CN103870769A - Method and system for protecting magnetic disk - Google Patents
Method and system for protecting magnetic disk Download PDFInfo
- Publication number
- CN103870769A CN103870769A CN201410057760.6A CN201410057760A CN103870769A CN 103870769 A CN103870769 A CN 103870769A CN 201410057760 A CN201410057760 A CN 201410057760A CN 103870769 A CN103870769 A CN 103870769A
- Authority
- CN
- China
- Prior art keywords
- disk
- module
- protective device
- filtration drive
- bootstrap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
Abstract
The invention discloses a method for protecting and restoring a magnetic disk and a system for protecting the magnetic disk. When the magnetic disk is protected, a protective device is set, codes of front sixty-three sectors of the magnetic disk are backed up on the magnetic disk, and the magnetic disk is encrypted through the protective device; when the encrypted magnetic disk starts, a first guide module is operated, verifies the protective device, reads a code, a start parameter and a password of a second guide module from the protective device and delivers a control right to the second guide module; the second guide module replaces magnetic disk read-write interruption, decrypts when reading the magnetic disk, encrypts when writing the magnetic disk, reads a leader record of an active partition, decrypts the read leader record and executes the leader record to start an operating system; after the operating system starts, read operation is decrypted and write operation is encrypted through a magnetic disk filter driver to protect the magnetic disk. When the magnetic disk is restored, the whole magnetic disk is decrypted, and original data of the front sixty-three sectors is restored.
Description
Technical field
The present invention relates to field of information security technology, particularly a kind of method and system that disk is protected.
Background technology
In information security field, data are as a kind of wealth of preciousness, and the security of data is the unit of being subject to, enterprises and individuals's concern more and more.The protection of current data is mainly the protection based on file, and this method with protection is easy to be cracked, and follows increasing of file, and the method for this protection also can be very loaded down with trivial details.
The present invention is encrypted whole disk; and revise the startup flow process of system; system after encryption only has legal protective device just can enter system, enters after system when user reads file and deciphers in internal memory, after file is write, carries out encrypting storing on disk.On disk, there is never clear data, thereby reach the object of protection disk.
The present invention, in order to facilitate user to reduce to the disk after protection, as long as user inserts legal protective device, enters after the system of the disk after protection in addition, can be reduced to the state before not protection to whole disk.
The start-up course of Windows is as follows: after system powers on, the boot sequence that BIOS specifies according to user starts from soft, light, hard disk or other memory device, read simultaneously and carry out the Main Boot Record in boot disk, hard disk is fanned head position on 01 fan of 0 post at physics, then successively read sector end mark 55AAH, Main Boot Record, hard disk partition table, then the data that provide according to hard disk partition table, hard disk on the boot sector of active partition, then successively reads sector end mark 55AAH and operating system parameter by head position.This process reads operating system in internal memory, then gives operating system by control.
In Windows kernel, drive design to adopt hierarchy design.Disk filtration drive module is to be located on disk driver, can monitor, interception and modification system send to the I/O request bag of disk drive, thereby reaches the object of modification system execution flow process.
Software protecting equipment is that one is connected to the hardware device on main frame by computer interface (including but not limited to parallel port or USB interface).This device interior has nonvolatile storage space can, for read-write, also have the calculation processing unit such as single-chip microcomputer or micro-processing controls chip conventionally.Software developer can carry out exchanges data (software protecting equipment being read and write) by interface function and software protecting equipment, checks whether software protecting equipment is inserted on interface; Or be directly encrypted with the subsidiary instrument of software protecting equipment.Like this, software developer can arrange many places software locks in software, utilizes software protecting equipment to open these locks as key; If it is not corresponding not insert software protecting equipment or software protecting equipment, software can not normally be carried out.
In addition, software protecting equipment inside comprises specific function, for example a part of storage space, some cryptographic algorithms or some user-defined algorithm or function.Before software publishing; software developer revises the software code of oneself; make software in operational process, need to use some functions of software protecting equipment inside; software will move after leaving software protecting equipment like this; and the difficulty that software protecting equipment copies as a kind of hardware device is larger, thereby play the illegal effect of propagating of piracy software that prevents.
Software protecting equipment main on Vehicles Collected from Market comprises: WIBU-Key of the Elite series of the Sentinel Superpro of SafeNet company of the U.S., the Hasp HL of Aladdin company of Israel, BeiJing, China's deep thinking Luo Ke software incorporated company, German Wi-Bu company etc.All these software protecting equipments all provide built-in storage space, privately owned or disclosed cryptographic algorithm, check whether belong to legal when calling these functions in software running process.These software protecting equipments have adopted the basis of intelligent card chip as hardware; and the function of supporting user that oneself is defined is written to software protecting equipment inside; even can directly the partial function of software be transplanted to software protecting equipment inside completes; thereby greatly improve the difficulty of software pirate version, conventionally claimed that this technology that the function of oneself definition or the partial function of software are transplanted to software protecting equipment inside is that code is transplanted.The present corresponding website of the inventor is http://www.sense.com.cn/, wherein discloses in detail design parameter performance and the principle of work of the software protecting equipment of inventor's exploitation.
In the prior art; this is not encrypted disk in start-up course; therefore current technical need is: operating system is encrypted whole disk; and the startup flow process of operating system guarantees that the operating system after encryption only has legal software protecting equipment (hereinafter referred to as protective device) and just can enter operating system; in internal memory, decipher entering after operating system when user reads file; after file is write, carry out encrypting storing on disk, make to there will not be on disk clear data.
Summary of the invention
In view of this, the invention provides a kind of method of disk protect and reduction, to solve the problem of data in magnetic disk safety.
According to an aspect of the present invention, provide a kind of system of disk being protected by protective device, described protective device is the information safety devices with intelligent card chip, and software, data protection function are provided, and described protective device also comprises:
Protective device arranges module, overall encrypting module, the first bootstrap module, the second bootstrap module, disk filtration drive module; Wherein, described the second bootstrap module is arranged in described protective device;
Described protective device arranges module, for described protective device is arranged, the code of the second bootstrap module, start-up parameter, password is put into described protective device;
Described overall encrypting module, writes the first bootstrap module front 63 sectors of disk, and disk is encrypted totally, adopts disk filtration drive module to protect disk;
Described the first bootstrap module, carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control;
Described the second bootstrap module; replacing disk read-write interrupts; when being read, disk is decrypted; disk is write to fashionable being encrypted; the second bootstrap module reads the leader record of active partition; now the leader record reading is decrypted, thereby after deciphering, the leader record of executed activity subregion starts the operating system;
Described disk filtration drive module, for totally protecting disk; Wherein, after os starting, by disk filtration drive module, the data that read are decrypted in internal memory, after the data that write are encrypted, are kept on disk.
According to an aspect of the present invention, provide a kind of system of disk being protected by protective device, described protective device is the information safety devices with intelligent card chip, and software, data protection function are provided, and described protective device also comprises:
Protective device arranges module, overall encrypting module, the first bootstrap module, the second bootstrap module, reducing disk module; Wherein, described the second bootstrap module is arranged in described protective device;
Described protective device arranges module, for described protective device is arranged, the code of the second bootstrap module, start-up parameter, password is put into described protective device, and wherein said password is inputted by user;
Described overall encrypting module, writes the first bootstrap module front 63 sectors of disk, and disk is encrypted totally, adopts disk filtration drive module to protect disk;
Described the first bootstrap module, carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control;
Described the second bootstrap module; replacing disk read-write interrupts; when being read, disk is decrypted; disk is write to fashionable being encrypted; the second bootstrap module reads the leader record of active partition; now the leader record reading is decrypted, thereby after deciphering, the leader record of executed activity subregion starts the operating system;
Described reducing disk module, comprises application layer program and disk filtration drive module;
Wherein, first described application layer program reads the maximum sector number of whole disk, then sends undo command and needs the sector number reducing to described disk filtration drive module successively;
Wherein, described disk filtration drive module, for totally protecting disk; Wherein, after os starting, by disk filtration drive module, the data that read are decrypted in internal memory, after the data that write are encrypted, are kept on disk; When the data of described disk filtration drive module after to the encryption on disk are reduced, the enciphered data in reading disk, deciphers in internal memory the data of encrypting, and the data after deciphering are write to disk;
Described disk filtration drive module reads the content of particular sector, and the content reading is decrypted, and the data after deciphering are write to the sector on disk;
Wherein, after all sector decryption on disk complete, described application layer program sends the order of unloading disk filtration drive module to described disk filtration drive module, and disk filtration drive module is called the unloading routine unloading disk filtration drive module of self; Application layer program is the data that do not have before protection by the content recovery of front 63 sectors of disk.
According to an aspect of the present invention, described cryptographic algorithm adopts symmetric encipherment algorithm or rivest, shamir, adelman.
According to an aspect of the present invention, described verification comprises by identification informations such as checking PIN code, protective device sequence numbers and carries out authentication.
According to an aspect of the present invention, wherein password is inputted by User Defined.
According to an aspect of the present invention, provide a kind of method of disk being protected by described protective device, described method comprises:
Protective device is arranged, the code of the second bootstrap module, start-up parameter, password are put into protective device;
The first bootstrap module is write to disk;
Disk is encrypted totally, adopted disk filtration drive module to protect disk;
Disk filtration drive module is installed on disk.
According to an aspect of the present invention, described method also comprises:
When disk after encryption starts, first move the first bootstrap module, the first bootstrap module carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control;
The second bootstrap module replaces disk read-write and interrupts, when disk is read, be decrypted, disk is write to fashionable being encrypted, the second bootstrap module reads the leader record of active partition, the leader record reading is decrypted, thereby after deciphering, the leader record of executed activity subregion starts the operating system;
After os starting, by disk filtration drive module, read operation is decrypted, write operation is encrypted.
According to an aspect of the present invention, described method also comprises:
When disk after encrypting is reduced, insert described protective device, start the disk after encrypting, user selects the operation that the disk after encrypting is reduced;
First application layer program reads the maximum sector number of whole disk, then send undo command and need the sector number reducing to disk filtration drive module successively, described disk filtration drive module reads the content of particular sector, and the content reading is decrypted, the data after deciphering are write to the sector on disk;
After all sector decryption on disk complete, application layer program sends the order of unloading disk filtration drive module to disk filtration drive module, and disk filtration drive module is called the unloading routine unloading disk filtration drive module of self;
Application layer program is the data that do not have before protection by the content recovery of front 63 sectors of disk.
According to an aspect of the present invention, in the step of the code of the second bootstrap module, start-up parameter, password being put into protective device, password is inputted by user.
A method for disk protect, the method concrete steps comprise:
Protective device is arranged, by the second bootstrap module, (the second bootstrap module is used for starting the operating system, this second bootstrap module is arranged in protective device, when os starting by the first bootstrap module read in internal memory and carry out, it acts on the second bootstrap module part and has a detailed description) code, start-up parameter, password put into protective device;
The data of front 63 sectors to disk back up, on wherein data directly back up to disk;
The first bootstrap module is write to front 63 sectors of disk;
Disk is encrypted totally, (disk filtration drive module is the driver being mounted to above the disk driver of operating system to adopt disk filtration drive module, this disk filtration drive module is positioned on disk, the effect of this disk filtration drive module refers to disk filtration drive module to be described) disk to be protected, cryptographic algorithm can adopt symmetric encipherment algorithm or rivest, shamir, adelman;
When disk after encryption starts, first move the first bootstrap module, the first bootstrap module carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control;
The second bootstrap module replaces disk read-write and interrupts, when disk is read, be decrypted, disk is write to fashionable being encrypted, the second bootstrap module reads the leader record of active partition, the leader record reading is decrypted, thereby after deciphering, the leader record of executed activity subregion starts the operating system;
After os starting, by disk filtration drive module, read operation is decrypted, write operation is encrypted, thereby complete the defencive function of disk.
When disk after encrypting is reduced, need to insert correct protective device, start the disk after encrypting, user selects the operation that the disk after encrypting is reduced, now utilize disk filtration drive module to be decrypted the data of encrypting on whole disk by the reducing disk module being stored on disk, the algorithm that the algorithm adopting when deciphering uses when to disk encryption is consistent, data after deciphering are write to disk, after having deciphered, unloading disk filtration drive module (wherein, according to one embodiment of present invention, send unloading order by the application layer program in reducing disk module to disk filtration drive module, the unloading routine of disk filtration drive module completes the unloading of self), be the data that do not have before protection by the content recovery of front 63 sectors of disk.
The present invention also provides a kind of system that disk is protected, and described system comprises:
Protective device, device arrange module, overall encrypting module, the first bootstrap module, the second bootstrap module, disk filtration drive module, reducing disk module; Wherein, described the second bootstrap module is arranged in described protective device;
Described protective device is the information safety devices with intelligent card chip, and software, data protection function are provided.According to an embodiment, described protective device includes but not limited to encryption lock.
Described protective device arranges module, is used for protective device to arrange, and the code of the second bootstrap module, start-up parameter, password are put into protective device, and wherein password is inputted by User Defined;
Described overall encrypting module; front 63 sector datas to disk back up; the first bootstrap module is write to front 63 sectors of disk; disk is encrypted totally; adopt disk filtration drive module to protect disk, cryptographic algorithm can adopt symmetric encipherment algorithm or rivest, shamir, adelman.According to an embodiment, described symmetric encipherment algorithm comprises AES, DES, TDES; Rivest, shamir, adelman comprises ECC, RSA.
Described the first bootstrap module, carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control;
Described the second bootstrap module, replacing disk read-write interrupts, when being read, disk is decrypted, disk is write to fashionable being encrypted, the second bootstrap module reads the leader record of active partition, the leader record reading is decrypted, thereby after deciphering, the leader record of executed activity subregion starts the operating system;
Described disk filtration drive module; for disk is protected totally; disk after protection; after os starting, by disk filtration drive module, the data that read are decrypted in internal memory; after being encrypted, the data that write are kept on disk, when the data of disk filtration drive module after to the encryption on disk are reduced, and the enciphered data in reading disk; the data of encrypting are deciphered in internal memory, the data after deciphering are write to disk.
Described reducing disk module; formed by application layer program and disk filtration drive module two parts; first application layer program reads the maximum sector number of whole disk; then send undo command and need the sector number reducing to disk filtration drive module successively; described disk filtration drive module reads the content of particular sector; and the content reading is decrypted, the algorithm adopting when deciphering algorithm used when to disk protect is consistent, and the data after deciphering are write to the sector on disk.After all sector decryption on disk complete, application layer program sends the order of unloading disk filtration drive module to disk filtration drive module, and disk filtration drive module is called the unloading routine unloading disk filtration drive module of self.Application layer program is the data that do not have before protection by the content recovery of front 63 sectors of disk.
According to an aspect of the present invention, described the first bootstrap module carries out verification to protective device, is specially by identification informations such as checking PIN code, protective device sequence numbers protective device is carried out to authentication.
According to method provided by the invention; obtained beneficial effect is: protected disk only has the normally startup system of correct protective device of inserting; after system starts; when user reads file; disk filtration drive module can be deciphered and return to user temporarily in internal memory; the data that user writes deposit disk in after can be encrypted; data in disk are encrypted forever; even if disk is illegally accessed; do not have correct protective device cannot enter system, cannot decipher the content on disk yet.
In order to facilitate user to reduce to the disk after protection, as long as user inserts legal protective device, enter after the system of the disk after protection, can be reduced to the state before not protection to whole disk.
Accompanying drawing explanation
Fig. 1 is according to the schematic flow sheet of the protection process of a preferred embodiment of the present invention.
Fig. 2 is schematic diagram during according to disk operation behind protected in a preferred embodiment of the present invention.
Fig. 3 is according to the schematic diagram while reducing to the disk after protection in a preferred embodiment of the present invention.
Fig. 4 is according to the structural drawing of the reducing disk module in a preferred embodiment of the present invention.
Embodiment
For making object of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
According to an embodiment of the invention, a kind of method of disk protect and reduction is provided, specifically comprise:
1. pair protective device arranges, and the code of the second bootstrap module, start-up parameter, password are put into protective device;
2. the data of front 63 sectors of disk are backed up;
3. the first bootstrap module is write to front 63 sectors of disk;
4. pair disk is encrypted totally, adopts disk filtration drive module to protect disk, and cryptographic algorithm can adopt symmetric encipherment algorithm or rivest, shamir, adelman;
5. when the disk after encrypting starts, first move the first bootstrap module, the first bootstrap module carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control;
6. the second bootstrap module replaces disk read-write interruption, when being read, disk is decrypted, disk is write to fashionable being encrypted, the second bootstrap module reads the leader record of active partition, the leader record reading is decrypted, thereby after deciphering, the leader record of executed activity subregion starts the operating system;
7. after os starting, by disk filtration drive module, the data that read are decrypted in internal memory, after the data that write are encrypted, are kept on disk, thereby complete the defencive function of disk.
8. when pair disk reduces; need to insert correct protective device; start the disk after encrypting; user selects the operation that the disk after encrypting is reduced; now reducing disk module utilizes disk filtration drive module to be decrypted the data of encrypting on whole disk; the algorithm that the algorithm adopting when deciphering uses when to disk encryption is consistent; data after deciphering are write to disk; after having deciphered; unloading disk filtration drive module is the data that do not have before protection by the content recovery of front 63 sectors of disk.
According to an embodiment of the invention, a kind of system that disk is protected, comprising:
Protective device, protective device arrange module, overall encrypting module, the first bootstrap module, the second bootstrap module, disk filtration drive module, reducing disk module, wherein,
Described protective device is the information safety devices with intelligent card chip, and software, data protection function are provided.According to an embodiment, described protective device includes but not limited to encryption lock.
Described protective device arranges module, is used for protective device to arrange, and the code of the second bootstrap module, start-up parameter, password are put into protective device, and wherein password is inputted by User Defined.
Described overall encrypting module; front 63 sector datas to disk back up; the first bootstrap module is write to front 63 sectors of disk; disk is encrypted totally; adopt disk filtration drive module to protect disk, cryptographic algorithm can adopt symmetric encipherment algorithm or rivest, shamir, adelman.
Described the first bootstrap module, carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control.According to an embodiment, described verification comprises by identification informations such as checking PIN code, protective device sequence numbers carries out authentication.
Described the second bootstrap module, replacing disk read-write interrupts, when being read, disk is decrypted, disk is write to fashionable being encrypted, the second bootstrap module reads the leader record of active partition, now can be decrypted the leader record reading, thereby after deciphering, the leader record of executed activity subregion starts the operating system.
Described disk filtration drive module; for disk is protected totally; disk after protection; after os starting, by disk filtration drive module, the data that read are decrypted in internal memory; after being encrypted, the data that write are kept on disk, when the data of disk filtration drive module after to the encryption on disk are reduced, and the enciphered data in reading disk; the data of encrypting are deciphered in internal memory, the data after deciphering are write to disk.
Described reducing disk module is made up of application layer program and disk filtration drive module two parts, first application layer program reads the maximum sector number of whole disk, then send undo command and need the sector number reducing to disk filtration drive module successively, described disk filtration drive module reads the content of particular sector, and the content reading is decrypted, the data after deciphering are write to the sector on disk.After all sector decryption on disk complete, application layer program sends the order of unloading disk filtration drive module to disk filtration drive module, and disk filtration drive module is called the unloading routine unloading disk filtration drive module of self.Application layer program is the data that do not have before protection by the content recovery of front 63 sectors of disk.
According to an embodiment of the invention, provide an embodiment below the present invention is described.
embodiment 1
The disk that this embodiment is provided with 7 32 systems of the Windows of Microsoft take protection, as example, is described the detailed process that realizes disk protect according to specific embodiment of the application.
Protective device is encryption lock, and data security protecting function is provided.
Protective device arranges module, protective device is arranged, the code of the second bootstrap module, start-up parameter, password are put into protective device, wherein the length of password is 64 bytes, wherein password is inputted by User Defined, and the lock that password is identical can start mutually the disk after encryption;
Encrypting module totally, first the data of front 63 sectors of disk are backed up, disk filtration drive module is installed in system, and filtration drive is set to start with os starting, the first bootstrap module is write to front 63 sectors of disk, utilize disk filtration drive module to be encrypted protection to disk, cryptographic algorithm herein adopts aes algorithm, and encryption key generates at random;
As shown in Figure 1, the detailed step of disk being protected is:
1. insert protective device;
2. user inputs self-defining password;
3. the code of the second bootstrap module, start-up parameter, password are put into protective device;
4. the data of front 63 sectors of disk are backed up;
5. disk filtration drive module is installed on disk;
6. the first bootstrap module is write to front 63 sectors of disk;
7. pair disk is encrypted totally.
In the time that the disk of protected unit protection starts:
The first bootstrap module, first carries out verification to protective device, utilizes specifically order, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control.
The second bootstrap module, replaces disk read-write and interrupts, and according to one embodiment of present invention, replace int 13 and interrupt, in the time that the value of register AH is 02, be read operation, in the time that the value of register AH is 03, be write operation.After read-write is interrupted being replaced, when disk is read, be decrypted, disk is write to fashionable being encrypted, the second bootstrap module reads the leader record of active partition, now can be decrypted the leader record reading, thereby after deciphering, the leader record of executed activity subregion starts the operating system.
Disk filtration drive module; after disc operating system (DOS) after protection starts; by disk filtration drive module, disk read operation is decrypted; disk write operation is encrypted; when the data of disk filtration drive module after to the encryption on disk are reduced; enciphered data in reading disk, deciphers in internal memory the data of encrypting, and the data after deciphering are write to disk.
As shown in Figure 2, when the disk after encryption moves, comprise the steps:
1. insert protective device;
2. pair protective device carries out verification, and verification is by performing step 3, otherwise prompting error message;
3. from protective device, read code, start-up parameter, the password of the second bootstrap module;
4. int 13 read-writes of Replace Disk and Press Anykey To Reboot are interrupted;
5. the leader record that reads active partition, is decrypted leader record;
6. carry out leader record, start the operating system;
7. pair disk read operation is decrypted in internal memory, after disk write operation is encrypted, writes disk.
In the time that disk after protecting is reduced; reducing disk module utilizes disk filtration drive module to be decrypted the data of encrypting on whole disk; data after deciphering are write to disk; unloading disk filtration drive module is the data that do not have before protection by the content recovery of front 63 sectors of disk.
As shown in Figure 3, the step when disk after protection reduction is as follows:
1. insert protective device;
2. the disk after starting protection, setting up procedure is referring to Fig. 2 in detail;
3. user selects disk to reduce;
4. the data of the encryption on pair disk are decrypted, and write disk after deciphering, and decipherment algorithm adopts aes algorithm herein;
5. unloading disk filtration drive module;
6. be the data that do not have before protection by the content recovery of front 63 sectors of disk.
Reducing disk module is made up of application layer program and disk filtration drive module two parts, and its workflow as shown in Figure 4.
As shown in Figure 4, application layer program sends the order of reduction sector and needs the sector number reducing to disk filtration drive module;
Disk filtration drive module reads the content of particular sector, and the content reading is decrypted, and the data after deciphering are write to the sector on disk;
After all sector decryption on disk complete, application layer program sends the order of unloading disk filtration drive module to disk filtration drive module;
Disk filtration drive module is called the unloading routine unloading disk filtration drive module of self;
Application layer program is the data that do not have before protection by the content recovery of front 63 sectors of disk.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (9)
1. a system of by protective device, disk being protected, described protective device is the information safety devices with intelligent card chip, and software, data protection function are provided, and it is characterized in that, described protective device also comprises:
Protective device arranges module, overall encrypting module, the first bootstrap module, the second bootstrap module, disk filtration drive module; Wherein, described the second bootstrap module is arranged in described protective device;
Described protective device arranges module, for described protective device is arranged, the code of the second bootstrap module, start-up parameter, password is put into described protective device;
Described overall encrypting module, writes the first bootstrap module front 63 sectors of disk, and disk is encrypted totally, adopts disk filtration drive module to protect disk;
Described the first bootstrap module, carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control;
Described the second bootstrap module; replacing disk read-write interrupts; when being read, disk is decrypted; disk is write to fashionable being encrypted; the second bootstrap module reads the leader record of active partition; now the leader record reading is decrypted, thereby after deciphering, the leader record of executed activity subregion starts the operating system;
Described disk filtration drive module, for totally protecting disk; Wherein, after os starting, by disk filtration drive module, the data that read are decrypted in internal memory, after the data that write are encrypted, are kept on disk.
2. a system of by protective device, disk being protected, described protective device is the information safety devices with intelligent card chip, and software, data protection function are provided, and it is characterized in that, described protective device also comprises:
Protective device arranges module, overall encrypting module, the first bootstrap module, the second bootstrap module, reducing disk module; Wherein, described the second bootstrap module is arranged in described protective device;
Described protective device arranges module, for described protective device is arranged, the code of the second bootstrap module, start-up parameter, password is put into described protective device, and wherein said password is inputted by user;
Described overall encrypting module, writes the first bootstrap module front 63 sectors of disk, and disk is encrypted totally, adopts disk filtration drive module to protect disk;
Described the first bootstrap module, carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control;
Described the second bootstrap module; replacing disk read-write interrupts; when being read, disk is decrypted; disk is write to fashionable being encrypted; the second bootstrap module reads the leader record of active partition; now the leader record reading is decrypted, thereby after deciphering, the leader record of executed activity subregion starts the operating system;
Described reducing disk module, comprises application layer program and disk filtration drive module;
Wherein, first described application layer program reads the maximum sector number of whole disk, then sends undo command and needs the sector number reducing to described disk filtration drive module successively;
Wherein, described disk filtration drive module, for totally protecting disk; Wherein, after os starting, by disk filtration drive module, the data that read are decrypted in internal memory, after the data that write are encrypted, are kept on disk; When the data of described disk filtration drive module after to the encryption on disk are reduced, the enciphered data in reading disk, deciphers in internal memory the data of encrypting, and the data after deciphering are write to disk;
Described disk filtration drive module reads the content of particular sector, and the content reading is decrypted, and the data after deciphering are write to the sector on disk;
Wherein, after all sector decryption on disk complete, described application layer program sends the order of unloading disk filtration drive module to described disk filtration drive module, and disk filtration drive module is called the unloading routine unloading disk filtration drive module of self; Application layer program is the data that do not have before protection by the content recovery of front 63 sectors of disk.
3. the system of disk being protected by protective device according to claim 1 and 2, is characterized in that, described cryptographic algorithm adopts symmetric encipherment algorithm or rivest, shamir, adelman.
4. the system of disk being protected by protective device according to claim 1 and 2, is characterized in that, described verification comprises by identification informations such as checking PIN code, protective device sequence numbers carries out authentication.
5. according to the system that protective device is protected disk of passing through described in claim 1-4, it is characterized in that, wherein password is inputted by User Defined.
6. a method of by the protective device described in claim 1-5, disk being protected, is characterized in that, described method comprises:
Protective device is arranged, the code of the second bootstrap module, start-up parameter, password are put into protective device;
The first bootstrap module is write to disk;
Disk is encrypted totally, adopted disk filtration drive module to protect disk;
Disk filtration drive module is installed on disk.
7. the method that protective device is protected disk according to claim 6, is characterized in that, described method also comprises:
When disk after encryption starts, first move the first bootstrap module, the first bootstrap module carries out verification to protective device, reads code, start-up parameter, the password of the second bootstrap module from protective device, gives the second bootstrap module control;
The second bootstrap module replaces disk read-write and interrupts, when disk is read, be decrypted, disk is write to fashionable being encrypted, the second bootstrap module reads the leader record of active partition, the leader record reading is decrypted, thereby after deciphering, the leader record of executed activity subregion starts the operating system;
After os starting, by disk filtration drive module, read operation is decrypted, write operation is encrypted.
8. the method for according to the protective device described in claim 6 or 7, disk being protected, is characterized in that, described method also comprises:
When disk after encrypting is reduced, insert described protective device, start the disk after encrypting, user selects the operation that the disk after encrypting is reduced;
First application layer program reads the maximum sector number of whole disk, then send undo command and need the sector number reducing to disk filtration drive module successively, described disk filtration drive module reads the content of particular sector, and the content reading is decrypted, the data after deciphering are write to the sector on disk;
After all sector decryption on disk complete, application layer program sends the order of unloading disk filtration drive module to disk filtration drive module, and disk filtration drive module is called the unloading routine unloading disk filtration drive module of self;
Application layer program is the data that do not have before protection by the content recovery of front 63 sectors of disk.
9. the method for according to the protective device described in claim 6-8, disk being protected, is characterized in that, in the step of the code of the second bootstrap module, start-up parameter, password being put into protective device, password is inputted by user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410057760.6A CN103870769B (en) | 2014-02-20 | 2014-02-20 | Method and system for protecting magnetic disk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410057760.6A CN103870769B (en) | 2014-02-20 | 2014-02-20 | Method and system for protecting magnetic disk |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103870769A true CN103870769A (en) | 2014-06-18 |
| CN103870769B CN103870769B (en) | 2017-02-15 |
Family
ID=50909291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410057760.6A Active CN103870769B (en) | 2014-02-20 | 2014-02-20 | Method and system for protecting magnetic disk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103870769B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103870770A (en) * | 2014-02-20 | 2014-06-18 | 北京深思数盾科技有限公司 | Method and system for protecting magnetic disk |
| CN111552974A (en) * | 2020-03-19 | 2020-08-18 | 沈阳通用软件有限公司 | USB flash disk encryption and decryption method based on Windows operating system |
| CN112257122A (en) * | 2020-10-22 | 2021-01-22 | 深圳软牛科技有限公司 | Data processing method, device and equipment based on T2 chip and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080077800A1 (en) * | 2006-09-26 | 2008-03-27 | Lan Wang | Persistent security system and method |
| CN102646077A (en) * | 2012-03-28 | 2012-08-22 | 山东超越数控电子有限公司 | Method for full-disk encryption based on trusted cryptography module |
-
2014
- 2014-02-20 CN CN201410057760.6A patent/CN103870769B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080077800A1 (en) * | 2006-09-26 | 2008-03-27 | Lan Wang | Persistent security system and method |
| CN101517587A (en) * | 2006-09-26 | 2009-08-26 | 惠普开发有限公司 | Persistent security system and method |
| CN102646077A (en) * | 2012-03-28 | 2012-08-22 | 山东超越数控电子有限公司 | Method for full-disk encryption based on trusted cryptography module |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103870770A (en) * | 2014-02-20 | 2014-06-18 | 北京深思数盾科技有限公司 | Method and system for protecting magnetic disk |
| CN111552974A (en) * | 2020-03-19 | 2020-08-18 | 沈阳通用软件有限公司 | USB flash disk encryption and decryption method based on Windows operating system |
| CN111552974B (en) * | 2020-03-19 | 2023-12-05 | 三六零数字安全科技集团有限公司 | USB flash disk encryption and decryption method based on Windows operating system |
| CN112257122A (en) * | 2020-10-22 | 2021-01-22 | 深圳软牛科技有限公司 | Data processing method, device and equipment based on T2 chip and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103870769B (en) | 2017-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104951409B (en) | A kind of hardware based full disk encryption system and encryption method | |
| US10331376B2 (en) | System and method for encrypted disk drive sanitizing | |
| US8281388B1 (en) | Hardware secured portable storage | |
| US8555083B1 (en) | Systems and methods for protecting against unauthorized access of encrypted data during power-management modes | |
| KR102139179B1 (en) | Security subsystem | |
| US8503674B2 (en) | Cryptographic key attack mitigation | |
| US20070101158A1 (en) | Security region in a non-volatile memory | |
| US20080072071A1 (en) | Hard disc streaming cryptographic operations with embedded authentication | |
| TW519651B (en) | Embedded security device within a nonvolatile memory device | |
| CN103065102A (en) | Data encryption mobile storage management method based on virtual disk | |
| CN102254119B (en) | Safe mobile data storage method based on fingerprint U disk and virtual machine | |
| US20100058066A1 (en) | Method and system for protecting data | |
| CN107908574B (en) | Safety protection method for solid-state disk data storage | |
| CN102549594A (en) | Secure storage of temporary secrets | |
| US11222144B2 (en) | Self-encrypting storage device and protection method | |
| CN100378689C (en) | Enciphered protection and read write control method for computer data | |
| TW201535145A (en) | System and method to store data securely for firmware using read-protected storage | |
| US7818567B2 (en) | Method for protecting security accounts manager (SAM) files within windows operating systems | |
| WO2010127030A2 (en) | Selectively securing data and/or erasing secure data caches responsive to security compromising conditions | |
| CN102362280A (en) | System and method for securely storing data in an electronic device | |
| CN104883256A (en) | Secret key protecting method resisting physical attacks and system attacks | |
| EP3080945B1 (en) | Obfuscating in memory encryption keys | |
| CN105678173A (en) | vTPM safety protection method based on hardware transactional memory | |
| CN100399304C (en) | Method for automatic protecting magnetic disk data utilizing filter driving program combined with intelligent key device | |
| CN103870769B (en) | Method and system for protecting magnetic disk |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Applicant after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Applicant before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| CB02 | Change of applicant information |
Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510 Applicant after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Applicant before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |