[go: up one dir, main page]

CN112084524A - U disk access method and U disk - Google Patents

U disk access method and U disk Download PDF

Info

Publication number
CN112084524A
CN112084524A CN202011065234.6A CN202011065234A CN112084524A CN 112084524 A CN112084524 A CN 112084524A CN 202011065234 A CN202011065234 A CN 202011065234A CN 112084524 A CN112084524 A CN 112084524A
Authority
CN
China
Prior art keywords
access
instruction
disk
data
apdu
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011065234.6A
Other languages
Chinese (zh)
Other versions
CN112084524B (en
Inventor
宁姣
张程程
袁艳芳
张磊
高志洲
杨峰
谷思庭
刘佳易
王晖南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Marketing Service Center of State Grid Shanxi Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Marketing Service Center of State Grid Shanxi Electric Power Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, Beijing Smartchip Microelectronics Technology Co Ltd, Marketing Service Center of State Grid Shanxi Electric Power Co Ltd, Beijing Smartchip Semiconductor Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202011065234.6A priority Critical patent/CN112084524B/en
Publication of CN112084524A publication Critical patent/CN112084524A/en
Priority to PCT/CN2021/103492 priority patent/WO2022068298A1/en
Application granted granted Critical
Publication of CN112084524B publication Critical patent/CN112084524B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/077Constructional details, e.g. mounting of circuits in the carrier
    • G06K19/0772Physical layout of the record carrier
    • G06K19/07732Physical layout of the record carrier the record carrier having a housing or construction similar to well-known portable memory devices, such as SD cards, USB or memory sticks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明实施方式涉及移动存储技术领域,特别涉及一种U盘访问方法,所述访问方法包括:响应于接收到的对所述U盘的访问指令;确定所述访问指令的访问地址为所述U盘的特定地址;执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。同时还提供了一种对应的U盘。本发明提供的实施方式,能够提升U盘读取的安全性,以及实现对U盘的个性化应用。

Figure 202011065234

Embodiments of the present invention relate to the technical field of mobile storage, and in particular, to a method for accessing a U disk, the access method comprising: responding to a received access instruction to the U disk; determining that the access address of the access instruction is the The specific address of the U disk; execute the APDU command related to the access command or return the data of the specified area to realize the response to the access command. At the same time, a corresponding U disk is also provided. The embodiments provided by the present invention can improve the security of reading the U disk and realize the personalized application of the U disk.

Figure 202011065234

Description

U盘访问方法及U盘U disk access method and U disk

技术领域technical field

本发明涉及移动存储技术领域,特别涉及一种U盘访问方法及一种U盘。The invention relates to the technical field of mobile storage, in particular to a U disk access method and a U disk.

背景技术Background technique

随着信息时代的到来,移动存储介质已经成为人们日常工作中不可或缺的信息传输工具。U盘采用USB接口,支持热插拔,具有传输速度快、使用简单、体积小、容量大和便于携带等特点,成为应用最广泛的移动存储介质。With the advent of the information age, mobile storage media has become an indispensable information transmission tool in people's daily work. U disk adopts USB interface, supports hot swap, and has the characteristics of fast transmission speed, simple use, small size, large capacity and easy portability, and has become the most widely used mobile storage medium.

目前,在Windows下,操作系统上层应用可以正常使用SCSI私有指令,通过私有指令实现对U盘的私密分区的管理。但是在某些操作系统下,如Linux,使用私有指令需要Root权限。Root权限,系统权限的一种,也叫根权限,是某些系统中的超级管理员,该帐户拥有整个系统的最高权限,可以方便的对系统的部件进行删除或更改。如果用户获取了Root权限,可以轻松的对系统刷机、备份、还原和卸载系统文件等操作,恶意软件获取Root权限后,将对系统造成不可修复的破坏,用户存储在主机上的所有隐私都将暴露在恶意软件之下。为了避免在应用平台时的一些潜在风险,厂商的通用做法就是设置SecureLock安全锁定和限制Root权限,这种做法在保证安全的同时,一定程度上限制了系统潜能的发挥。At present, under Windows, the upper-layer application of the operating system can normally use the SCSI private command, and realize the management of the private partition of the U disk through the private command. However, under some operating systems, such as Linux, root privileges are required to use private commands. Root authority, a type of system authority, also called root authority, is the super administrator in some systems. This account has the highest authority of the entire system and can easily delete or change the components of the system. If the user obtains the root authority, he can easily flash the system, backup, restore and uninstall system files, etc. After the malware obtains the root authority, it will cause irreparable damage to the system, and all the privacy of the user stored on the host will be lost. exposed to malware. In order to avoid some potential risks in the application platform, the common practice of manufacturers is to set SecureLock security lock and limit root permissions. This approach limits the potential of the system to a certain extent while ensuring security.

APDU:(ApplicationProtocolDataUnit)--应用协议数据单元。APDU常用于IC卡的数据交互使用,以及IC卡的业务开发。APDU: (ApplicationProtocolDataUnit)--Application Protocol Data Unit. APDU is often used for data interaction of IC card and business development of IC card.

FAT:(File Allocation Table)是文件分配表的缩写,是为了方便文件的存储、添加和删除等操作而提出的一种链表式文件组织结构。FAT: (File Allocation Table) is the abbreviation of File Allocation Table. It is a linked list file organization structure proposed to facilitate the storage, addition and deletion of files.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明旨在提出一种U盘访问方法及U盘,以至少部分地解决以上问题。In view of this, the present invention aims to provide a U-disk access method and a U-disk to at least partially solve the above problems.

为达到上述目的,本发明的第一方面,提供了一种U盘访问方法,所述访问方法包括:响应于接收到的对所述U盘的访问指令;确定所述访问指令的访问地址为所述U盘的特定地址;执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。In order to achieve the above object, the first aspect of the present invention provides a U disk access method, the access method comprises: in response to a received access instruction to the U disk; determining that the access address of the access instruction is The specific address of the U disk; execute the APDU command related to the access command or return the data of the specified area to realize the response to the access command.

优选的,所述特定地址通过以下步骤得到:以预设文件在文件分配表中的地址作为所述特定地址。Preferably, the specific address is obtained through the following steps: taking the address of the preset file in the file allocation table as the specific address.

优选的,所述预设文件预存于所述U盘的预设分区的预设目录中。Preferably, the preset file is pre-stored in a preset directory of a preset partition of the U disk.

优选的,所述执行对应的APDU指令或者返回指定区域的数据,包括:若所述访问指令为“写入指令”,则执行与所述访问指令相关的APDU指令;若所述访问指令为“读取指令”,返回所述指定区域的数据。Preferably, the executing the corresponding APDU instruction or returning the data in the designated area includes: if the access instruction is a "write instruction", executing the APDU instruction related to the access instruction; if the access instruction is " read command" to return the data in the specified area.

优选的,在所述返回指定区域的数据之前,所述方法还包括:判断所述指定区域是否存在有效数据,若存在则返回所述指定区域的数据,否则返回“空值”或“错误”。Preferably, before returning the data in the designated area, the method further includes: judging whether there is valid data in the designated area, if there is, returning the data in the designated area, otherwise returning "null" or "error" .

优选的,所述执行与所述访问指令相关的APDU指令,包括:提取所述访问指令的数据域中的数据;执行与所述数据存在映射关系的APDU指令。Preferably, the executing the APDU instruction related to the access instruction includes: extracting data in the data field of the access instruction; and executing the APDU instruction that has a mapping relationship with the data.

优选的,在执行与所述数据存在映射关系的APDU指令之后,所述方法还包括:将所述APDU指令的执行结果写入所述指定区域。Preferably, after executing the APDU instruction that has a mapping relationship with the data, the method further includes: writing the execution result of the APDU instruction into the designated area.

在本发明的第二方面,还提供了一种U盘,包括接口部件、存储部件和控制部件,所述控制部件被配置为:确定从所述接口部件获取的访问指令的访问地址为所述存储部件中的特定地址;执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。In a second aspect of the present invention, a USB flash drive is also provided, comprising an interface component, a storage component and a control component, the control component is configured to: determine that the access address of the access instruction acquired from the interface component is the A specific address in the storage unit; execute the APDU command related to the access command or return the data of the specified area to realize the response to the access command.

优选的,所述存储部件包括一预设文件,所述预设文件预存于所述存储部件的预设分区的预设目录中,并以所述预设文件在文件分配表中的地址作为所述特定地址。Preferably, the storage component includes a preset file, the preset file is pre-stored in a preset directory of a preset partition of the storage component, and the address of the preset file in the file allocation table is used as the address of the preset file. specific address.

优选的,所述存储部件包括对主机操作系统不可见的私密分区,所述私密分区仅能被所述APDU指令访问。Preferably, the storage component includes a private partition invisible to the host operating system, and the private partition can only be accessed by the APDU command.

本发明还提供一种计算机存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述任意一项U盘访问方法。The present invention also provides a computer storage medium on which a computer program is stored, and when the computer program is executed by a processor, any one of the above U disk access methods is implemented.

本发明所述的U盘访问方法及U盘,具有以下有益效果:The U-disk access method and U-disk of the present invention have the following beneficial effects:

1)本实施例无需获取ROOT权限,而是使用操作系统提供的通用接口,执行个性化应用处理,并通过该应用处理实现访问私密分区,从而保证了系统的安全性及可靠性。1) In this embodiment, there is no need to obtain the ROOT authority, but the general interface provided by the operating system is used to execute personalized application processing, and access the private partition through the application processing, thereby ensuring the security and reliability of the system.

2)将关键数据存储到U盘的私密分区,数据的传输和存储都可以根据应用需求使用密文方式,保证了数据的安全。2) The key data is stored in the private partition of the U disk, and the ciphertext method can be used for data transmission and storage according to the application requirements, which ensures the security of the data.

本发明的其它特征和优点将在随后的具体实施方式部分予以详细说明。Other features and advantages of the present invention will be described in detail in the detailed description that follows.

附图说明Description of drawings

构成本发明的一部分的附图用来提供对本发明的进一步理解,本发明的示意性实施方式及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings constituting a part of the present invention are used to provide further understanding of the present invention, and the schematic embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute an improper limitation of the present invention. In the attached image:

图1为本发明一实施例中的U盘访问方法的步骤示意图;1 is a schematic diagram of steps of a U disk access method in an embodiment of the present invention;

图2为本发明一实施例中的预设文件建立流程图;FIG. 2 is a flow chart of establishing a preset file in an embodiment of the present invention;

图3为本发明一实施例中的特定地址确定流程图;3 is a flow chart of determining a specific address in an embodiment of the present invention;

图4为本发明一实施例中的对“写入指令”的处理流程示意图;FIG. 4 is a schematic diagram of a processing flow of a "write command" in an embodiment of the present invention;

图5为本发明一实施例中的APDU指令类型示意图;5 is a schematic diagram of an APDU command type in an embodiment of the present invention;

图6为本发明一实施例中的对“读取指令”的处理流程示意图;FIG. 6 is a schematic diagram of a processing flow of a "read instruction" in an embodiment of the present invention;

图7为本发明一实施例中的U盘结构示意图。FIG. 7 is a schematic structural diagram of a U disk in an embodiment of the present invention.

具体实施方式Detailed ways

以下结合附图对本发明实施例的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本发明实施例,并不用于限制本发明实施例。The specific implementations of the embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be understood that the specific implementation manners described herein are only used to illustrate and explain the embodiments of the present invention, and are not used to limit the embodiments of the present invention.

图1为本发明一实施例中的U盘访问方法的步骤示意图,如图1所示,该U盘访问方法包括:FIG. 1 is a schematic diagram of steps of a U-disk access method in an embodiment of the present invention. As shown in FIG. 1 , the U-disk access method includes:

S11、响应于接收到的对所述U盘的访问指令;S11, in response to the received access instruction to the U disk;

当该U盘通过其USB接口收到访问指令,该访问指令为通用指令,具体为SCSI通用指令,采用SCSI通用指令是因为操作系统一般采用FAT16/FAT32/NTFS等形式的文件系统,并通过SCSI指令集对其进行管理。本U盘只需要处理通用操作系统下发的通用指令即可,因此也不需要额外的权限。When the USB flash drive receives an access command through its USB interface, the access command is a general command, specifically a SCSI general command. The SCSI general command is used because the operating system generally uses a file system in the form of FAT16/FAT32/NTFS, etc. The instruction set manages it. This U disk only needs to process the general instructions issued by the general operating system, so it does not need additional permissions.

S12、确定所述访问指令的访问地址为所述U盘的特定地址;S12, determine that the access address of the access instruction is the specific address of the U disk;

本实施例中的特定地址包括特定分区和特定偏移中的一者或组合。例如,判断访问操作的分区为第一分区,并且访问地址与一个预设全局变量ADDR的值相同。全局变量ADDR的设定步骤将在后文详述。The specific address in this embodiment includes one or a combination of a specific partition and a specific offset. For example, it is determined that the partition for the access operation is the first partition, and the access address is the same as the value of a preset global variable ADDR. The setting steps of the global variable ADDR will be described in detail later.

S13、执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。S13. Execute the APDU instruction related to the access instruction or return the data of the specified area, so as to realize the response to the access instruction.

若符合上一步中的确定条件,则对该访问指令进行拦截或者丢弃,不再执行该访问指令的功能。其中拦截或者丢弃具体包括:首先进行拦截,然后提取出APDU,根据映射关系执行APDU,如果是非法的APDU指令则不执行,并将错误状态写入指定地址。而是通过执行该访问指令相对应的APDU指令或者直接返回指定区域的数据,以完成对所述访问指令的响应。采用APDU指令利用了其在数据传输上的规范性,但是也保证了其与U盘通用指令的隔离。通过本步骤,避免了通用指令对于U盘的访问,在保证U盘访问安全的前提下,实现了数据安全的技术效果。If the determined conditions in the previous step are met, the access instruction is intercepted or discarded, and the function of the access instruction is no longer executed. The intercepting or discarding specifically includes: firstly intercepting, then extracting the APDU, executing the APDU according to the mapping relationship, not executing if it is an illegal APDU instruction, and writing the error status to the specified address. Instead, the response to the access command is completed by executing the APDU command corresponding to the access command or directly returning the data of the designated area. The use of APDU command utilizes its normativeness in data transmission, but also ensures its isolation from the general command of U disk. Through this step, the access to the U disk by the general instruction is avoided, and the technical effect of data security is realized on the premise of ensuring the access security of the U disk.

图2为本发明一实施例中的预设文件建立流程图,如图2所示。在本实施例中,预设文件预存于所述U盘的预设分区的预设目录中。具体的,在该U盘发行时,通过主机操作系统在U盘的预设的固定分区(本实施例中使用第一分区)建立预设的指定目录,例如:预设目录为第一分区下的\Android\data\com.example.sgskftest。并在该预设目录下建立固定名称的文件ZHIXINIO.CRD,该文件即为所述的预设文件,以下简称为IO文件。FIG. 2 is a flowchart of creating a preset file in an embodiment of the present invention, as shown in FIG. 2 . In this embodiment, the preset file is pre-stored in the preset directory of the preset partition of the U disk. Specifically, when the U disk is issued, a preset designated directory is established in the preset fixed partition (the first partition is used in this embodiment) of the U disk through the host operating system. For example, the preset directory is under the first partition. \Android\data\com.example.sgskftest. A file ZHIXINIO.CRD with a fixed name is created in the preset directory, and this file is the preset file, hereinafter referred to as the IO file.

图3为本发明一实施例中的特定地址确定流程图,如图3所示。在本实施例中,所述特定地址通过以下步骤得到:以预设文件在文件分配表中的地址作为所述特定地址。发行后的U盘在使用时,将其插入主机的USB口,U盘上电后安全芯片完成一系列初始化操作后对第一分区的FAT文件系统进行解析,查找IO文件:ZHIXINIO.CRD。若该文件存在,则将该文件的地址赋值给特定地址:全局变量ADDR;否则,全局变量ADDR赋值为空。完成地址解析后,根据主机操作系统的流程,完成枚举过程。通过以上步骤,将IO文件被访问等同于操作地址的匹配判断,简化了触发判断的流程。FIG. 3 is a flowchart of determining a specific address in an embodiment of the present invention, as shown in FIG. 3 . In this embodiment, the specific address is obtained through the following steps: the address of the preset file in the file allocation table is used as the specific address. When the released U disk is in use, insert it into the USB port of the host computer. After the U disk is powered on, the security chip completes a series of initialization operations and analyzes the FAT file system of the first partition to find the IO file: ZHIXINIO.CRD. If the file exists, assign the address of the file to a specific address: the global variable ADDR; otherwise, the global variable ADDR is assigned an empty value. After the address resolution is completed, the enumeration process is completed according to the process of the host operating system. Through the above steps, the access of the IO file is equal to the matching judgment of the operation address, which simplifies the process of triggering judgment.

在一实施例中,所述执行对应的APDU指令或者返回指定区域的数据,包括:若所述访问指令为“写入指令”,则执行与所述访问指令相关的APDU指令;若所述访问指令为“读取指令”,返回所述指定区域的数据。以下分别对“写入指令”对应的写入过程和“读取指令”对应的读取过程分别进行描述。In one embodiment, the executing the corresponding APDU command or returning the data of the designated area includes: if the access command is a "write command", executing the APDU command related to the access command; The command is a "read command", which returns the data in the specified area. The writing process corresponding to the "write command" and the reading process corresponding to the "read command" will be described separately below.

图4为本发明一实施例中的对“写入指令”的处理流程示意图,如图4所示。在本实施例中,上位机应用需要向U盘发送指令时,将要发送的指令作为要写入IO文件的数据,调用操作系统通用的WRITE命令(0x2A),U盘收到WRITE命令后,进行判断:若写操作的分区为第一分区,且访问地址与全局变量ADDR地址相同,则对此指令进行拦截。对指令中的数据域进行分析处理,提取所述访问指令的数据域中的数据;执行与所述数据存在映射关系的APDU指令,完成APDU指令对应的功能。其中APDU指令可以完成加密、解密、私密分区存储、验证PIN和其他个性化指令处理等功能。以及进一步地,将处理结果和待返回数据保存到指定区域,例如全局变量Buff_CMD中。该后续步骤的设置,有利于使上位机获取APDU指令的执行结果和返回数据。以上APDU指令的设置,不仅可以可实现对安全优盘的私密分区的数据操作,还能实现多种定制功能。FIG. 4 is a schematic diagram of a processing flow of a “write command” in an embodiment of the present invention, as shown in FIG. 4 . In this embodiment, when the host computer application needs to send an instruction to the U disk, it takes the instruction to be sent as the data to be written into the IO file, and calls the WRITE command (0x2A) common to the operating system. After the U disk receives the WRITE command, it executes the Judgment: If the partition of the write operation is the first partition, and the access address is the same as the address of the global variable ADDR, the instruction will be intercepted. The data field in the instruction is analyzed and processed, and the data in the data field of the access instruction is extracted; the APDU instruction having a mapping relationship with the data is executed to complete the function corresponding to the APDU instruction. The APDU command can complete functions such as encryption, decryption, private partition storage, verification PIN and other personalized command processing. And further, save the processing result and the data to be returned in a designated area, such as the global variable Buff_CMD. The setting of the subsequent steps is beneficial for the upper computer to obtain the execution result of the APDU instruction and return data. The setting of the above APDU command can not only realize the data operation on the private partition of the secure USB flash drive, but also realize various customization functions.

图5为本发明一实施例中的APDU指令类型示意图,如图5所示。从WRITE命令(0x2A)重解析出个性化应用指令后,执行该指令。其中,个性化应用指令包括:加密、解密、私密分区存储、验证PIN和其他个性化指令。FIG. 5 is a schematic diagram of an APDU command type in an embodiment of the present invention, as shown in FIG. 5 . After the personalized application instruction is reparsed from the WRITE command (0x2A), the instruction is executed. Among them, the personalized application instructions include: encryption, decryption, private partition storage, verification PIN and other personalized instructions.

图6为本发明一实施例中的对“读取指令”的处理流程示意图,如图6所示。在本实施例中,上位机软件需要获取指令执行结果或者返回数据时,调用操作系统通用接口,向IO文件发送Read(0x28)指令,U盘收到读指令后,进行判断:若读操作的分区为第一分区,且访问地址与全局变量ADDR地址相同,则此指令进行拦截,不实际读取文件中的数据,而是将之前步骤中保存在指定区域(Buff_CMD)的指令的处理结果和待返回数据作为读指令的返回数据,返回给上位机应用。当所述指定区域不存在有效数据时,则返回“空值”或“错误”。因此在所述返回指定区域的数据之前,增加判断所述指定区域是否存在有效数据的步骤,有利于系统的异常反馈,提升使用体验。FIG. 6 is a schematic diagram of a processing flow of a “read instruction” in an embodiment of the present invention, as shown in FIG. 6 . In this embodiment, when the host computer software needs to obtain the instruction execution result or return data, it calls the general interface of the operating system, and sends the Read (0x28) instruction to the IO file. After the U disk receives the read instruction, it makes a judgment: if the read operation If the partition is the first partition, and the access address is the same as the global variable ADDR address, then this instruction is intercepted, and the data in the file is not actually read, but the processing result of the instruction stored in the specified area (Buff_CMD) in the previous step and The data to be returned is used as the return data of the read command and returned to the host computer application. When there is no valid data in the specified area, "null" or "error" is returned. Therefore, before returning the data in the designated area, adding a step of judging whether there is valid data in the designated area is beneficial to the abnormal feedback of the system and improves the use experience.

从以上实施例可见,上位机软件调用操作系统通用接口可以访问U盘的分区,不需要额外的权限,本发明实施例对通用接口所用的通用指令进行特殊处理,主要是对文件读写指令进行处理,实现私有指令的传输,进而实现安全性和个性化应用。It can be seen from the above embodiments that the general interface of the operating system can be accessed by the host computer software to access the partition of the U disk without additional authority. Processing, realize the transmission of private instructions, and then realize security and personalized applications.

图7为本发明一实施例中的U盘结构示意图,如图7所示。在本实施例中,还提供了一种U盘,包括接口部件、存储部件和控制部件,所述控制部件被配置为:确定从所述接口部件获取的访问指令的访问地址为所述存储部件中的特定地址;执行与所述访问指令相关的APDU指令或者返回指定区域的数据,以实现对所述访问指令的响应。FIG. 7 is a schematic structural diagram of a U disk according to an embodiment of the present invention, as shown in FIG. 7 . In this embodiment, a USB flash drive is also provided, including an interface component, a storage component and a control component, the control component is configured to: determine the access address of the access instruction obtained from the interface component as the storage component The specific address in the access command; execute the APDU command related to the access command or return the data of the specified area, so as to realize the response to the access command.

关于控制部件所实现功能的具体限定可以参见上文中对于U盘访问方法的限定,在此不再赘述。其中控制部件可以在高速USB和EMMC总线之间提供的通信隔离。For specific limitations on functions implemented by the control component, reference may be made to the limitations on the U-disk access method above, which will not be repeated here. Where the control unit can provide communication isolation between the high-speed USB and the EMMC bus.

在一实施例中,所述存储部件包括一预设文件,所述预设文件预存于所述存储部件的预设分区的预设目录中,并以所述预设文件在文件分配表中的地址作为所述特定地址。通过主机操作系统,在U盘的固定分区(本方案中使用第一分区)建立指定目录,并在指定目录下建立固定名称的文件,即前述的IO文件:ZHIXINIO.CRD,本实施例中的指定目录为第一分区下的\Android\data\com.example.sgskftest。发行后的安全U盘重新上电,安全芯片完成一系列初始化操作后对第一分区的FAT文件系统进行解析,查找IO文件:ZHIXINIO.CRD。若该文件存在,则将该文件的地址赋值给全局变量ADDR否则,ADDR赋值为空。完成地址解析后,根据主机操作系统的流程,完成枚举过程。In one embodiment, the storage component includes a preset file, the preset file is pre-stored in a preset directory of a preset partition of the storage component, and the preset file is stored in the file allocation table with the number of the preset file. address as the specific address. Through the host operating system, a specified directory is created in the fixed partition of the U disk (the first partition is used in this solution), and a file with a fixed name is created under the specified directory, that is, the aforementioned IO file: ZHIXINIO.CRD, in this embodiment The specified directory is \Android\data\com.example.sgskftest under the first partition. After the released security U disk is powered on again, the security chip parses the FAT file system of the first partition after completing a series of initialization operations, and finds the IO file: ZHIXINIO.CRD. If the file exists, assign the address of the file to the global variable ADDR; otherwise, assign ADDR to be empty. After the address resolution is completed, the enumeration process is completed according to the process of the host operating system.

在一实施例中,所述存储部件包括对主机操作系统不可见的私密分区,所述私密分区仅能被所述APDU指令访问。为了提升U盘的安全性,除了普通分区和加密分区之外,还提供第三种分存储分区:不可见的“私密分区”:只有安全芯片可以访问,外部不可见,操作系统和上位机软件都无法直接访问。数据可以明文读写也可以密文读写;可以明文存储也可以密文存储;可以作为单一存储区域统一管理,也可以根据应用划分为不同的功能区域,并添加不同的安全属性,独立管理。由于私密分区对主机操作系统不可见,无法利用主机操作系统的文件系统,所以需要使用SCSI指令集中的私有指令,通过安全芯片对该分区进行管理。本实施例中采用APDU指令对其进行访问。In one embodiment, the storage component includes a private partition not visible to the host operating system, the private partition being accessible only by the APDU instructions. In order to improve the security of the U disk, in addition to the ordinary partition and the encrypted partition, a third sub-storage partition is also provided: the invisible "private partition": only the security chip can access, the outside is invisible, the operating system and the host computer software are not directly accessible. Data can be read and written in plaintext or in ciphertext; it can be stored in plaintext or in ciphertext; it can be managed as a single storage area, or it can be divided into different functional areas according to the application, and different security attributes can be added for independent management. Since the private partition is invisible to the host operating system and cannot utilize the file system of the host operating system, it is necessary to use the private instructions in the SCSI instruction set to manage the partition through the security chip. In this embodiment, an APDU command is used to access it.

本发明的实施例还提供一种计算机存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现本实施例所述的U盘访问方法。An embodiment of the present invention further provides a computer storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the U disk access method described in this embodiment is implemented.

本发明的实施例提供了一种不需要Root权限即可执行私有指令,实现个性化应用处理,并且通过个性化应用来访问私密分区的方法。Embodiments of the present invention provide a method for executing private instructions without root authority, implementing personalized application processing, and accessing private partitions through personalized applications.

以上结合附图详细描述了本发明实施例的可选实施方式,但是,本发明实施例并不限于上述实施方式中的具体细节,在本发明实施例的技术构思范围内,可以对本发明实施例的技术方案进行多种简单变型,这些简单变型均属于本发明实施例的保护范围。The optional embodiments of the embodiments of the present invention have been described in detail above with reference to the accompanying drawings. However, the embodiments of the present invention are not limited to the specific details of the above-mentioned embodiments. A variety of simple modifications are made to the technical solution of the invention, and these simple modifications all belong to the protection scope of the embodiments of the present invention.

另外需要说明的是,在上述具体实施方式中所描述的各个具体技术特征,在不矛盾的情况下,可以通过任何合适的方式进行组合。为了避免不必要的重复,本发明实施例对各种可能的组合方式不再另行说明。In addition, it should be noted that each specific technical feature described in the above-mentioned specific implementation manner may be combined in any suitable manner under the circumstance that there is no contradiction. To avoid unnecessary repetition, various possible combinations are not further described in this embodiment of the present invention.

本领域技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序存储在一个存储介质中,包括若干指令用以使得单片机、芯片或处理器(processor)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。Those skilled in the art can understand that all or part of the steps in the method of the above-mentioned embodiments can be completed by instructing the relevant hardware through a program, and the program is stored in a storage medium and includes several instructions to make a single-chip microcomputer, a chip or a processor. (processor) executes all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .

此外,本发明实施例的不同实施方式之间也可以进行任意组合,只要其不违背本发明实施例的思想,其同样应当视为本发明实施例所公开的内容。In addition, any combination of different implementations of the embodiments of the present invention may also be performed, as long as they do not violate the ideas of the embodiments of the present invention, they should also be regarded as the contents disclosed in the embodiments of the present invention.

Claims (10)

1. A U disk access method is characterized by comprising the following steps:
receiving an access instruction to the U disk;
determining that the access address of the access instruction is a specific address of the U disk;
and executing an APDU instruction related to the access instruction or returning data of a specified area to realize response to the access instruction.
2. The access method according to claim 1, wherein the specific address is obtained by:
and taking the address of the preset file in the file allocation table as the specific address.
3. The method according to claim 2, wherein the predetermined file is pre-stored in a predetermined directory of a predetermined partition of the usb flash disk.
4. The access method according to claim 1, wherein the executing the APDU command related to the access command or returning the data of the designated area comprises:
if the access instruction is a write instruction, executing an APDU instruction related to the access instruction;
and if the access instruction is a reading instruction, returning the data of the specified area.
5. The access method according to claim 4, wherein prior to said returning data for the specified region, the method further comprises:
and judging whether the specified area has valid data or not, if so, returning the data of the specified area, and otherwise, returning a null value or an error.
6. The access method according to claim 4, wherein the executing the APDU command associated with the access command comprises:
extracting data in a data field of the access instruction;
and executing the APDU instruction which has a mapping relation with the data.
7. The access method according to claim 6, wherein after executing the APDU command mapped to the data, the method further comprises:
and writing the execution result of the APDU instruction into the specified area.
8. A usb disk comprising an interface component, a storage component, and a control component, wherein the control component is configured to:
determining an access address of an access instruction acquired from the interface unit as a specific address in the storage unit;
and executing an APDU instruction related to the access instruction or returning data of a specified area to realize response to the access instruction.
9. The U-disk according to claim 8, wherein the storage unit comprises a default file, the default file is pre-stored in a default directory of a default partition of the storage unit, and an address of the default file in a file allocation table is used as the specific address.
10. The U-disk according to claim 8 or 9, wherein the storage means comprises a private partition invisible to a host operating system, the private partition being accessible only by the APDU commands.
CN202011065234.6A 2020-09-30 2020-09-30 U disk access method and U disk Active CN112084524B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202011065234.6A CN112084524B (en) 2020-09-30 2020-09-30 U disk access method and U disk
PCT/CN2021/103492 WO2022068298A1 (en) 2020-09-30 2021-06-30 Usb flash disk access method and usb flash disk

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011065234.6A CN112084524B (en) 2020-09-30 2020-09-30 U disk access method and U disk

Publications (2)

Publication Number Publication Date
CN112084524A true CN112084524A (en) 2020-12-15
CN112084524B CN112084524B (en) 2023-10-13

Family

ID=73730492

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011065234.6A Active CN112084524B (en) 2020-09-30 2020-09-30 U disk access method and U disk

Country Status (2)

Country Link
CN (1) CN112084524B (en)
WO (1) WO2022068298A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022068298A1 (en) * 2020-09-30 2022-04-07 北京智芯微电子科技有限公司 Usb flash disk access method and usb flash disk

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118656828B (en) * 2024-08-20 2024-11-12 中孚信息股份有限公司 Method, system, device and medium for implementing USB flash drive with detection function

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005266934A (en) * 2004-03-16 2005-09-29 Hagiwara Sys-Com:Kk Usb storage device and controller therefor
CN101872334A (en) * 2010-05-26 2010-10-27 北京飞天诚信科技有限公司 Compound type usb equipment and implementation method thereof
CN102467351A (en) * 2010-11-10 2012-05-23 鸿富锦精密工业(深圳)有限公司 Universal serial bus (USB) flash disk and rapid storage and boot switching method thereof
CN111062064A (en) * 2019-12-24 2020-04-24 飞天诚信科技股份有限公司 Method and system for realizing encrypted USB flash disk system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100498742C (en) * 2007-01-08 2009-06-10 中国信息安全产品测评认证中心 Reliable U disc, method for realizing reliable U disc safety and its data communication with computer
CN101441634A (en) * 2007-11-19 2009-05-27 凤凰微电子(中国)有限公司 Embedded type file system suitable for smart card application environment
CN102043751B (en) * 2010-06-29 2012-12-12 飞天诚信科技股份有限公司 Method for identifying host operation system by using USB equipment
CN112084524B (en) * 2020-09-30 2023-10-13 北京智芯微电子科技有限公司 U disk access method and U disk

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005266934A (en) * 2004-03-16 2005-09-29 Hagiwara Sys-Com:Kk Usb storage device and controller therefor
CN101872334A (en) * 2010-05-26 2010-10-27 北京飞天诚信科技有限公司 Compound type usb equipment and implementation method thereof
CN102467351A (en) * 2010-11-10 2012-05-23 鸿富锦精密工业(深圳)有限公司 Universal serial bus (USB) flash disk and rapid storage and boot switching method thereof
CN111062064A (en) * 2019-12-24 2020-04-24 飞天诚信科技股份有限公司 Method and system for realizing encrypted USB flash disk system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022068298A1 (en) * 2020-09-30 2022-04-07 北京智芯微电子科技有限公司 Usb flash disk access method and usb flash disk

Also Published As

Publication number Publication date
CN112084524B (en) 2023-10-13
WO2022068298A1 (en) 2022-04-07

Similar Documents

Publication Publication Date Title
CN100419713C (en) Method for partitioning mass storage memory storage device
US7558907B2 (en) Virtual memory card controller
US7970983B2 (en) Identity-based flash management
US10404708B2 (en) System for secure file access
EP1989653B1 (en) Universal serial bus (usb) storage device and access control method thereof
EP3764237A1 (en) System startup method and apparatus, electronic device and storage medium
US9460276B2 (en) Virtual machine system, confidential information protection method, and confidential information protection program
CN113126910B (en) Storage device and operation method thereof
US20040088513A1 (en) Controller for partition-level security and backup
US20080126813A1 (en) Storage control device and method of controlling encryption function of storage control device
CN106155568B (en) A kind of method and terminal of partition holding
WO2022068298A1 (en) Usb flash disk access method and usb flash disk
JP2008225765A (en) Network storage system, its management method, and control program
TW202203061A (en) Machine including key-value storage device, block interface emulation method and article comprising non-transitory storage medium
US20050044330A1 (en) System, apparatus and method for controlling a storage device
CN101630292B (en) A File Encryption and Decryption Method of USB Removable Storage Device
CN100383761C (en) A Method of Establishing Physical Partition of Hard Disk
EP1998270A1 (en) External storage device
CN117591016A (en) Encrypted volume migration method, encrypted volume migration device, computer equipment and storage medium
WO2023273803A1 (en) Authentication method and apparatus, and storage system
CN100424652C (en) A Hard Disk Self-Recovery Protection Method Based on Embedded Operating System
US11914879B2 (en) Storage controller and storage system comprising the same
CN106909311A (en) Data storage device and storage method thereof
US20170185537A1 (en) Data storage device and control method thereof
KR20240082056A (en) Storage device, storage device operating method and system for providing safe storage space between application and storage device on a per-application basis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20211104

Address after: 100192 building 3, A District, Dongsheng science and Technology Park, Zhongguancun, 66 Haidian District West Road, Beijing.

Applicant after: BEIJING SMARTCHIP MICROELECTRONICS TECHNOLOGY Co.,Ltd.

Applicant after: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd.

Applicant after: State Grid Shanxi Electric Power Company Marketing Service Center

Applicant after: STATE GRID CORPORATION OF CHINA

Address before: 100192 building 3, A District, Dongsheng science and Technology Park, Zhongguancun, 66 Haidian District West Road, Beijing.

Applicant before: BEIJING SMARTCHIP MICROELECTRONICS TECHNOLOGY Co.,Ltd.

Applicant before: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd.

Applicant before: State Grid Shanxi Electric Power Company Marketing Service Center

Applicant before: STATE GRID CORPORATION OF CHINA

Applicant before: Beijing Smart core semiconductor technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant