所述指定区域是否存在有效数据,若存在,则返回所述指定区域的数据,否则返回“空值”或“错误”。It is judged whether there is valid data in the specified area, if there is, the data of the specified area is returned, otherwise "null" or "error" is returned.
  6. 根据权利要求4所述的访问方法,其特征在于,所述执行与所述访 问指令相关的APDU指令,包括:The access method according to claim 4, wherein the execution of the APDU instruction related to the access instruction comprises:
    提取所述访问指令的数据域中的数据;extracting data in the data field of the access instruction;
    执行与所述数据存在映射关系的APDU指令。Execute the APDU instruction that has a mapping relationship with the data.
  7. 根据权利要求6所述的访问方法,其特征在于,在执行与所述数据存在映射关系的APDU指令之后,所述方法还包括:The access method according to claim 6, wherein after executing the APDU instruction that has a mapping relationship with the data, the method further comprises:
    将所述APDU指令的执行结果写入所述指定区域。Write the execution result of the APDU instruction into the designated area.
  8. 一种U盘,包括接口部件、存储部件和控制部件,其特征在于,所述控制部件被配置为:A U disk, comprising an interface part, a storage part and a control part, characterized in that the control part is configured as:
    确定从所述接口部件获取的访问指令的访问地址为所述存储部件中的特定地址;determining that the access address of the access instruction obtained from the interface component is a specific address in the storage component;
    执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。Execute the APDU command related to the access command or return the data of the specified area, so as to realize the response to the access command.
  9. 根据权利要求8所述的U盘,其特征在于,所述存储部件包括一预设文件,所述预设文件预存于所述存储部件的预设分区的预设目录中,并以所述预设文件在文件分配表中的地址作为所述特定地址。The U disk according to claim 8, wherein the storage component includes a preset file, the preset file is pre-stored in a preset directory of a preset partition of the storage component, and the preset file is stored in a preset directory of the preset partition of the storage component. Let the address of the file in the file allocation table be the specific address.
  10. 根据权利要求8或9所述的U盘,其特征在于,所述存储部件包括对主机操作系统不可见的私密分区,所述私密分区仅能被所述APDU指令访问。The USB flash drive according to claim 8 or 9, wherein the storage component includes a private partition that is invisible to a host operating system, and the private partition can only be accessed by the APDU command.
PCT/CN2021/103492 2020-09-30 2021-06-30 Usb flash disk access method and usb flash disk WO2022068298A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011065234.6A CN112084524B (en) 2020-09-30 2020-09-30 USB flash disk access method and USB flash disk
CN202011065234.6 2020-09-30

Publications (1)

Publication Number Publication Date
WO2022068298A1 true WO2022068298A1 (en) 2022-04-07

Family

ID=73730492

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/103492 WO2022068298A1 (en) 2020-09-30 2021-06-30 Usb flash disk access method and usb flash disk

Country Status (2)

Country Link
CN (1) CN112084524B (en)
WO (1) WO2022068298A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112084524B (en) * 2020-09-30 2023-10-13 北京智芯微电子科技有限公司 USB flash disk access method and USB flash disk

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051292A (en) * 2007-01-08 2007-10-10 中国信息安全产品测评认证中心 Reliable U disc, method for realizing reliable U disc safety and its data communication with computer
CN101441634A (en) * 2007-11-19 2009-05-27 凤凰微电子(中国)有限公司 Embedded type file system suitable for smart card application environment
CN101872334A (en) * 2010-05-26 2010-10-27 北京飞天诚信科技有限公司 Compound type usb equipment and implementation method thereof
US20130042029A1 (en) * 2010-06-29 2013-02-14 Zhou Lu Method for identifying host operating system by universal serial bus (usb) device
CN112084524A (en) * 2020-09-30 2020-12-15 北京智芯微电子科技有限公司 USB flash disk access method and USB flash disk

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005266934A (en) * 2004-03-16 2005-09-29 Hagiwara Sys-Com:Kk Usb storage device and controller therefor
CN102467351A (en) * 2010-11-10 2012-05-23 鸿富锦精密工业(深圳)有限公司 Universal serial bus (USB) flash disk and rapid storage and boot switching method thereof
CN111062064B (en) * 2019-12-24 2021-11-02 飞天诚信科技股份有限公司 Method and system for realizing encrypted USB flash disk system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051292A (en) * 2007-01-08 2007-10-10 中国信息安全产品测评认证中心 Reliable U disc, method for realizing reliable U disc safety and its data communication with computer
CN101441634A (en) * 2007-11-19 2009-05-27 凤凰微电子(中国)有限公司 Embedded type file system suitable for smart card application environment
CN101872334A (en) * 2010-05-26 2010-10-27 北京飞天诚信科技有限公司 Compound type usb equipment and implementation method thereof
US20130042029A1 (en) * 2010-06-29 2013-02-14 Zhou Lu Method for identifying host operating system by universal serial bus (usb) device
CN112084524A (en) * 2020-09-30 2020-12-15 北京智芯微电子科技有限公司 USB flash disk access method and USB flash disk

Also Published As

Publication number Publication date
CN112084524A (en) 2020-12-15
CN112084524B (en) 2023-10-13

Similar Documents

Publication Publication Date Title
US10404708B2 (en) System for secure file access
US7558907B2 (en) Virtual memory card controller
US7970983B2 (en) Identity-based flash management
EP1989653B1 (en) Universal serial bus (usb) storage device and access control method thereof
CN100419713C (en) Mothed of dividing large volume storage stocking device
US20040088513A1 (en) Controller for partition-level security and backup
US20080126813A1 (en) Storage control device and method of controlling encryption function of storage control device
US7882202B2 (en) System to delegate virtual storage access method related file operations to a storage server using an in-band RPC mechanism
WO2006057514A1 (en) Electrical transmission system in secret environment between virtual disks and electrical transmission method thereof
WO2016155282A1 (en) Storage partition method and terminal
US20050044330A1 (en) System, apparatus and method for controlling a storage device
TW202203061A (en) Machine including key-value storage device, block interface emulation method and article comprising non-transitory storage medium
WO2022068298A1 (en) Usb flash disk access method and usb flash disk
US11941264B2 (en) Data storage apparatus with variable computer file system
CN112861194A (en) Storage device
WO2023273803A1 (en) Authentication method and apparatus, and storage system
CN117544336A (en) Device access method, data exchange method and related devices
JP2003345658A (en) Storage centralized management method
CN111400778A (en) Encryption method, system, equipment and medium for virtual disk file
US11914879B2 (en) Storage controller and storage system comprising the same
US11941261B2 (en) Storage device
US20240020426A1 (en) Storage device having an rpmb reset function and rpmb management method thereof
EP3979111A1 (en) File system protection apparatus and method in auxiliary storage device
US20170185537A1 (en) Data storage device and control method thereof
CN114329434A (en) Equipment data reading method and device and data access system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21873960

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21873960

Country of ref document: EP

Kind code of ref document: A1