DATA BLACKHOLE PROCESSING METHOD BASED ON MOBILE STORAGE DEVICE, AND MOBILE STORAGE DEVICE
First Claim
1. A data black hole processing method based on a mobile storage device, comprising:
- configuring a data black hole system in a computing device so as to form a data black hole terminal, wherein the data black hole system can store intermediate data and an operation result generated during operation of the computing device in a specific storage location, and ensure that the computing device runs normally;
establishing a data black hole space, wherein the data black hole space comprises a data storage partition established in the mobile storage device, wherein the data storage partition is adapted to be visited by the data black hole system but not by an operating system or software of an application layer, wherein the mobile storage device is coupled with the computing device;
establishing a corresponding relationship between a user using the computing device and the data black hole space or a part of the data black hole space;
re-directing a data writing operation generated by an operation of the user at the data black hole terminal to the data black hole space corresponding to the user;
blocking a data persistence operation to a local storage device; and
blocking data output through a local port except for data output to the data black hole terminal so as to ensure data entering the data black hole terminal or the data black hole space only exists in the data black hole space.
1 Assignment
0 Petitions
Accused Products
Abstract
A data blackhole processing method based on a mobile storage device, comprising: a computing device deploying a data blackhole system, causing the computing device to become a data blackhole terminal; a data blackhole system being taken to mean a system where process data and operation results of the process of operation of the computing device are stored in a specific storage location to ensure normal operation of the computing device; establishing a data blackhole space, comprising the data storage area opened on said mobile storage device; establishing a correspondence between the user of the computing device and the data blackhole space or a portion of the data blackhole space; redirecting to the data blackhole space corresponding to the user the data generated by the user when operating the data blackhole terminal; preventing a data persistence operation from being performed on the local storage device, and preventing output of the data to a local port by means of a non-data blackhole terminal. Also provided is a mobile storage device. On the basis of the data blackhole processing method of the mobile storage device as well as the mobile storage device, data security and anti-leak protection are increased.
-
Citations
20 Claims
-
1. A data black hole processing method based on a mobile storage device, comprising:
-
configuring a data black hole system in a computing device so as to form a data black hole terminal, wherein the data black hole system can store intermediate data and an operation result generated during operation of the computing device in a specific storage location, and ensure that the computing device runs normally; establishing a data black hole space, wherein the data black hole space comprises a data storage partition established in the mobile storage device, wherein the data storage partition is adapted to be visited by the data black hole system but not by an operating system or software of an application layer, wherein the mobile storage device is coupled with the computing device; establishing a corresponding relationship between a user using the computing device and the data black hole space or a part of the data black hole space; re-directing a data writing operation generated by an operation of the user at the data black hole terminal to the data black hole space corresponding to the user; blocking a data persistence operation to a local storage device; and blocking data output through a local port except for data output to the data black hole terminal so as to ensure data entering the data black hole terminal or the data black hole space only exists in the data black hole space. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 18, 19, 20)
-
-
15. A mobile storage device, comprising:
- a mobile data security access unit and a security storage space, wherein the mobile storage device carries an operating system, wherein the security storage space is inaccessible to the operating system and software of the operating system and the security storage space is adapted to be visited by the mobile data security access unit;
wherein, when the mobile storage device is coupled with a computing device, a central processing unit of the computing device is adapted to run the operating system carried by the mobile storage device, and a user communicates with the mobile storage device through a input/output device of the computing device, wherein the mobile data security access unit receives an instruction from the operating system carried by the mobile storage device and send the instruction to the central processing unit of the computing device; wherein, the mobile data security access unit comprises; a receiving unit, adapted to receive a hardware instruction; an instruction analysis unit, adapted to determine whether the hardware instruction is a storage instruction or a reading instruction and to generate a determinant signal; an instruction modification unit, based on the determinant signal, adapted to, if the hardware instruction is a storage instruction, change a destination address in the storage instruction to a corresponding storage address in the security storage space, and if the hardware instruction is a reading instruction, adapted to retrieve a bitmap and change a reading address in the reading instruction based on data of the bitmap, wherein the bitmap is adapted to represent whether data with an address in a local storage space is dumped to the security storage space; a transmitting unit, adapted to send the changed storage or reading instruction to a hardware layer for execution. - View Dependent Claims (16, 17)
- a mobile data security access unit and a security storage space, wherein the mobile storage device carries an operating system, wherein the security storage space is inaccessible to the operating system and software of the operating system and the security storage space is adapted to be visited by the mobile data security access unit;
Specification