[go: up one dir, main page]

CN117951761A - USB flash disk safe access method based on storage data block management and control - Google Patents

USB flash disk safe access method based on storage data block management and control Download PDF

Info

Publication number
CN117951761A
CN117951761A CN202311651298.8A CN202311651298A CN117951761A CN 117951761 A CN117951761 A CN 117951761A CN 202311651298 A CN202311651298 A CN 202311651298A CN 117951761 A CN117951761 A CN 117951761A
Authority
CN
China
Prior art keywords
disk
usb
usb flash
flash disk
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311651298.8A
Other languages
Chinese (zh)
Inventor
谢国强
陈明亮
余滢婷
潘本仁
徐在德
张韬
王冠南
邹进
张妍
周仕豪
黎鹏程
丁凯
皮杰明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Jiangxi Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Jiangxi Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Electric Power Research Institute of State Grid Jiangxi Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202311651298.8A priority Critical patent/CN117951761A/en
Publication of CN117951761A publication Critical patent/CN117951761A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/10Program control for peripheral devices
    • G06F13/105Program control for peripheral devices where the programme performs an input/output emulation function
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/164File meta data generation
    • G06F16/166File name conversion
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2213/00Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F2213/0042Universal serial bus [USB]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Human Computer Interaction (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于存储数据块管控的U盘安全接入方法,包括如下步骤,通过将USB保护专用装置创建的虚拟USB存储设备经OTG映射到连接的目标主机,在目标主机上能够显示类存储设备;在USB保护专用装置上接入带有安全标签的U盘后,USB保护专用装置对U盘进行病毒扫描并记录病毒文件所在的数据块,完成病毒扫描及文件标记,将带有安全标签U盘绑定到虚拟USB存储设备中,在目标主机上访问接入的安全标签U盘中的数据;在访问到问题数据块时,访问被禁止;本发明通过采用虚拟USB存储设备的形式,实现对插入U盘的管控;通过标记U盘内病毒文件的物理存储数据块,进而限制问题数据块读写的方式,实现对病毒文件的隔离访问。

The invention discloses a USB flash drive secure access method based on storage data block management and control, comprising the following steps: mapping a virtual USB storage device created by a USB protection dedicated device to a connected target host via OTG, so that a class storage device can be displayed on the target host; after a USB flash drive with a security label is connected to the USB protection dedicated device, the USB protection dedicated device performs virus scanning on the USB flash drive and records the data blocks where the virus files are located, completing the virus scanning and file marking, binding the USB flash drive with the security label to the virtual USB storage device, and accessing the data in the connected USB flash drive with the security label on the target host; when a problem data block is accessed, the access is prohibited; the invention realizes the management and control of the inserted USB flash drive by adopting the form of a virtual USB storage device; and realizes the isolated access to the virus files by marking the physical storage data blocks of the virus files in the USB flash drive and then restricting the reading and writing of the problem data blocks.

Description

USB flash disk safe access method based on storage data block management and control
Technical Field
The invention relates to the technical field of mobile storage equipment safety, in particular to a USB flash disk safety access method based on storage data block management and control.
Background
With the continuous expansion and wide use of the capacity of USB mobile storage devices, USB mobile storage devices are one of the main storage media for transmitting data such as files.
In the face of increasingly severe network attack by utilizing USB mobile storage equipment, various industrial enterprises need to establish a clear security control strategy of the USB mobile storage equipment, establish a security protection system and use scientific and secure means to ensure the use security of the USB mobile storage equipment, thereby ensuring the service security and avoiding unnecessary loss caused to the enterprises by abuse of the USB mobile storage equipment.
In order to cope with the security threat of the usb disk, the industry has proposed various types of security management and control technologies for the usb disk, for example, patent publication nos.: CN115809487a discloses a method, a system and a device for safely isolating a USB mobile storage medium, which also realize the safety isolation of mobile storage files through the access form of multiple security policies, thereby having the advantages of convenient management and authorization for the running state of an isolation box and the ready reference of operation records; the patent publication number is: CN115952566a discloses a secure access method for USB mobile storage media, electronic equipment and a data ferry system, which are added to the data ferry system in the form of a USB peripheral management module for executing the secure access method for USB mobile storage media, and the data ferry system is applied to a network structure of an electric power system, so that precious system internal resources of the existing electric power system are not required to be occupied, and the secure and stable operation of an internal core service system is facilitated. However, these methods change the usage flow of the usb disk more or less, and the user cannot directly browse and operate the files on the usb disk like using a common usb disk, which brings great learning cost to the user. At the same time, the isolation of the rights and the security of the data transmitted on the network are provided, and the management and use cost is increased.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a USB flash disk safe access method based on storage data block management and control, which aims to connect a target host through a special USB protection device, display a card reader-like device on the target host, access the USB flash disk to the USB protection device, and after virus detection and problem data block marking, a user can see the USB flash disk mapped by OTG, see all catalogues and files on the common USB flash disk, and the localized operation, like the use mode of the common USB flash disk, can not change the daily use habit of the user; meanwhile, the original virus file is not deleted, and the problem that the user data is lost possibly caused by deleting the potential virus misjudgment is avoided.
In order to achieve the above purpose, the present invention provides the following technical solutions: a USB flash disk safety access method based on storage data block management and control comprises the following steps:
Step S1: creating a virtual USB storage device through a USB protection special device, connecting the virtual USB storage device with a target host through an OTG line, and displaying a class storage device on the target host;
Step S2: the USB protection special device monitors USB flash disk access in real time, monitors the USB flash disk access, reads USB flash disk data, verifies whether the USB flash disk is provided with a security tag or not, and whether the security tag is valid or not; for the USB flash disk without the security tag or with the security tag invalid, the USB protection special device refuses to use;
Step S3: for the USB flash disk with the effective security tag, the USB protection special device reads the data of the USB flash disk, carries out virus detection on the data, analyzes out the virus word patterns of the data blocks where viruses are located in the data according to different data types, and sets a problem data block list according to the marked data blocks where the viruses are located through the storage block filtering module;
Step S4: binding the U disk scanned and marked by the virus in the step S3 into the class memory device in the step S1, checking the data in the U disk by the target host through the USB protection special device, and prohibiting access when accessing the data block where the marked virus in the data is located, so as to prohibit access to the virus file in the U disk, wherein the target host user can know the reason of refusing access through the data name marked with the virus word;
Step S5: after the use is completed, the target host ejects the USB flash disk or pulls the USB flash disk out of the target host, and the virtual USB storage device created by the target host is restored to a state without USB flash disk insertion and waits for accessing a new USB flash disk.
Further, the manufacturing process of the security tag of the USB flash disk is as follows: extracting physical information of the U disk; calculating a hash value according to the extracted physical information; encrypting the calculated hash value by adopting an asymmetric encryption algorithm; and writing the encrypted hash value into a head fixed idle sector of the U disk.
Further, the process of verifying whether the USB flash disk is provided with a security tag is as follows: reading whether the encrypted hash value exists in the fixed idle sector of the U disk head, and if the encrypted hash value does not exist, checking the signature fails; if the encrypted hash value exists in the fixed idle sector of the U disk head, decrypting the hash value by adopting an asymmetric algorithm to obtain the decrypted hash value; extracting physical information in the decrypted hash value; calculating a hash value according to the extracted physical information in the decrypted hash value; comparing whether the decrypted hash value is consistent with the calculated hash value, if so, verifying the USB flash disk successfully as a legal security tag, if not, and if not, verifying the USB flash disk as an invalid tag, and if so, failing.
Further, the problem data block list forming process is as follows: loading an effective security tag U disk; a virus checking and killing engine is adopted to detect malicious codes of the data in the USB flash disk with the effective security tag; recording basic information such as the path, the size and the like of the identified malicious code file; unloading the USB flash disk with the effective security tag; scanning partition table data of the USB flash disk with the effective security tag; the catalog area data of the effective security tag U disk are scanned according to the partition table information; identifying file information according to a data area pointed by a directory area of the effective security tag U disk; and scanning the effective security tag USB flash disk data area file and the block equipment information, and if the malicious code file is not found, continuing scanning.
Further, the specific process of step S4 is as follows: the target host checks the data in the USB flash disk through a USB protection special device; sending a read-write request for storing the data block to the U disk; after obtaining the request, the virtual USB storage device forwards the request to the bound U disk; the storage block filtering module detects a data block read-write by the U disk; inquiring whether the data block is recorded in the U disk problem block data list, recording, returning rejection, and reading and writing the data block to the bound U disk; feeding back the access prohibition or read-write operation result to the virtual USB storage device; obtaining a read/write result of the USB flash disk data block; and the target host prompts a user or ends the operation according to the result of the OTG mapping U disk.
Compared with the prior art, the invention has the following beneficial effects: the invention realizes the management and control of the inserted USB flash disk by adopting the form of the virtual USB storage device; the method has the advantages that the physical storage data blocks of the virus files in the U disk are marked, so that the read-write mode of the problem data blocks is limited, and isolation access to the virus files is realized; for a virus file, a virus word is added in the file name of the virus file in a renaming mode, so that a user can know the reason of refusing access in the using process conveniently; and an asymmetric encryption algorithm is adopted, and the physical properties of the USB flash disk are combined, so that the access authentication of the USB flash disk is realized, and the use of illegal USB flash disk is stopped.
Drawings
FIG. 1 is a schematic overall flow chart of the present invention.
FIG. 2 is a diagram illustrating a security tag manufacturing process of a USB flash disk according to the present invention.
FIG. 3 is a process diagram of verifying whether a USB flash disk is provided with a security tag according to the present invention.
Fig. 4 is a diagram showing a problem data block list forming process according to the present invention.
FIG. 5 is a diagram illustrating a process for managing and controlling a U-disk storage data block according to the present invention.
Detailed Description
As shown in fig. 1, the present invention provides the following technical solutions: a USB flash disk safety access method based on storage data block management and control comprises the following steps:
Step S1: creating a virtual USB storage device through a USB protection special device, connecting the virtual USB storage device with a target host through an OTG line, and displaying a class storage device on the target host;
The USB protection special device is hardware for connecting the USB flash disk equipment and the target host, after the USB flash disk is inserted into the equipment, the device equipment detects a USB flash disk label according to a preset action, carries out virus detection and marking on files in the USB flash disk, and maps the USB flash disk to the target host by creating a virtual USB storage device;
Step S2: the USB protection special device monitors USB flash disk access in real time, monitors the USB flash disk access, reads USB flash disk data, verifies whether the USB flash disk is provided with a security tag or not, and whether the security tag is valid or not; for the USB flash disk without the security tag or with the security tag invalid, the USB protection special device refuses to use;
Step S3: for the USB flash disk with the effective security tag, the USB protection special device reads the data of the USB flash disk, carries out virus detection on the data, analyzes out the virus word patterns of the data blocks where viruses are located in the data according to different data types, and sets a problem data block list according to the marked data blocks where the viruses are located through the storage block filtering module;
Step S4: binding the U disk scanned and marked by the virus in the step S3 into the class memory device in the step S1, checking the data in the U disk by the target host through the USB protection special device, and prohibiting access when accessing the data block where the marked virus in the data is located, so as to prohibit access to the virus file in the U disk, wherein the target host user can know the reason of refusing access through the data name marked with the virus word;
Step S5: after the use is completed, the target host ejects the USB flash disk or pulls the USB flash disk out of the target host, and the virtual USB storage device created by the target host is restored to a state without USB flash disk insertion and waits for accessing a new USB flash disk.
As shown in fig. 2, the security tag manufacturing process of the U disc is as follows:
1. extracting physical information of devices such as VID, PID, serial number, description and the like of the U disk;
2. Calculating a hash value according to the extracted physical information; (the calculation method adopts a hash algorithm, and the hash algorithm can be MD5, SM3 and the like);
3. Encrypting the calculated hash value by adopting an asymmetric encryption algorithm;
4. and writing the encrypted hash value into a head fixed idle sector of the U disk.
As shown in fig. 3, the process of verifying whether the usb disk is provided with a security tag is as follows:
1. Reading whether the encrypted hash value exists in the fixed idle sector of the U disk head, and if the encrypted hash value does not exist, checking the signature fails;
2. If the encrypted hash value exists in the fixed idle sector of the U disk head, decrypting the hash value by adopting an asymmetric algorithm to obtain the decrypted hash value;
3. Extracting physical information of devices such as VID, PID, serial number, description and the like of the U disk in the decrypted hash value;
4. Calculating a hash value according to the extracted physical information of the devices such as VID, PID, serial number, description and the like of the U disk in the decrypted hash value;
5. Comparing whether the decrypted hash value is consistent with the calculated hash value, if so, verifying the USB flash disk successfully as a legal security tag, if not, and if not, verifying the USB flash disk as an invalid tag, and if so, failing.
As shown in fig. 4, the problem data block list formation process is as follows:
1. Loading an effective security tag U disk;
2. A virus checking and killing engine is adopted to detect malicious codes of the data in the USB flash disk with the effective security tag;
3. recording basic information such as the path, the size and the like of the identified malicious code file;
4. unloading the USB flash disk with the effective security tag;
5. scanning partition table data of the USB flash disk with the effective security tag;
6. the catalog area data of the effective security tag U disk are scanned according to the partition table information;
7. identifying file information according to a data area pointed by a directory area of the effective security tag U disk;
The file information is a file stored on the U disk by a user, can be a data file, can be a text file or an executable file and the like, is not limited in specific type, and can be popularized to a specific suffix file or a specific type file for identification or standard by describing malicious code file scanning of the file stored on the U disk by the user;
8. Scanning the effective security tag USB flash disk data area file and block equipment information, if no malicious code file is found, continuing scanning;
9. Recording file information of scanned malicious code files and corresponding stored data block information; in operating systems such as Windows and Linux, access to files is performed by a file system, such as an NTFS file system, a FAT file system, etc., which stores file data in disk sectors in a certain organization form, and has sectors in which the file size is recorded, sectors in which the file path is recorded, and sectors in which the file content is recorded, which constitute a storage data block. The user reads and writes the files in the special USB protection device, namely reads and writes the stored data blocks on the disk at the level of the special USB protection device, and the USB flash disk device also comprises OTG mapping USB flash disk equipment
10. If malicious code file data information still exists in the USB flash disk with the effective security tag, continuing to scan in a seventh step;
11. and forming a problem data block list of malicious code files in the USB flash disk with the effective security tag.
As shown in fig. 5, the specific procedure of step S4 is as follows:
The first step: the target host checks the data in the USB flash disk through a USB protection special device;
And a second step of: sending a read-write request for storing the data block to the U disk;
and a third step of: after obtaining the request, the virtual USB storage device forwards the request to the bound U disk;
Fourth step: the storage block filtering module detects a data block read-write by the U disk;
fifth step: inquiring whether the data block is recorded in the U disk problem block data list, and if so, returning a rejection; if not, reading and writing the data block to the bound U disk;
sixth step: feeding back the access prohibition or read-write operation result to the virtual USB storage device;
Seventh step: obtaining a read/write result of the USB flash disk data block;
eighth step: and the target host prompts a user or ends the operation according to the result of the OTG mapping U disk.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (5)

1. The USB flash disk safety access method based on storage data block management and control is characterized by comprising the following steps:
Step S1: creating a virtual USB storage device through a USB protection special device, connecting the virtual USB storage device with a target host through an OTG line, and displaying a class storage device on the target host;
Step S2: the USB protection special device monitors USB flash disk access in real time, monitors the USB flash disk access, reads USB flash disk data, verifies whether the USB flash disk is provided with a security tag or not, and whether the security tag is valid or not; for the USB flash disk without the security tag or with the security tag invalid, the USB protection special device refuses to use;
Step S3: for the USB flash disk with the effective security tag, the USB protection special device reads the data of the USB flash disk, carries out virus detection on the data, analyzes out the virus word patterns of the data blocks where viruses are located in the data according to different data types, and sets a problem data block list according to the marked data blocks where the viruses are located through the storage block filtering module;
Step S4: binding the U disk scanned and marked by the virus in the step S3 into the class memory device in the step S1, checking the data in the U disk by the target host through the USB protection special device, and prohibiting access when accessing the data block where the marked virus in the data is located, so as to prohibit access to the virus file in the U disk, wherein the target host user can know the reason of refusing access through the data name marked with the virus word;
Step S5: after the use is completed, the target host ejects the USB flash disk or pulls the USB flash disk out of the target host, and the virtual USB storage device created by the target host is restored to a state without USB flash disk insertion and waits for accessing a new USB flash disk.
2. The method for securely accessing a usb disk based on storage data block management according to claim 1, wherein: the manufacturing process of the security tag of the USB flash disk is as follows: extracting physical information of the U disk; calculating a hash value according to the extracted physical information; encrypting the calculated hash value by adopting an asymmetric encryption algorithm; and writing the encrypted hash value into a head fixed idle sector of the U disk.
3. The method for securely accessing a usb disk based on storage data block management according to claim 2, wherein: the process of verifying whether the USB flash disk is provided with a security tag is as follows: reading whether the encrypted hash value exists in the fixed idle sector of the U disk head, and if the encrypted hash value does not exist, checking the signature fails; if the encrypted hash value exists in the fixed idle sector of the U disk head, decrypting the hash value by adopting an asymmetric algorithm to obtain the decrypted hash value; extracting physical information in the decrypted hash value; calculating a hash value according to the extracted physical information in the decrypted hash value; comparing whether the decrypted hash value is consistent with the calculated hash value, if so, verifying the USB flash disk successfully as a legal security tag, if not, and if not, verifying the USB flash disk as an invalid tag, and if so, failing.
4. The method for securely accessing a usb disk based on storage data block management according to claim 3, wherein: the problem data block list formation process is as follows: loading an effective security tag U disk; a virus checking and killing engine is adopted to detect malicious codes of the data in the USB flash disk with the effective security tag; recording basic information such as the path, the size and the like of the identified malicious code file; unloading the USB flash disk with the effective security tag; scanning partition table data of the USB flash disk with the effective security tag; the catalog area data of the effective security tag U disk are scanned according to the partition table information; identifying file information according to a data area pointed by a directory area of the effective security tag U disk; and scanning the effective security tag USB flash disk data area file and the block equipment information, and if the malicious code file is not found, continuing scanning.
5. The method for securely accessing a usb disk based on storage data block management according to claim 4, wherein: the specific process of step S4 is as follows: the target host checks the data in the USB flash disk through a USB protection special device; sending a read-write request for storing the data block to the U disk; after obtaining the request, the virtual USB storage device forwards the request to the bound U disk; the storage block filtering module detects a data block read-write by the U disk; inquiring whether the data block is recorded in the U disk problem block data list, recording, returning rejection, and reading and writing the data block to the bound U disk; feeding back the access prohibition or read-write operation result to the virtual USB storage device; obtaining a read-write result of the USB flash disk data block; and the target host prompts a user or ends the operation according to the result of the OTG mapping U disk.
CN202311651298.8A 2023-12-05 2023-12-05 USB flash disk safe access method based on storage data block management and control Pending CN117951761A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311651298.8A CN117951761A (en) 2023-12-05 2023-12-05 USB flash disk safe access method based on storage data block management and control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311651298.8A CN117951761A (en) 2023-12-05 2023-12-05 USB flash disk safe access method based on storage data block management and control

Publications (1)

Publication Number Publication Date
CN117951761A true CN117951761A (en) 2024-04-30

Family

ID=90797258

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311651298.8A Pending CN117951761A (en) 2023-12-05 2023-12-05 USB flash disk safe access method based on storage data block management and control

Country Status (1)

Country Link
CN (1) CN117951761A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118916880A (en) * 2024-10-11 2024-11-08 深圳豪杰创新电子有限公司 USB flash disk isolation virus data transmission method and system and USB flash disk
CN119378033A (en) * 2024-12-27 2025-01-28 北京冠程科技有限公司 A method and device for securely accessing a USB device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118916880A (en) * 2024-10-11 2024-11-08 深圳豪杰创新电子有限公司 USB flash disk isolation virus data transmission method and system and USB flash disk
CN118916880B (en) * 2024-10-11 2025-02-28 深圳豪杰创新电子有限公司 A USB disk virus isolation data transmission method, system and USB disk
CN119378033A (en) * 2024-12-27 2025-01-28 北京冠程科技有限公司 A method and device for securely accessing a USB device

Similar Documents

Publication Publication Date Title
CN103065102B (en) Data encryption mobile storage management method based on virtual disk
CN117951761A (en) USB flash disk safe access method based on storage data block management and control
US7181008B1 (en) Contents management method, content management apparatus, and recording medium
CN113312676B (en) Data access method and device, computer equipment and readable storage medium
US8887295B2 (en) Method and system for enabling enterprises to use detachable memory devices that contain data and executable files in controlled and secure way
CN102063583B (en) Data exchange method for mobile storage medium and device thereof
US20060200414A1 (en) Methods of copy protecting software stored on portable memory
JP2012515959A (en) Removable memory storage device having multiple authentication processing function
CN101430700B (en) File management device and storage device
CN102053925A (en) Realization method of data encryption in hard disk
CN109214204B (en) Data processing method and storage device
CN113553006B (en) Secure encryption storage system for realizing data writing to read-only partition
CN108287988B (en) Security management system and method for mobile terminal file
CN103473512B (en) A kind of mobile memory medium management method and device
US20020138747A1 (en) Restricted data access
US8776232B2 (en) Controller capable of preventing spread of computer viruses and storage system and method thereof
CN100518061C (en) Disk memory system with once written and multiple read and design method thereof
US20010044887A1 (en) Record medium and method of controlling access to record medium
AU2008344947B2 (en) System and method for securely storing information
CN113051533A (en) Safety management method of terminal equipment
US20130173851A1 (en) Non-volatile storage device, access control program, and storage control method
KR101460297B1 (en) Removable storage media control apparatus for preventing data leakage and method thereof
CN116432254A (en) Special safe hard disk with self-destruction mechanism and hard disk pairing method
CN113032853B (en) Physical isolation data storage device
Hasan et al. The techniques and challenges of immutable storage with applications in multimedia

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination