CN101308700A - Divulging secret prevention U disk - Google Patents
Divulging secret prevention U disk Download PDFInfo
- Publication number
- CN101308700A CN101308700A CNA200810123379XA CN200810123379A CN101308700A CN 101308700 A CN101308700 A CN 101308700A CN A200810123379X A CNA200810123379X A CN A200810123379XA CN 200810123379 A CN200810123379 A CN 200810123379A CN 101308700 A CN101308700 A CN 101308700A
- Authority
- CN
- China
- Prior art keywords
- disk
- user
- leakage
- information
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an anti-leakage U-disk. The I/O terminals of the USB control interface of the U-disk are correspondingly connected with the I/O terminals of a controller. The output terminals of the controller are correspondingly connected with the input terminals of a normal block, a hiding block and a private block. The anti-leakage U-disk has the advantages that: adopting a special USB controller with special control function and special read-write interfaces, the anti-leakage U-disk prevents malicious programs from contacting the files of the user, and unauthorized users can not access to the files. Malicious programs can not infect the anti-leakage U-disk, thus preventing the spreading of the malicious programs. The authentification information and the authorization message of the user are stored in the private block and unauthorized users have no access to information and message, thus totally avoiding authentification of the user through deciphering by software. The operation of the anti-leakage U-disk features that a plurality of monitoring points are inserted into the Windows inner core to monitor the data operation behavior of the user. Totally different from current encrypted U-disks, the anti-leakage U-disk described by the invention is capable of monitoring during the whole operation of the user so as to prevent illegal data leakage.
Description
Technical field
What the present invention relates to is the Divulging secret prevention U disk that is used for mobile memory information Confidentiality protection, belongs to the Computer Applied Technology field.
Technical background
The safety information product of existing market main flow has the access control class: network and host firewall etc.; Detect the protection class: main frame and network invasion monitoring and intrusion prevention system (IPS), anti-virus anti-Trojan product, security audit product; Cryptographic technique series products: authentification of user series products such as fingerprint recognition product, password product, Public Key Infrastructure or the like.In the computing machine of widely used Windows operating system, Unix operating system, (SuSE) Linux OS, these products can help to discern the user of using system, make unauthorized user can not enter computer system.
For the user's of a mandate behavior, the protective equipment of existing information security is controlled just seldom.For example, financial information may be left concentratedly on a server, have only the financial staff of mandate to visit, if the financial staff of a mandate visits the file on the server of financial information, be temporarily stored in the computing machine of oneself, handle, and then upload to the financial information server and get on, the file that is temporarily stored in oneself the computing machine forms diffusion easily, even has the outside that chance is leaked to enterprise, and this is that the person in charge of enterprise worries and thorny thing.Similar problem comprises: the customer information of enterprise, technical information, the sensitive information of government's inter-process, technical information of National defense enterprise or the like, these information all need authorized persons such as secretary, employee to handle, and these information are often stayed on these employees' the computing machine, these terminals have a large capacity and a wide range, and system environments complexity, different very easily causes leakage.The way that solves this class problem at present mainly is the host terminal system reinforcement, the equipment of control computer terminal and input and output, anti-Trojan anti-virus, security audit or the like.These measures are often made troubles to the user, and circumstance complication is various, often leave leak.Therefore, measure such as common authentification of user, autonomous access control is difficult to the security of the information that ensures.
Summary of the invention
The Divulging secret prevention U disk that purpose of the present invention is intended to adopt the USB controller of special control function and special read-write interface to make.Use user's data to handle behavior by watchdog routine complete monitoring specific on this USB flash disk; The control strategy that the keeper formulates is set and thinks that the keeper provides using user's behavior audit by supervisory routine, the method for comprehensive software and hardware prevents that the information in the USB flash disk from illegally divulging a secret.
Technical solution of the present invention: corresponding the joining of I/O end that it is characterized in that output/input end with the controller of USB control interface; The output terminal of controller respectively with corresponding joining of input end of normal areas, hidden area, privacy areas.
Advantage of the present invention: first: make rogue program can't directly touch the user's data file by the USB controller that adopts special control function and special read-write interface, unauthorized user also can't touch subscriber data file.Rogue program just can't infect Divulging secret prevention U disk like this, has prevented the propagation of rogue program.Second: user's authentication information and authorization message are all in privacy areas, and unauthorized user can't obtain these information, have thoroughly stopped to walk around authentification of user by the mode that software cracks.The 3rd, the Divulging secret prevention U disk operation is to have inserted a plurality of control points in the Windows kernel, and the user's data operation behavior is used in monitoring, and is different fully with the theory of existing encrypted U disk, can carry out the monitoring of overall process, and the information that prevents is illegally revealed.
Description of drawings
Accompanying drawing 1 is the structural representation of Divulging secret prevention U disk.
Embodiment
Contrast accompanying drawing 1, its structure is corresponding the joining of I/O end of output/input end with the controller of USB control interface; The output terminal of controller respectively with corresponding joining of input end of normal areas, hidden area, privacy areas.
Described USB control interface is provided with the data partition of Flash storer, and this data partition comprises normal areas, hidden area, privacy areas.
Described normal areas is to implant landing program, and normal areas is configured to read-only.It can make rogue program infect.
Described privacy areas is to preserve user's information and user authentication information, and it can't read.
Described is that hidden area is the information of implant monitor program, and it also can't read.
Described controller USB controller (model C BM209X).
During use, the interface accessing password is set, like this data field that rogue program and non-administrator can't the direct read USB flash disks; By the control interface of USB the data partition of Flash storer is set, is divided into normal areas, hidden area, privacy areas; The user that can use Divulging secret prevention U disk is set, user's information and user authentication information is kept at privacy areas; The authority of authorized user is set, and authority is divided into: be limited in Divulging secret prevention U disk inediting file permission, copy file in the Divulging secret prevention U disk authority from computing machine, with the authority of the document copying in the Divulging secret prevention U disk in the computing machine, the authority of managing log information; Watchdog routine is implanted the hidden area of Divulging secret prevention U disk, and landing program is implanted normal areas, and normal areas is set to read-only.
The insertion of Divulging secret prevention U disk: according to the Divulging secret prevention U disk that said process is made, when inserting computing machine, operating system can only be discerned normal areas, and normal areas is read-only, and rogue program can't infect normal areas.Hidden partition and privacy areas are to read.
The use of authorized user: (1) user's first step is unique, and what can do is to carry out landing program to carry out authentification of user.(2) user loads watchdog routine by authentication back landing program, and operating under the watchdog routine of user carried out, and is subjected to strict control, and the flow direction of strict control data prevents leakage of data.
So the user has only by the landing program that is placed on normal areas and lands, after authentification of user, just can be by the data on service routine on the Divulging secret prevention U disk and the watchdog routine accesses disk.The watchdog routine of Divulging secret prevention U disk can be handled data according to the user of gerentocratic tactful complete monitoring Divulging secret prevention U disk: can forbid/allow using the user with other storage areas outside the USB flash disk of the copying data in the USB flash disk; Can forbid/allow using the user with the copying data outside the USB flash disk among USB flash disk; Can limit Divulging secret prevention U disk can use on which computing machine, and when using on the computing machine outside this scope, the watchdog routine of Divulging secret prevention U disk forbids opening the passage of hidden area and privacy areas, thereby can't use.
The keeper can be provided with the user of different authority such as data processing user, data importing user, data derivation user, audit user by supervisory routine, and access times, term of life, usable range, printing control, networking control strategy etc. are set.
Claims (5)
1, Divulging secret prevention U disk is characterized in that corresponding joining of I/O end of output/input end with the controller of USB control interface; The output terminal of controller respectively with corresponding joining of input end of normal areas, hidden area, privacy areas.
2, Divulging secret prevention U disk according to claim 1 is characterized in that described USB control interface is provided with the data partition of Flash storer, and this data partition comprises normal areas, hidden area, privacy areas.
3, Divulging secret prevention U disk according to claim 1 is characterized in that described normal areas is to implant landing program, and normal areas is configured to read-only.
4, Divulging secret prevention U disk according to claim 1 is characterized in that described privacy areas is to implant user's information and user authentication information, and it can't read.
5, Divulging secret prevention U disk according to claim 1, it is characterized in that described is that hidden area is the information of implant monitor program, it also can't read.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200810123379XA CN101308700A (en) | 2008-06-16 | 2008-06-16 | Divulging secret prevention U disk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200810123379XA CN101308700A (en) | 2008-06-16 | 2008-06-16 | Divulging secret prevention U disk |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101308700A true CN101308700A (en) | 2008-11-19 |
Family
ID=40125087
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200810123379XA Pending CN101308700A (en) | 2008-06-16 | 2008-06-16 | Divulging secret prevention U disk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101308700A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101807424A (en) * | 2010-03-03 | 2010-08-18 | 孟晋 | Multifunctional U disk and U disk system |
| CN103207976A (en) * | 2013-01-25 | 2013-07-17 | 贵州信安达科技有限公司 | Mobile storage file leakage-preventing method and confidential U-disk based on same |
| CN103390125A (en) * | 2013-07-19 | 2013-11-13 | 丁贤根 | Design method for safe and mobile storage controller authorized and encrypted/decrypted by wireless terminal |
| CN103544419A (en) * | 2012-07-17 | 2014-01-29 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN104064210A (en) * | 2013-11-14 | 2014-09-24 | 苏州天趣信息科技有限公司 | USB (universal serial bus) flash drive and using method thereof |
| CN107358110A (en) * | 2017-07-24 | 2017-11-17 | 山东华芯半导体有限公司 | Mobile terminal USB flash disk based on the close safety chip of state and its communication means with Android device |
| WO2020082811A1 (en) * | 2018-10-26 | 2020-04-30 | 深圳大普微电子科技有限公司 | Storage method and apparatus having hidden partition, and host device |
-
2008
- 2008-06-16 CN CNA200810123379XA patent/CN101308700A/en active Pending
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101807424A (en) * | 2010-03-03 | 2010-08-18 | 孟晋 | Multifunctional U disk and U disk system |
| CN101807424B (en) * | 2010-03-03 | 2013-04-10 | 孟晋 | Multifunctional USB flash disk and USB flash disk system |
| CN103544419A (en) * | 2012-07-17 | 2014-01-29 | 联想(北京)有限公司 | Control method and electronic equipment |
| CN103207976A (en) * | 2013-01-25 | 2013-07-17 | 贵州信安达科技有限公司 | Mobile storage file leakage-preventing method and confidential U-disk based on same |
| CN103207976B (en) * | 2013-01-25 | 2016-04-27 | 贵州信安达科技有限公司 | Mobile storage file prevents the method for divulging a secret and the secret USB flash disk based on the method |
| CN103390125A (en) * | 2013-07-19 | 2013-11-13 | 丁贤根 | Design method for safe and mobile storage controller authorized and encrypted/decrypted by wireless terminal |
| CN103390125B (en) * | 2013-07-19 | 2016-01-06 | 丁贤根 | Design method of safety mobile storage controller using wireless terminal authorization and encryption and decryption |
| CN104064210A (en) * | 2013-11-14 | 2014-09-24 | 苏州天趣信息科技有限公司 | USB (universal serial bus) flash drive and using method thereof |
| CN107358110A (en) * | 2017-07-24 | 2017-11-17 | 山东华芯半导体有限公司 | Mobile terminal USB flash disk based on the close safety chip of state and its communication means with Android device |
| WO2020082811A1 (en) * | 2018-10-26 | 2020-04-30 | 深圳大普微电子科技有限公司 | Storage method and apparatus having hidden partition, and host device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7545419B2 (en) | Ransomware Mitigation in Integrated and Isolated Applications | |
| US11947688B2 (en) | Secure computing system | |
| US10162975B2 (en) | Secure computing system | |
| CN102034052B (en) | Operation system architecture based on separation of permissions and implementation method thereof | |
| CN110287739B (en) | Data security management method and system based on hardware private key storage technology | |
| US8782782B1 (en) | Computer system with risk-based assessment and protection against harmful user activity | |
| CN101308700A (en) | Divulging secret prevention U disk | |
| US20110126293A1 (en) | System and method for contextual and behavioral based data access control | |
| Kaghazgaran et al. | Toward an Insider Threat Detection Framework Using Honey Permissions. | |
| CN107273725A (en) | A kind of data back up method and system for classified information | |
| Peisert et al. | Dynamic, flexible, and optimistic access control | |
| CN102098313A (en) | Waterproof wall system and authentication method thereof | |
| DRAKE et al. | Healthcare cybersecurity vulnerabilities | |
| Lee et al. | A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services | |
| KR102004505B1 (en) | System for real-time protection of computer storage devices using user behavior analysis and control method thereof | |
| Simeon et al. | Smart phone security threats and risk mitigation strategies | |
| Cho et al. | User credential cloning attacks in android applications: exploiting automatic login on android apps and mitigating strategies | |
| Zeybek et al. | A study on security awareness in mobile devices | |
| RU2311676C2 (en) | Method for providing access to objects of corporate network | |
| CN112000953A (en) | Big data terminal safety protection system | |
| KR101636802B1 (en) | File management method and system for preventing security incident by portable memory | |
| RU2817533C1 (en) | Method and system for unidirectional data transmission between computing devices | |
| Guo et al. | Research on risk analysis and security testing technology of mobile application in power system | |
| KR20110098983A (en) | Secure smartphones and solutions or programs that block hacking with removable IC card controls | |
| Paul | Identity-Centric Security for Cloud Workloads: A Zero-Trust Approach to Cyber Threats |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20081119 |