CN100449560C - Computer data security protective method - Google Patents
Computer data security protective method Download PDFInfo
- Publication number
- CN100449560C CN100449560C CNB2006100964411A CN200610096441A CN100449560C CN 100449560 C CN100449560 C CN 100449560C CN B2006100964411 A CNB2006100964411 A CN B2006100964411A CN 200610096441 A CN200610096441 A CN 200610096441A CN 100449560 C CN100449560 C CN 100449560C
- Authority
- CN
- China
- Prior art keywords
- module
- data
- user
- attitude
- file system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The related computer data security protection method comprises: for file system drive structure supported by Windows OS, embedding file filter drive module between the I/O manager and file system drive module; when storing and reading data, first confirming user authority, using the I/O manager to send data package to the filer drive module for enciphering/deciphering then transmit to the file system drive module. This invention is full clear for authorized user and has no effect to normal operation.
Description
Technical field
The present invention relates to a kind of computer data security protective method, belong to the computer security technique field.
Background technology
Continuous development along with computing machine and related information technology thereof, computer system in the application in fields such as enterprise, public institution, individual family more and more widely, the fast development of network technology in recent years in addition makes the data security of computer system be subjected to more and more serious challenge.The data of various preciousnesses does not often obtain desirable safety guarantee in the process of network office, data transmission, even if in internal network, usually obtained easily yet, and reveal under the ignorant situation of managerial personnel.
In order to solve safety problem, application number is that the patented claim of 03816860.X discloses the link dynamic key management device of hiding that uses in computer system, and this manager discloses a computer system, comprises cryptographic key and cryptographic key identifier.System has a thesaurus cipher engine, and it is communicated by letter with long-range cipher engine safely, and the thesaurus cipher engine is associated with a user data memory.User data memory comprises a link of hiding, and it comprises the session key identifier with the protection secret key encryption.The link of hiding is associated with remote data entity.The key data storer that is associated with the repository services device comprises the session key with session key protection secret key encryption.Use session key and deciphering remote data entity.System also comprises a thesaurus key change module, is used for and remote cipher key Switching Module exchange session key.
In addition, application number is that 200410019056.8 patented claim discloses a kind of Information hiding method for encryption/decryption and device based on virtual class holography, this method is used the electronic installation and the software of parallel hardware and algorithm, adopts virtual class holography to the Information hiding enciphering/deciphering.The encryption of information comprises that computing information plane and random mask branch are clipped to the weighted sum of the discrete fresnel diffraction conversion of virtual class hologram plane, adopts " spectrum operation " to carry out digital hologram and rebuilds.Deciphering is calculated the contribution of random mask in ciphering process with corresponding deciphering parameter, deducts from ciphertext, obtains the light intensity of information plane at the rebuilding plane place and can obtain the prime information image; This method also is applicable to the enciphering/deciphering of voice messaging.The device that adopts comprises the master-slave system that is made of general purpose PC and digital signal processor, programmable asic, or breaks away from the embedded system of PC isolated operation.
The prior art that above-mentioned retrieval is found no doubt has the security protection effect to the data in the computing machine, yet, understand according to the applicant, existingly variously add with other, decryption technology is the same, these security protection systems are all constructed at the computer application layer, often need to operate accordingly, and many safeguard procedures prevent from that file from illegally being opened, and can not avoid being replicated copy, therefore still there is unsafe factor.
Summary of the invention
The technical problem to be solved in the present invention is: at the deficiency of above prior art existence, propose a kind of for the complete transparent computer data security protective method of validated user, provide the Computer Data Security guard system of this method of employing simultaneously, thereby realize that validated user is after normal running, can make data message hiding fully for the disabled user, carry out guaranteeing data security under the situation of operation bidirectional need not.
In order to solve above technical matters, computer data security protective method of the present invention is in the computing machine of the file system drives structure with the support of Windows operating platform, described file system drives structure is by the application programming interfaces of user's attitude and the encryption and decryption authentication module of user's attitude, the I/O manager of kernel mode and file system driving module and memory device driver module, the storer of physics attitude constitutes, the electron key of the corresponding interface grafting storage key of described computing machine is characterized in that: also contain the I/O manager that is embedded in kernel mode and the filter Driver on FSD module between the file system driving module; Driver module in the middle of also embedding between file system driving module and memory device driver module during in order to discovery I/O failure, sends examination request again to the memory device driver module; Described computing machine carries out data storage according to following steps:
1) the encryption and decryption authentication module of user's attitude is according to key in the electron key and User login cipher authentication user's legitimacy;
2) after the application programming interfaces of user's attitude are accepted validated user data and storage instruction, call the inner corresponding application program of Windows, storage operation is transferred to the I/O manager of kernel mode;
3) the I/O manager of kernel mode extracts process title, start address data, data length, the data storage path of application program, and validated user data to be stored are converted to packet, is transferred to the filter Driver on FSD module;
4) after the filter Driver on FSD module receives packet, copy out copy, and the encryption and decryption authentication module that copy is submitted to user's attitude is encrypted;
5) after the filter Driver on FSD module receives the enciphered data of returning, the data encrypted bag is handed to file system driving module;
6) file system driving module is handed to the memory device driver module by normal running with the data encrypted bag;
7) the memory device driver module according to packet will be to be preserved data encrypted write in the storer of physics attitude;
Described computing machine carries out data read according to following steps:
1 ') the encryption and decryption authentication module of user's attitude is according to key in the electron key and User login authentification of message user's legitimacy;
2 ') after the application programming interfaces of user's attitude are accepted the instruction of validated user data read, call the inner corresponding application program of Windows, read operation is transferred to the I/O manager of kernel mode;
3 ') the I/O manager of kernel mode extracts process title, start address data, data length, the data storage path of application program, and the data that read are converted to packet, is transferred to the filter Driver on FSD module, and waits for return data;
4 ') after the filter Driver on FSD module receives packet, directly it is delivered file system driving module;
5 ') after file system driving module receives packet, by the memory device driver module file to be read in the storer of physics attitude is read, turned back to the filter Driver on FSD module by normal running;
6 ') the filter Driver on FSD module is waken up after receiving the data of returning, and after the encryption and decryption authentication module that the data that read are submitted to user's attitude is decrypted, is transferred to the I/O manager of kernel mode;
7 ') data after the I/O manager of kernel mode will be deciphered offer the application programming interfaces of user's attitude.
From the process of file storage operation as can be seen, the data in the internal memory always exist with the plaintext form, and data always exist with the form of ciphertext in the file on the storer of physics attitude.From the processing procedure of read operation as can be seen, do not need additionally to carry out memory copying, other operation process and storage class are seemingly.Like this, for validated user, because the bottom ruuning situation of imperceptible computing machine, therefore whole enciphering/deciphering is transparent fully, does not influence normal running at all, and need not extra operation, and is very convenient.For the disabled user, the storage data have not only been taked encryption measures, and are fully hidden, it is hereby ensured data security.
Description of drawings
The present invention is further illustrated below in conjunction with accompanying drawing.
Fig. 1 is the system hardware structure synoptic diagram of one embodiment of the invention.
Fig. 2 is Fig. 1 embodiment and prior art systems structure contrast block diagram.
Fig. 3 is the overall construction drawing of Fig. 1 embodiment.
Fig. 4 is the system architecture diagram of Fig. 1 embodiment.
Embodiment
Embodiment one
The computer data security protective method of present embodiment is realized by hardware environment shown in Figure 1.The Computer Data Security guard system is developed based on IFS; run on the windows platform of PC; comprise WindowsXP, WindowsNT4.0, Windows2000, Windows2003 etc.; safety protecting mechanism based on the operating system kernel layer is provided, the computer data resource is carried out encipherment protection.The authenticating user identification electron key is the mini-chip card that has the usb interface, has only the USB flash disk size, under the situation that the authentication key is arranged, operation to encrypted entry is the same with normal folder or file, the encryption and decryption process is transparent fully to user and application program, under the situation that does not have the authentication key, encrypted entry is thoroughly hidden.Verification process is the double authentication process of software and hardware combining, promptly only could authenticate under the also correct situation of correct and user name of the key in electron key and password and pass through, and is safe and reliable.
The original file system drives structure of this computing machine is referring to Fig. 2, is made of the storer of the I/O manager of the application programming interfaces of user's attitude, kernel mode and file system driving module and memory device driver module, physics attitude.In order to realize that the read-write operation of user application is tackled, and submit to encrypting module to handle the data, in the file system of operating system, embed the filtration drive module, load between the I/O manager and file system driving module of kernel mode.
Its principle of work and operation operate to:
Electron key is inserted the USB mouth of PC as the user, program will be opened " proof box " automatically, this moment the user to the operation (open, read and write) of encrypt file or file as normal folder, program need not the encryption and decryption process of transparent realization to operand the user and carries out operation bidirectional.When the user extracts electron key, encrypt file and file will be hidden immediately.In addition, because the user often is not the user who is proficient in computing machine, therefore native system must accomplish that also to user transparent, promptly the user can not increase any operation bidirectional as normally using a computer, and this program will be finished filtration and the processing to controlled file and catalogue intelligently.
The most important Core Feature of system is that the file or folder of the local storage of PC is hidden and encipherment protection; promptly on PC, set up virtual " deedbox " for each user; anyly add into by " copy/paste " mode that the file or folder of proof box all becomes protected object; and the logical path of protected object is constant, but is stored on the physical medium with encrypted form.
Realize the Core Feature of file transparent encryption and decryption, mentality of designing is to insert independently developed filter Driver on FSD module at operating system file system drive layer, the file read-write operation that interception operating system upper level applications is sent.In order to realize this transparent filtering function, system uses IFS Kit (installable file system kit, Microsoft Windows Server 2003Installable File Systems Development Kit) on the file system Drive Layer that is in Window operating system kernel attitude, loads one deck filter Driver on FSD, as shown in Figure 2, everyly all must accept the processing of this filtration drive earlier, then the data of read-write operation be submitted to " data encrypting and deciphering module " and encrypted or decryption processing the read-write operation of disk file.
During specific implementation, in Windows 2000/XP, the I/O manager of kernel mode is responsible for handling the I/O operation of all devices.The I/O manager of kernel mode is mainly finished the I/O operation by memory device driver module, middle driver module, file system driving module, filtration drive module, and the function of these modules is as follows:
Memory device driver module: be positioned at the lowermost layer of the I/O manager of kernel mode, directly equipment carried out the I/O operation.
Middle driver module: be embedded between file system driving module and the memory device driver module, provide enhancement function with the memory device driver module of bottom.For example, when finding the I/O failure, the memory device driver module may simply return error message; And middle driver module may send examination request again to device driver module after receiving error message.
File system driving module: (FSD, File System Driver), the function of expansion bottom layer driving module is to realize specific file system, as NTFS.
Filtration drive module: between the I/O of kernel mode manager and file system driving module,, especially can intercept the operation of relevant telefile, and can be redirected on the telefile server to realize user-defined expanded function.
Below in conjunction with computerese, set forth the data security protected working process (referring to Fig. 3) that realizes by filtration drive with concrete written document and the flow chart of data processing of reading file.
Written document
The application programming interfaces of user's attitude are operated in the file that writes data into the disk appointment by Windows api function write.
This operation enters after the Windows kernel state, can at first arrive the I/O manager of kernel mode, the I/O manager of kernel mode is translated into IRP (IO Request Packet) bag and delivers to appointed equipment (for file operation, be disk unit), corresponding to its action type sign of write operation is exactly IRP_MJ_WRITE (wherein MJ is the abbreviation of Major).IRP bag also comprises many other fields except the action type sign, the start address of data for example, the length of data, process name or the like.
The organization definition of complete IRP bag is as follows in DDK (Device Driver Kit):
typedef?struct_IRP{
PMDL?
MdlAddress;
ULONG
Flags;
union {
struct_IRP *MasterIrp;
PVOID?SystemBuffer;
}?AssociatedIrp;
IO_STATUS_BLOCK?
IoStatus;
KPROCESSOR_MODE?
Reques?torMode;
BOOLEAN?
PendingReturned;
BOOLEAN?
Cancel;
KIRQL?
CancelIrql;
PDRIVER_CANCEL?
CancelRoutine;
PVOID?
UserBuffer;
union {
struct{
union {
KDEVICE_QUEUE_ENTRY?DeviceQueueEntry;
struct{
PVOID?DriverContext[4];
};
};
PETHREAD?Thread;
LIST_ENTRY?ListEntry;
}Overlay;
}Tail;
}IRP,*PIRP;
The data of preserving the 1K byte with application programming interfaces to C: test the 1.DAT file be example.The I/O manager of this operation requests arrival kernel mode is converted to the packet of IRP_MJ_WRITE, extract the process title of application program by PsGetCurrentProcess (), by MmGetSystemAddressForMdlSafe (Irp->MdlAddress, NormalPagePriority); Extract start address, by MmGetMdlByteCount (Irp->MdlAddress); Extract the length of data, by the pathname of file object fileObject->FileName.Buffer extraction document of comprising in the device object.If the complete trails of file show data that needs are preserved come from predefined encryption menu c: test, then this 1K copying data can be gone out a copy in filtration drive, and the process DPS.EXE that copy is submitted to the encryption and decryption authentication security protection module of user's attitude encrypted and etc. to be encrypted finishing.After encryption was finished, the filtration drive module was given file system driving module with data encrypted and is waited for that it returns.File system driving module is handed to packet by normal running and is transferred to the memory device driver module, by the memory device driver module according to packet will be to be preserved data write in the storer of physics attitude, filtration drive discharges the data trnascription of this 1K afterwards.
From the process of above file write operation as can be seen, the data in the internal memory always exist with form expressly, and the data in the file always exist with the form of ciphertext on the disk.
Read file
The filtration drive module is similar to the processing procedure of file read operation and write operation.When application programming interfaces by Windows api function read operation read C: test during the 1K data of 1.DAT file, this operation requests at first arrives the I/O manager of kernel mode and is converted to the IRP bag of IPR_MJ_READ type at kernel state, and this IRP has comprised information such as memory address that the data that read need deposit and length.This request arrives after filtration drive module, and the filtration drive module is directly handed to file system driving module and handled and wait for that it finishes dealing with.File system driving module is read into data designated on the disk unit in the internal memory.Because C: test the 1.DAT file be what to encrypt, therefore the data in internal memory this moment are that form with ciphertext exists.After file system drove and finishes dealing with, the wait of filtration drive module was waken up, and the encryption and decryption authentication module data protection DPS.EXE that submits the data to user's attitude is decrypted and waits for.After deciphering is finished (data in the internal memory become expressly), the filtration drive module is finished the processing to the IRP bag at last, is transferred to the I/O manager of kernel mode.Then, the data after the I/O manager of kernel mode will be deciphered offer the application programming interfaces of user's attitude.At this moment, Windows api function read operation is returned, and application programming interfaces have obtained the clear data of expectation.
From the processing procedure of read operation as can be seen, do not need the extra memory copying that carries out, other aspects are all fours with the processing procedure of write operation.
From the running software aspect, in above composition member, with the most closely-related file system driving module (FSD, File System Driver) that surely belongs to of file system management.FSD is operated in the kernel mode, but different with other standard kernel drivers.FSD must at first register to the I/O of kernel mode manager.FSD also will produce in a large number alternately with telling buffer manager for use with memory manager.Therefore, FSD has used the superset of Ntoskrnl export function.Though common kernel device driver can be created by DDK (Device Driver Kit), then must create with IFS (Installable FileSystems Development Kit) to file system driver.
The relevant operation of Windows file system is all finished by FSD, has following several mode can use FSD usually: explicit file I/O, high-speed cache postpone to write, tell that buffer memory is read in advance, the dirty page or leaf of internal memory is write and the internal memory processing of skipping leaf.Briefly describe getting in touch the closest explicit file I/O below with this project.
Explicit file I/O: application program visits file by Win32 I/O interface function such as CreateFile, ReadFile and WriteFile etc.For example, function R eadFile finishes by NtReadFile.NtReadFile converts the handle of opened file to the file object pointer, checks access rights, creates IRP (I/O request package, I/O request packet) read request, gives suitable FSD by IoCallDriver with IRP.
Function C reateFile finishes by NtCreateFile.NtCreateFile resolves the name character string by ObOpenObjectByName, creates the IRP request by IoParseDevice, gives suitable FSD to create file by IoCallDriver with IRP.
Function WriteFile and ReadFile are similar, and only WriteFile calls NtWriteFile.
The filter Driver on FSD module of present embodiment (File System Filte Driver) is made of driving inlet, equipment I O control, absorption routine, four modules of quick I/O processing routine.Its mutual relationship below is introduced respectively as shown in Figure 4:
(1) inlet module (Driver Entry)--this module is finished the initialization of filtration drive in driving.Initialization procedure comprises the initialization of filtration drive object, symbol establishment of connection and absorption routine and the foundation of I/O processing routine fast between the establishment of filter plant object, filter plant object and the upper level applications.This is similar to the InitInstance function of upper level applications.
(2) equipment I/O control module (Device IO Control)--upper level applications is sent the I/O order by driving the symbol connection of setting up in the inlet module to the filter plant object, and the function of this module is that order responds to I/O.For example, when upper level applications need be added an encryption menu, to send IOCTL_SET_NOTIFICATION_AddEncryptPath and order filtration equipment, filter plant will add the complete trails of assigned catalogue in kernel buffers according to the content of input block after receiving this order.
(3) absorb routine module (Attach)--also make I./O handle the routine module.The file I/O operation (for example read-write operation) that upper level applications is sent can at first arrive the filtration drive module before arriving file system driving module.The function that absorbs the routine module is exactly when receiving the file I/O operation it to be handled, and hands to file system driving module again after handling.
(4) I/O handles routine module (Fast IO Attach) fast--and the file I/O operation (for example read-write operation) that upper level applications is sent can at first be converted into quick I/O request by the I/O manager of kernel mode after arriving kernel state.The I/O request is to be provided with in order to optimize the file I/O operation on the windows platform fast, when for example the file data that need read when upper level applications has existed in internal memory, then the I/O manager of kernel mode can send quick I/O request to file system driving module, and file system driving module can directly be returned the data in the internal memory.The I/O request can at first arrive the filtration drive module before arriving file system driving module fast.The function of I/O processing routine module is handled quick I/O request exactly fast, hands to file system driving module again after handling.
The filter Driver on FSD module can be caught the All Files of user's operation, guarantee the security of file data, also must have a safe and reliable encryption and decryption module.
The similar method of EFS file system encryption principle of present embodiment employing and Microsoft is promptly submitted data to encrypting module when user's written document, then file data is encrypted with symmetric encipherment algorithm (SSF28 and DES algorithm), is stored in the hard disk then.The key of symmetric encipherment algorithm adopts RSA cryptographic algorithms to encrypt, and the ciphertext after encrypting is stored in the electron key.When the user reads file, at first decrypt the key of symmetric encipherment algorithm with RSA Algorithm, these key-pair file data are decrypted processing then.
The preservation of cryptographic algorithm and key all adopts hardware to realize that wherein symmetry algorithm and RSA Algorithm are provided by the built-in encryption chip of SJW26 encrypted card, and the preservation of key is provided by electron key.Electron key itself provides three grades of perfect key management systems, has very high security in key generation, key storage with using each link, and it prevents leakage, copy, analysis and the tracking of sensitive information by adopting the physical protection measure.
In addition to the implementation, the present invention can also have other embodiments.All employings are equal to the technical scheme of replacement or equivalent transformation formation, all drop on the protection domain of requirement of the present invention.
Claims (4)
1. computer data security protective method, in the computing machine of file system drives structure with the support of Windows operating platform, described file system drives structure is by the application programming interfaces of user's attitude and the encryption and decryption authentication module of user's attitude, the I/O manager of kernel mode and file system driving module and memory device driver module, the storer of physics attitude constitutes, the electron key of the corresponding interface grafting storage key of described computing machine is characterized in that: also contain the I/O manager that is embedded in kernel mode and the filter Driver on FSD module between the file system driving module; Driver module in the middle of also embedding between file system driving module and memory device driver module during in order to discovery I/O failure, sends examination request again to the memory device driver module; Described computing machine carries out data storage according to following steps:
1) the encryption and decryption authentication module of user's attitude is according to key in the electron key and User login cipher authentication user's legitimacy;
2) after the application programming interfaces of user's attitude are accepted validated user data and storage instruction, call the inner corresponding application program of Windows, storage operation is transferred to the I/O manager of kernel mode;
3) the I/O manager of kernel mode extracts process title, start address data, data length, the data storage path of application program, and validated user data to be stored are converted to packet, is transferred to the filter Driver on FSD module;
4) after the filter Driver on FSD module receives packet, copy out copy, and the encryption and decryption authentication module that copy is submitted to user's attitude is encrypted;
5) after the filter Driver on FSD module receives the enciphered data of returning, the data encrypted bag is handed to file system driving module;
6) file system driving module is handed to the memory device driver module by normal running with the data encrypted bag;
7) after the memory device driver module receives packet, data encrypted to be preserved is write in the storer of physics attitude;
Described computing machine carries out data read according to following steps:
1 ') the encryption and decryption authentication module of user's attitude is according to key in the electron key and User login authentification of message user's legitimacy;
2 ') after the application programming interfaces of user's attitude are accepted the instruction of validated user data read, call the inner corresponding application program of Windows, read operation is transferred to the I/O manager of kernel mode;
3 ') the I/O manager of kernel mode extracts process title, start address data, data length, the data storage path of application program, and the data that read are converted to packet, is transferred to the filter Driver on FSD module, and waits for return data;
4 ') after the filter Driver on FSD module receives packet, directly it is delivered file system driving module;
5 ') after file system driving module receives packet, by the memory device driver module file to be read in the storer of physics attitude is read, turned back to the filter Driver on FSD module by normal running;
6 ') the filter Driver on FSD module is waken up after receiving the data of returning, and after the encryption and decryption authentication module that the data that read are submitted to user's attitude is decrypted, is transferred to the I/O manager of kernel mode;
7 ') data after the I/O manager of kernel mode will be deciphered offer the application programming interfaces of user's attitude.
2. according to the described computer data security protective method of claim 1, it is characterized in that: described filter Driver on FSD module contains the absorption routine module of handing to file system driving module in order to the initialized driving inlet module of finishing filtration drive, the file I/O operation that receives in order to the equipment I/O control module of response I/O order, in order to processing again.
3. according to the described computer data security protective method of claim 2, it is characterized in that: described filter Driver on FSD module also contains in order to the quick I/O that hands to file system driving module is again handled in quick I/O request handles the routine module.
4. according to the described computer data security protective method of claim 3, it is characterized in that: the encryption and decryption authentication module of described user's attitude is in order to when user's written document, encrypting module in the encryption and decryption authentication module of user's attitude is submitted data to, then to submitting to data to encrypt with symmetric encipherment algorithm, be stored in the hard disk, the key of described symmetric encipherment algorithm adopts RSA cryptographic algorithms to encrypt, and the ciphertext after encrypting is stored in the electron key; When the user reads file, at first decrypt the key of symmetric encipherment algorithm with RSA Algorithm, be decrypted processing with this key to submitting data to then.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100964411A CN100449560C (en) | 2006-09-26 | 2006-09-26 | Computer data security protective method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100964411A CN100449560C (en) | 2006-09-26 | 2006-09-26 | Computer data security protective method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1928881A CN1928881A (en) | 2007-03-14 |
| CN100449560C true CN100449560C (en) | 2009-01-07 |
Family
ID=37858843
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100964411A Active CN100449560C (en) | 2006-09-26 | 2006-09-26 | Computer data security protective method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100449560C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999732A (en) * | 2012-11-23 | 2013-03-27 | 富春通信股份有限公司 | Multi-stage domain protection method and system based on information security level identifiers |
Families Citing this family (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100452076C (en) * | 2007-07-10 | 2009-01-14 | 北京鼎信高科信息技术有限公司 | Method for constructing transparent coding environment |
| CN101236535B (en) * | 2007-07-31 | 2010-12-22 | 北京理工大学 | Hard disk encryption method based on optical disk under Window environment |
| CN101236532B (en) * | 2007-07-31 | 2011-06-29 | 北京理工大学 | Hard disk encryption method based on USB equipment under Window environment |
| CN101510245B (en) * | 2009-03-06 | 2011-08-03 | 同方股份有限公司 | High speed encryption and decryption USB bridging chip and chip high speed encryption and decryption method |
| CN101924765B (en) * | 2010-08-20 | 2013-04-17 | 河南省电力公司 | Single-system and single-network computer communication method |
| CN102654863A (en) * | 2011-03-02 | 2012-09-05 | 华北计算机系统工程研究所 | Real-time database history data organizational management method |
| CN102184370B (en) * | 2011-04-11 | 2014-04-30 | 西安电子科技大学 | Document security system based on microfiltration drive model |
| EP2782292B1 (en) | 2011-11-15 | 2016-02-10 | Japan Science and Technology Agency | Packet data extraction device, control method for packet data extraction device, control program, and computer-readable recording medium |
| CN102523270B (en) * | 2011-12-09 | 2015-05-13 | 成都东方盛行电子有限责任公司 | Method for realizing cloud storage |
| CN103164659A (en) * | 2011-12-13 | 2013-06-19 | 联想(北京)有限公司 | Method for realizing data storage safety and electronic device |
| CN102609667A (en) * | 2012-02-22 | 2012-07-25 | 浙江机电职业技术学院 | Automatic file encryption and decryption system and automatic file encryption and decryption method based on filter drive program |
| CN103761067A (en) * | 2013-12-13 | 2014-04-30 | 昆山五昌新精密电子工业有限公司 | Processing system and processing method for encryption/decryption of data files |
| CN103763313B (en) * | 2014-01-03 | 2017-05-10 | 深圳市大成天下信息技术有限公司 | File protection method and system |
| CN105243332A (en) * | 2014-06-23 | 2016-01-13 | 中兴通讯股份有限公司 | Encryption method and apparatus as well as kernel encryption data operation method and apparatus |
| CN104182692A (en) * | 2014-09-04 | 2014-12-03 | 昆山五昌新精密电子工业有限公司 | File encryption/decryption wireless processing system and method |
| CN104751072A (en) * | 2015-03-17 | 2015-07-01 | 山东维固信息科技股份有限公司 | Secrete-related control system providing completely transparent user experience based on real-time encryption and decryption technology |
| CN106528571A (en) * | 2015-09-14 | 2017-03-22 | 北京中质信维科技有限公司 | File management method and system for mobile terminal |
| CN106682521B (en) * | 2016-11-28 | 2020-02-07 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN106815528B (en) * | 2016-12-07 | 2019-10-29 | 重庆软云科技有限公司 | A kind of file management method and device, storage equipment |
| CN107426151B (en) * | 2017-03-31 | 2020-07-31 | 武汉斗鱼网络科技有限公司 | File decryption method and device |
| CN107247907A (en) * | 2017-04-28 | 2017-10-13 | 国电南瑞科技股份有限公司 | A kind of electric automobile interconnects Information Security Defending System |
| CN107844700A (en) * | 2017-11-28 | 2018-03-27 | 郑州云海信息技术有限公司 | A kind of method and system of intelligent protection operating system user account |
| CN109359473A (en) * | 2018-09-26 | 2019-02-19 | 深圳市德名利电子有限公司 | A kind of guard method and system of network cloud disc file |
| CN111881466B (en) * | 2020-08-06 | 2023-05-30 | 中电科网络安全科技股份有限公司 | File output method and device, electronic equipment and storage medium |
| CN113221171A (en) * | 2021-05-21 | 2021-08-06 | 杭州弗兰科信息安全科技有限公司 | Encrypted file reading and writing method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1601430A (en) * | 2004-10-14 | 2005-03-30 | 苏州超锐微电子有限公司 | Method of carrying out hard disk protection by utilizing encryption of main zoning |
| US20050183501A1 (en) * | 2003-10-20 | 2005-08-25 | Honda Motor Co., Ltd. | Inertia sensor unit |
| CN1776563A (en) * | 2005-12-19 | 2006-05-24 | 清华紫光股份有限公司 | File encrypting device based on USB interface |
| CN1786867A (en) * | 2005-09-22 | 2006-06-14 | 深圳市江波龙电子有限公司 | Method for ciphering and diciphering of file, safety managing storage apparatus and system method thereof |
| CN1834977A (en) * | 2006-03-23 | 2006-09-20 | 李岳 | Authentication protection method based on USB device |
-
2006
- 2006-09-26 CN CNB2006100964411A patent/CN100449560C/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050183501A1 (en) * | 2003-10-20 | 2005-08-25 | Honda Motor Co., Ltd. | Inertia sensor unit |
| CN1601430A (en) * | 2004-10-14 | 2005-03-30 | 苏州超锐微电子有限公司 | Method of carrying out hard disk protection by utilizing encryption of main zoning |
| CN1786867A (en) * | 2005-09-22 | 2006-06-14 | 深圳市江波龙电子有限公司 | Method for ciphering and diciphering of file, safety managing storage apparatus and system method thereof |
| CN1776563A (en) * | 2005-12-19 | 2006-05-24 | 清华紫光股份有限公司 | File encrypting device based on USB interface |
| CN1834977A (en) * | 2006-03-23 | 2006-09-20 | 李岳 | Authentication protection method based on USB device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999732A (en) * | 2012-11-23 | 2013-03-27 | 富春通信股份有限公司 | Multi-stage domain protection method and system based on information security level identifiers |
| CN102999732B (en) * | 2012-11-23 | 2015-04-22 | 富春通信股份有限公司 | Multi-stage domain protection method and system based on information security level identifiers |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1928881A (en) | 2007-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100449560C (en) | Computer data security protective method | |
| US9942205B2 (en) | Method and system for digital rights management of documents | |
| JP4498735B2 (en) | Secure machine platform that interfaces with operating system and customized control programs | |
| US6351813B1 (en) | Access control/crypto system | |
| US7908476B2 (en) | Virtualization of file system encryption | |
| US7890993B2 (en) | Secret file access authorization system with fingerprint limitation | |
| CA2640804C (en) | Method and system for integrated securing and managing of virtual machines and virtual appliances | |
| US7904732B2 (en) | Encrypting and decrypting database records | |
| US20100042846A1 (en) | Trusted card system using secure exchange | |
| EP0268139A2 (en) | Manipulating rights-to-execute in connection with a software copy protection mechanism | |
| WO2011137743A1 (en) | File protection method and system | |
| TW201112035A (en) | Support for secure objects in a computer system | |
| CA2035697A1 (en) | Encryption apparatus for computer device | |
| US8086873B2 (en) | Method for controlling file access on computer systems | |
| Itoi | {SC-CFS}: Smartcard Secured Cryptographic File System | |
| JPH05233460A (en) | File protection system | |
| TWI745784B (en) | Disc security system | |
| Balmer et al. | Framework for a high-assurance security extension to commercial network clients | |
| Halcrow | Demands, solutions, and improvements for Linux filesystem security | |
| JPS63127334A (en) | Withdrawal and conditioning execution right from software protection mechanism in safety | |
| JPH10340232A (en) | File copy preventing device, and file reader | |
| JPH1125053A (en) | Certification security server dealing with ic card and dedicated application program interface(api) for certification processing of application program | |
| Karger et al. | Implementing a high-assurance smart-card OS | |
| Pal et al. | Enhancing file data security in linux operating system by integrating secure file system | |
| Kumar et al. | Efficient methodology for implementation of Encrypted File System in User Space |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |