CN105574425B - Access the method and device of storage data - Google Patents
Access the method and device of storage data Download PDFInfo
- Publication number
- CN105574425B CN105574425B CN201510219209.1A CN201510219209A CN105574425B CN 105574425 B CN105574425 B CN 105574425B CN 201510219209 A CN201510219209 A CN 201510219209A CN 105574425 B CN105574425 B CN 105574425B
- Authority
- CN
- China
- Prior art keywords
- data
- system type
- access instruction
- type
- data access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses it is a kind of access storage data method, including:Data access instruction is received, the data access instruction is identified comprising target data;Obtain the corresponding system type of the data access instruction;Authentication is carried out to the data access instruction according to the system type;If the authentication passes through, access path corresponding with target data mark and the system type is returned.In addition, it is also proposed that a kind of device for accessing storage data.Using the present invention, the occupancy to system resource can be reduced, greatly improve the utilization rate of system resource.
Description
Technical field
The present invention relates to technical field of mobile terminals more particularly to a kind of method and devices for accessing storage data.
Background technology
In existing two-system intelligent terminal, generally use encrypts the mode of storage to ensure storage file under security system
Safety so that conventional system can not read the file stored under security system because of no decryption method.Therefore, safety
System is needed in written document by encryption, when reading file, is needed by decryption processing, so as to cause safety system
System needs the process being constantly encrypted and decrypted during reading and writing of files.This encryption stores in the prior art
The system resource that mode is spent is larger, and the utilization rate for leading to system resource is not high.
Invention content
In consideration of it, in order to solve the problems, such as that above system resource utilization is not high, storage is accessed the present invention provides a kind of
The method of data so that security system requires no the process of encryption and decryption in reading and writing of files, only with by an identity
The process of certification greatly reduces the occupancy to system resource, improves the utilization rate of system resource.
A kind of method for accessing storage data, including:
Data access instruction is received, the data access instruction is identified comprising target data;
Obtain the corresponding system type of the data access instruction;
Authentication is carried out to the data access instruction according to the system type;
If the authentication passes through, access road corresponding with target data mark and the system type is returned to
Diameter.
Further, the method for accessing storage data further includes:If the authentication failure, displaying access failure
Prompt message.
Further, described the step of carrying out authentication to the data access instruction according to the system type, also wraps
It includes:
The corresponding digital signature of the data access instruction is obtained, private key, acquisition and institute are generated according to the digital signature
The corresponding public key of system type is stated, the digital signature is verified by public key corresponding with the system type and the private key,
If verification passes through, authentication passes through.
Further, described the step of obtaining the data access instruction corresponding system type, further includes:
The corresponding system type of the data access instruction is obtained according to the process number of init processes, the system type is
Conventional system or security system.
Further, described the step of returning to access path corresponding with target data mark and the system type
It further includes:
Return with the target data mark and the system type it is corresponding it is soft link, it is described it is soft link corresponding to and institute
State the target data in the corresponding storage region of system type.
In addition, in order to solve the technical issues of above system resource utilization is not high, additionally provide a kind of access and store number
According to device.
A kind of device for accessing storage data, including:
Command reception module, for receiving data access instruction, the data access instruction is identified comprising target data;
System type acquisition module, for obtaining the corresponding system type of the data access instruction;
Authentication module, for carrying out authentication to the data access instruction according to the system type;
Access path return module, for authentication by when, return with the target data mark and the system
The corresponding access path of type of uniting.
Further, the access path returns to module and is additionally operable to when the authentication fails, and displaying accesses failure
Prompt message.
The authentication module is additionally operable to obtain the corresponding digital signature of the data access instruction, according to the number
Signature generation private key, obtains corresponding with system type public key, by public key corresponding with the system type and described
Private key verifies the digital signature, if verification passes through, authentication passes through.
The system type acquisition module is additionally operable to obtain the data access instruction pair according to the process number of init processes
The system type answered, the system type are conventional system or security system.
The access path return module is additionally operable to return corresponding with target data mark and the system type
Soft link, the soft link correspond to the target data in storage region corresponding with the system type.
Compared with prior art, after employing the method and apparatus proposed by the present invention for accessing storage data, safety is
The lower data stored of system can also use stored in clear as storing data under conventional system so that security system is being read and write
The process of encryption and decryption is needed not move through during file, it is only necessary to by the process of authentication, in the case where ensure that security system
Storage data safety under the premise of, greatly reduce the calculation amount of security system reading and writing of files, reduce to system
The occupancy of resource improves the utilization rate of system resource.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with
Other attached drawings are obtained according to these attached drawings.
Wherein:
Fig. 1 is a kind of flow chart for the method for accessing storage data in one embodiment;
Fig. 2 is the schematic diagram of the method for the access storage data in the application scenarios of Android system in one embodiment;
Fig. 3 is a kind of structure chart for the device for accessing storage data in one embodiment.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without making creative work
Embodiment shall fall within the protection scope of the present invention.
To solve the problems, such as that above system resource utilization is not high, in one embodiment, spy proposes a kind of access and deposits
The method for storing up data, the execution of this method can be dependent on the computer system of von Neumann system, which can be
It is mounted with the computer equipments such as smart mobile phone, tablet computer, laptop or the PC of multisystem.Here polyphyly
System can be the different conventional system of security permission and security system etc. or security permission rank it is identical first operation
System, the second operating system, third operating system etc..
Specifically, in the present embodiment, the method for access storage data is as shown in Figure 1, specifically comprise the following steps:
Step S102:Data access instruction is received, the data access instruction is identified comprising target data.
Target data can be file or folder, for example, photograph album, daily record, contact data, system file etc..Target
Data Identification is the filename or file path for access target data.For example, in the application scenarios of an Android system
In, user then needs to input the file path of the photo, and according to the file of the input to access certain photo in photograph album
Coordinates measurement data access instruction.Or user accesses the catalogue where the photo, photograph album application traverses the photo under the catalogue
File path, obtain thumbnail show user.Mobile phone operating system in the file path of the photo under traversing the catalogue,
Data access instruction is generated, and the parameter of the file path of the photo is contained in the data access instruction.
Step S104:Obtain the corresponding system type of the data access instruction.
System type corresponding with data access instruction is the type for the system for receiving the data access instruction.For example,
In the application scenarios of Android android, the operation of multisystem is based on same linux kernel, and multiple systems are the linux
The process of multiple Linux systems run on kernel, and each system corresponds to a process.If some process receives data visit
Ask instruction, so as to be read out to target data, then the corresponding system type of the data access instruction got is the process
The type of corresponding system.
For example, user is operated under conventional system using when being written and read, the system type got is conventional system
Type;User is operated under security system using when being written and read, and the system type got is security system type.
Further, obtaining for system type can be according to the process number PID (English of init processes:
ProcessIdentifier, referred to as:PID it) obtains.System type can be conventional system or security system, or the
One operating system or the second operating system.In Android system, init processes are the user classes after linux kernel starts
Process after data access instruction is received, is loaded into conventional system and kernel that security system shares, according to submitting data
The application of access instruction obtains the corresponding system type of the data access instruction.That is, it can be used corresponding with system
Process identification information as system type.
Step S106:Authentication is carried out to the data access instruction according to the system type.
The process that authentication is carried out to data access instruction is to judge whether the data access instruction has permission to access
It includes target data process.In the running environment of existing triangular web, identity is carried out to data access instruction and is recognized
The mode of card is in a manner that the digital signature of the operator according to input data access instruction is verified, i.e., according to defeated
Enter the digital signature generation key of the operator of data access instruction, then by the way that the key is decrypted to judge operator
Identity whether meet the permission for accessing corresponding target data.
And in the present embodiment, for the running environment of multisystem, the data access is referred to according to the system type
Enabling the step of carrying out authentication can be specially:
The corresponding digital signature of the data access instruction is obtained, private key, acquisition and institute are generated according to the digital signature
The corresponding public key of system type is stated, the digital signature is verified by public key corresponding with the system type and the private key,
If verification passes through, authentication passes through;Otherwise, authentication fails.
That is, each system can include multiple user accounts, each user account is respectively provided with corresponding number
Signature.For user when some user account is used to operate, the corresponding digital signature of data access instruction of input is the user
The digital signature of account.Each system is previously according to the digital signature generation of user account and the public affairs of the type matching of system itself
Key, and preserve, i.e., some digital signature is corresponding with different public key in each system.
For example, user A is had input after data access instruction in conventional system (assuming that user A is for data access instruction
In the target data that includes there are access rights), the corresponding digital signature of the data access instruction is the number label of user A
Name when carrying out authentication to the data access instruction, then can obtain the digital signature with user A stored in conventional system
Then corresponding public key generates private key according to the corresponding digital signature of data access instruction, which matches with the private key, because
This, the data access instruction authentication which inputs in conventional system passes through.
For example, if user A does not have access rights to some file in the security system, when user A in the security system
After input accesses the access instruction of the file, the corresponding digital signature of the data access instruction is the number label of user A
Name when carrying out authentication to the data access instruction, then can obtain the digital signature with user A stored in security system
Then corresponding public key generates private key according to the corresponding digital signature of data access instruction.User A is right in the security system
This document presss from both sides no access rights, therefore the public key cannot be matched with the private key, i.e., the visit that the user A is inputted in the security system
Ask the access instruction authentication failure of this document folder.
Step S108:If the authentication passes through, return and target data mark and the system type pair
The access path answered.The access path corresponds to the target data file or catalogue.That is, for multisystem,
Can independent storage region corresponding with system type be divided for each system in advance, and establish target data mark and and system
The correspondence of the corresponding storage region of type.It, can be according to system when returning with the target data corresponding access path of mark
Type search target data identifies the corresponding access path in the storage region of the system type.
For example, the storage region of the two systems divided in advance is respectively " sys1 " and " sys2 ", for number of targets
According to mark " 1.jpg ", if system type is 1, can return to " sys1 1.jpg ";If system type is 2, can return to "
sys2\1.jpg”。
Further, return with the target data identify and the system type it is corresponding it is soft link, the soft link
Corresponding to the target data in storage region corresponding with the system type.Soft link include one with absolute path or
The form of relative path is directed toward the reference of file destination or catalogue, can link the file of different file.That is,
A file for containing access path can be returned.
In the application scenarios of an Android system, as shown in Fig. 2, can be connect by changing the data access of bottom
Mouth function realizes above-mentioned logic.Acquisition is contained for example, the Environment classes in Android system can be changed, in such to visit
Ask the way the interface function getExternalStorageDirectory () of diameter.Logic judgment can be added in the interface function
Step, for each system, interface function getExternalStorageDirectory () returns to corresponding file road
Diameter or soft link.When applying when carrying out the data access calls interface function, using system type and target data mark as
Parameter inputs to the function, which selects corresponding call back function to return to the system by judging system type
Under type with the target data corresponding file path of mark or soft linking.
In addition, in one embodiment, to solve the problems, such as that above system resource utilization is not high, it is also proposed that Yi Zhongfang
Ask the device of storage data, as shown in figure 3, including:Command reception module 302, system type acquisition module 304, authentication
Module 306, access path return to module 308, wherein:
Command reception module 302, for receiving data access instruction, the data access instruction includes target data mark
Know;
System type acquisition module 304, for obtaining the corresponding system type of the data access instruction;
Authentication module 306, for carrying out authentication to the data access instruction according to the system type;
Access path return module 308, for authentication by when, return with the target data identify and it is described
The corresponding access path of system type.
In the present embodiment, access path returns to module 308 and is additionally operable to when the authentication fails, and displaying, which accesses, loses
The prompt message lost.
In the present embodiment, authentication module 306 is additionally operable to obtain the corresponding digital signature of the data access instruction,
Private key is generated according to the digital signature, public key corresponding with the system type is obtained, by corresponding with the system type
Public key and the private key verify the digital signature, if verification passes through, authentication passes through.
In the present embodiment, system type acquisition module 304 is additionally operable to obtain the number according to the process number of init processes
According to the corresponding system type of access instruction, the system type is conventional system or security system.
In the present embodiment, access path returns to module 308 and is additionally operable to return and target data mark and the system
The corresponding soft link of type of uniting, the soft link correspond to the target data in storage region corresponding with the system type.
In conclusion after implementing the embodiment of the present invention, will have the advantages that:
After employing the method proposed by the present invention for accessing storage data and the device for accessing storage data, with the prior art
Compare, the data stored under security system can also use stored in clear so that security system do not needed in reading and writing of files through
Cross the process of encrypting and decrypting, it is only necessary to by the process of authentication, the peace of the data of the storage in the case where ensure that security system
Under the premise of full property, it is all and the calculation amount of file to reduce the occupancy to system resource to greatly reduce security system, is improved
The occupancy of system resource.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer read/write memory medium
In, the program is when being executed, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly
It encloses, therefore equivalent variations made according to the claims of the present invention, is still within the scope of the present invention.
Claims (8)
- A kind of 1. method for accessing storage data, which is characterized in that including:Data access instruction is received, the data access instruction is identified comprising target data;Obtain the corresponding system type of the data access instruction;The corresponding digital signature of the data access instruction is obtained, private key is generated according to the digital signature, is obtained and the system The corresponding public key of type of uniting verifies the digital signature, if school by public key corresponding with the system type and the private key It tests and passes through, then authentication passes through;If the authentication passes through, access path corresponding with target data mark and the system type is returned.
- 2. the method as described in claim 1 for accessing storage data, which is characterized in that if the authentication fails, displaying Access the prompt message of failure.
- 3. the method as described in claim 1 for accessing storage data, which is characterized in that described to obtain the data access instruction The step of corresponding system type, further includes:The corresponding system type of the data access instruction is obtained according to the process number of init processes, the system type is common System or security system.
- 4. the method as claimed in claim 3 for accessing storage data, which is characterized in that the return and the target data mark The step of knowing access path corresponding with the system type further includes:Return with the target data mark and the system type it is corresponding it is soft link, it is described it is soft link corresponding to and the system Target data in the corresponding storage region of type of uniting.
- 5. a kind of device for accessing storage data, which is characterized in that including:Command reception module, for receiving data access instruction, the data access instruction is identified comprising target data;System type acquisition module, for obtaining the corresponding system type of the data access instruction;Authentication module for obtaining the corresponding digital signature of the data access instruction, is generated according to the digital signature Private key obtains public key corresponding with the system type, is verified by public key corresponding with the system type and the private key The digital signature, if verification passes through, authentication passes through;Access path return module, for authentication by when, return with the target data mark and the system class The corresponding access path of type.
- 6. the device as claimed in claim 5 for accessing storage data, which is characterized in that access path returns to module and is additionally operable to During the authentication failure, displaying accesses the prompt message of failure.
- 7. the device as claimed in claim 5 for accessing storage data, which is characterized in that the system type acquisition module is also used In obtaining the corresponding system type of the data access instruction according to the process number of init processes, the system type is general department System or security system.
- 8. the device as claimed in claim 7 for accessing storage data, which is characterized in that the access path returns to module and also uses In return with the target data mark and the system type it is corresponding it is soft link, it is described it is soft link corresponding to and the system Target data in the corresponding storage region of type.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510219209.1A CN105574425B (en) | 2015-04-30 | 2015-04-30 | Access the method and device of storage data |
PCT/CN2015/082958 WO2016173116A1 (en) | 2015-04-30 | 2015-06-30 | Method and device for accessing storage data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510219209.1A CN105574425B (en) | 2015-04-30 | 2015-04-30 | Access the method and device of storage data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105574425A CN105574425A (en) | 2016-05-11 |
CN105574425B true CN105574425B (en) | 2018-06-15 |
Family
ID=55884541
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510219209.1A Active CN105574425B (en) | 2015-04-30 | 2015-04-30 | Access the method and device of storage data |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105574425B (en) |
WO (1) | WO2016173116A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108733467A (en) * | 2017-04-20 | 2018-11-02 | 海马云(天津)信息技术有限公司 | The method and device of electronic equipment operation application, electronic equipment |
CN107911820B (en) * | 2017-12-28 | 2021-02-09 | 上海传英信息技术有限公司 | Private system data file management method and terminal equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101547092A (en) * | 2008-03-27 | 2009-09-30 | 天津德智科技有限公司 | Method and device for data synchronization of multi-application systems for unifying user authentication |
CN102043927A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Computer system for data divulgence protection |
CN103268455A (en) * | 2013-05-09 | 2013-08-28 | 华为技术有限公司 | Method and device for accessing data |
CN104168291A (en) * | 2014-08-29 | 2014-11-26 | 宇龙计算机通信科技(深圳)有限公司 | Data access method, data access device and terminal |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014089652A (en) * | 2012-10-31 | 2014-05-15 | Toshiba Corp | Information processing apparatus |
GB201221433D0 (en) * | 2012-11-28 | 2013-01-09 | Hoverkey Ltd | A method and system of providing authentication of user access to a computer resource on a mobile device |
CN104284027A (en) * | 2014-10-29 | 2015-01-14 | 东莞宇龙通信科技有限公司 | Authority management method and authority management system for terminal |
-
2015
- 2015-04-30 CN CN201510219209.1A patent/CN105574425B/en active Active
- 2015-06-30 WO PCT/CN2015/082958 patent/WO2016173116A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101547092A (en) * | 2008-03-27 | 2009-09-30 | 天津德智科技有限公司 | Method and device for data synchronization of multi-application systems for unifying user authentication |
CN102043927A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Computer system for data divulgence protection |
CN103268455A (en) * | 2013-05-09 | 2013-08-28 | 华为技术有限公司 | Method and device for accessing data |
CN104168291A (en) * | 2014-08-29 | 2014-11-26 | 宇龙计算机通信科技(深圳)有限公司 | Data access method, data access device and terminal |
Also Published As
Publication number | Publication date |
---|---|
WO2016173116A1 (en) | 2016-11-03 |
CN105574425A (en) | 2016-05-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3968191B1 (en) | Trusted hardware-based identity management methods, apparatuses, and devices | |
US20220006617A1 (en) | Method and apparatus for data storage and verification | |
CN108604345A (en) | A kind of method and device of addition bank card | |
CN110515678B (en) | Information processing method, equipment and computer storage medium | |
CN107111728B (en) | Secure key derivation functionality | |
US20160103716A1 (en) | Method for using shared device in apparatus capable of operating two operating systems | |
US20140137265A1 (en) | System and Method For Securing Critical Data In A Remotely Accessible Database | |
CN111931154A (en) | Service processing method, device and equipment based on digital certificate | |
CN115277143B (en) | Data security transmission method, device, equipment and storage medium | |
CN110569651A (en) | file transparent encryption and decryption method and system based on domestic operating system | |
CN108229190B (en) | Transparent encryption and decryption control method, device, program, storage medium and electronic equipment | |
CN210627203U (en) | UICC device with safe storage function | |
CN106203141A (en) | The data processing method of a kind of application and device | |
CN105574425B (en) | Access the method and device of storage data | |
CN113792307A (en) | Seal management method and device and electronic equipment | |
CN112148709A (en) | Data migration method, system and storage medium | |
US8276188B2 (en) | Systems and methods for managing storage devices | |
CN109872148B (en) | Trusted data processing method and device based on TUI and mobile terminal | |
JP6755539B2 (en) | Methods and equipment for publishing copyrighted works on networks | |
CN105871840A (en) | Certificate management method and system | |
CN111177752B (en) | Credible file storage method, device and equipment based on static measurement | |
CN114448722A (en) | Cross-browser login method and device, computer equipment and storage medium | |
KR20230125226A (en) | Secure generation of one-time passcodes using contactless cards | |
US9600508B1 (en) | Data layer service availability | |
KR20190078198A (en) | Secure memory device based on cloud storage and Method for controlling verifying the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |