CN105574425B - Access the method and device of storage data - Google Patents

Access the method and device of storage data Download PDF

Info

Publication number
CN105574425B
CN105574425B CN201510219209.1A CN201510219209A CN105574425B CN 105574425 B CN105574425 B CN 105574425B CN 201510219209 A CN201510219209 A CN 201510219209A CN 105574425 B CN105574425 B CN 105574425B
Authority
CN
China
Prior art keywords
data
system type
access instruction
type
data access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510219209.1A
Other languages
Chinese (zh)
Other versions
CN105574425A (en
Inventor
杨中云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201510219209.1A priority Critical patent/CN105574425B/en
Priority to PCT/CN2015/082958 priority patent/WO2016173116A1/en
Publication of CN105574425A publication Critical patent/CN105574425A/en
Application granted granted Critical
Publication of CN105574425B publication Critical patent/CN105574425B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses it is a kind of access storage data method, including:Data access instruction is received, the data access instruction is identified comprising target data;Obtain the corresponding system type of the data access instruction;Authentication is carried out to the data access instruction according to the system type;If the authentication passes through, access path corresponding with target data mark and the system type is returned.In addition, it is also proposed that a kind of device for accessing storage data.Using the present invention, the occupancy to system resource can be reduced, greatly improve the utilization rate of system resource.

Description

Access the method and device of storage data
Technical field
The present invention relates to technical field of mobile terminals more particularly to a kind of method and devices for accessing storage data.
Background technology
In existing two-system intelligent terminal, generally use encrypts the mode of storage to ensure storage file under security system Safety so that conventional system can not read the file stored under security system because of no decryption method.Therefore, safety System is needed in written document by encryption, when reading file, is needed by decryption processing, so as to cause safety system System needs the process being constantly encrypted and decrypted during reading and writing of files.This encryption stores in the prior art The system resource that mode is spent is larger, and the utilization rate for leading to system resource is not high.
Invention content
In consideration of it, in order to solve the problems, such as that above system resource utilization is not high, storage is accessed the present invention provides a kind of The method of data so that security system requires no the process of encryption and decryption in reading and writing of files, only with by an identity The process of certification greatly reduces the occupancy to system resource, improves the utilization rate of system resource.
A kind of method for accessing storage data, including:
Data access instruction is received, the data access instruction is identified comprising target data;
Obtain the corresponding system type of the data access instruction;
Authentication is carried out to the data access instruction according to the system type;
If the authentication passes through, access road corresponding with target data mark and the system type is returned to Diameter.
Further, the method for accessing storage data further includes:If the authentication failure, displaying access failure Prompt message.
Further, described the step of carrying out authentication to the data access instruction according to the system type, also wraps It includes:
The corresponding digital signature of the data access instruction is obtained, private key, acquisition and institute are generated according to the digital signature The corresponding public key of system type is stated, the digital signature is verified by public key corresponding with the system type and the private key, If verification passes through, authentication passes through.
Further, described the step of obtaining the data access instruction corresponding system type, further includes:
The corresponding system type of the data access instruction is obtained according to the process number of init processes, the system type is Conventional system or security system.
Further, described the step of returning to access path corresponding with target data mark and the system type It further includes:
Return with the target data mark and the system type it is corresponding it is soft link, it is described it is soft link corresponding to and institute State the target data in the corresponding storage region of system type.
In addition, in order to solve the technical issues of above system resource utilization is not high, additionally provide a kind of access and store number According to device.
A kind of device for accessing storage data, including:
Command reception module, for receiving data access instruction, the data access instruction is identified comprising target data;
System type acquisition module, for obtaining the corresponding system type of the data access instruction;
Authentication module, for carrying out authentication to the data access instruction according to the system type;
Access path return module, for authentication by when, return with the target data mark and the system The corresponding access path of type of uniting.
Further, the access path returns to module and is additionally operable to when the authentication fails, and displaying accesses failure Prompt message.
The authentication module is additionally operable to obtain the corresponding digital signature of the data access instruction, according to the number Signature generation private key, obtains corresponding with system type public key, by public key corresponding with the system type and described Private key verifies the digital signature, if verification passes through, authentication passes through.
The system type acquisition module is additionally operable to obtain the data access instruction pair according to the process number of init processes The system type answered, the system type are conventional system or security system.
The access path return module is additionally operable to return corresponding with target data mark and the system type Soft link, the soft link correspond to the target data in storage region corresponding with the system type.
Compared with prior art, after employing the method and apparatus proposed by the present invention for accessing storage data, safety is The lower data stored of system can also use stored in clear as storing data under conventional system so that security system is being read and write The process of encryption and decryption is needed not move through during file, it is only necessary to by the process of authentication, in the case where ensure that security system Storage data safety under the premise of, greatly reduce the calculation amount of security system reading and writing of files, reduce to system The occupancy of resource improves the utilization rate of system resource.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Wherein:
Fig. 1 is a kind of flow chart for the method for accessing storage data in one embodiment;
Fig. 2 is the schematic diagram of the method for the access storage data in the application scenarios of Android system in one embodiment;
Fig. 3 is a kind of structure chart for the device for accessing storage data in one embodiment.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without making creative work Embodiment shall fall within the protection scope of the present invention.
To solve the problems, such as that above system resource utilization is not high, in one embodiment, spy proposes a kind of access and deposits The method for storing up data, the execution of this method can be dependent on the computer system of von Neumann system, which can be It is mounted with the computer equipments such as smart mobile phone, tablet computer, laptop or the PC of multisystem.Here polyphyly System can be the different conventional system of security permission and security system etc. or security permission rank it is identical first operation System, the second operating system, third operating system etc..
Specifically, in the present embodiment, the method for access storage data is as shown in Figure 1, specifically comprise the following steps:
Step S102:Data access instruction is received, the data access instruction is identified comprising target data.
Target data can be file or folder, for example, photograph album, daily record, contact data, system file etc..Target Data Identification is the filename or file path for access target data.For example, in the application scenarios of an Android system In, user then needs to input the file path of the photo, and according to the file of the input to access certain photo in photograph album Coordinates measurement data access instruction.Or user accesses the catalogue where the photo, photograph album application traverses the photo under the catalogue File path, obtain thumbnail show user.Mobile phone operating system in the file path of the photo under traversing the catalogue, Data access instruction is generated, and the parameter of the file path of the photo is contained in the data access instruction.
Step S104:Obtain the corresponding system type of the data access instruction.
System type corresponding with data access instruction is the type for the system for receiving the data access instruction.For example, In the application scenarios of Android android, the operation of multisystem is based on same linux kernel, and multiple systems are the linux The process of multiple Linux systems run on kernel, and each system corresponds to a process.If some process receives data visit Ask instruction, so as to be read out to target data, then the corresponding system type of the data access instruction got is the process The type of corresponding system.
For example, user is operated under conventional system using when being written and read, the system type got is conventional system Type;User is operated under security system using when being written and read, and the system type got is security system type.
Further, obtaining for system type can be according to the process number PID (English of init processes: ProcessIdentifier, referred to as:PID it) obtains.System type can be conventional system or security system, or the One operating system or the second operating system.In Android system, init processes are the user classes after linux kernel starts Process after data access instruction is received, is loaded into conventional system and kernel that security system shares, according to submitting data The application of access instruction obtains the corresponding system type of the data access instruction.That is, it can be used corresponding with system Process identification information as system type.
Step S106:Authentication is carried out to the data access instruction according to the system type.
The process that authentication is carried out to data access instruction is to judge whether the data access instruction has permission to access It includes target data process.In the running environment of existing triangular web, identity is carried out to data access instruction and is recognized The mode of card is in a manner that the digital signature of the operator according to input data access instruction is verified, i.e., according to defeated Enter the digital signature generation key of the operator of data access instruction, then by the way that the key is decrypted to judge operator Identity whether meet the permission for accessing corresponding target data.
And in the present embodiment, for the running environment of multisystem, the data access is referred to according to the system type Enabling the step of carrying out authentication can be specially:
The corresponding digital signature of the data access instruction is obtained, private key, acquisition and institute are generated according to the digital signature The corresponding public key of system type is stated, the digital signature is verified by public key corresponding with the system type and the private key, If verification passes through, authentication passes through;Otherwise, authentication fails.
That is, each system can include multiple user accounts, each user account is respectively provided with corresponding number Signature.For user when some user account is used to operate, the corresponding digital signature of data access instruction of input is the user The digital signature of account.Each system is previously according to the digital signature generation of user account and the public affairs of the type matching of system itself Key, and preserve, i.e., some digital signature is corresponding with different public key in each system.
For example, user A is had input after data access instruction in conventional system (assuming that user A is for data access instruction In the target data that includes there are access rights), the corresponding digital signature of the data access instruction is the number label of user A Name when carrying out authentication to the data access instruction, then can obtain the digital signature with user A stored in conventional system Then corresponding public key generates private key according to the corresponding digital signature of data access instruction, which matches with the private key, because This, the data access instruction authentication which inputs in conventional system passes through.
For example, if user A does not have access rights to some file in the security system, when user A in the security system After input accesses the access instruction of the file, the corresponding digital signature of the data access instruction is the number label of user A Name when carrying out authentication to the data access instruction, then can obtain the digital signature with user A stored in security system Then corresponding public key generates private key according to the corresponding digital signature of data access instruction.User A is right in the security system This document presss from both sides no access rights, therefore the public key cannot be matched with the private key, i.e., the visit that the user A is inputted in the security system Ask the access instruction authentication failure of this document folder.
Step S108:If the authentication passes through, return and target data mark and the system type pair The access path answered.The access path corresponds to the target data file or catalogue.That is, for multisystem, Can independent storage region corresponding with system type be divided for each system in advance, and establish target data mark and and system The correspondence of the corresponding storage region of type.It, can be according to system when returning with the target data corresponding access path of mark Type search target data identifies the corresponding access path in the storage region of the system type.
For example, the storage region of the two systems divided in advance is respectively " sys1 " and " sys2 ", for number of targets According to mark " 1.jpg ", if system type is 1, can return to " sys1 1.jpg ";If system type is 2, can return to " sys2\1.jpg”。
Further, return with the target data identify and the system type it is corresponding it is soft link, the soft link Corresponding to the target data in storage region corresponding with the system type.Soft link include one with absolute path or The form of relative path is directed toward the reference of file destination or catalogue, can link the file of different file.That is, A file for containing access path can be returned.
In the application scenarios of an Android system, as shown in Fig. 2, can be connect by changing the data access of bottom Mouth function realizes above-mentioned logic.Acquisition is contained for example, the Environment classes in Android system can be changed, in such to visit Ask the way the interface function getExternalStorageDirectory () of diameter.Logic judgment can be added in the interface function Step, for each system, interface function getExternalStorageDirectory () returns to corresponding file road Diameter or soft link.When applying when carrying out the data access calls interface function, using system type and target data mark as Parameter inputs to the function, which selects corresponding call back function to return to the system by judging system type Under type with the target data corresponding file path of mark or soft linking.
In addition, in one embodiment, to solve the problems, such as that above system resource utilization is not high, it is also proposed that Yi Zhongfang Ask the device of storage data, as shown in figure 3, including:Command reception module 302, system type acquisition module 304, authentication Module 306, access path return to module 308, wherein:
Command reception module 302, for receiving data access instruction, the data access instruction includes target data mark Know;
System type acquisition module 304, for obtaining the corresponding system type of the data access instruction;
Authentication module 306, for carrying out authentication to the data access instruction according to the system type;
Access path return module 308, for authentication by when, return with the target data identify and it is described The corresponding access path of system type.
In the present embodiment, access path returns to module 308 and is additionally operable to when the authentication fails, and displaying, which accesses, loses The prompt message lost.
In the present embodiment, authentication module 306 is additionally operable to obtain the corresponding digital signature of the data access instruction, Private key is generated according to the digital signature, public key corresponding with the system type is obtained, by corresponding with the system type Public key and the private key verify the digital signature, if verification passes through, authentication passes through.
In the present embodiment, system type acquisition module 304 is additionally operable to obtain the number according to the process number of init processes According to the corresponding system type of access instruction, the system type is conventional system or security system.
In the present embodiment, access path returns to module 308 and is additionally operable to return and target data mark and the system The corresponding soft link of type of uniting, the soft link correspond to the target data in storage region corresponding with the system type.
In conclusion after implementing the embodiment of the present invention, will have the advantages that:
After employing the method proposed by the present invention for accessing storage data and the device for accessing storage data, with the prior art Compare, the data stored under security system can also use stored in clear so that security system do not needed in reading and writing of files through Cross the process of encrypting and decrypting, it is only necessary to by the process of authentication, the peace of the data of the storage in the case where ensure that security system Under the premise of full property, it is all and the calculation amount of file to reduce the occupancy to system resource to greatly reduce security system, is improved The occupancy of system resource.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer read/write memory medium In, the program is when being executed, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly It encloses, therefore equivalent variations made according to the claims of the present invention, is still within the scope of the present invention.

Claims (8)

  1. A kind of 1. method for accessing storage data, which is characterized in that including:
    Data access instruction is received, the data access instruction is identified comprising target data;
    Obtain the corresponding system type of the data access instruction;
    The corresponding digital signature of the data access instruction is obtained, private key is generated according to the digital signature, is obtained and the system The corresponding public key of type of uniting verifies the digital signature, if school by public key corresponding with the system type and the private key It tests and passes through, then authentication passes through;
    If the authentication passes through, access path corresponding with target data mark and the system type is returned.
  2. 2. the method as described in claim 1 for accessing storage data, which is characterized in that if the authentication fails, displaying Access the prompt message of failure.
  3. 3. the method as described in claim 1 for accessing storage data, which is characterized in that described to obtain the data access instruction The step of corresponding system type, further includes:
    The corresponding system type of the data access instruction is obtained according to the process number of init processes, the system type is common System or security system.
  4. 4. the method as claimed in claim 3 for accessing storage data, which is characterized in that the return and the target data mark The step of knowing access path corresponding with the system type further includes:
    Return with the target data mark and the system type it is corresponding it is soft link, it is described it is soft link corresponding to and the system Target data in the corresponding storage region of type of uniting.
  5. 5. a kind of device for accessing storage data, which is characterized in that including:
    Command reception module, for receiving data access instruction, the data access instruction is identified comprising target data;
    System type acquisition module, for obtaining the corresponding system type of the data access instruction;
    Authentication module for obtaining the corresponding digital signature of the data access instruction, is generated according to the digital signature Private key obtains public key corresponding with the system type, is verified by public key corresponding with the system type and the private key The digital signature, if verification passes through, authentication passes through;
    Access path return module, for authentication by when, return with the target data mark and the system class The corresponding access path of type.
  6. 6. the device as claimed in claim 5 for accessing storage data, which is characterized in that access path returns to module and is additionally operable to During the authentication failure, displaying accesses the prompt message of failure.
  7. 7. the device as claimed in claim 5 for accessing storage data, which is characterized in that the system type acquisition module is also used In obtaining the corresponding system type of the data access instruction according to the process number of init processes, the system type is general department System or security system.
  8. 8. the device as claimed in claim 7 for accessing storage data, which is characterized in that the access path returns to module and also uses In return with the target data mark and the system type it is corresponding it is soft link, it is described it is soft link corresponding to and the system Target data in the corresponding storage region of type.
CN201510219209.1A 2015-04-30 2015-04-30 Access the method and device of storage data Active CN105574425B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510219209.1A CN105574425B (en) 2015-04-30 2015-04-30 Access the method and device of storage data
PCT/CN2015/082958 WO2016173116A1 (en) 2015-04-30 2015-06-30 Method and device for accessing storage data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510219209.1A CN105574425B (en) 2015-04-30 2015-04-30 Access the method and device of storage data

Publications (2)

Publication Number Publication Date
CN105574425A CN105574425A (en) 2016-05-11
CN105574425B true CN105574425B (en) 2018-06-15

Family

ID=55884541

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510219209.1A Active CN105574425B (en) 2015-04-30 2015-04-30 Access the method and device of storage data

Country Status (2)

Country Link
CN (1) CN105574425B (en)
WO (1) WO2016173116A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108733467A (en) * 2017-04-20 2018-11-02 海马云(天津)信息技术有限公司 The method and device of electronic equipment operation application, electronic equipment
CN107911820B (en) * 2017-12-28 2021-02-09 上海传英信息技术有限公司 Private system data file management method and terminal equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101547092A (en) * 2008-03-27 2009-09-30 天津德智科技有限公司 Method and device for data synchronization of multi-application systems for unifying user authentication
CN102043927A (en) * 2010-12-29 2011-05-04 北京深思洛克软件技术股份有限公司 Computer system for data divulgence protection
CN103268455A (en) * 2013-05-09 2013-08-28 华为技术有限公司 Method and device for accessing data
CN104168291A (en) * 2014-08-29 2014-11-26 宇龙计算机通信科技(深圳)有限公司 Data access method, data access device and terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014089652A (en) * 2012-10-31 2014-05-15 Toshiba Corp Information processing apparatus
GB201221433D0 (en) * 2012-11-28 2013-01-09 Hoverkey Ltd A method and system of providing authentication of user access to a computer resource on a mobile device
CN104284027A (en) * 2014-10-29 2015-01-14 东莞宇龙通信科技有限公司 Authority management method and authority management system for terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101547092A (en) * 2008-03-27 2009-09-30 天津德智科技有限公司 Method and device for data synchronization of multi-application systems for unifying user authentication
CN102043927A (en) * 2010-12-29 2011-05-04 北京深思洛克软件技术股份有限公司 Computer system for data divulgence protection
CN103268455A (en) * 2013-05-09 2013-08-28 华为技术有限公司 Method and device for accessing data
CN104168291A (en) * 2014-08-29 2014-11-26 宇龙计算机通信科技(深圳)有限公司 Data access method, data access device and terminal

Also Published As

Publication number Publication date
WO2016173116A1 (en) 2016-11-03
CN105574425A (en) 2016-05-11

Similar Documents

Publication Publication Date Title
EP3968191B1 (en) Trusted hardware-based identity management methods, apparatuses, and devices
US20220006617A1 (en) Method and apparatus for data storage and verification
CN108604345A (en) A kind of method and device of addition bank card
CN110515678B (en) Information processing method, equipment and computer storage medium
CN107111728B (en) Secure key derivation functionality
US20160103716A1 (en) Method for using shared device in apparatus capable of operating two operating systems
US20140137265A1 (en) System and Method For Securing Critical Data In A Remotely Accessible Database
CN111931154A (en) Service processing method, device and equipment based on digital certificate
CN115277143B (en) Data security transmission method, device, equipment and storage medium
CN110569651A (en) file transparent encryption and decryption method and system based on domestic operating system
CN108229190B (en) Transparent encryption and decryption control method, device, program, storage medium and electronic equipment
CN210627203U (en) UICC device with safe storage function
CN106203141A (en) The data processing method of a kind of application and device
CN105574425B (en) Access the method and device of storage data
CN113792307A (en) Seal management method and device and electronic equipment
CN112148709A (en) Data migration method, system and storage medium
US8276188B2 (en) Systems and methods for managing storage devices
CN109872148B (en) Trusted data processing method and device based on TUI and mobile terminal
JP6755539B2 (en) Methods and equipment for publishing copyrighted works on networks
CN105871840A (en) Certificate management method and system
CN111177752B (en) Credible file storage method, device and equipment based on static measurement
CN114448722A (en) Cross-browser login method and device, computer equipment and storage medium
KR20230125226A (en) Secure generation of one-time passcodes using contactless cards
US9600508B1 (en) Data layer service availability
KR20190078198A (en) Secure memory device based on cloud storage and Method for controlling verifying the same

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant