[go: up one dir, main page]

WO2019161582A1 - Mobile storage device and encryption method and apparatus therefor - Google Patents

Mobile storage device and encryption method and apparatus therefor Download PDF

Info

Publication number
WO2019161582A1
WO2019161582A1 PCT/CN2018/078818 CN2018078818W WO2019161582A1 WO 2019161582 A1 WO2019161582 A1 WO 2019161582A1 CN 2018078818 W CN2018078818 W CN 2018078818W WO 2019161582 A1 WO2019161582 A1 WO 2019161582A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile storage
storage device
wireless communication
identifier
bound
Prior art date
Application number
PCT/CN2018/078818
Other languages
French (fr)
Chinese (zh)
Inventor
李志雄
覃敏
钱俊光
Original Assignee
深圳市大迈科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市大迈科技有限公司 filed Critical 深圳市大迈科技有限公司
Publication of WO2019161582A1 publication Critical patent/WO2019161582A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C17/00Arrangements for transmitting signals characterised by the use of a wireless electrical link
    • G08C17/02Arrangements for transmitting signals characterised by the use of a wireless electrical link using a radio link

Definitions

  • the present invention belongs to the field of data security, and in particular, to a mobile storage device and an encryption method and apparatus thereof.
  • the mobile storage device includes a USB flash drive, etc., wherein the Chinese name of the USB flash drive is fully referred to as a USB flash drive, and the English full name is "USB flash disk".
  • the mobile storage device is a micro-high-capacity mobile storage product that uses a USB interface and does not require a physical drive. It is connected to a computer and the like through a USB interface to realize plug and play.
  • the data can be read and written conveniently by the mobile storage device, which brings great convenience to the user.
  • the data in the mobile storage device can be encrypted by the encryption software running on the PC, so that the data in the mobile storage device can be prevented from being stolen by others.
  • the encryption software on the PC side each time the user reads the data in the mobile storage device, the user needs to use the encryption software frequently, which is troublesome and is not conducive to improving the read data. The convenience of use.
  • the embodiments of the present invention provide a method, an apparatus, and a device for encrypting a mobile storage device, so as to solve the problem that the operation encryption software required for the mobile storage device to perform encryption in the prior art is cumbersome to use.
  • a first aspect of the embodiments of the present invention provides a method for encrypting a mobile storage device, where the mobile storage device is provided with a wireless communication circuit, and the method for encrypting the mobile storage device includes:
  • the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device, allowing the encrypted data storage area in the mobile storage device to be read and written.
  • the method before the step of acquiring the device identifier of the wireless communication device, the method further includes:
  • the device identification of the currently connected wireless communication device is bound to the mobile storage device.
  • the method further includes:
  • the method further includes:
  • the method further includes:
  • the upper computer is allowed to read and write the encrypted data storage area in the mobile storage device.
  • the method further includes:
  • the primary controller of the mobile storage device is bound to the encrypted storage area.
  • the data of the encrypted storage area is prohibited from being read or written.
  • an embodiment of the present invention provides a mobile storage device encryption method, where the mobile storage device encryption method includes:
  • the method further includes:
  • the device identification of the wireless communication device is transmitted to the mobile storage device such that the mobile storage device is bound to the device identification sent by the wireless communication device.
  • the method further includes:
  • the wireless communication device is the wireless communication device verified by the first identity verification information, or the device identifier of the wireless communication device has been bound to the mobile storage device, allowing the first identity verification information to be replaced, Or unbinding the device identification of the wireless communication device with the mobile storage device.
  • the wireless communication device is automatically scanned Find and connect to a mobile storage device that has established a wireless connection
  • the wireless communication device establishes a connection with the mobile storage device by inputting the encrypted information.
  • an embodiment of the present invention provides a mobile storage device encryption device, where the mobile storage device is provided with a wireless communication circuit, and the mobile storage device encryption device includes:
  • a device identifier obtaining unit configured to acquire a device identifier of the wireless communication device when the mobile storage device establishes a wireless communication connection with the wireless communication device;
  • a device identifier determining unit configured to determine whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
  • the privilege acquisition unit is configured to allow reading and writing of the encrypted data storage area in the mobile storage device if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device.
  • the device further includes:
  • a storage determining unit configured to determine whether the mobile storage device stores a device identifier bound to the mobile storage device
  • a binding unit configured to bind the device identifier of the currently connected wireless communication device to the mobile storage device if the device identifier bound to the mobile storage device is not stored.
  • an embodiment of the present invention provides a mobile storage device encryption device, where the mobile storage device encryption device includes:
  • a device identifier obtaining module when the wireless communication device establishes a wireless connection with the mobile storage device, and acquires a device identifier of the wireless communication device;
  • a device identifier sending module configured to send the device identifier of the wireless communication device to the mobile storage device, so that the mobile storage device determines whether to allow reading and writing of the encrypted data storage area in the mobile storage device according to the received device identifier.
  • a fifth aspect of an embodiment of the present invention provides a mobile storage device including a memory, a processor, and a computer program stored in the memory and operable on the processor, wherein the processor executes The computer program implements the steps of the method of any of the first aspects.
  • a sixth aspect of the embodiments of the present invention provides a computer readable storage medium storing a computer program, wherein the computer program is executed by a processor to implement any of the first aspects The steps of the method described.
  • the beneficial effects of the embodiment of the present invention compared with the prior art are: by setting a wireless communication circuit in the mobile storage device, when the wireless communication circuit in the mobile storage device establishes a connection with the wireless communication device, the mobile storage device acquires the The device identifier of the wireless communication device determines whether the device identifier is bound to the mobile storage device, and if the acquired device identifier is the device identifier bound to the mobile storage device, the encrypted data in the mobile storage device is allowed to be read and written.
  • a storage area so that as long as the wireless communication device is within the communication range of the mobile storage device, no additional operations are required, that is, the mobile storage device can be effectively read and written, and when the wireless communication device is away from the communication range, The mobile storage device cannot be read or written, and the security of the data of the mobile storage device is ensured, and the convenience of the user operation is improved.
  • FIG. 1 is a schematic structural diagram of a system for encrypting a mobile storage device according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of an implementation method of a method for encrypting a mobile storage device according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of an implementation process of another method for encrypting a mobile storage device according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of a mobile storage device encryption apparatus according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of an apparatus for encrypting a mobile storage device according to an embodiment of the present invention
  • FIG. 6 is a schematic diagram of a mobile storage device according to an embodiment of the present invention.
  • the mobile storage device encryption system includes a wireless communication device 1 and a mobile storage device 2 , wherein the mobile storage device 2 includes a wireless communication circuit 21 and a mobile storage device controller 22 .
  • the wireless communication device 1 may be a smart phone, a tablet computer, a notebook computer, a wearable device, or the like.
  • the wireless communication circuit provided in the wireless communication device 1 may be a Bluetooth communication circuit. Of course, it is not limited thereto, and may be a WIFI communication circuit or the like.
  • the mobile storage device 2 is provided with a wireless communication circuit and a mobile storage device controller 22, and the mobile storage device controller 22 is configured to detect whether the mobile storage device is connected to a device such as a computer, and is received by a wireless communication circuit.
  • the device identifier is received, and the device identifier is compared and analyzed.
  • the computer or the like is allowed to perform data read and write operations on the mobile storage device.
  • the mobile storage device controller may detect whether the device identifier of the wireless communication device currently connected to the mobile storage device is legal according to a predetermined period, and if not, disable data read and write operations on the mobile storage device.
  • data stored in the mobile storage device may be erased or the like.
  • FIG. 2 is a schematic flowchart of an implementation method of a method for encrypting a mobile storage device according to an embodiment of the present disclosure, which is as follows:
  • step S201 when the mobile storage device establishes a wireless communication connection with the wireless communication device, acquiring a device identifier of the wireless communication device;
  • the mobile storage device may be a storage device such as a USB flash drive, an SD card, a solid state drive SSD, or an embedded memory card.
  • the mobile storage device establishes a connection with the wireless communication device, and generally, when the mobile storage device is inserted into a device such as a computer, after the wireless communication circuit in the mobile storage device is powered on, the wireless environment of the mobile storage device is started to be wireless. Detection and pairing of communication devices. When the mobile storage device is not connected to a device such as a computer, since the mobile storage device itself generally does not provide a power source such as a battery, when the mobile storage device is not connected to a device such as a computer, the mobile storage device does not detect whether there is any environment in the environment. Other wireless communication devices.
  • the paired mobile storage device can be recorded by the wireless communication device.
  • the wireless communication device detects a wireless signal of the paired mobile storage device, such as a Bluetooth signal, a wireless communication connection between the wireless communication device and the mobile storage device is automatically established.
  • the wireless communication device may also establish a connection with the mobile storage device through a private channel, by manually inputting a connection password, or by clicking and logging in by an APP application in the wireless communication device, and the wireless communication device will MAC address, etc.
  • the device identification of the wireless communication device is sent to the mobile storage device.
  • the access request sent by the wireless communication device may be received by the main controller in the mobile storage device, and the access request may include a device identifier of the wireless communication device, such as a MAC address or the like. If the received device identifier is consistent with the device identifier stored in the primary controller in the mobile storage device, the encrypted data storage area of the mobile storage device is allowed to be read and written.
  • step S202 it is determined whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
  • the present application includes two implementation scenarios.
  • the first implementation scenario is that the device identifier that is bound to the mobile storage device is not stored in the mobile storage device. This scenario will be specifically described in the corresponding embodiment of FIG. 3 .
  • the second implementation scenario is that the mobile storage device stores a device identifier bound to the mobile storage device.
  • the mobile storage device receives the device identifier of the wireless communication device, the received device identifier is compared with the stored device identifier bound to the mobile storage device.
  • the mobile storage device may internally store one or more device identifiers bound to the mobile storage device, that is, the mobile storage device may be in any one of the plurality of wireless communication devices having the set device identifier and the mobile When the wireless communication circuits in the storage device are connected, the mobile storage device can be effectively determined to be in a readable and writable state.
  • the wireless communication device can communicate with the mobile storage device by installing an application.
  • first identity verification information for modifying the device identifier bound to the mobile storage device may be set,
  • the first authentication information may be a text password or a fingerprint password.
  • the first authentication information may be saved on the server, or the first authentication information may be saved in the mobile storage device.
  • the first identity verification information and the mobile storage device identifier may be sent to the server or the mobile storage device, where the first identity verification information may be a verification password.
  • the wireless communication device sends an unbinding request to the mobile storage device, requesting to release the binding of the mobile storage device and the wireless communication device, that is, deleting the mobile storage
  • the device identification of the wireless communication device stored in the device Obtaining the unbinding right, the device identifier bound to the mobile storage device can be released.
  • the unbinding permission may also be obtained, and the device identifier bound to the mobile storage device may be released.
  • the device identifier of the currently used wireless communication device may be sent to the mobile storage device as the device identifier bound to the mobile storage device.
  • the wireless communication device is a verified wireless communication device, such as the wireless communication device is verified by the first identity verification information, or the device identifier of the wireless communication device is tied to the mobile storage device If yes, the right to modify the first authentication information can be obtained, and the modification of the first authentication information is completed.
  • step S203 if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device, the encrypted data storage area in the mobile storage device is allowed to be read and written.
  • the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device, allowing read and write operations on the mobile storage device, if the acquired device identifier is not the The device identifier bound to the mobile storage device preset in the mobile storage device prohibits reading and writing the mobile storage device, thereby facilitating protection of the encrypted data storage area in the mobile storage device.
  • the mobile storage device when the mobile storage device is directly connected to the upper computer, it can also receive first identity verification information, such as a password, input by the user on the upper computer. When the first authentication information is verified, the encrypted data storage area of the mobile storage device is allowed to be read and written.
  • first identity verification information such as a password
  • the encrypted data storage area of the mobile storage device is allowed to be read and written.
  • the mobile storage device is a USB flash drive
  • the USB flash drive can be connected to the computer. You can read and write the encrypted data storage area of the USB flash drive by directly entering the password on the computer.
  • the mobile storage device may be restored to the factory settings by performing an initial operation on the mobile storage device, and the storage in the mobile storage device is deleted. data.
  • the main controller of the mobile storage device is bound to the encrypted data storage area.
  • the main controller is replaced, the read and write operations on the encrypted data storage area are prohibited, so that the security of the data can be further ensured.
  • FIG. 3 is a schematic flowchart of another implementation method of a method for encrypting a mobile storage device according to an embodiment of the present disclosure, which is as follows:
  • step S301 when the mobile storage device establishes a wireless communication connection with the wireless communication device, determining whether the mobile storage device stores a device identifier bound to the mobile storage device;
  • the device identifier bound to the wireless communication device may not be set.
  • the determining of the device identifier bound by the mobile storage device may be detected by a mobile storage device controller in the mobile storage device, and the detection result may be sent to a wireless communication device that establishes a wireless connection with the mobile storage device.
  • the mobile storage device controller may determine, by way of setting the identifier bit, a determination message sent by the mobile storage device determined by the mobile storage device, where the determination message is determined by the mobile storage device whether the storage is stored
  • the device ID bound to the storage device For example, the identifier content "0" can be used to indicate the device identifier that is not currently bound.
  • the identifier content "1" indicates that the number of device identifiers currently bound is one, and the identifier content "2" indicates the number of device identifiers currently bound. It is two.
  • step S302 if the device identifier bound to the mobile storage device is not stored, the device identifier of the currently connected wireless communication device is bound to the mobile storage device;
  • the wireless communication device sends the device identifier
  • different transmission modes may be selected according to the specific type of the wireless communication device. For example, when the wireless communication device is a mobile phone of the Android system, the MAC address may be actively sent.
  • the device identifier when the wireless communication device is a mobile phone of the IOS system, needs to acquire the device identifier of the wireless communication device by means of the mobile storage device.
  • the device identifier bound in the mobile storage device needs to be initialized.
  • the initialized device identifier bound by the mobile storage device is a device identifier of a wireless communication device that establishes a wireless connection with the mobile storage device for the first time.
  • the method further includes the step S303, sending, to the master device directly connected to the mobile storage device, the information that is not stored by the mobile storage device, so that the master device sets the first identity verification information,
  • the first authentication information is used to update and modify the device identifier bound to the mobile storage device;
  • the present application may also connect the primary device (such as a desktop computer or a notebook directly connected to the mobile storage device when the mobile storage device establishes a connection with the wireless communication device for the first time).
  • a prompt message is sent in the computer for prompting the user to input the first authentication information, where the first authentication information is used to update and modify the device identifier bound to the mobile storage device, so as to prevent the wireless communication device of the user from being lost.
  • resetting by using the first identity verification information, a new device identifier bound to the mobile storage device, so that the mobile storage device can continue to be used.
  • the wireless communication device may send the first identity verification information to the mobile storage device device, or may send the message to the server for saving, when it is required to change the binding in the mobile storage device.
  • the wireless communication device may send the first identity verification information to the mobile storage device device, or may send the message to the server for saving, when it is required to change the binding in the mobile storage device.
  • the device is identified, the right is verified to the mobile storage device or the server.
  • the wireless communication circuit in the mobile storage device is in a connectable state, and when the wireless communication device confirms the connection, the wireless communication device can establish a connection.
  • a connection may be established with the mobile storage device by using an application, and the device identifier of the wireless communication device is used as a device identifier bound to the mobile storage device.
  • step S304 if a device identifier bound to the mobile storage device is stored, acquiring a device identifier of the wireless communication device;
  • step S305 it is determined whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
  • step S306 if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device, the encrypted data storage area in the mobile storage device is allowed to be read and written.
  • Steps S304-S306 are substantially the same as steps S201-S203 described in FIG. 2, and are not described herein again.
  • the embodiment of the present application determines the device identifier in the mobile storage device, and if the device identifier bound to the mobile storage device is not stored, the device identifier of the wireless communication device that establishes the wireless connection for the first time is used as the The device identifier bound to the mobile storage device can be used to carry the wireless communication device when the user uses the mobile storage device, and does not require other frequent operations, which is beneficial to improving the convenience of the user.
  • FIG. 4 is a schematic structural diagram of a device for encrypting a mobile storage device according to an embodiment of the present disclosure. As shown in FIG. 4, the device for encrypting a mobile storage device includes:
  • the device identifier obtaining unit 401 is configured to acquire a device identifier of the wireless communication device when the mobile storage device establishes a wireless communication connection with the wireless communication device;
  • the device identifier determining unit 402 is configured to determine whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
  • the permission obtaining unit 403 is configured to allow reading and writing of the encrypted data storage area in the mobile storage device if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device. .
  • the device further comprises:
  • a storage determining unit configured to determine whether the mobile storage device stores a device identifier bound to the mobile storage device
  • a binding unit configured to bind the device identifier of the currently connected wireless communication device to the mobile storage device if the device identifier bound to the mobile storage device is not stored.
  • the mobile storage device encryption device of FIG. 4 is a mobile storage device-based encryption method corresponding device in the mobile storage device encryption method of FIG.
  • the present application further provides an apparatus for implementing a method for encrypting a mobile storage device based on a wireless communication device side.
  • the mobile storage device encryption device includes:
  • the device identifier obtaining module 501 is configured to establish a wireless connection between the wireless communication device and the mobile storage device, and obtain a device identifier of the wireless communication device;
  • the device identifier sending module 502 is configured to send the device identifier of the wireless communication device to the mobile storage device, so that the mobile storage device determines whether to allow reading and writing of the encrypted data storage area in the mobile storage device according to the received device identifier. .
  • the mobile storage device encryption device corresponds to the mobile storage device encryption method, and details are not described herein.
  • FIG. 6 is a schematic diagram of a mobile storage device according to an embodiment of the present invention.
  • the mobile storage device 6 of this embodiment includes a processor 60, a memory 61, and a computer program 62 stored in the memory 61 and operable on the processor 60, such as a mobile storage device encryption. program.
  • the processor 60 executes the computer program 62
  • the steps in the foregoing embodiments of the mobile storage device encryption method are implemented, such as steps 101 to 103 shown in FIG.
  • the processor 60 executes the computer program 62
  • the functions of the modules/units in the foregoing device embodiments are implemented, such as the functions of the modules 401 to 403 shown in FIG.
  • the computer program 62 can be partitioned into one or more modules/units that are stored in the memory 61 and executed by the processor 60 to complete this invention.
  • the one or more modules/units may be a series of computer program instruction segments capable of performing a particular function, the instruction segments being used to describe the execution of the computer program 62 in the mobile storage device 6.
  • the computer program 62 can be divided into a device identification acquisition unit, a device identification determination unit, and a rights acquisition unit, and the specific functions of each unit are as follows:
  • a device identifier obtaining unit configured to acquire a device identifier of the wireless communication device when the mobile storage device establishes a wireless communication connection with the wireless communication device;
  • a device identifier determining unit configured to determine whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
  • the privilege acquisition unit is configured to allow reading and writing of the encrypted data storage area in the mobile storage device if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device.
  • the mobile storage device 6 can be a USB flash drive, an SD card, a solid state drive SSD, or an embedded memory card.
  • the mobile storage device may include, but is not limited to, processor 60, memory 61. It will be understood by those skilled in the art that FIG. 6 is merely an example of the mobile storage device 6, and does not constitute a limitation of the mobile storage device 6, and may include more or less components than those illustrated, or may combine some components, or different.
  • the components, such as the mobile storage device may also include input and output devices, network access devices, buses, and the like.
  • the so-called processor 60 can be a central processing unit (Central Processing Unit, CPU), can also be other general-purpose processors, digital signal processors (DSP), application specific integrated circuits (Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the memory 61 may be an internal storage unit of the mobile storage device 6, such as a hard disk or memory of the mobile storage device 6.
  • the memory 61 may also be an external storage device of the mobile storage device 6, such as a plug-in hard disk equipped on the mobile storage device 6, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card (Flash Card) and so on.
  • the memory 61 may also include both an internal storage unit of the mobile storage device 6 and an external storage device.
  • the memory 61 is used to store the computer program and other programs and data required by the mobile storage device.
  • the memory 61 can also be used to temporarily store data that has been output or is about to be output.
  • each functional unit and module described above is exemplified. In practical applications, the above functions may be assigned to different functional units as needed.
  • the module is completed by dividing the internal structure of the device into different functional units or modules to perform all or part of the functions described above.
  • Each functional unit and module in the embodiment may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit, and the integrated unit may be hardware.
  • Formal implementation can also be implemented in the form of software functional units.
  • the specific names of the respective functional units and modules are only for the purpose of facilitating mutual differentiation, and are not intended to limit the scope of protection of the present application.
  • For the specific working process of the unit and the module in the foregoing system reference may be made to the corresponding process in the foregoing method embodiment, and details are not described herein again.
  • the disclosed apparatus/terminal device and method may be implemented in other manners.
  • the device/terminal device embodiments described above are merely illustrative.
  • the division of the modules or units is only a logical function division.
  • there may be another division manner for example, multiple units.
  • components may be combined or integrated into another system, or some features may be omitted or not performed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated modules/units if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, the present invention implements all or part of the processes in the foregoing embodiments, and may also be completed by a computer program to instruct related hardware.
  • the computer program may be stored in a computer readable storage medium. The steps of the various method embodiments described above may be implemented when the program is executed by the processor.
  • the computer program comprises computer program code, which may be in the form of source code, object code form, executable file or some intermediate form.
  • the computer readable medium may include any entity or device capable of carrying the computer program code, a recording medium, a mobile storage device, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read only memory (ROM, Read-Only Memory). ), random access memory (RAM), electrical carrier signals, telecommunications signals, and software distribution media.
  • ROM Read Only memory
  • RAM random access memory
  • electrical carrier signals telecommunications signals
  • software distribution media may be any entity or device capable of carrying the computer program code, a recording medium, a mobile storage device, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read only memory (ROM, Read-Only Memory). ), random access memory (RAM), electrical carrier signals, telecommunications signals, and software distribution media.
  • the content contained in the computer readable medium may be appropriately increased or decreased according to the requirements of legislation and patent practice in a jurisdiction, for example, in some jurisdictions, according to legislation and patent practice, computer readable media It does not include electrical carrier signals

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

An encryption method for a mobile storage device, the mobile storage device being provided with a wireless communication circuit. Said method comprising: acquiring a device identifier of a wireless communication device when a mobile storage device establishes a wireless communication connection with the wireless communication device; determining whether the acquired device identifier is the device identifier which is preset in the mobile storage device and bound to the mobile storage device; and if the acquired device identifier is the device identifier which is preset in the mobile storage device and bound to the mobile storage device, permitting reading and writing of an encrypted data storage area in the mobile storage device. As long as the wireless communication device is within the communication range of the mobile storage device, no additional operation is needed, that is, a read/write operation can be performed on the mobile storage device effectively, being beneficial to improving the convenience of user operations.

Description

一种移动存储设备及其加密方法与装置Mobile storage device and encryption method and device thereof 技术领域Technical field
本发明属于数据安全领域,尤其涉及一种移动存储设备及其加密方法与装置。The present invention belongs to the field of data security, and in particular, to a mobile storage device and an encryption method and apparatus thereof.
背景技术Background technique
移动存储设备包括U盘等,其中U盘的中文全称为USB闪存盘,英文全称为“USB flash disk”。移动存储设备是一种使用USB接口的、无需物理驱动器的微型高容量移动存储产品,通过USB接口与电脑等设备连接,实现即插即用。The mobile storage device includes a USB flash drive, etc., wherein the Chinese name of the USB flash drive is fully referred to as a USB flash drive, and the English full name is "USB flash disk". The mobile storage device is a micro-high-capacity mobile storage product that uses a USB interface and does not require a physical drive. It is connected to a computer and the like through a USB interface to realize plug and play.
通过移动存储设备可以方便的对数据进行读取和写入,给用户的使用带来了极大的便利性。并且,为了提高移动存储设备中的数据的安全性,还可以通过在PC端运行的加密软件对移动存储设备中的数据进行加密操作,从而可以避免移动存储设备中的数据被他人盗用。但是,通过PC端的加密软件对移动存储设备中的数据进行保护时,每次用户读取移动存储设备中的数据时,都需要用户频繁的使用加密软件,操作较为麻烦,不利于提高读取数据的使用的便利性。The data can be read and written conveniently by the mobile storage device, which brings great convenience to the user. Moreover, in order to improve the security of the data in the mobile storage device, the data in the mobile storage device can be encrypted by the encryption software running on the PC, so that the data in the mobile storage device can be prevented from being stolen by others. However, when the data in the mobile storage device is protected by the encryption software on the PC side, each time the user reads the data in the mobile storage device, the user needs to use the encryption software frequently, which is troublesome and is not conducive to improving the read data. The convenience of use.
技术问题technical problem
有鉴于此,本发明实施例提供了移动存储设备加密方法、装置及设备,以解决现有技术中移动存储设备进行加密时,需要的操作加密软件,使用较为麻烦的问题。In view of this, the embodiments of the present invention provide a method, an apparatus, and a device for encrypting a mobile storage device, so as to solve the problem that the operation encryption software required for the mobile storage device to perform encryption in the prior art is cumbersome to use.
技术解决方案Technical solution
本发明实施例的第一方面提供了一种移动存储设备加密方法,所述移动存储设备中设置有无线通信电路,所述移动存储设备加密方法包括:A first aspect of the embodiments of the present invention provides a method for encrypting a mobile storage device, where the mobile storage device is provided with a wireless communication circuit, and the method for encrypting the mobile storage device includes:
当所述移动存储设备与无线通信设备建立无线通信连接时,获取所述无线通信设备的设备标识;Obtaining a device identifier of the wireless communication device when the mobile storage device establishes a wireless communication connection with the wireless communication device;
判断所获取的设备标识是否为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识;Determining whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
如果所获取的设备标识为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则允许读写所述移动存储设备中的加密数据存储区。And if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device, allowing the encrypted data storage area in the mobile storage device to be read and written.
结合第一方面,在第一方面的第一种可能实现方式中,在所述获取所述无线通信设备的设备标识的步骤之前,所述方法还包括:With reference to the first aspect, in a first possible implementation manner of the first aspect, before the step of acquiring the device identifier of the wireless communication device, the method further includes:
判断所述移动存储设备是否存储有与所述移动存储设备绑定的设备标识;Determining whether the mobile storage device stores a device identifier bound to the mobile storage device;
如果没有存储与移动存储设备绑定的设备标识,则将当前所连接的无线通信设备的设备标识与所述移动存储设备绑定。If the device identification bound to the mobile storage device is not stored, the device identification of the currently connected wireless communication device is bound to the mobile storage device.
结合第一方面的第一种可能实现方式,在第一方面的第二种可能实现方式中,如果没有存储与移动存储设备绑定的设备标识,所述方法还包括:With the first possible implementation of the first aspect, in a second possible implementation manner of the first aspect, if the device identifier that is bound to the mobile storage device is not stored, the method further includes:
将没有存储与移动存储设备绑定的设备标识的信息发送给移动存储设备直接连接的主设备,使得主设备设置第一身份验证信息,所述第一身份验证信息用于更新修改所述移动存储设备所绑定的设备标识。Sending information that does not store the device identifier bound to the mobile storage device to the master device directly connected to the mobile storage device, so that the master device sets first authentication information, where the first identity verification information is used to update and modify the mobile storage The device ID to which the device is bound.
结合第一方面,在第一方面的第三种可能实现方式中,所述方法还包括:In conjunction with the first aspect, in a third possible implementation manner of the first aspect, the method further includes:
接收由无线通信设备发送的解绑请求,根据所述解绑请求删除所述移动存储设备所绑定的设备标识,所述无线通信设备为通过第一身份验证信息所验证后的无线通信设备。Receiving the unbind request sent by the wireless communication device, deleting the device identifier bound by the mobile storage device according to the unbinding request, where the wireless communication device is the wireless communication device verified by the first identity verification information.
结合第一方面,在第一方面的第四种可能实现方式中,所述方法还包括:In conjunction with the first aspect, in a fourth possible implementation manner of the first aspect, the method further includes:
当接收到所述移动存储设备有线连接的上位机发送的第一身份验证信息时,则允许所述上位机读写所述移动存储设备中的加密数据存储区。And when the first identity verification information sent by the upper computer of the wired connection of the mobile storage device is received, the upper computer is allowed to read and write the encrypted data storage area in the mobile storage device.
结合第一方面,在第一方面的第五种可能实现方式中,所述方法还包括:In conjunction with the first aspect, in a fifth possible implementation manner of the first aspect, the method further includes:
所述移动存储设备的主控制器与加密存储区绑定,当检测到所述加密存储区绑定的主控制器更换时,则禁止读写所述加密存储区的数据。The primary controller of the mobile storage device is bound to the encrypted storage area. When detecting that the primary controller bound to the encrypted storage area is replaced, the data of the encrypted storage area is prohibited from being read or written.
第二方面,本发明实施例提供了一种移动存储设备加密方法,所述移动存储设备加密方法包括:In a second aspect, an embodiment of the present invention provides a mobile storage device encryption method, where the mobile storage device encryption method includes:
无线通信设备与移动存储设备建立无线连接,获取所述无线通信设备的设备标识;Establishing, by the wireless communication device, a wireless connection with the mobile storage device, and acquiring a device identifier of the wireless communication device;
将无线通信设备的设备标识发送给所述移动存储设备,以使得所述移动存储设备根据所接收的设备标识确定是否允许读写移动存储设备中的加密数据存储区。Sending the device identification of the wireless communication device to the mobile storage device such that the mobile storage device determines whether to allow reading and writing of the encrypted data storage area in the mobile storage device based on the received device identification.
结合第二方面,在第二方面的第一种可能实现方式中,所述方法还包括:With reference to the second aspect, in a first possible implementation manner of the second aspect, the method further includes:
判断所述移动存储设备是否存储有与所述移动存储设备绑定的设备标识;Determining whether the mobile storage device stores a device identifier bound to the mobile storage device;
如果没有存储与所述移动存储设备绑定的设备标识,则将所述无线通信设备的设备标识发送给移动存储设备,以使得移动存储设备与所述无线通信设备发送的设备标识绑定。If the device identification bound to the mobile storage device is not stored, the device identification of the wireless communication device is transmitted to the mobile storage device such that the mobile storage device is bound to the device identification sent by the wireless communication device.
结合第二方面,在第二方面的第二种可能实现方式中,所述方法还包括:With reference to the second aspect, in a second possible implementation manner of the second aspect, the method further includes:
接收更换第一身份验证信息的请求,或者接收解除与移动存储设备绑定的请求;Receiving a request to replace the first authentication information, or receiving a request to release the binding with the mobile storage device;
当所述无线通信设备为第一身份验证信息验证过的无线通信设备,或者所述无线通信设备的设备标识已与所述移动存储设备绑定时,则允许更换所述第一身份验证信息,或解除所述无线通信设备的设备标识与移动存储设备的绑定。When the wireless communication device is the wireless communication device verified by the first identity verification information, or the device identifier of the wireless communication device has been bound to the mobile storage device, allowing the first identity verification information to be replaced, Or unbinding the device identification of the wireless communication device with the mobile storage device.
结合第二方面、第二方面的第一种可能实现方式或第二方面的第二种可能实现方式,在第二方面的第三种可能实现方式中,所述无线通信设备通过自动扫描的方式查找并连接曾建立过无线连接的移动存储设备;With reference to the second aspect, the first possible implementation manner of the second aspect, or the second possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect, the wireless communication device is automatically scanned Find and connect to a mobile storage device that has established a wireless connection;
或者,所述无线通信设备通过输入加密信息与移动存储设备建立连接。Alternatively, the wireless communication device establishes a connection with the mobile storage device by inputting the encrypted information.
第三方面,本发明实施例提供了一种移动存储设备加密装置,所述移动存储设备中设置有无线通信电路,所述移动存储设备加密装置包括:In a third aspect, an embodiment of the present invention provides a mobile storage device encryption device, where the mobile storage device is provided with a wireless communication circuit, and the mobile storage device encryption device includes:
设备标识获取单元,用于当所述移动存储设备与无线通信设备建立无线通信连接时,获取所述无线通信设备的设备标识;a device identifier obtaining unit, configured to acquire a device identifier of the wireless communication device when the mobile storage device establishes a wireless communication connection with the wireless communication device;
设备标识判断单元,用于判断所获取的设备标识是否为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识;a device identifier determining unit, configured to determine whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
权限获取单元,用于如果所获取的设备标识为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则允许读写所述移动存储设备中的加密数据存储区。The privilege acquisition unit is configured to allow reading and writing of the encrypted data storage area in the mobile storage device if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device.
结合第三方面,在第三方面的第一种可能实现方式中,所述装置还包括:In conjunction with the third aspect, in a first possible implementation manner of the third aspect, the device further includes:
存储判断单元,用于判断所述移动存储设备是否存储有与所述移动存储设备绑定的设备标识;a storage determining unit, configured to determine whether the mobile storage device stores a device identifier bound to the mobile storage device;
绑定单元,用于如果没有存储与移动存储设备绑定的设备标识,则将当前所连接的无线通信设备的设备标识与所述移动存储设备绑定。And a binding unit, configured to bind the device identifier of the currently connected wireless communication device to the mobile storage device if the device identifier bound to the mobile storage device is not stored.
第四方面,本发明实施例提供了一种移动存储设备加密装置,所述移动存储设备加密装置包括:In a fourth aspect, an embodiment of the present invention provides a mobile storage device encryption device, where the mobile storage device encryption device includes:
设备标识获取模块,当无线通信设备与移动存储设备建立无线连接,获取所述无线通信设备的设备标识;a device identifier obtaining module, when the wireless communication device establishes a wireless connection with the mobile storage device, and acquires a device identifier of the wireless communication device;
设备标识发送模块,用于将无线通信设备的设备标识发送给所述移动存储设备,以使得所述移动存储设备根据所接收的设备标识确定是否允许读写移动存储设备中的加密数据存储区。And a device identifier sending module, configured to send the device identifier of the wireless communication device to the mobile storage device, so that the mobile storage device determines whether to allow reading and writing of the encrypted data storage area in the mobile storage device according to the received device identifier.
本发明实施例的第五方面提供了一种移动存储设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如第一方面任一项所述方法的步骤。A fifth aspect of an embodiment of the present invention provides a mobile storage device including a memory, a processor, and a computer program stored in the memory and operable on the processor, wherein the processor executes The computer program implements the steps of the method of any of the first aspects.
本发明实施例的第六方面提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如第一方面任一项所述方法的步骤。A sixth aspect of the embodiments of the present invention provides a computer readable storage medium storing a computer program, wherein the computer program is executed by a processor to implement any of the first aspects The steps of the method described.
有益效果Beneficial effect
本发明实施例与现有技术相比存在的有益效果是:通过在移动存储设备中设置无线通信电路,当移动存储设备中的无线通信电路与无线通信设备建立连接时,移动存储设备获取所述无线通信设备的设备标识,判断是否为所述移动存储设备绑定的设备标识,如果所获取的设备标识是所述移动存储设备绑定的设备标识,则允许读写移动存储设备中的加密数据存储区,从而只要无线通信设备在所述移动存储设备的通信范围之内,不需要另外的操作,即可以有效的对移动存储设备进行读写操作,当无线通信设备远离所述通信范围时,则不能对移动存储设备进行读写操作,在保证了移动存储设备数据的安全的同时,有利于提高用户操作的便利性。The beneficial effects of the embodiment of the present invention compared with the prior art are: by setting a wireless communication circuit in the mobile storage device, when the wireless communication circuit in the mobile storage device establishes a connection with the wireless communication device, the mobile storage device acquires the The device identifier of the wireless communication device determines whether the device identifier is bound to the mobile storage device, and if the acquired device identifier is the device identifier bound to the mobile storage device, the encrypted data in the mobile storage device is allowed to be read and written. a storage area, so that as long as the wireless communication device is within the communication range of the mobile storage device, no additional operations are required, that is, the mobile storage device can be effectively read and written, and when the wireless communication device is away from the communication range, The mobile storage device cannot be read or written, and the security of the data of the mobile storage device is ensured, and the convenience of the user operation is improved.
附图说明DRAWINGS
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the embodiments or the description of the prior art will be briefly described below. It is obvious that the drawings in the following description are only the present invention. For some embodiments, other drawings may be obtained from those of ordinary skill in the art in light of the inventive workability.
图1是本发明实施例提供的一种移动存储设备加密的系统结构示意图;1 is a schematic structural diagram of a system for encrypting a mobile storage device according to an embodiment of the present invention;
图2是本发明实施例提供的一种移动存储设备加密方法的实现流程示意图;2 is a schematic flowchart of an implementation method of a method for encrypting a mobile storage device according to an embodiment of the present invention;
图3是本发明实施例提供的又一种移动存储设备加密方法的实现流程示意图;FIG. 3 is a schematic diagram of an implementation process of another method for encrypting a mobile storage device according to an embodiment of the present invention; FIG.
图4是本发明实施例提供的一种移动存储设备加密装置的示意图;4 is a schematic diagram of a mobile storage device encryption apparatus according to an embodiment of the present invention;
图5为本发明实施例提供工一种移动存储设备加密装置的示意图;FIG. 5 is a schematic diagram of an apparatus for encrypting a mobile storage device according to an embodiment of the present invention; FIG.
图6是本发明实施例提供的移动存储设备的示意图。FIG. 6 is a schematic diagram of a mobile storage device according to an embodiment of the present invention.
本发明的实施方式Embodiments of the invention
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本发明实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本发明。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本发明的描述。In the following description, for purposes of illustration and description However, it will be apparent to those skilled in the art that the present invention may be practiced in other embodiments without these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the invention.
为了说明本发明所述的技术方案,下面通过具体实施例来进行说明。In order to explain the technical solution described in the present invention, the following description will be made by way of specific embodiments.
如图1所示,本申请实施例所述移动存储设备加密系统,包括无线通信设备1、移动存储设备2,其中,所述移动存储设备2包括无线通信电路21和移动存储设备控制器22。所述无线通信设备1可以为智能手机、平板电脑、笔记本电脑、可穿戴设备等。所述无线通信设备1中设置的无线通信电路可以为蓝牙通信电路。当然,不局限于此,还可以为WIFI通信电路等。所述移动存储设备2中设置有无线通信电路和移动存储设备控制器22,所述移动存储设备控制器22用于检测所述移动存储设备是否与计算机等设备连接,以及接收由无线通信电路所接收到设备标识,并对所述设备标识进行比较分析,在接收的设备标识符合预先设定的权限要求时,则允许计算机等设备对所述移动存储设备进行数据的读写操作。所述移动存储设备控制器可以按照预定的周期检测所述移动存储设备当前所连接的无线通信设备的设备标识是否合法,如果不合法,则禁止对所述移动存储设备进行数据的读写操作。另外,为了进一步保证移动存储设备中数据的安全性,当所述移动存储设备控制器被破坏时,可以对所述移动存储设备中存储的数据进行擦除等操作。As shown in FIG. 1 , the mobile storage device encryption system according to the embodiment of the present application includes a wireless communication device 1 and a mobile storage device 2 , wherein the mobile storage device 2 includes a wireless communication circuit 21 and a mobile storage device controller 22 . The wireless communication device 1 may be a smart phone, a tablet computer, a notebook computer, a wearable device, or the like. The wireless communication circuit provided in the wireless communication device 1 may be a Bluetooth communication circuit. Of course, it is not limited thereto, and may be a WIFI communication circuit or the like. The mobile storage device 2 is provided with a wireless communication circuit and a mobile storage device controller 22, and the mobile storage device controller 22 is configured to detect whether the mobile storage device is connected to a device such as a computer, and is received by a wireless communication circuit. The device identifier is received, and the device identifier is compared and analyzed. When the received device identifier meets the preset permission requirement, the computer or the like is allowed to perform data read and write operations on the mobile storage device. The mobile storage device controller may detect whether the device identifier of the wireless communication device currently connected to the mobile storage device is legal according to a predetermined period, and if not, disable data read and write operations on the mobile storage device. In addition, in order to further ensure the security of data in the mobile storage device, when the mobile storage device controller is destroyed, data stored in the mobile storage device may be erased or the like.
如图2所示为本申请实施例提供的一种移动存储设备加密方法的实现流程示意图,详述如下:FIG. 2 is a schematic flowchart of an implementation method of a method for encrypting a mobile storage device according to an embodiment of the present disclosure, which is as follows:
在步骤S201中,当所述移动存储设备与无线通信设备建立无线通信连接时,获取所述无线通信设备的设备标识;In step S201, when the mobile storage device establishes a wireless communication connection with the wireless communication device, acquiring a device identifier of the wireless communication device;
具体的,所述移动存储设备可以为USB闪存盘、SD卡、固态硬盘SSD或嵌入式存储卡等存储装置。Specifically, the mobile storage device may be a storage device such as a USB flash drive, an SD card, a solid state drive SSD, or an embedded memory card.
所述移动存储设备与无线通信设备建立连接,一般是在所述移动存储设备插入到计算机等设备时,所述移动存储设备中的无线通信电路上电后,开始对移动存储设备周围环境进行无线通信设备的检测和配对。当移动存储设备未连接至计算机等设备时,由于移动存储设备本身一般不设置电池等电源,因此,当移动存储设备未连接至计算机等设备时,所述移动存储设备不检测周围环境中是否有其它无线通信设备。The mobile storage device establishes a connection with the wireless communication device, and generally, when the mobile storage device is inserted into a device such as a computer, after the wireless communication circuit in the mobile storage device is powered on, the wireless environment of the mobile storage device is started to be wireless. Detection and pairing of communication devices. When the mobile storage device is not connected to a device such as a computer, since the mobile storage device itself generally does not provide a power source such as a battery, when the mobile storage device is not connected to a device such as a computer, the mobile storage device does not detect whether there is any environment in the environment. Other wireless communication devices.
所述移动存储设备与无线通信设备配对成功后,可以由无线通信设备记录已配对的移动存储设备。当无线通信设备检测到已配对的移动存储设备的无线信号,比如蓝牙信号时,则自动建立无线通信设备与移动存储设备之间的无线通信连接。After the mobile storage device is successfully paired with the wireless communication device, the paired mobile storage device can be recorded by the wireless communication device. When the wireless communication device detects a wireless signal of the paired mobile storage device, such as a Bluetooth signal, a wireless communication connection between the wireless communication device and the mobile storage device is automatically established.
或者,所述无线通信设备也可以通过私有通道,通过手动输入连接密码的方式,或者由无线通信设备中的APP应用程序点击登录的方式,与移动存储设备建立连接,无线通信设备将MAC地址等无线通信设备的设备标识发送给移动存储设备。Alternatively, the wireless communication device may also establish a connection with the mobile storage device through a private channel, by manually inputting a connection password, or by clicking and logging in by an APP application in the wireless communication device, and the wireless communication device will MAC address, etc. The device identification of the wireless communication device is sent to the mobile storage device.
即:可以由移动存储设备中的主控制器接收无线通信设备发送的访问请求,该访问请求可以包括无线通信设备的设备标识,比如可以为MAC地址等。若所接收的设备标识与移动存储设备中的主控制器中存储的设备标识一致,则允许对该移动存储设备的加密数据存储区进行读写操作。That is, the access request sent by the wireless communication device may be received by the main controller in the mobile storage device, and the access request may include a device identifier of the wireless communication device, such as a MAC address or the like. If the received device identifier is consistent with the device identifier stored in the primary controller in the mobile storage device, the encrypted data storage area of the mobile storage device is allowed to be read and written.
在步骤S202中,判断所获取的设备标识是否为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识;In step S202, it is determined whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
在本申请包括两种实施场景,第一种实施场景为移动存储设备中没有存储与移动存储设备绑定的设备标识,这种场景将在图3对应的实施方式进行具体说明。The present application includes two implementation scenarios. The first implementation scenario is that the device identifier that is bound to the mobile storage device is not stored in the mobile storage device. This scenario will be specifically described in the corresponding embodiment of FIG. 3 .
第二种实施场景为移动存储设备中存储有与移动存储设备绑定的设备标识。当移动存储设备接收到所述无线通信设备的设备标识时,将接收到的设备标识与存储的与移动存储设备绑定的设备标识进行比较。The second implementation scenario is that the mobile storage device stores a device identifier bound to the mobile storage device. When the mobile storage device receives the device identifier of the wireless communication device, the received device identifier is compared with the stored device identifier bound to the mobile storage device.
所述移动存储设备内部可以存储一个或者多个与移动存储设备绑定的设备标识,即使得移动存储设备可以在具有所设定的设备标识的多个无线通信设备中的任意一个与所述移动存储设备中的无线通信电路相连时,即可有效的确定所述移动存储设备处于可读写状态。The mobile storage device may internally store one or more device identifiers bound to the mobile storage device, that is, the mobile storage device may be in any one of the plurality of wireless communication devices having the set device identifier and the mobile When the wireless communication circuits in the storage device are connected, the mobile storage device can be effectively determined to be in a readable and writable state.
另外,所述无线通信设备中可以通过安装应用程序的方式与所述移动存储设备进行通信。当与所述移动存储设备绑定的设备丢失时,为了能够可以继续使用该移动存储设备,可以设定对所述移动存储设备所绑定的设备标识进行修改的第一身份验证信息,所述第一身份验证信息可以文字密码,也可以为指纹密码等,所述第一身份验证信息可以保存在服务器端,或者所述第一身份验证信息可以保存在所述移动存储设备设备中。Additionally, the wireless communication device can communicate with the mobile storage device by installing an application. When the device bound to the mobile storage device is lost, in order to continue to use the mobile storage device, first identity verification information for modifying the device identifier bound to the mobile storage device may be set, The first authentication information may be a text password or a fingerprint password. The first authentication information may be saved on the server, or the first authentication information may be saved in the mobile storage device.
当用户需要解除所述移动存储设备绑定的设备标识时,可以向服务器或移动存储设备发送第一身份验证信息以及移动存储设备标识,所述第一身份验证信息可以为校验密码,当所述第一身份验证信息通过服务器或移动存储设备认证时,所述无线通信设备向所述移动存储设备发送解绑请求,请求解除移动存储设备与无线通信设备的绑定,即删除所述移动存储设备中所存储的无线通信设备的设备标识。则获取解绑权限,可以解除所述移动存储设备所绑定的设备标识。或者,当所述移动通信设备的设备标识与所述移动存储设备中的设备标识相同,也可以获取解绑权限,可以解除所述移动存储设备所绑定的设备标识。When the user needs to release the device identifier bound to the mobile storage device, the first identity verification information and the mobile storage device identifier may be sent to the server or the mobile storage device, where the first identity verification information may be a verification password. When the first authentication information is authenticated by the server or the mobile storage device, the wireless communication device sends an unbinding request to the mobile storage device, requesting to release the binding of the mobile storage device and the wireless communication device, that is, deleting the mobile storage The device identification of the wireless communication device stored in the device. Obtaining the unbinding right, the device identifier bound to the mobile storage device can be released. Alternatively, when the device identifier of the mobile communication device is the same as the device identifier in the mobile storage device, the unbinding permission may also be obtained, and the device identifier bound to the mobile storage device may be released.
进一步的,还可以将当前使用的无线通信设备的设备标识发送给所述移动存储设备,作为所述移动存储设备绑定的设备标识。Further, the device identifier of the currently used wireless communication device may be sent to the mobile storage device as the device identifier bound to the mobile storage device.
相类似的,当所述无线通信设备为通过验证后的无线通信设备,比如所述无线通信设备通过第一身份验证信息所验证,或者所述无线通信设备的设备标识与所述移动存储设备绑定,则可以获取修改第一身份验证信息的权限,完成对第一身份验证信息的修改。Similarly, when the wireless communication device is a verified wireless communication device, such as the wireless communication device is verified by the first identity verification information, or the device identifier of the wireless communication device is tied to the mobile storage device If yes, the right to modify the first authentication information can be obtained, and the modification of the first authentication information is completed.
在步骤S203中,如果所获取的设备标识为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则允许读写所述移动存储设备中的加密数据存储区。In step S203, if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device, the encrypted data storage area in the mobile storage device is allowed to be read and written.
如果所获取的设备标识为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则允许对所述移动存储设备进行读写操作,如果所获取的设备标识不是所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则禁止对所述移动存储设备进行读写,从而有利于保护所述移动存储设备中的加密数据存储区的安全。If the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device, allowing read and write operations on the mobile storage device, if the acquired device identifier is not the The device identifier bound to the mobile storage device preset in the mobile storage device prohibits reading and writing the mobile storage device, thereby facilitating protection of the encrypted data storage area in the mobile storage device.
另外,当所述移动存储设备与上位机直接连接时,还可以接收由用户在由上位机输入的第一身份验证信息,比如密码等。当所述第一身份验证信息通过验证时,则允许对所述移动存储设备的加密数据存储区进行读写操作,比如所述移动存储设备为U盘时,可以将U盘连接至电脑,在电脑上直接输入密码,即可对U盘的加密数据存储区进行读写操作。In addition, when the mobile storage device is directly connected to the upper computer, it can also receive first identity verification information, such as a password, input by the user on the upper computer. When the first authentication information is verified, the encrypted data storage area of the mobile storage device is allowed to be read and written. For example, when the mobile storage device is a USB flash drive, the USB flash drive can be connected to the computer. You can read and write the encrypted data storage area of the USB flash drive by directly entering the password on the computer.
当与所述移动存储设备绑定的无线通信设备丢失,并且用户忘记第一身份验证信息时,则可以通过对移动存储设备初始化操作,使移动存储设备恢复出厂设置,删除移动存储设备中存储的数据。When the wireless communication device bound to the mobile storage device is lost, and the user forgets the first authentication information, the mobile storage device may be restored to the factory settings by performing an initial operation on the mobile storage device, and the storage in the mobile storage device is deleted. data.
另外,为了有效的保证所述加密数据存储区的安全性,所述移动存储设备的主控制器与所述加密数据存储区绑定。当更换主控制器时禁止对所述加密数据存储区的读写操作,从而能够进一步保证数据的安全性。In addition, in order to effectively ensure the security of the encrypted data storage area, the main controller of the mobile storage device is bound to the encrypted data storage area. When the main controller is replaced, the read and write operations on the encrypted data storage area are prohibited, so that the security of the data can be further ensured.
如图3所示为本申请实施例提供的又一种移动存储设备加密方法的实现流程示意图,详述如下:FIG. 3 is a schematic flowchart of another implementation method of a method for encrypting a mobile storage device according to an embodiment of the present disclosure, which is as follows:
在步骤S301中,当所述移动存储设备与无线通信设备建立无线通信连接时,判断所述移动存储设备是否存储有与所述移动存储设备绑定的设备标识;In step S301, when the mobile storage device establishes a wireless communication connection with the wireless communication device, determining whether the mobile storage device stores a device identifier bound to the mobile storage device;
具体的,对于移动存储设备在初次使用时,可能会由于没有设置与无线通信设备绑定的设备标识。所述移动存储设备绑定的设备标识的判断,可以由移动存储设备中的移动存储设备控制器进行检测,并可将检测结果发送给与所述移动存储设备建立无线连接的无线通信设备。所述移动存储设备控制器可以通过设定标识位的方式,来判断由移动存储设备判断的所述移动存储设备发送的判断消息,所述判断消息由移动存储设备判断是否存储有与所述移动存储设备绑定的设备标识。比如,可以用标识内容“0”表示当前没有绑定的设备标识,标识内容“1”表示当前绑定的设备标识的数量为1个,标识内容“2”表示当前绑定的设备标识的数量为2个。Specifically, when the mobile storage device is used for the first time, the device identifier bound to the wireless communication device may not be set. The determining of the device identifier bound by the mobile storage device may be detected by a mobile storage device controller in the mobile storage device, and the detection result may be sent to a wireless communication device that establishes a wireless connection with the mobile storage device. The mobile storage device controller may determine, by way of setting the identifier bit, a determination message sent by the mobile storage device determined by the mobile storage device, where the determination message is determined by the mobile storage device whether the storage is stored The device ID bound to the storage device. For example, the identifier content "0" can be used to indicate the device identifier that is not currently bound. The identifier content "1" indicates that the number of device identifiers currently bound is one, and the identifier content "2" indicates the number of device identifiers currently bound. It is two.
在步骤S302中,如果没有存储与移动存储设备绑定的设备标识,则将当前所连接的无线通信设备的设备标识与所述移动存储设备绑定;In step S302, if the device identifier bound to the mobile storage device is not stored, the device identifier of the currently connected wireless communication device is bound to the mobile storage device;
其中,无线通信设备发送所述设备标识时,可以根据无线通信设备的具体类型而选用不同的发送方式,比如,当所述无线通信设备为安卓系统的手机时,则可以主动的发送MAC地址作为设备标识,当所述无线通信设备为IOS系统的手机时,则需要通过移动存储设备抓取的方式,获取所述无线通信设备的设备标识。When the wireless communication device sends the device identifier, different transmission modes may be selected according to the specific type of the wireless communication device. For example, when the wireless communication device is a mobile phone of the Android system, the MAC address may be actively sent. The device identifier, when the wireless communication device is a mobile phone of the IOS system, needs to acquire the device identifier of the wireless communication device by means of the mobile storage device.
在所述移动存储设备中没有存储与所述移动存储设备绑定的设备标识时,需要初始化所述移动存储设备中绑定的设备标识。在本申请实施例中,所初始化的所述移动存储设备绑定的设备标识为第一次与所述移动存储设备建立无线连接的无线通信设备的设备标识。When the device identifier bound to the mobile storage device is not stored in the mobile storage device, the device identifier bound in the mobile storage device needs to be initialized. In the embodiment of the present application, the initialized device identifier bound by the mobile storage device is a device identifier of a wireless communication device that establishes a wireless connection with the mobile storage device for the first time.
优选的实施例方式中,还可以包括步骤S303,将没有存储与移动存储设备绑定的设备标识的信息发送给移动存储设备直接连接的主设备,使得主设备设置第一身份验证信息,所述第一身份验证信息用于更新修改所述移动存储设备所绑定的设备标识;In a preferred embodiment, the method further includes the step S303, sending, to the master device directly connected to the mobile storage device, the information that is not stored by the mobile storage device, so that the master device sets the first identity verification information, The first authentication information is used to update and modify the device identifier bound to the mobile storage device;
为了便于对与移动存储设备绑定的设备标识进行管理,本申请在移动存储设备第一次与无线通信设备建立连接时,还可在移动存储设备所直接连接的主设备(如台式电脑、笔记本电脑)中发出提示消息,用于提示用户输入第一身份验证信息,所述第一身份验证信息用于更新修改所述移动存储设备所绑定的设备标识,这样可以防止用户的无线通信设备丢失时,通过所述第一身份验证信息,重新设定新的与所述移动存储设备绑定的设备标识,使得移动存储设备可以继续使用。In order to facilitate management of the device identifier bound to the mobile storage device, the present application may also connect the primary device (such as a desktop computer or a notebook directly connected to the mobile storage device when the mobile storage device establishes a connection with the wireless communication device for the first time). a prompt message is sent in the computer for prompting the user to input the first authentication information, where the first authentication information is used to update and modify the device identifier bound to the mobile storage device, so as to prevent the wireless communication device of the user from being lost. And resetting, by using the first identity verification information, a new device identifier bound to the mobile storage device, so that the mobile storage device can continue to be used.
所述无线通信设备接收到所述第一身份验证信息后,可以将所述第一身份验证信息发送至所述移动存储设备设备,也可以发送至服务器保存,当需要更改移动存储设备中绑定的设备标识时,向所述移动存储设备或者服务器验证权限即可。After receiving the first identity verification information, the wireless communication device may send the first identity verification information to the mobile storage device device, or may send the message to the server for saving, when it is required to change the binding in the mobile storage device. When the device is identified, the right is verified to the mobile storage device or the server.
另外,当所述移动存储设备带电后,所述移动存储设备中的无线通信电路处于可连接的状态,当无线通信设备确认连接后,即可与无线通信设备建立连接。优选的实施方式中,可以通过应用程序确定与所述移动存储设备建立连接,并将所述无线通信设备的设备标识作为与所述移动存储设备绑定的设备标识。In addition, after the mobile storage device is powered on, the wireless communication circuit in the mobile storage device is in a connectable state, and when the wireless communication device confirms the connection, the wireless communication device can establish a connection. In a preferred embodiment, a connection may be established with the mobile storage device by using an application, and the device identifier of the wireless communication device is used as a device identifier bound to the mobile storage device.
在步骤S304中,如果存储有与移动存储设备绑定的设备标识,则获取所述无线通信设备的设备标识;In step S304, if a device identifier bound to the mobile storage device is stored, acquiring a device identifier of the wireless communication device;
在步骤S305中,判断所获取的设备标识是否为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识;In step S305, it is determined whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
在步骤S306中,如果所获取的设备标识为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则允许读写所述移动存储设备中的加密数据存储区。In step S306, if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device, the encrypted data storage area in the mobile storage device is allowed to be read and written.
步骤S304-S306与图2所述的步骤S201-S203基本相同,在此不作重复赘述。Steps S304-S306 are substantially the same as steps S201-S203 described in FIG. 2, and are not described herein again.
本申请实施例通过对移动存储设备中的设备标识进行判断,如果没有存储与所述移动存储设备绑定的设备标识,则将第一次建立无线连接的无线通信设备的设备标识作为与所述移动存储设备绑定的设备标识,从而可以使得用户使用移动存储设备时,携带有该无线通信设备即可,不需要其它的频繁操作,有利于提高用户使用的便利性。The embodiment of the present application determines the device identifier in the mobile storage device, and if the device identifier bound to the mobile storage device is not stored, the device identifier of the wireless communication device that establishes the wireless connection for the first time is used as the The device identifier bound to the mobile storage device can be used to carry the wireless communication device when the user uses the mobile storage device, and does not require other frequent operations, which is beneficial to improving the convenience of the user.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。It should be understood that the size of the sequence of the steps in the above embodiments does not imply a sequence of executions, and the order of execution of the processes should be determined by its function and internal logic, and should not be construed as limiting the implementation of the embodiments of the present invention.
图4为本申请实施例提供的一种移动存储设备加密装置的结构示意图,如图4所述,所述移动存储设备加密装置包括:FIG. 4 is a schematic structural diagram of a device for encrypting a mobile storage device according to an embodiment of the present disclosure. As shown in FIG. 4, the device for encrypting a mobile storage device includes:
设备标识获取单元401,用于当所述移动存储设备与无线通信设备建立无线通信连接时,获取所述无线通信设备的设备标识;The device identifier obtaining unit 401 is configured to acquire a device identifier of the wireless communication device when the mobile storage device establishes a wireless communication connection with the wireless communication device;
设备标识判断单元402,用于判断所获取的设备标识是否为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识;The device identifier determining unit 402 is configured to determine whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
权限获取单元403,用于如果所获取的设备标识为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则允许读写所述移动存储设备中的加密数据存储区。The permission obtaining unit 403 is configured to allow reading and writing of the encrypted data storage area in the mobile storage device if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device. .
优选的,所述装置还包括:Preferably, the device further comprises:
存储判断单元,用于判断所述移动存储设备是否存储有与所述移动存储设备绑定的设备标识;a storage determining unit, configured to determine whether the mobile storage device stores a device identifier bound to the mobile storage device;
绑定单元,用于如果没有存储与移动存储设备绑定的设备标识,则将当前所连接的无线通信设备的设备标识与所述移动存储设备绑定。And a binding unit, configured to bind the device identifier of the currently connected wireless communication device to the mobile storage device if the device identifier bound to the mobile storage device is not stored.
图4所述移动存储设备加密装置为图1所述移动存储设备加密方法中的基于移动存储设备一侧的加密方法对应装置。The mobile storage device encryption device of FIG. 4 is a mobile storage device-based encryption method corresponding device in the mobile storage device encryption method of FIG.
另外,本申请还提供了基于无线通信设备侧的移动存储设备加密方法的实现装置,如图5所示,所述移动存储设备加密装置包括:In addition, the present application further provides an apparatus for implementing a method for encrypting a mobile storage device based on a wireless communication device side. As shown in FIG. 5, the mobile storage device encryption device includes:
设备标识获取模块501,当无线通信设备与移动存储设备建立无线连接,获取所述无线通信设备的设备标识;The device identifier obtaining module 501 is configured to establish a wireless connection between the wireless communication device and the mobile storage device, and obtain a device identifier of the wireless communication device;
设备标识发送模块502,用于将无线通信设备的设备标识发送给所述移动存储设备,以使得所述移动存储设备根据所接收的设备标识确定是否允许读写移动存储设备中的加密数据存储区。The device identifier sending module 502 is configured to send the device identifier of the wireless communication device to the mobile storage device, so that the mobile storage device determines whether to allow reading and writing of the encrypted data storage area in the mobile storage device according to the received device identifier. .
所述移动存储设备加密装置与移动存储设备加密方法对应,在此不作重复赘述。The mobile storage device encryption device corresponds to the mobile storage device encryption method, and details are not described herein.
图6是本发明一实施例提供的移动存储设备的示意图。如图6所示,该实施例的移动存储设备6包括:处理器60、存储器61以及存储在所述存储器61中并可在所述处理器60上运行的计算机程序62,例如移动存储设备加密程序。所述处理器60执行所述计算机程序62时实现上述各个移动存储设备加密方法实施例中的步骤,例如图1所示的步骤101至103。或者,所述处理器60执行所述计算机程序62时实现上述各装置实施例中各模块/单元的功能,例如图4所示模块401至403的功能。FIG. 6 is a schematic diagram of a mobile storage device according to an embodiment of the present invention. As shown in FIG. 6, the mobile storage device 6 of this embodiment includes a processor 60, a memory 61, and a computer program 62 stored in the memory 61 and operable on the processor 60, such as a mobile storage device encryption. program. When the processor 60 executes the computer program 62, the steps in the foregoing embodiments of the mobile storage device encryption method are implemented, such as steps 101 to 103 shown in FIG. Alternatively, when the processor 60 executes the computer program 62, the functions of the modules/units in the foregoing device embodiments are implemented, such as the functions of the modules 401 to 403 shown in FIG.
示例性的,所述计算机程序62可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器61中,并由所述处理器60执行,以完成本发明。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述所述计算机程序62在所述移动存储设备6中的执行过程。例如,所述计算机程序62可以被分割成设备标识获取单元、设备标识判断单元和权限获取单元,各单元具体功能如下:Illustratively, the computer program 62 can be partitioned into one or more modules/units that are stored in the memory 61 and executed by the processor 60 to complete this invention. The one or more modules/units may be a series of computer program instruction segments capable of performing a particular function, the instruction segments being used to describe the execution of the computer program 62 in the mobile storage device 6. For example, the computer program 62 can be divided into a device identification acquisition unit, a device identification determination unit, and a rights acquisition unit, and the specific functions of each unit are as follows:
设备标识获取单元,用于当所述移动存储设备与无线通信设备建立无线通信连接时,获取所述无线通信设备的设备标识;a device identifier obtaining unit, configured to acquire a device identifier of the wireless communication device when the mobile storage device establishes a wireless communication connection with the wireless communication device;
设备标识判断单元,用于判断所获取的设备标识是否为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识;a device identifier determining unit, configured to determine whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
权限获取单元,用于如果所获取的设备标识为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则允许读写所述移动存储设备中的加密数据存储区。The privilege acquisition unit is configured to allow reading and writing of the encrypted data storage area in the mobile storage device if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device.
所述移动存储设备6可以是USB闪存盘、SD卡、固态硬盘SSD或嵌入式存储卡。所述移动存储设备可包括,但不仅限于,处理器60、存储器61。本领域技术人员可以理解,图6仅仅是移动存储设备6的示例,并不构成对移动存储设备6的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述移动存储设备还可以包括输入输出设备、网络接入设备、总线等。The mobile storage device 6 can be a USB flash drive, an SD card, a solid state drive SSD, or an embedded memory card. The mobile storage device may include, but is not limited to, processor 60, memory 61. It will be understood by those skilled in the art that FIG. 6 is merely an example of the mobile storage device 6, and does not constitute a limitation of the mobile storage device 6, and may include more or less components than those illustrated, or may combine some components, or different. The components, such as the mobile storage device, may also include input and output devices, network access devices, buses, and the like.
所称处理器60可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器 (Digital Signal Processor,DSP)、专用集成电路 (Application Specific Integrated Circuit,ASIC)、现成可编程门阵列 (Field-Programmable Gate Array,FPGA) 或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-called processor 60 can be a central processing unit (Central Processing Unit, CPU), can also be other general-purpose processors, digital signal processors (DSP), application specific integrated circuits (Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
所述存储器61可以是所述移动存储设备6的内部存储单元,例如移动存储设备6的硬盘或内存。所述存储器61也可以是所述移动存储设备6的外部存储设备,例如所述移动存储设备6上配备的插接式硬盘,智能存储卡(Smart Media Card, SMC),安全数字(Secure Digital, SD)卡,闪存卡(Flash Card)等。进一步地,所述存储器61还可以既包括所述移动存储设备6的内部存储单元也包括外部存储设备。所述存储器61用于存储所述计算机程序以及所述移动存储设备所需的其他程序和数据。所述存储器61还可以用于暂时地存储已经输出或者将要输出的数据。The memory 61 may be an internal storage unit of the mobile storage device 6, such as a hard disk or memory of the mobile storage device 6. The memory 61 may also be an external storage device of the mobile storage device 6, such as a plug-in hard disk equipped on the mobile storage device 6, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card (Flash Card) and so on. Further, the memory 61 may also include both an internal storage unit of the mobile storage device 6 and an external storage device. The memory 61 is used to store the computer program and other programs and data required by the mobile storage device. The memory 61 can also be used to temporarily store data that has been output or is about to be output.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。It will be apparent to those skilled in the art that, for convenience and brevity of description, only the division of each functional unit and module described above is exemplified. In practical applications, the above functions may be assigned to different functional units as needed. The module is completed by dividing the internal structure of the device into different functional units or modules to perform all or part of the functions described above. Each functional unit and module in the embodiment may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit, and the integrated unit may be hardware. Formal implementation can also be implemented in the form of software functional units. In addition, the specific names of the respective functional units and modules are only for the purpose of facilitating mutual differentiation, and are not intended to limit the scope of protection of the present application. For the specific working process of the unit and the module in the foregoing system, reference may be made to the corresponding process in the foregoing method embodiment, and details are not described herein again.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。In the above embodiments, the descriptions of the various embodiments are different, and the parts that are not detailed or described in a certain embodiment can be referred to the related descriptions of other embodiments.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
在本发明所提供的实施例中,应该理解到,所揭露的装置/终端设备和方法,可以通过其它的方式实现。例如,以上所描述的装置/终端设备实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。In the embodiments provided by the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the device/terminal device embodiments described above are merely illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units. Or components may be combined or integrated into another system, or some features may be omitted or not performed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in electrical, mechanical or other form.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或装置、记录介质、移动存储设备、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括是电载波信号和电信信号。The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, the present invention implements all or part of the processes in the foregoing embodiments, and may also be completed by a computer program to instruct related hardware. The computer program may be stored in a computer readable storage medium. The steps of the various method embodiments described above may be implemented when the program is executed by the processor. Wherein, the computer program comprises computer program code, which may be in the form of source code, object code form, executable file or some intermediate form. The computer readable medium may include any entity or device capable of carrying the computer program code, a recording medium, a mobile storage device, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read only memory (ROM, Read-Only Memory). ), random access memory (RAM), electrical carrier signals, telecommunications signals, and software distribution media. It should be noted that the content contained in the computer readable medium may be appropriately increased or decreased according to the requirements of legislation and patent practice in a jurisdiction, for example, in some jurisdictions, according to legislation and patent practice, computer readable media It does not include electrical carrier signals and telecommunication signals.
以上所述实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围,均应包含在本发明的保护范围之内。The embodiments described above are only for explaining the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that The technical solutions described in the examples are modified, or some of the technical features are equivalently replaced; and the modifications or substitutions do not deviate from the spirit and scope of the technical solutions of the embodiments of the present invention, and should be included in Within the scope of protection of the present invention.

Claims (15)

  1. 一种移动存储设备加密方法,其特征在于,所述移动存储设备中设置有无线通信电路,所述移动存储设备加密方法包括:A method for encrypting a mobile storage device, wherein the mobile storage device is provided with a wireless communication circuit, and the method for encrypting the mobile storage device includes:
    当所述移动存储设备与无线通信设备建立无线通信连接时,获取所述无线通信设备的设备标识;Obtaining a device identifier of the wireless communication device when the mobile storage device establishes a wireless communication connection with the wireless communication device;
    判断所获取的设备标识是否为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识;Determining whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
    如果所获取的设备标识为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则允许读写所述移动存储设备中的加密数据存储区。And if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device, allowing the encrypted data storage area in the mobile storage device to be read and written.
  2. 根据权利要求1所述的移动存储设备加密方法,其特征在于,在所述获取所述无线通信设备的设备标识的步骤之前,所述方法还包括:The mobile storage device encryption method according to claim 1, wherein before the step of acquiring the device identifier of the wireless communication device, the method further comprises:
    判断所述移动存储设备是否存储有与所述移动存储设备绑定的设备标识;Determining whether the mobile storage device stores a device identifier bound to the mobile storage device;
    如果没有存储与移动存储设备绑定的设备标识,则将当前所连接的无线通信设备的设备标识与所述移动存储设备绑定。If the device identification bound to the mobile storage device is not stored, the device identification of the currently connected wireless communication device is bound to the mobile storage device.
  3. 根据权利要求2所述的移动存储设备加密方法,其特征在于,如果没有存储与移动存储设备绑定的设备标识,所述方法还包括:The mobile storage device encryption method according to claim 2, wherein if the device identifier bound to the mobile storage device is not stored, the method further includes:
    将没有存储与移动存储设备绑定的设备标识的信息发送给移动存储设备直接连接的主设备,使得主设备设置第一身份验证信息,所述第一身份验证信息用于更新修改所述移动存储设备所绑定的设备标识。Sending information that does not store the device identifier bound to the mobile storage device to the master device directly connected to the mobile storage device, so that the master device sets first authentication information, where the first identity verification information is used to update and modify the mobile storage The device ID to which the device is bound.
  4. 根据权利要求1所述的移动存储设备的加密方法,其特征在于,所述方法还包括:The method of encrypting a mobile storage device according to claim 1, wherein the method further comprises:
    接收由无线通信设备发送的解绑请求,根据所述解绑请求删除所述移动存储设备所绑定的设备标识,所述无线通信设备为通过第一身份验证信息所验证后的无线通信设备。Receiving the unbind request sent by the wireless communication device, deleting the device identifier bound by the mobile storage device according to the unbinding request, where the wireless communication device is the wireless communication device verified by the first identity verification information.
  5. 根据权利要求1所述的移动存储设备的加密方法,其特征在于,所述方法还包括:The method of encrypting a mobile storage device according to claim 1, wherein the method further comprises:
    当接收到所述移动存储设备有线连接的上位机发送的第一身份验证信息时,则允许所述上位机读写所述移动存储设备中的加密数据存储区。And when the first identity verification information sent by the upper computer of the wired connection of the mobile storage device is received, the upper computer is allowed to read and write the encrypted data storage area in the mobile storage device.
  6. 根据权利要求1-5任一项所述的移动存储设备的加密方法,其特征在于,所述方法还包括:The encryption method of the mobile storage device according to any one of claims 1 to 5, wherein the method further comprises:
    所述移动存储设备的主控制器与加密存储区绑定,当检测到所述加密存储区绑定的主控制器更换时,则禁止读写所述加密存储区的数据。The primary controller of the mobile storage device is bound to the encrypted storage area. When detecting that the primary controller bound to the encrypted storage area is replaced, the data of the encrypted storage area is prohibited from being read or written.
  7. 一种移动存储设备加密方法,其特征在于,所述移动存储设备加密方法包括:A mobile storage device encryption method, the mobile storage device encryption method includes:
    无线通信设备与移动存储设备建立无线连接,获取所述无线通信设备的设备标识;Establishing, by the wireless communication device, a wireless connection with the mobile storage device, and acquiring a device identifier of the wireless communication device;
    将无线通信设备的设备标识发送给所述移动存储设备,以使得所述移动存储设备根据所接收的设备标识确定是否允许读写移动存储设备中的加密数据存储区。Sending the device identification of the wireless communication device to the mobile storage device such that the mobile storage device determines whether to allow reading and writing of the encrypted data storage area in the mobile storage device based on the received device identification.
  8. 根据权利要求7所述移动存储设备加密方法,其特征在于,所述方法还包括:The mobile storage device encryption method according to claim 7, wherein the method further comprises:
    判断所述移动存储设备是否存储有与所述移动存储设备绑定的设备标识;Determining whether the mobile storage device stores a device identifier bound to the mobile storage device;
    如果没有存储与所述移动存储设备绑定的设备标识,则将所述无线通信设备的设备标识发送给移动存储设备,以使得移动存储设备与所述无线通信设备发送的设备标识绑定。If the device identification bound to the mobile storage device is not stored, the device identification of the wireless communication device is transmitted to the mobile storage device such that the mobile storage device is bound to the device identification sent by the wireless communication device.
  9. 根据权利要求7所述的移动存储设备加密方法,其特征在于,所述方法还包括:The mobile storage device encryption method according to claim 7, wherein the method further comprises:
    接收更换第一身份验证信息的请求,或者接收解除与移动存储设备绑定的请求;Receiving a request to replace the first authentication information, or receiving a request to release the binding with the mobile storage device;
    当所述无线通信设备为第一身份验证信息验证过的无线通信设备,或者所述无线通信设备的设备标识已与所述移动存储设备绑定时,则允许更换所述第一身份验证信息,或解除所述无线通信设备的设备标识与移动存储设备的绑定。When the wireless communication device is the wireless communication device verified by the first identity verification information, or the device identifier of the wireless communication device has been bound to the mobile storage device, allowing the first identity verification information to be replaced, Or unbinding the device identification of the wireless communication device with the mobile storage device.
  10. 根据权利要求7-9任一项所述的移动存储设备加密方法,其特征在于,所述无线通信设备与移动存储设备建立无线连接的步骤包括:The mobile storage device encryption method according to any one of claims 7-9, wherein the step of establishing a wireless connection between the wireless communication device and the mobile storage device comprises:
    所述无线通信设备通过自动扫描的方式查找并连接曾建立过无线连接的移动存储设备;The wireless communication device searches for and connects to the mobile storage device that has established a wireless connection by means of automatic scanning;
    或者,所述无线通信设备通过输入加密信息与移动存储设备建立连接。Alternatively, the wireless communication device establishes a connection with the mobile storage device by inputting the encrypted information.
  11. 一种移动存储设备加密装置,其特征在于,所述移动存储设备中设置有无线通信电路,所述移动存储设备加密装置包括:A mobile storage device encryption device, wherein the mobile storage device is provided with a wireless communication circuit, and the mobile storage device encryption device includes:
    设备标识获取单元,用于当所述移动存储设备与无线通信设备建立无线通信连接时,获取所述无线通信设备的设备标识;a device identifier obtaining unit, configured to acquire a device identifier of the wireless communication device when the mobile storage device establishes a wireless communication connection with the wireless communication device;
    设备标识判断单元,用于判断所获取的设备标识是否为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识;a device identifier determining unit, configured to determine whether the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device;
    权限获取单元,用于如果所获取的设备标识为所述移动存储设备中预设的与所述移动存储设备绑定的设备标识,则允许读写所述移动存储设备中的加密数据存储区。The privilege acquisition unit is configured to allow reading and writing of the encrypted data storage area in the mobile storage device if the acquired device identifier is a device identifier bound to the mobile storage device preset in the mobile storage device.
  12. 根据权利要求11所述的移动存储设备加密装置,其特征在于,所述装置还包括:The mobile storage device encryption device according to claim 11, wherein the device further comprises:
    存储判断单元,用于判断所述移动存储设备是否存储有与所述移动存储设备绑定的设备标识;a storage determining unit, configured to determine whether the mobile storage device stores a device identifier bound to the mobile storage device;
    绑定单元,用于如果没有存储与移动存储设备绑定的设备标识,则将当前所连接的无线通信设备的设备标识与所述移动存储设备绑定。And a binding unit, configured to bind the device identifier of the currently connected wireless communication device to the mobile storage device if the device identifier bound to the mobile storage device is not stored.
  13. 一种移动存储设备加密装置,其特征在于,所述移动存储设备加密装置包括:A mobile storage device encryption device, wherein the mobile storage device encryption device comprises:
    设备标识获取模块,无线通信设备与移动存储设备建立无线连接,获取所述无线通信设备的设备标识;a device identifier acquisition module, the wireless communication device establishes a wireless connection with the mobile storage device, and acquires a device identifier of the wireless communication device;
    设备标识发送模块,用于将无线通信设备的设备标识发送给所述移动存储设备,以使得所述移动存储设备根据所接收的设备标识确定是否允许读写移动存储设备中的加密数据存储区。And a device identifier sending module, configured to send the device identifier of the wireless communication device to the mobile storage device, so that the mobile storage device determines whether to allow reading and writing of the encrypted data storage area in the mobile storage device according to the received device identifier.
  14. 一种移动存储设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1至6任一项所述方法的步骤。A mobile storage device comprising a memory, a processor, and a computer program stored in the memory and operable on the processor, wherein the processor executes the computer program as claimed in claim 1 The steps of any of the methods of any of 6.
  15. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至6任一项所述方法的步骤。A computer readable storage medium storing a computer program, wherein the computer program is executed by a processor to implement the steps of the method of any one of claims 1 to 6.
PCT/CN2018/078818 2018-02-24 2018-03-13 Mobile storage device and encryption method and apparatus therefor WO2019161582A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810157255.7 2018-02-24
CN201810157255.7A CN108376224A (en) 2018-02-24 2018-02-24 A kind of movable storage device and its encryption method and device

Publications (1)

Publication Number Publication Date
WO2019161582A1 true WO2019161582A1 (en) 2019-08-29

Family

ID=63017953

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/078818 WO2019161582A1 (en) 2018-02-24 2018-03-13 Mobile storage device and encryption method and apparatus therefor

Country Status (2)

Country Link
CN (1) CN108376224A (en)
WO (1) WO2019161582A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109543461A (en) * 2018-12-10 2019-03-29 武汉盛硕电子有限公司 A kind of storage disk, storage disk control method and control system
CN110633172A (en) * 2019-09-24 2019-12-31 爱国者安全科技(北京)有限公司 USB flash disk and data synchronization method thereof
CN111758243A (en) * 2019-12-18 2020-10-09 深圳市汇顶科技股份有限公司 Mobile storage device, storage system and storage method
CN112469019B (en) * 2020-11-27 2023-02-24 苏州维伟思医疗科技有限公司 Method and device for safely modifying treatment parameters of WCD (WCD)
CN113342896B (en) * 2021-06-29 2024-03-01 南京大学 Scientific research data safety protection system based on cloud fusion and working method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070016743A1 (en) * 2005-07-14 2007-01-18 Ironkey, Inc. Secure storage device with offline code entry
CN101154251A (en) * 2006-09-27 2008-04-02 中国科学院自动化研究所 Information security management system and method based on radio frequency identification
CN103037370A (en) * 2012-11-05 2013-04-10 李明 Portable storage device and identity authentication method
CN104063333A (en) * 2013-03-18 2014-09-24 置富存储科技(深圳)有限公司 Encrypted storage equipment and encrypted storage method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102622311B (en) * 2011-12-29 2015-03-25 北京神州绿盟信息安全科技股份有限公司 USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system
CN105488436B (en) * 2015-12-25 2019-05-10 北京奇虎科技有限公司 A method and device for accessing a mobile storage device
CN106355112A (en) * 2016-08-30 2017-01-25 深圳泰首智能技术有限公司 Method of destructing data in encrypted mobile storage device and server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070016743A1 (en) * 2005-07-14 2007-01-18 Ironkey, Inc. Secure storage device with offline code entry
CN101154251A (en) * 2006-09-27 2008-04-02 中国科学院自动化研究所 Information security management system and method based on radio frequency identification
CN103037370A (en) * 2012-11-05 2013-04-10 李明 Portable storage device and identity authentication method
CN104063333A (en) * 2013-03-18 2014-09-24 置富存储科技(深圳)有限公司 Encrypted storage equipment and encrypted storage method

Also Published As

Publication number Publication date
CN108376224A (en) 2018-08-07

Similar Documents

Publication Publication Date Title
WO2020093214A1 (en) Application program login method, application program login device and mobile terminal
KR101720477B1 (en) Remote access control of storage devices
WO2019161582A1 (en) Mobile storage device and encryption method and apparatus therefor
US8090946B2 (en) Inter-system binding method and application based on hardware security unit
US9977890B2 (en) Method and device for controlling access from the device to a card via a NFC interface
CN113557703B (en) Authentication method and device of network camera
EP3355231B1 (en) Mobile data storage device with access control functionality
US9660986B2 (en) Secure access method and secure access device for an application program
JP2015505105A (en) Secure user authentication for Bluetooth-enabled computer storage devices
WO2016045189A1 (en) Data reading/writing method of dual-system terminal and dual-system terminal
WO2019109968A1 (en) Method for unlocking sim card and mobile terminal
CN105528553A (en) A method and a device for secure sharing of data and a terminal
WO2016188167A1 (en) Charging method, apparatus and terminal for universal serial bus (usb)
WO2012075904A1 (en) Method, device and system for verifying binding data card and mobile host
CN110489959B (en) Protection method, burning method and device for burning file, storage medium and equipment
US10929520B2 (en) Secure read-only connection to peripheral device
US10891398B2 (en) Electronic apparatus and method for operating a virtual desktop environment from nonvolatile memory
CN110633584B (en) Control of data storage device
KR20200070532A (en) Management system and method for data security for storage device using security device
KR20200101053A (en) Electronic device and certification method in electronic device
KR20120100342A (en) Security token device and rf module and method of authentication usable in smartphone and pc
KR20210026233A (en) Electronic device for controlling access for device resource and operating method thereof
CN214042318U (en) Audio frequency goods copyright safety certification system based on USB flash disk
WO2016184213A1 (en) Method and apparatus for improving access security of wireless network and mobile terminal
CN105975624A (en) Data transmission method, equipment and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18907228

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18907228

Country of ref document: EP

Kind code of ref document: A1