CN110826099A - Safe storage method and system suitable for embedded real-time operating system - Google Patents
Safe storage method and system suitable for embedded real-time operating system Download PDFInfo
- Publication number
- CN110826099A CN110826099A CN201911046651.3A CN201911046651A CN110826099A CN 110826099 A CN110826099 A CN 110826099A CN 201911046651 A CN201911046651 A CN 201911046651A CN 110826099 A CN110826099 A CN 110826099A
- Authority
- CN
- China
- Prior art keywords
- virtual disk
- storage area
- file
- secure storage
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000013507 mapping Methods 0.000 claims abstract description 20
- 238000012545 processing Methods 0.000 claims abstract description 10
- 238000002347 injection Methods 0.000 claims abstract description 5
- 239000007924 injection Substances 0.000 claims abstract description 5
- 231100000279 safety data Toxicity 0.000 claims description 4
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000011161 development Methods 0.000 abstract description 4
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000013500 data storage Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000009849 deactivation Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/13—File access structures, e.g. distributed indices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/162—Delete operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/188—Virtual file systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a safe storage method and a system suitable for an embedded real-time operating system, which comprises the following steps: creating a file in a file system of an embedded system, abstracting the created file into a virtual disk, wherein the file is used as a storage entity of the virtual disk, registering the virtual disk to an I/O subsystem of an operating system, and finally forming a safe storage area after processing such as safety information injection, formatting, file system mounting and the like; through the mapping relation between the secure storage area and the virtual disk, files or data written into the secure storage area are encrypted and then stored into the virtual disk; the read safe storage area file or data is obtained after being taken out from the virtual disk and subjected to decryption processing through the mapping relation between the safe storage area and the virtual disk; and (4) logging out the secure storage area, deleting the virtual disk and releasing the physical space. The method improves the information security of the embedded real-time operating system, has better portability, can reduce the development cost and improve the development efficiency.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a secure storage method and a secure storage system suitable for an embedded real-time operating system.
Background
In recent years, embedded operating systems have been developed rapidly and are applied more and more widely, more and more important information is stored in embedded systems, and the information security problem is very important. Without protecting important information, a huge loss may be caused once a loss, an illegal attack, or other situations of the storage device occur.
The data storage function of the embedded operating system itself does not have security. When a user and an application program access data, a file is read and written by calling a file operation interface of a standard C library or an I/O subsystem, an operating system finally calls a device driver to access the data through a file system and the I/O system, and a hardware control layer provides conversion between a logical address and a physical address required by data storage, so that the user and the application program read and write the data on a physical storage medium. In the whole process, the safety of important information is not protected, and all data and files are transmitted in a plaintext form.
Conventional embedded operating system secure storage tends to focus on the non-volatility of data. For example, publication numbers are: the patent of CN103559144A discloses a method for securely storing data in an embedded system, which includes the following steps: scanning block information in NandFlash after starting, marking and skipping bad blocks in the block information, scanning label information of pages in the block information when scanning non-bad blocks, and establishing a mapping table of physical addresses and logical addresses according to the label information; storing a mapping table of a physical address and a logical address into a specific block of NandFlash; and finding out a physical address according to the input logical address to read and write data, and directly loading the content in the data structure in the NandFlash into the RAM when starting next time. The safety storage cannot prevent the data leakage risk caused by hardware equipment loss or human factors, and the like, and the safety storage refers to that: by encrypting the stored data, an unauthorized user, namely a user or an application program which does not specify the encryption disk key cannot read the file and the data in the encryption disk, so that the secure storage of the embedded real-time operating system is realized.
The existing safe storage schemes mainly have three types: volume encryption mode, file system encryption mode.
Volume encryption mode. The volume encryption mode refers to Disk encryption (Disk encryption with only one partition), and some Disk encryption systems encrypt or decrypt data written or read from a Disk at a Device driver layer, including Secure Device, Secure Drive, Secure File System, and PGP Disk. The volume encryption mode is related to device drivers, and encryption and decryption mechanisms need to be added to the driver of each storage device, and in addition, all directories and files in the same disk volume can be encrypted or not encrypted. For an embedded operating system, the device driver needs to be modified to add encryption and decryption functions every time the storage device is changed, so that the mode portability is weak. In addition, encrypting files that do not need to be encrypted in the same disk volume results in waste of system resources and insufficient flexibility.
And (5) a file encryption mode. To achieve end-to-end encryption strength, some secure storage systems encrypt data at the presentation layer or the application layer, mainly by modifying a file operation interface of the I/O layer. Mandatory encryption on an application layer requires an operating system to add a set of file encryption and decryption operation interfaces, namely, an encryption writing and decryption reading interface is added on the basis of an original reading and writing interface, which requires rewriting all application programs using encrypted files. For embedded systems, this secure storage scheme is costly and poorly portable.
File system encryption mode. The file system encryption mode is mainly to add a set of new encrypted file system, and can also be understood as adding encryption and decryption functions to realize the encrypted storage of files on the basis of the original format file system, and all files are encrypted and decrypted locally by the file system. The mode needs to depend on the implementation of the file system, the transportability is not high for file systems of different formats, the encryption and decryption of the whole file system have heavy load on the system, the system performance is affected, and the mode cannot be suitable for an embedded real-time system with high performance requirements.
Based on the defects, the invention provides a file-based virtual volume encryption method to realize safe storage on an embedded real-time operating system. Aiming at the characteristics of an embedded real-time operating system, the method can be completely decoupled with a device driver, an I/O subsystem and a file system, the original habit of file operation is not required to be changed, the method can be applied to the file system with any format, can be stored on any storage medium, and has the advantages of easy portability, tailorability, high flexibility and the like, so the method is named as virtual volume encryption safe storage.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a safe storage method and a system suitable for an embedded real-time operating system.
The invention provides a safe storage method suitable for an embedded real-time operating system, which comprises the following steps:
a step of creating a secure storage area: creating a file in a file system of an embedded system, wherein the created file is abstracted into a virtual disk, and the file is used as a storage entity of the virtual disk; registering the virtual disk to an I/O subsystem of an operating system, and finally forming a safe storage area after the processes of safe information injection, formatting, mounting and the like;
and a step of safely writing data: through the mapping relation between the secure storage area and the virtual disk, files or data written into the secure storage area are encrypted and then stored into the virtual disk;
and a safety data reading step: and the read safe storage area file or data is obtained after decryption processing after being taken out from the virtual disk through the mapping relation between the safe storage area and the virtual disk.
Preferably, the secure storage area creating step includes: and creating virtual disks with corresponding sizes and quantities according to the actual application requirements, and setting keys of the virtual disks.
Preferably, the step of creating the secure storage area further comprises: and carrying out safe formatting on the created virtual disk, and mounting the virtual disk to a file system with any format.
Preferably, the step of securely writing data and the step of securely reading data include: and writing and reading data by calling a standard C library or a standard file operation interface of the I/O subsystem.
Preferably, the method further comprises the following steps:
a safe storage area deleting step: and (3) logging out the secure storage area, removing the mapping relation between the secure storage area and the virtual disk, deleting the virtual disk, namely the storage entity file of the virtual disk, and releasing the physical space occupied by the secure storage area.
The invention provides a safe storage system suitable for an embedded real-time operating system, which comprises:
a secure storage area creation module: creating a file in a file system of an embedded system in any format, wherein the created file is abstracted into a virtual disk, and the file is used as a storage entity of the virtual disk; registering the virtual disk to an I/O subsystem of an operating system, and finally forming a safe storage area after the processes of safe information injection, formatting, mounting and the like;
a secure write data module: through the mapping relation between the secure storage area and the virtual disk, files or data written into the secure storage area are encrypted and then stored into the virtual disk;
the safety data reading module: and the read safe storage area file or data is obtained after decryption processing after being taken out from the virtual disk through the mapping relation between the safe storage area and the virtual disk.
Preferably, the secure storage area creating module includes: and creating virtual disks with corresponding sizes and quantities according to the actual application requirements, and setting keys of the virtual disks.
Preferably, the secure storage area creating module further includes: and carrying out safe formatting on the created virtual disk, and mounting the virtual disk to a file system with any format.
Preferably, the secure write data module and the secure read data module include: and writing and reading data by calling a standard C library or a standard file operation interface of the I/O subsystem.
Preferably, the method further comprises the following steps:
a secure storage area deletion module: and (3) logging out the secure storage area, removing the mapping relation between the secure storage area and the virtual disk, deleting the virtual disk, namely the storage entity file of the virtual disk, and releasing the physical space occupied by the secure storage area.
Compared with the prior art, the invention has the following beneficial effects:
1) the information security of the embedded real-time operating system is improved, important information can be stored in an encrypted mode, and risks possibly brought by loss of storage equipment are reduced.
2) The system can be applied to file systems with any format for system engineers and can be stored on any storage medium.
3) The system has the advantages of easy portability, tailorability and high flexibility, is suitable for various embedded systems, can reduce development cost and improve development efficiency.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is an overall architecture diagram of the present invention;
FIG. 2 is a flow diagram of the secure storage area creation of the present invention;
FIG. 3 is a timing diagram of data reading and writing according to the present invention.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
As shown in fig. 1, the present invention provides a file-based virtual volume encryption method, including:
1. secure storage area creation
The creation flow of the secure storage area is shown in fig. 2.
In an embedded operating system, generally, a physical storage medium is registered as a standard block device through an operating system I/O subsystem, a bare read-write driver of the physical storage medium is used as a read-write interface of the standard block device, and is executed by using a callback function, and parameters such as block size and capacity of the physical storage medium are set, and then the block device is mounted to a file system, and a user or an application program accesses the block device through the file system, that is, calls the bare read-write driver to access disk data on the physical storage medium.
Similarly, the method creates a file in a file system of the embedded system, the created file is abstracted into a virtual disk, the virtual disk is registered as a standard block device through the I/O subsystem, and the file is used as a storage entity of the block device. And the read-write interface of the virtual disk is the read-write interface of the block device, safety information such as basic attributes, keys and the like is injected into the block device, then the block device is formatted and mounted to a file system, and finally a safety storage area is formed.
The process that the virtual disk is registered as standard block equipment can register the safe read-write interface of the virtual disk as a read-write callback function of the block equipment, the operation is equivalent to the process that a block equipment driving interface registers the read-write callback function in an embedded operating system, and the difference is that the block equipment is formed by abstracting files and is not physical storage equipment. When the application program accesses the virtual disk, the secure read-write interface is executed through the registered block device callback function, and encryption write/decryption read operation is performed on the virtual disk, namely the storage entity file of the virtual disk by taking block as a unit, so that data in the virtual disk is an encrypted ciphertext.
The virtual disk can be abstracted based on any file in the system, the file does not depend on a file system format and a physical storage medium, and a one-to-one mapping relation is established between the file and the virtual disk. Therefore, the creation of the safe storage area does not need to modify an I/O subsystem to increase a file operation interface and modify a storage device driver, and the problem of poor portability of a volume encryption mode on an embedded real-time operating system is solved.
Under the condition of sufficient physical space, a user or an application program can create n files on different file systems based on different physical storage media according to the actual application requirements of the embedded system, abstract the n files into n virtual disks, and further create n safe storage areas with different capacities. Different keys can be set in the secure storage areas, so that separate storage of different secure information is realized, and the problems of insufficient flexibility and the like caused by fixed volume encryption storage capacity are solved.
2. Secure reading and writing of data
The timing diagram for the secure reading and writing of data is shown in fig. 3.
Safe writing: and calling a registered block device callback function to execute the safe write operation by using a standard file operation interface of a standard C library and an I/O subsystem through the mapping relation between the safe storage area and the virtual disk by a user or an application program, and storing the file or data written into the safe storage area into the virtual disk after encryption processing.
And (4) safe reading: and calling a registered block device callback function to execute a secure read operation by a user or an application program through a mapping relation between a secure storage area and the virtual disk by using a standard file operation interface of a standard C library and an I/O subsystem, and reading a secure storage area file or data obtained after decryption processing and taken out from the virtual disk.
The data security read-write is realized by calling a standard file operation interface of a standard C library or an I/O subsystem, a file system does not need to be modified, and a user or an application program does not need to increase the file operation interface to adapt to the function of security storage, so that the problem that the portability of a file encryption mode and a file system encryption mode on an embedded real-time operation system is not high is solved.
For a user or an application program, the file and the data in the secure storage area accessed by using the standard interface are not different from the file and the data in the ordinary file system, but the difference is that the data accessed to the secure storage area is encrypted and decrypted, the plaintext subjected to the decryption is seen in the operating system, and the file and the data in the secure storage area and the secure storage area cannot be obtained outside the operating system, so that the leakage of the stored information cannot be caused due to the loss of physical equipment.
3. Configurable items
In the practical application of the embedded system, the requirements of different use scenes on the safe storage function are different, and the invention provides a series of configurable items to realize the customization of the safe storage function of the embedded operating system.
Configurable items include configuration of secure storage parameters, and overall activation/deactivation of secure storage functions.
The secure storage configurable parameters include: the method comprises the steps of carrying equipment information, storage capacity, the number of virtual disks, encryption and decryption algorithms, key specifications and the like.
The bearing equipment information refers to a physical storage medium where a storage entity file corresponding to the virtual disk is located, provides an actual storage space for the virtual disk, and can be set according to the existing storage equipment of the embedded operating system.
The storage capacity refers to the capacity of the virtual disk, and the capacity cannot exceed the free capacity of the bearing device.
The number of virtual disks corresponds to the number of secure storage areas to be created.
The encryption and decryption algorithm refers to an algorithm used for encrypting and decrypting data, such as AES, DES and the like.
The key specification refers to the length of a corresponding key set after an encryption and decryption algorithm is selected, and the key specification can be selected in a compromise mode after data security and performance influence on an embedded system are comprehensively considered.
In security-insensitive application scenarios, the embedded real-time operating system may not require secure storage functionality, which requires that the secure storage functionality can be enabled/disabled as a whole. In the invention, the safe storage code is completely decoupled from the kernel of the operating system, can be independently made into a library, can be added when a safe storage function is needed, and can be cancelled when the safe storage function is not needed, thereby avoiding code redundancy and solving the problem of tailorability of the safe storage in the embedded real-time operating system.
4. Secure storage area deletion
After the virtual disk is used for a period of time, if a certain safe storage area is not needed any more, the safe storage area can be annotated and sold, the mapping relation between the safe storage area and the virtual disk is released, the virtual disk, namely the storage entity file of the virtual disk, is deleted, and the physical space occupied by the safe storage area is released.
Examples
Take an example in which one storage device is an SATA hard disk and the file system is an embedded real-time operating system of FAT. A user or an application first configures secure storage parameters including bearer equipment information (SATA), storage capacity (e.g., 10M), number of virtual disks, encryption/decryption algorithm (e.g., DES), key specification, and the like. And adding the secure storage into the embedded operating system, starting the system, and initializing the secure storage module for the first time.
When the initialization is carried out for the first time, parameter checking or system resource checking is carried out, if the conditions that the parameters are illegal, the idle capacity of the bearing equipment is insufficient or the bearing equipment cannot be accessed and the like occur, the establishment of the safe storage area fails, and if the conditions are not successful, the establishment is successful. After the virtual disk is successfully created, the virtual disk is registered as a block device to the I/O subsystem, the writing operation of safety information such as basic information, a secret key and the like is carried out, and the virtual disk is formatted and then mounted to the FAT file system. At this time, the user and the application program can normally access the secure storage area to read and write data. After the system is restarted, the secure storage which has completed the first initialization will not perform the operations of resource check, secure information write and formatting, and the related information such as the key will not be modified again after the first initialization.
Those skilled in the art will appreciate that, in addition to implementing the system and its various devices, modules, units provided by the present invention as pure computer readable program code, the system and its various devices, modules, units provided by the present invention can be fully implemented by logically programming method steps in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units included in the system for realizing various functions can also be regarded as structures in the hardware component; means, modules, units for performing the various functions may also be regarded as structures within both software modules and hardware components for performing the method.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (10)
1. A secure storage method suitable for an embedded real-time operating system is characterized by comprising the following steps:
a step of creating a secure storage area: creating a file in a file system of an embedded system, wherein the created file is abstracted into a virtual disk, and the file is used as a storage entity of the virtual disk; registering the virtual disk to an I/O subsystem of an operating system, and finally forming a safe storage area after processing such as safe information injection, formatting, file system mounting and the like;
and a step of safely writing data: through the mapping relation between the secure storage area and the virtual disk, files or data written into the secure storage area are encrypted and then stored into the virtual disk;
and a safety data reading step: and the read safe storage area file or data is obtained after decryption processing after being taken out from the virtual disk through the mapping relation between the safe storage area and the virtual disk.
2. The secure storage method applicable to the embedded real-time operating system according to claim 1, wherein the secure storage area creating step comprises: and creating virtual disks with corresponding sizes and quantities according to the actual application requirements, and setting keys of the virtual disks.
3. The secure storage method applicable to the embedded real-time operating system according to claim 1, wherein the secure storage area creating step further comprises: and carrying out safe formatting on the created virtual disk, and mounting the virtual disk to a file system with any format.
4. The secure storage method applicable to the embedded real-time operating system according to claim 1, wherein the step of securely writing data and the step of securely reading data comprise: and writing and reading data by calling a standard C library or a standard file operation interface of the I/O subsystem.
5. The secure storage method applicable to the embedded real-time operating system according to claim 1, further comprising:
a safe storage area deleting step: and (3) logging out the secure storage area, removing the mapping relation between the secure storage area and the virtual disk, deleting the virtual disk, namely the storage entity file of the virtual disk, and releasing the physical space occupied by the secure storage area.
6. A secure storage system adapted for use with an embedded real-time operating system, comprising:
a secure storage area creation module: creating a file in a file system of an embedded system, wherein the created file is abstracted into a virtual disk, and the file is used as a storage entity of the virtual disk; registering the virtual disk to an I/O subsystem of an operating system, and finally forming a safe storage area after processing such as safe information injection, formatting, file system mounting and the like;
a secure write data module: through the mapping relation between the secure storage area and the virtual disk, files or data written into the secure storage area are encrypted and then stored into the virtual disk;
the safety data reading module: and the read safe storage area file or data is obtained after decryption processing after being taken out from the virtual disk through the mapping relation between the safe storage area and the virtual disk.
7. The secure storage system adapted for the embedded real-time operating system of claim 6, wherein the secure storage area creation module comprises: and creating virtual disks with corresponding sizes and quantities according to the actual application requirements, and setting keys of the virtual disks.
8. The secure storage system adapted for use with an embedded real-time operating system of claim 6, wherein the secure storage creation module further comprises: and carrying out safe formatting on the created virtual disk, and mounting the virtual disk to a file system with any format.
9. The secure storage system adapted for the embedded real-time operating system of claim 6, wherein the secure write data module and the secure read data module comprise: and writing and reading data by calling a standard C library or a standard file operation interface of the I/O subsystem.
10. The secure storage system for embedded real-time operating system of claim 6, further comprising:
a secure storage area deletion module: and (3) logging out the secure storage area, removing the mapping relation between the secure storage area and the virtual disk, deleting the virtual disk, namely the storage entity file of the virtual disk, and releasing the physical space occupied by the secure storage area.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911046651.3A CN110826099A (en) | 2019-10-30 | 2019-10-30 | Safe storage method and system suitable for embedded real-time operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911046651.3A CN110826099A (en) | 2019-10-30 | 2019-10-30 | Safe storage method and system suitable for embedded real-time operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110826099A true CN110826099A (en) | 2020-02-21 |
Family
ID=69551549
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911046651.3A Pending CN110826099A (en) | 2019-10-30 | 2019-10-30 | Safe storage method and system suitable for embedded real-time operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110826099A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112380548A (en) * | 2020-11-13 | 2021-02-19 | 杭州弗兰科信息安全科技有限公司 | Data storage method, system, equipment and readable storage medium |
| CN113326526A (en) * | 2021-06-23 | 2021-08-31 | 杭州弗兰科信息安全科技有限公司 | Data access method, device, equipment and storage medium |
| CN114281431A (en) * | 2020-09-28 | 2022-04-05 | 阿里巴巴集团控股有限公司 | Function calling method, device, medium, embedded equipment and operating system |
| CN114327276A (en) * | 2021-12-29 | 2022-04-12 | 上海蜂哈网络科技有限公司 | Construction method, device, equipment and medium of blockchain file system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103336669A (en) * | 2013-05-21 | 2013-10-02 | 华中科技大学 | I/O scheduling method based on internal parallelism of solid state disk and scheduler |
| EP3079093A1 (en) * | 2015-04-10 | 2016-10-12 | Samsung Electronics Co., Ltd. | Methods and apparatus to enable runtime checksum verification of block device images |
| CN109325355A (en) * | 2018-01-11 | 2019-02-12 | 白令海 | Mobile terminal data method for secure storing based on virtual disk |
-
2019
- 2019-10-30 CN CN201911046651.3A patent/CN110826099A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103336669A (en) * | 2013-05-21 | 2013-10-02 | 华中科技大学 | I/O scheduling method based on internal parallelism of solid state disk and scheduler |
| EP3079093A1 (en) * | 2015-04-10 | 2016-10-12 | Samsung Electronics Co., Ltd. | Methods and apparatus to enable runtime checksum verification of block device images |
| CN109325355A (en) * | 2018-01-11 | 2019-02-12 | 白令海 | Mobile terminal data method for secure storing based on virtual disk |
Non-Patent Citations (1)
| Title |
|---|
| 王春海: "《VMware虚拟化与云计算应用案例详解》", 电脑报电子音像出版社, pages: 271 - 273 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114281431A (en) * | 2020-09-28 | 2022-04-05 | 阿里巴巴集团控股有限公司 | Function calling method, device, medium, embedded equipment and operating system |
| CN112380548A (en) * | 2020-11-13 | 2021-02-19 | 杭州弗兰科信息安全科技有限公司 | Data storage method, system, equipment and readable storage medium |
| CN113326526A (en) * | 2021-06-23 | 2021-08-31 | 杭州弗兰科信息安全科技有限公司 | Data access method, device, equipment and storage medium |
| CN114327276A (en) * | 2021-12-29 | 2022-04-12 | 上海蜂哈网络科技有限公司 | Construction method, device, equipment and medium of blockchain file system |
| CN114327276B (en) * | 2021-12-29 | 2025-04-01 | 上海简苏网络科技有限公司 | Method, device, equipment and medium for constructing blockchain file system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2335181B1 (en) | External encryption and recovery management with hardware encrypted storage devices | |
| CN110826099A (en) | Safe storage method and system suitable for embedded real-time operating system | |
| US20080232592A1 (en) | Method and apparatus for performing selective encryption/decryption in a data storage system | |
| US20100058066A1 (en) | Method and system for protecting data | |
| US20090164709A1 (en) | Secure storage devices and methods of managing secure storage devices | |
| US10783041B2 (en) | Backup and recovery of data files using hard links | |
| US7818567B2 (en) | Method for protecting security accounts manager (SAM) files within windows operating systems | |
| JP2005303981A (en) | Method and apparatus for encryption conversion in data storage system | |
| CN103765429A (en) | Digital signing authority dependent platform secret | |
| US7114053B2 (en) | Virtual-to-physical address conversion in a secure system | |
| WO2022086603A1 (en) | Data storage device encryption | |
| CN105630965A (en) | System and method for securely deleting file from user space on mobile terminal flash medium | |
| US10642984B2 (en) | Secure drive and method for booting to known good-state | |
| US9235532B2 (en) | Secure storage of full disk encryption keys | |
| US9195398B2 (en) | Information storage device and method | |
| US20050193195A1 (en) | Method and system for protecting data of storage unit | |
| CN111222152B (en) | Data writing method, device, equipment and storage medium | |
| CN107861892B (en) | Method and terminal for realizing data processing | |
| US12058259B2 (en) | Data storage device encryption | |
| CN118228292B (en) | Data encryption method, system and device based on OCI (optical code interface) driving agent | |
| KR20090019484A (en) | Clipboard Security Method | |
| US20180314837A1 (en) | Secure file wrapper for tiff images | |
| CN109583197B (en) | Trusted overlay file encryption and decryption method | |
| RU2580014C2 (en) | System and method for changing mask of encrypted region during breakdown in computer system | |
| CN110681153B (en) | Game archive management system, method, computer device, and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |