CN104252605A - Method and system for file transparent encryption and decryption of Android platform - Google Patents

Method and system for file transparent encryption and decryption of Android platform Download PDF

Info

Publication number
CN104252605A
CN104252605A CN201410475391.2A CN201410475391A CN104252605A CN 104252605 A CN104252605 A CN 104252605A CN 201410475391 A CN201410475391 A CN 201410475391A CN 104252605 A CN104252605 A CN 104252605A
Authority
CN
China
Prior art keywords
file
key
user
encryption
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410475391.2A
Other languages
Chinese (zh)
Other versions
CN104252605B (en
Inventor
王金伟
张正宇
赵波
徐凌云
周宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SUQIAN XINCHAO INFORMATION TECHNOLOGY CO., LTD.
Original Assignee
Nanjing University of Information Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Information Science and Technology filed Critical Nanjing University of Information Science and Technology
Priority to CN201410475391.2A priority Critical patent/CN104252605B/en
Publication of CN104252605A publication Critical patent/CN104252605A/en
Application granted granted Critical
Publication of CN104252605B publication Critical patent/CN104252605B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Abstract

The invention discloses a method for file transparent encryption and decryption of the Android platform. The method includes the steps: selecting a route of a folder where a file needed to be protected is positioned, and setting passwords; respectively generating an encrypted route dictionary list and an authentication file according to the route and the passwords input by a user; scanning the encrypted route dictionary list, if an operating system is started for the first time, subjecting the protected file to first-time initialization encryption according to list items, and then carrying out the next step; when the user triggers a screen unlocking event, receiving a passphrase input by the user, comparing the passphrase subjected to hash algorithm with the authentication file generated at the step two, and if the passphrase is not matched with the authentication file, judging that unlocking fails; if the passphrase is matched with the authentication file, subjecting the passphrase to sha 1 algorithm to generate a secret key, and storing the secret key; calling the secret key for encryption and decryption of the file. The invention further discloses a system for file transparent encryption and decryption of the Android platform. File protection is realized on the premise of small interferences to user operations.

Description

A kind of file transparent encrypting and deciphering system of Android platform and method
Technical field
The present invention relates to field of information security technology, particularly a kind of file transparent encrypting and deciphering system of Android platform and method.
Background technology
Along with the fast development of information age, internet deepens continuously the every aspect of popular life and work, becomes an indispensable part.The development of universal and internet and the movable storage device of computer utility, paper document in the past changes electronics into gradually, it is little that e-file has volume, check many advantages such as convenient, the easy change of e-file simultaneously, the characteristic of easily propagation, also can badly influence e-file and store and the security exchanged.
Transparent encryption technology is development in recent years a kind of file ciphering technology comparatively rapidly.So-called transparent, refer to that, for authorized user, encryption process completes automatically, realize principle in disk with encrypted test mode storing documents, automatically decipher when reading in, be saved in internal memory, after user has revised the copy in internal memory, more automatically encrypt and write back disk.In Windows, transparent encryption actualizing technology mainly contains two classes: the hook transparent encryption technology of client layer and the filtration drive encryption technology of inner nuclear layer, and the realization of inner nuclear layer is in performance, compatibility and stability are better than client layer realization, and also comparatively client layer realization is large for technical difficulty simultaneously.
Based on android system use the linux kernel cut out for embedded device, its the design indicates thought of Structured Design, there is very strong level, from bottom to user interface, level mainly comprises: linux kernel, HAL (hardware abstraction layer), system services layer, application framework layer and application program.The operation of the file system of linux kernel is provided by concrete file system maintenance several groups of operation tables, and its list item is function pointer, points to concrete operation code.Transparent encryption needs the behavior changing certain operations (as read-write operation).Experiment proves, only replacement operation table is technically feasible, but causes system architecture chaotic, maintainable and poor expandability.Stacking-type file system is a kind of incremental development pattern, for expanding the function of original file system.Which need not revise the code of original file system, but covers thereon, filters the operations such as read-write, adds the disposal route of oneself during the course, as encryption and compression etc., to strengthen the function of original file system.This model is proposed by Erez Zadok, includes FiST framework to facilitate such file system of structure.Because FiST framework establishment is before two 〇 〇 〇, lack maintenance, and only support the kernel version of 2.4 to 2.6.
Directly by the application of the thought of PC file protecting system on the mobile apparatus, have ignored the difference of platform: mobile device mainly emphasizes Consumer's Experience, be not only functional realiey to existing part Android file protecting system.These file protecting systems frequently require that user inputs password, select encryption and decryption file, reduce the convenience degree of equipment.On the other hand, existing transparent encrypting and deciphering system, decrease the impact on user operation habits, but protection work is not comprehensive: such as because rights concerns can not protect particular category, the file (and important deposit position of SD card regular user data) on SD card can not be protected; Or the file of certain specified format can only be protected; Or it is low vulnerable to system conjugation; Or compatible and extendability is low, such as support sector can only divide the system of particular version.
Summary of the invention
Technical matters to be solved by this invention is the file transparent encrypting and deciphering system and the method that overcome the deficiencies in the prior art and provide a kind of Android platform; the present invention utilizes stacking-type file system actualizing technology; employing reduces the impact on user operation as far as possible in conjunction with frequency locking interface; operating system of combining closely itself, encryption and decryption protection that realization is externally obstructed, internally nothing serious.
The present invention is for solving the problems of the technologies described above by the following technical solutions:
According to the file transparent encipher-decipher method of a kind of Android platform that the present invention proposes, comprise the following steps:
Step one, selection need the path of the file place file of protection and arrange password;
Step 2, according to the path of user's input and password, generate encryption path catalogue listing and authentication file respectively;
Step 3, scanning encryption path catalogue listing, if first time open operation system, first time initialization encryption will be carried out to agent-protected file according to list item, then carry out next step;
Step 4, when user triggers unlock screen event, then accept user input pass phrase, compare with the authentication file produced in step 2 after hash algorithm computing is carried out to pass phrase: if do not mated, then unlock failure; If coupling, then adopt pass phrase sha1 algorithm to be converted into key, stored by this key;
Step 5, when user's access file, if operation file or catalogue in encryption path catalogue listing, when user sends write request, the key-pair file that invocation step four stores is encrypted; When user sends read request, call key-pair file and be decrypted;
Step 6, when user triggers lock-screen event, then remove the key screen locking deposited.
As the scheme of the further optimization of the file transparent encipher-decipher method of a kind of Android platform of the present invention, described hash algorithm is MD5 hash algorithm.
According to the file transparent encrypting and deciphering system of a kind of Android platform that the present invention proposes, comprise line module and kernel module, line module comprises dispensing unit and screen locking unit, and kernel module comprises key management unit unit and stacking-type file system elements; Wherein,
Dispensing unit, generates strategy for receiving user, and strategy comprises password, authentication file, encryption menu routing table, and this password generates the first key through sha1 algorithm and stores; Authentication file inputs to key management unit unit, and encryption menu routing table inputs to stacking-type file system elements;
Screen locking unit, exports the pass phrase that user inputs to key management unit unit;
Key management unit unit, mates with authentication file: if do not mate, unlock failure after pass phrase is adopted hash algorithm computing; If coupling is consistent, while unlock screen, is adopted by pass phrase shal algorithm to be converted into the second key and store, when the screen locking of screen locking unit, remove the second key;
Stacking-type file system elements, when first time open operation system, the file called when receiving encryption menu routing table in the catalogue corresponding to the first key pair encryption directory path table carries out initialization encryption; And cover operating system support and on the All Files system of carry, call the second key in key management unit when user sends read request, file is decrypted; Call the second key in key management unit when user sends write request, file is encrypted.
As the scheme of the further optimization of the file transparent encrypting and deciphering system of a kind of Android platform of the present invention, the strategy that described user formulates also comprises whether enabling encrypting and deciphering system.
As the scheme of the further optimization of the file transparent encrypting and deciphering system of a kind of Android platform of the present invention, described hash algorithm is MD5 hash algorithm.
The present invention adopts above technical scheme compared with prior art, there is following technique effect: (1) the present invention utilizes stacking-type file system actualizing technology, employing reduces the impact on user operation as far as possible in conjunction with frequency locking interface, operating system of combining closely itself, encryption and decryption protection that realization is externally obstructed, internally nothing serious; (2) protect Android terminal user storage private data in a device, do not change user operation habits simultaneously, do not affect Consumer's Experience; (3) select kernel level cipher mode, enhance system security and encryption and decryption efficiency, be combined closely with system, anti-attack ability is strong, has higher security; Because system core encryption/decryption module is operated in the bottom, and be most top layer with the interface of user interactions, system setup middleware, auxiliary kernel module communicates with upper layer application; By JNI (Java local IP access interface) and interlayer communication, middle layer is completed by the mode of ioctl and communicates with kernel module; (4) the present invention can support the 3.x kernel that Android4.x popular at present uses, native system design document system, reads and the enterprising row relax of write operation, and other file operation is directly directed to underlying file systems, easily transplant flexibly at file; (5) encryption and decryption is to user transparent, and little to user operation interference, Consumer's Experience is good; Be convenient to dispose and transplant; There is higher performance; Do not distinguish file layout, user can be used to the file encrypting arbitrary form; Do not distinguish memory location, information in application program of mobile phone information and Memory Extension card can be encrypted, realize the protection to SD card file data.
Accompanying drawing explanation
Fig. 1 is the interaction of each intermodule of native system.
Fig. 2 is the present invention's transparent encryption and decryption file system fundamental diagram.
Fig. 3 is the schematic diagram between upper strata stack encryption and decryption file system and lower floor's actual file system.
Fig. 4 is screen locking cell operation process flow diagram.
Embodiment
Below in conjunction with accompanying drawing, technical scheme of the present invention is described in further detail:
A file transparent encipher-decipher method for Android platform, comprises the following steps:
Step one, selection need the path of the file place file of protection and arrange password;
Step 2, according to the path of user's input and password, generate encryption path catalogue listing and authentication file respectively;
Step 3, scanning encryption path catalogue listing, if first time open operation system, first time initialization encryption will be carried out to agent-protected file according to list item, then carry out next step;
Step 4, when user triggers unlock screen event, then accept user input pass phrase, compare with the authentication file produced in step 2 after hash algorithm computing is carried out to pass phrase: if do not mated, then unlock failure; If coupling, then adopt pass phrase sha1 algorithm to be converted into key, stored by this key;
Step 5, when user's access file, if operation file or catalogue in encryption path catalogue listing, when user sends write request, the key-pair file that invocation step four stores is encrypted; When user sends read request, call key-pair file and be decrypted;
Step 6, when user triggers lock-screen event, then remove the key screen locking deposited.
Described hash algorithm is MD5 hash algorithm.
The interaction of each intermodule of native system as shown in Figure 1, a kind of file transparent encrypting and deciphering system of Android platform, comprise line module and kernel module, line module comprises dispensing unit and screen locking unit, and kernel module comprises key management unit unit and stacking-type file system elements; Wherein,
Dispensing unit, generates strategy for receiving user, and strategy comprises password, authentication file, encryption menu routing table, and this password generates the first key through sha1 algorithm and stores; Authentication file inputs to key management unit unit, and encryption menu routing table inputs to stacking-type file system elements;
Screen locking unit, exports the pass phrase that user inputs to key management unit unit;
Key management unit unit, mates with authentication file: if do not mate, unlock failure after pass phrase is adopted hash algorithm computing; If coupling is consistent, while unlock screen, is adopted by pass phrase shal algorithm to be converted into the second key and store, when the screen locking of screen locking unit, remove the second key;
Stacking-type file system elements, when first time open operation system, the file called when receiving encryption menu routing table in the catalogue corresponding to the first key pair encryption directory path table carries out initialization encryption; And cover operating system support and on the All Files system of carry, call the second key in key management unit when user sends read request, file is decrypted; Call the second key in key management unit when user sends write request, file is encrypted.
The strategy that described user formulates also comprises whether enabling encrypting and deciphering system.Described hash algorithm is MD5 hash algorithm.
Fig. 2 is the present invention's transparent encryption and decryption file system fundamental diagram.Read the process of agent-protected file: if user is unauthorized user (user without locking screen interface authentication), operation failure.For authorized user, then transmit read request to underlying file system, obtain the file content returned, now content is ciphertext.To key management unit unit requests key, this double secret key ciphertext is utilized to be decrypted.The plaintext of acquisition is copied to user's space from kernel spacing.
Amendment corresponding document attribute, completes read operation.
The process of write agent-protected file: if user is unauthorized user (user without locking screen interface authentication), operation failure.
For authorized user, request key, the buffer zone, data place utilizing key to be transmitted by user's space is encrypted.
Buffer contents is delivered to underlying file system, is written to disk by it.
Amendment corresponding document attribute, completes write operation.
To kernel register-file system module, the file system operation method realized is needed to have: superblock method of operating, nodal operation method, file operation method.
Native system file system forms a stack architecture, and topmost paper system is exactly the stacking-type encryption and decryption file system of exploitation.Underlying file system is actual file system (but is also likely another stacking-type file system, if this stackable file system enough " transparent ", also can thinks actual file system).
Because topmost paper system depends on method of operating and the data structure of underlying file system, so the first step should build the relation between levels file system data structures.
Be the schematic diagram between upper strata stack encryption and decryption file system and lower floor's actual file system as shown in Figure 3, for file structure: upper_file is the object of this layer of file system here, lower_file is the object of the underlying file system corresponded.Both are contacted by the private_date pointer of upper_file.The function in the file_ops file operation table in upper_file is called during file operation.Because the operation requests issuing stacking-type file system upper strata after treatment, lower floor can be passed to.Specifically, the function in upper strata file_ops operation table can call respective function in lower floor file_ops table.Similar, dentry, inode and address_space structure of this layer of file system, contacts with the respective data structures of underlying file system, transmits respective operation requests.
Complete the structure of relation between levels key data structure, for operation below lays the foundation.
Except file read-write operations, the work of remaining paper Dynamic System is only call underlying file system respective function, or uses universal function, passes through " to realize ".If needed, the domain of dependence of underlying file system data structure also to be upgraded, as the file access time, file current read position etc.To read catalogue file: now levels file system relation has built, because need the operation of calling underlying file system, first searched out the data structure lower_file of the underlying file system corresponding with this layer of file by this relation.The directory information of lower_file is read by VFS layer general purpose function.Here directory information is the directory information of underlying file system, but owing to not processing this operation, can directly return as the directory information of this layer.Automatically can upgrade the access time of lower_file after VFS_readdir has read information, but need manually to upgrade the file access time on upper strata.Here both object synchronous is reached by copy underlying file visit information.
All the other need " to realize similar by the file operation of ".
As follows to file read-write operations particular content: after calling underlying file systems and reading in data, before content is turned back to user's space, buffer zone is decrypted.Equally, when write operation, before calling underlying file systems write operation, encrypted buffer district.
Wherein encryption process can use kernel encryption and decryption framework to realize, to save space-time expense, and reduction cost of development.
The realization of dispensing unit: tactful configuration interface is native system control core. above, summary of the invention one saves and provides description its function.It safeguards two files: for password md5 file and the encryption menu list file of comparison during authentication.It as common Android application program, but needs to hold administrator right, and by automatically when needing start, then scanning encryption menu table, is the catalogue carry encryption and decryption file system in table one by one.
The realization of kernel key management unit unit:
Kernel key management unit unit, acts on similar to kernel key ring.Directly do not use kernel key ring to be because it is too complicated, the limited time resource of embedded device that kernel takies and space resources should be reduced as far as possible.The close manager of kernel mainly comprises one and can, by the global buffer of other module accesses, be used for depositing key.This module is directly communicated by ioctl mode with application layer locking screen interface.Definition of T RANSPARENT_IOCAUTHEN order is accept the password from user's input, after md5 computing, the authentication file deposited with this locality is compared, if consistent, return and is verified, and converts password to 128bit key through sha1 computing and leave in global buffer.Simultaneously definition of T RANSPARENT_IOCCLEARKEY order is the task of key in the removing key management unit that needed during lock screen.
Fig. 4 is screen locking cell operation process flow diagram.The realization of screen locking unit: screen locking application accepts the pass phrase of user's input, and reads the switching value of whether opening encryption and decryption service.
These information are copied into kernel spacing, and here pass phrase is calculated by hash algorithm, with the MD5 value comparison of depositing in authentication file to confirm user identity.If do not conformed to, then prompting unlocks unsuccessfully, and user can carry out the trial of limited number of time; If conformed to, turn next step.
If authentication success, then judge whether the switching value of opening encryption and decryption service; If service is not opened, then turn next step; If service is opened, then key is carried out converting stored in key management unit, perform next step.
Unlock screen.
Screen locking unit provide two with the set of controls of user interactions: code input control group and a binary switch.The former is for the key of recording user input, and the latter determines it is only unlock mobile phone operating system or i.e. unlocking operation system but also unlock encrypt file.Screen locking unit itself only accepts and cache user password, not responsible authentication.Be in security consideration, authentication is completed by kernel cipher key management unit.Screen locking unit is communicated with middle layer dynamic base by JNI (Java local IP access interface), and key, passing through mode and the kernel communication of ioctl, is delivered to kernel spacing from user's space by middle layer.Consider that the user of trial edition system is divided into mobile phone operating system to customize business and personal user two kinds, so JNI disposes both can provide upper strata calling interface at application framework layer, routine call is employed as system API, or expanded by third party application, accomplish to combine closely with system, program can be employed as independently dynamic library file and load by direct compilation again, make personal user's deployment simple and convenient in android system screen locking and screen-unblocking be the message transmitted with BroadCast form.Native system screen locking application module monitors this message, makes corresponding process.The action that openScreen and closeScreen in code performs when being and unlocking/unblank screen, mainly calls JNI interface, and unblock has been authentication and Key Distribution, removes key during screen locking.
Above-described specific embodiments; further detailed description has been carried out to object of the present invention, technical scheme and beneficial effect; be understood that; the foregoing is only specific embodiment of the invention scheme; and be not used to limit scope of the present invention; any those skilled in the art, the equivalent variations made under the prerequisite not departing from design of the present invention and principle and amendment, all should belong to the scope of protection of the invention.

Claims (5)

1. a file transparent encipher-decipher method for Android platform, is characterized in that, comprise the following steps:
Step one, selection need the path of the file place file of protection and arrange password;
Step 2, according to the path of user's input and password, generate encryption path catalogue listing and authentication file respectively;
Step 3, scanning encryption path catalogue listing, if first time open operation system, first time initialization encryption will be carried out to agent-protected file according to list item, then carry out next step;
Step 4, when user triggers unlock screen event, then accept user input pass phrase, compare with the authentication file produced in step 2 after hash algorithm computing is carried out to pass phrase: if do not mated, then unlock failure; If coupling, then adopt pass phrase sha1 algorithm to be converted into key, stored by this key;
Step 5, when user's access file, if operation file or catalogue in encryption path catalogue listing, when user sends write request, the key-pair file that invocation step four stores is encrypted; When user sends read request, call key-pair file and be decrypted;
Step 6, when user triggers lock-screen event, then remove the key screen locking deposited.
2. the file transparent encipher-decipher method of a kind of Android platform according to claim 1, is characterized in that, described hash algorithm is MD5 hash algorithm.
3. a file transparent encrypting and deciphering system for Android platform, comprises line module and kernel module, it is characterized in that, line module comprises dispensing unit and screen locking unit, and kernel module comprises key management unit unit and stacking-type file system elements; Wherein,
Dispensing unit, generates strategy for receiving user, and strategy comprises password, authentication file, encryption menu routing table, and this password generates the first key through sha1 algorithm and stores; Authentication file inputs to key management unit unit, and encryption menu routing table inputs to stacking-type file system elements;
Screen locking unit, exports the pass phrase that user inputs to key management unit unit;
Key management unit unit, mates with authentication file: if do not mate, unlock failure after pass phrase is adopted hash algorithm computing; If coupling is consistent, while unlock screen, is adopted by pass phrase shal algorithm to be converted into the second key and store, when the screen locking of screen locking unit, remove the second key;
Stacking-type file system elements, when first time open operation system, the file called when receiving encryption menu routing table in the catalogue corresponding to the first key pair encryption directory path table carries out initialization encryption; And cover operating system support and on the All Files system of carry, call the second key in key management unit when user sends read request, file is decrypted; Call the second key in key management unit when user sends write request, file is encrypted.
4. the file transparent encrypting and deciphering system of a kind of Android platform according to claim 3, is characterized in that, the strategy that described user formulates also comprises whether enabling encrypting and deciphering system.
5. the file transparent encrypting and deciphering system of a kind of Android platform according to claim 3, is characterized in that, described hash algorithm is MD5 hash algorithm.
CN201410475391.2A 2014-09-17 2014-09-17 A kind of file transparent encrypting and deciphering system of Android platform and method Active CN104252605B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410475391.2A CN104252605B (en) 2014-09-17 2014-09-17 A kind of file transparent encrypting and deciphering system of Android platform and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410475391.2A CN104252605B (en) 2014-09-17 2014-09-17 A kind of file transparent encrypting and deciphering system of Android platform and method

Publications (2)

Publication Number Publication Date
CN104252605A true CN104252605A (en) 2014-12-31
CN104252605B CN104252605B (en) 2017-03-15

Family

ID=52187488

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410475391.2A Active CN104252605B (en) 2014-09-17 2014-09-17 A kind of file transparent encrypting and deciphering system of Android platform and method

Country Status (1)

Country Link
CN (1) CN104252605B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104866778A (en) * 2015-01-30 2015-08-26 武汉华工安鼎信息技术有限责任公司 Document safety access control method and device based on Linux kernel
CN105373744A (en) * 2015-10-29 2016-03-02 成都卫士通信息产业股份有限公司 Method for encrypting extended file system based on Linux
WO2016112712A1 (en) * 2015-01-16 2016-07-21 努比亚技术有限公司 Secure access method, apparatus, and terminal, storage medium
CN106060010A (en) * 2016-05-11 2016-10-26 广东七洲科技股份有限公司 Android platform transparent encryption and decryption system
CN106127078A (en) * 2016-07-11 2016-11-16 北京鼎源科技有限公司 Cryptographic key protection method under a kind of Android environment and system
WO2016206393A1 (en) * 2015-06-26 2016-12-29 中兴通讯股份有限公司 Method and apparatus for managing application and method and apparatus for implementing read-write operation
WO2017181968A1 (en) * 2016-04-20 2017-10-26 中兴通讯股份有限公司 Method for processing application file, method and device for accessing application file, and storage medium
CN109145623A (en) * 2018-08-24 2019-01-04 深圳竹云科技有限公司 A kind of equipment Id encryption technology based on Android kernel
CN109492417A (en) * 2018-11-13 2019-03-19 熊予舒 Data ciphering method and system
CN110209428A (en) * 2018-12-28 2019-09-06 深圳市泰衡诺科技有限公司 A kind of terminal screen awakening method, device, terminal and storage medium
CN111062049A (en) * 2019-11-21 2020-04-24 视联动力信息技术股份有限公司 File protection method and device, terminal equipment and storage medium
CN111079159A (en) * 2019-12-03 2020-04-28 北京元心科技有限公司 Encrypted communication method and system for Hypervisor multi-domain architecture
CN111143879A (en) * 2019-12-26 2020-05-12 厦门市美亚柏科信息股份有限公司 Android platform SD card file protection method, terminal device and storage medium
CN112182611A (en) * 2020-09-27 2021-01-05 中孚安全技术有限公司 File transparent encryption and decryption method and system based on Linux kernel layer

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030226025A1 (en) * 2002-06-04 2003-12-04 Chanson Lin Data security method of storage media
CN101674575A (en) * 2009-09-17 2010-03-17 中兴通讯股份有限公司 Method for protecting security of mobile communication terminal data and device thereof
CN103078866A (en) * 2013-01-14 2013-05-01 成都西可科技有限公司 Transparent encryption method for mobile platform

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030226025A1 (en) * 2002-06-04 2003-12-04 Chanson Lin Data security method of storage media
CN101674575A (en) * 2009-09-17 2010-03-17 中兴通讯股份有限公司 Method for protecting security of mobile communication terminal data and device thereof
CN103078866A (en) * 2013-01-14 2013-05-01 成都西可科技有限公司 Transparent encryption method for mobile platform

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
唐铭若: "基于Android平台的文件透明加密的设计与实现", 《中国优秀硕士论文全文数据库》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016112712A1 (en) * 2015-01-16 2016-07-21 努比亚技术有限公司 Secure access method, apparatus, and terminal, storage medium
CN104866778A (en) * 2015-01-30 2015-08-26 武汉华工安鼎信息技术有限责任公司 Document safety access control method and device based on Linux kernel
WO2016206393A1 (en) * 2015-06-26 2016-12-29 中兴通讯股份有限公司 Method and apparatus for managing application and method and apparatus for implementing read-write operation
CN105373744A (en) * 2015-10-29 2016-03-02 成都卫士通信息产业股份有限公司 Method for encrypting extended file system based on Linux
WO2017181968A1 (en) * 2016-04-20 2017-10-26 中兴通讯股份有限公司 Method for processing application file, method and device for accessing application file, and storage medium
CN106060010A (en) * 2016-05-11 2016-10-26 广东七洲科技股份有限公司 Android platform transparent encryption and decryption system
CN106127078A (en) * 2016-07-11 2016-11-16 北京鼎源科技有限公司 Cryptographic key protection method under a kind of Android environment and system
CN109145623A (en) * 2018-08-24 2019-01-04 深圳竹云科技有限公司 A kind of equipment Id encryption technology based on Android kernel
CN109492417A (en) * 2018-11-13 2019-03-19 熊予舒 Data ciphering method and system
CN110209428A (en) * 2018-12-28 2019-09-06 深圳市泰衡诺科技有限公司 A kind of terminal screen awakening method, device, terminal and storage medium
CN110209428B (en) * 2018-12-28 2023-08-29 深圳市泰衡诺科技有限公司 Terminal screen awakening method and device, terminal and storage medium
CN111062049A (en) * 2019-11-21 2020-04-24 视联动力信息技术股份有限公司 File protection method and device, terminal equipment and storage medium
CN111079159A (en) * 2019-12-03 2020-04-28 北京元心科技有限公司 Encrypted communication method and system for Hypervisor multi-domain architecture
CN111143879A (en) * 2019-12-26 2020-05-12 厦门市美亚柏科信息股份有限公司 Android platform SD card file protection method, terminal device and storage medium
CN112182611A (en) * 2020-09-27 2021-01-05 中孚安全技术有限公司 File transparent encryption and decryption method and system based on Linux kernel layer

Also Published As

Publication number Publication date
CN104252605B (en) 2017-03-15

Similar Documents

Publication Publication Date Title
CN104252605B (en) A kind of file transparent encrypting and deciphering system of Android platform and method
EP3913516B1 (en) File access authority authentication method and electronic device
CN102254124B (en) A kind of information of mobile terminal security protection system and method
US20130159699A1 (en) Password Recovery Service
CN103686716B (en) Android access control system for enhancing confidentiality and integrality
CN103106372A (en) Lightweight class privacy data encryption method and system for Android system
US20090240956A1 (en) Transparent encryption using secure encryption device
CN103595730A (en) Ciphertext cloud storage method and system
CN101916342A (en) Secure mobile storage device and method for realizing secure data exchange by using same
CN105981027A (en) Secure authentication and switching to encrypted domains
CN101189617A (en) Electronic device, update server device, key update device
CN102882923A (en) Secure storage system and method for mobile terminal
CN102819702B (en) File encryption operation method and file encryption operational system
CN105426775A (en) Method and system for protecting information security of smartphone
CN101159754A (en) Internet application management system operating on intelligent mobile terminal
CN102118503B (en) Data protection method, device and terminal
WO2024045407A1 (en) Virtual disk-based secure storage method
CN105279453B (en) It is a kind of to support the partitions of file for separating storage management to hide system and method
WO2010038764A1 (en) Encryption device, encryption method and program
CN101339589B (en) Method for implementing information safety by dummy machine technology
CN104361265A (en) Document protection method, device and system
CN106127078A (en) Cryptographic key protection method under a kind of Android environment and system
CN101383833A (en) Apparatus and method for enhancing PIN code input security of intelligent cipher key apparatus
CN106503580A (en) A kind of guard method of private data and terminal
CN111625843A (en) Data transparent encryption and decryption system suitable for big data platform

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20190820

Address after: Room 1009, Building B, Dongshou Software Industrial Park, Yingbin Avenue, Shuyang County, Suqian City, Jiangsu Province

Patentee after: SUQIAN XINCHAO INFORMATION TECHNOLOGY CO., LTD.

Address before: Zhongshan road Wuzhong District Mudu town of Suzhou city in Jiangsu province 215101 No. 70 Wuzhong Science Park Building 2 room 2310

Patentee before: Nanjing University of Information Science and Technology