Safe data storage method and device

摘要

A safe data storage method is disclosed, the method comprises the following steps: hardware instructions are received; the hardware instructions are analyzed; and if the hardware instructions are storage instructions, a target address in the storage instructions is modified to be the corresponding storage address in a storage apparatus; the modified storage instructions are sent to a hardware layer. A safe data storage device is also disclosed, the device comprises the following units: a receiving unit adapted for receiving hardware instructions; an instruction analyzing unit adapted for analyzing the hardware instructions and judging whether the hardware instructions are storage instructions; an instruction modifying unit adapted for modifying a target address in the storage instructions to be the corresponding storage address in a safe storage apparatus; a sending unit adapted for sending the modified storage instructions to a hardware layer. The technical scheme is able to implement the information persistence operation on the hardware layer i.e., instruction level data dump, trojans or malicious tools can not save the obtained information even if they obtain the secret related information so that the data is always within a controllable safety range.

主权项

1. A data safety storage method, comprising:
establishing, using at least one processor, communication between a computer terminal system and a safety device, where the safety device is a non-transitory external storage device; receiving, using at least one processor, a hardware instruction, wherein the hardware instruction comes from a hardware mapping layer; analyzing, using at least one processor, the hardware instruction, if the hardware instruction is a store instruction, modifying, using at least one processor, a destination address of the store instruction to a corresponding storage address on the safety device instead of a local storage device, thus obtaining a modified store instruction; sending, using at least one processor, the modified store instruction to a hardware layer; updating, using at least one processor, a bit data that corresponds to the destination address in the bitmap, thus obtaining a updated bitmap; the bitmap being used to represent whether or not data of a local storage address is stored onto the safety device; synchronizing, using at least one processor, the updated bitmap to the safety device and saving it as the second bitmap; and synchronizing, using at least one processor, a second bitmap on the safety device to the computer terminal system and saving as a bitmap of the computer terminal system.