CN104252605A - Method and system for file transparent encryption and decryption of Android platform - Google Patents
Method and system for file transparent encryption and decryption of Android platform Download PDFInfo
- Publication number
- CN104252605A CN104252605A CN201410475391.2A CN201410475391A CN104252605A CN 104252605 A CN104252605 A CN 104252605A CN 201410475391 A CN201410475391 A CN 201410475391A CN 104252605 A CN104252605 A CN 104252605A
- Authority
- CN
- China
- Prior art keywords
- file
- key
- user
- encryption
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
- G06F3/0484—Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Abstract
The invention discloses a method for file transparent encryption and decryption of the Android platform. The method includes the steps: selecting a route of a folder where a file needed to be protected is positioned, and setting passwords; respectively generating an encrypted route dictionary list and an authentication file according to the route and the passwords input by a user; scanning the encrypted route dictionary list, if an operating system is started for the first time, subjecting the protected file to first-time initialization encryption according to list items, and then carrying out the next step; when the user triggers a screen unlocking event, receiving a passphrase input by the user, comparing the passphrase subjected to hash algorithm with the authentication file generated at the step two, and if the passphrase is not matched with the authentication file, judging that unlocking fails; if the passphrase is matched with the authentication file, subjecting the passphrase to sha 1 algorithm to generate a secret key, and storing the secret key; calling the secret key for encryption and decryption of the file. The invention further discloses a system for file transparent encryption and decryption of the Android platform. File protection is realized on the premise of small interferences to user operations.
Description
Technical field
The present invention relates to field of information security technology, particularly a kind of file transparent encrypting and deciphering system of Android platform and method.
Background technology
Along with the fast development of information age, internet deepens continuously the every aspect of popular life and work, becomes an indispensable part.The development of universal and internet and the movable storage device of computer utility, paper document in the past changes electronics into gradually, it is little that e-file has volume, check many advantages such as convenient, the easy change of e-file simultaneously, the characteristic of easily propagation, also can badly influence e-file and store and the security exchanged.
Transparent encryption technology is development in recent years a kind of file ciphering technology comparatively rapidly.So-called transparent, refer to that, for authorized user, encryption process completes automatically, realize principle in disk with encrypted test mode storing documents, automatically decipher when reading in, be saved in internal memory, after user has revised the copy in internal memory, more automatically encrypt and write back disk.In Windows, transparent encryption actualizing technology mainly contains two classes: the hook transparent encryption technology of client layer and the filtration drive encryption technology of inner nuclear layer, and the realization of inner nuclear layer is in performance, compatibility and stability are better than client layer realization, and also comparatively client layer realization is large for technical difficulty simultaneously.
Based on android system use the linux kernel cut out for embedded device, its the design indicates thought of Structured Design, there is very strong level, from bottom to user interface, level mainly comprises: linux kernel, HAL (hardware abstraction layer), system services layer, application framework layer and application program.The operation of the file system of linux kernel is provided by concrete file system maintenance several groups of operation tables, and its list item is function pointer, points to concrete operation code.Transparent encryption needs the behavior changing certain operations (as read-write operation).Experiment proves, only replacement operation table is technically feasible, but causes system architecture chaotic, maintainable and poor expandability.Stacking-type file system is a kind of incremental development pattern, for expanding the function of original file system.Which need not revise the code of original file system, but covers thereon, filters the operations such as read-write, adds the disposal route of oneself during the course, as encryption and compression etc., to strengthen the function of original file system.This model is proposed by Erez Zadok, includes FiST framework to facilitate such file system of structure.Because FiST framework establishment is before two 〇 〇 〇, lack maintenance, and only support the kernel version of 2.4 to 2.6.
Directly by the application of the thought of PC file protecting system on the mobile apparatus, have ignored the difference of platform: mobile device mainly emphasizes Consumer's Experience, be not only functional realiey to existing part Android file protecting system.These file protecting systems frequently require that user inputs password, select encryption and decryption file, reduce the convenience degree of equipment.On the other hand, existing transparent encrypting and deciphering system, decrease the impact on user operation habits, but protection work is not comprehensive: such as because rights concerns can not protect particular category, the file (and important deposit position of SD card regular user data) on SD card can not be protected; Or the file of certain specified format can only be protected; Or it is low vulnerable to system conjugation; Or compatible and extendability is low, such as support sector can only divide the system of particular version.
Summary of the invention
Technical matters to be solved by this invention is the file transparent encrypting and deciphering system and the method that overcome the deficiencies in the prior art and provide a kind of Android platform; the present invention utilizes stacking-type file system actualizing technology; employing reduces the impact on user operation as far as possible in conjunction with frequency locking interface; operating system of combining closely itself, encryption and decryption protection that realization is externally obstructed, internally nothing serious.
The present invention is for solving the problems of the technologies described above by the following technical solutions:
According to the file transparent encipher-decipher method of a kind of Android platform that the present invention proposes, comprise the following steps:
Step one, selection need the path of the file place file of protection and arrange password;
Step 2, according to the path of user's input and password, generate encryption path catalogue listing and authentication file respectively;
Step 3, scanning encryption path catalogue listing, if first time open operation system, first time initialization encryption will be carried out to agent-protected file according to list item, then carry out next step;
Step 4, when user triggers unlock screen event, then accept user input pass phrase, compare with the authentication file produced in step 2 after hash algorithm computing is carried out to pass phrase: if do not mated, then unlock failure; If coupling, then adopt pass phrase sha1 algorithm to be converted into key, stored by this key;
Step 5, when user's access file, if operation file or catalogue in encryption path catalogue listing, when user sends write request, the key-pair file that invocation step four stores is encrypted; When user sends read request, call key-pair file and be decrypted;
Step 6, when user triggers lock-screen event, then remove the key screen locking deposited.
As the scheme of the further optimization of the file transparent encipher-decipher method of a kind of Android platform of the present invention, described hash algorithm is MD5 hash algorithm.
According to the file transparent encrypting and deciphering system of a kind of Android platform that the present invention proposes, comprise line module and kernel module, line module comprises dispensing unit and screen locking unit, and kernel module comprises key management unit unit and stacking-type file system elements; Wherein,
Dispensing unit, generates strategy for receiving user, and strategy comprises password, authentication file, encryption menu routing table, and this password generates the first key through sha1 algorithm and stores; Authentication file inputs to key management unit unit, and encryption menu routing table inputs to stacking-type file system elements;
Screen locking unit, exports the pass phrase that user inputs to key management unit unit;
Key management unit unit, mates with authentication file: if do not mate, unlock failure after pass phrase is adopted hash algorithm computing; If coupling is consistent, while unlock screen, is adopted by pass phrase shal algorithm to be converted into the second key and store, when the screen locking of screen locking unit, remove the second key;
Stacking-type file system elements, when first time open operation system, the file called when receiving encryption menu routing table in the catalogue corresponding to the first key pair encryption directory path table carries out initialization encryption; And cover operating system support and on the All Files system of carry, call the second key in key management unit when user sends read request, file is decrypted; Call the second key in key management unit when user sends write request, file is encrypted.
As the scheme of the further optimization of the file transparent encrypting and deciphering system of a kind of Android platform of the present invention, the strategy that described user formulates also comprises whether enabling encrypting and deciphering system.
As the scheme of the further optimization of the file transparent encrypting and deciphering system of a kind of Android platform of the present invention, described hash algorithm is MD5 hash algorithm.
The present invention adopts above technical scheme compared with prior art, there is following technique effect: (1) the present invention utilizes stacking-type file system actualizing technology, employing reduces the impact on user operation as far as possible in conjunction with frequency locking interface, operating system of combining closely itself, encryption and decryption protection that realization is externally obstructed, internally nothing serious; (2) protect Android terminal user storage private data in a device, do not change user operation habits simultaneously, do not affect Consumer's Experience; (3) select kernel level cipher mode, enhance system security and encryption and decryption efficiency, be combined closely with system, anti-attack ability is strong, has higher security; Because system core encryption/decryption module is operated in the bottom, and be most top layer with the interface of user interactions, system setup middleware, auxiliary kernel module communicates with upper layer application; By JNI (Java local IP access interface) and interlayer communication, middle layer is completed by the mode of ioctl and communicates with kernel module; (4) the present invention can support the 3.x kernel that Android4.x popular at present uses, native system design document system, reads and the enterprising row relax of write operation, and other file operation is directly directed to underlying file systems, easily transplant flexibly at file; (5) encryption and decryption is to user transparent, and little to user operation interference, Consumer's Experience is good; Be convenient to dispose and transplant; There is higher performance; Do not distinguish file layout, user can be used to the file encrypting arbitrary form; Do not distinguish memory location, information in application program of mobile phone information and Memory Extension card can be encrypted, realize the protection to SD card file data.
Accompanying drawing explanation
Fig. 1 is the interaction of each intermodule of native system.
Fig. 2 is the present invention's transparent encryption and decryption file system fundamental diagram.
Fig. 3 is the schematic diagram between upper strata stack encryption and decryption file system and lower floor's actual file system.
Fig. 4 is screen locking cell operation process flow diagram.
Embodiment
Below in conjunction with accompanying drawing, technical scheme of the present invention is described in further detail:
A file transparent encipher-decipher method for Android platform, comprises the following steps:
Step one, selection need the path of the file place file of protection and arrange password;
Step 2, according to the path of user's input and password, generate encryption path catalogue listing and authentication file respectively;
Step 3, scanning encryption path catalogue listing, if first time open operation system, first time initialization encryption will be carried out to agent-protected file according to list item, then carry out next step;
Step 4, when user triggers unlock screen event, then accept user input pass phrase, compare with the authentication file produced in step 2 after hash algorithm computing is carried out to pass phrase: if do not mated, then unlock failure; If coupling, then adopt pass phrase sha1 algorithm to be converted into key, stored by this key;
Step 5, when user's access file, if operation file or catalogue in encryption path catalogue listing, when user sends write request, the key-pair file that invocation step four stores is encrypted; When user sends read request, call key-pair file and be decrypted;
Step 6, when user triggers lock-screen event, then remove the key screen locking deposited.
Described hash algorithm is MD5 hash algorithm.
The interaction of each intermodule of native system as shown in Figure 1, a kind of file transparent encrypting and deciphering system of Android platform, comprise line module and kernel module, line module comprises dispensing unit and screen locking unit, and kernel module comprises key management unit unit and stacking-type file system elements; Wherein,
Dispensing unit, generates strategy for receiving user, and strategy comprises password, authentication file, encryption menu routing table, and this password generates the first key through sha1 algorithm and stores; Authentication file inputs to key management unit unit, and encryption menu routing table inputs to stacking-type file system elements;
Screen locking unit, exports the pass phrase that user inputs to key management unit unit;
Key management unit unit, mates with authentication file: if do not mate, unlock failure after pass phrase is adopted hash algorithm computing; If coupling is consistent, while unlock screen, is adopted by pass phrase shal algorithm to be converted into the second key and store, when the screen locking of screen locking unit, remove the second key;
Stacking-type file system elements, when first time open operation system, the file called when receiving encryption menu routing table in the catalogue corresponding to the first key pair encryption directory path table carries out initialization encryption; And cover operating system support and on the All Files system of carry, call the second key in key management unit when user sends read request, file is decrypted; Call the second key in key management unit when user sends write request, file is encrypted.
The strategy that described user formulates also comprises whether enabling encrypting and deciphering system.Described hash algorithm is MD5 hash algorithm.
Fig. 2 is the present invention's transparent encryption and decryption file system fundamental diagram.Read the process of agent-protected file: if user is unauthorized user (user without locking screen interface authentication), operation failure.For authorized user, then transmit read request to underlying file system, obtain the file content returned, now content is ciphertext.To key management unit unit requests key, this double secret key ciphertext is utilized to be decrypted.The plaintext of acquisition is copied to user's space from kernel spacing.
Amendment corresponding document attribute, completes read operation.
The process of write agent-protected file: if user is unauthorized user (user without locking screen interface authentication), operation failure.
For authorized user, request key, the buffer zone, data place utilizing key to be transmitted by user's space is encrypted.
Buffer contents is delivered to underlying file system, is written to disk by it.
Amendment corresponding document attribute, completes write operation.
To kernel register-file system module, the file system operation method realized is needed to have: superblock method of operating, nodal operation method, file operation method.
Native system file system forms a stack architecture, and topmost paper system is exactly the stacking-type encryption and decryption file system of exploitation.Underlying file system is actual file system (but is also likely another stacking-type file system, if this stackable file system enough " transparent ", also can thinks actual file system).
Because topmost paper system depends on method of operating and the data structure of underlying file system, so the first step should build the relation between levels file system data structures.
Be the schematic diagram between upper strata stack encryption and decryption file system and lower floor's actual file system as shown in Figure 3, for file structure: upper_file is the object of this layer of file system here, lower_file is the object of the underlying file system corresponded.Both are contacted by the private_date pointer of upper_file.The function in the file_ops file operation table in upper_file is called during file operation.Because the operation requests issuing stacking-type file system upper strata after treatment, lower floor can be passed to.Specifically, the function in upper strata file_ops operation table can call respective function in lower floor file_ops table.Similar, dentry, inode and address_space structure of this layer of file system, contacts with the respective data structures of underlying file system, transmits respective operation requests.
Complete the structure of relation between levels key data structure, for operation below lays the foundation.
Except file read-write operations, the work of remaining paper Dynamic System is only call underlying file system respective function, or uses universal function, passes through " to realize ".If needed, the domain of dependence of underlying file system data structure also to be upgraded, as the file access time, file current read position etc.To read catalogue file: now levels file system relation has built, because need the operation of calling underlying file system, first searched out the data structure lower_file of the underlying file system corresponding with this layer of file by this relation.The directory information of lower_file is read by VFS layer general purpose function.Here directory information is the directory information of underlying file system, but owing to not processing this operation, can directly return as the directory information of this layer.Automatically can upgrade the access time of lower_file after VFS_readdir has read information, but need manually to upgrade the file access time on upper strata.Here both object synchronous is reached by copy underlying file visit information.
All the other need " to realize similar by the file operation of ".
As follows to file read-write operations particular content: after calling underlying file systems and reading in data, before content is turned back to user's space, buffer zone is decrypted.Equally, when write operation, before calling underlying file systems write operation, encrypted buffer district.
Wherein encryption process can use kernel encryption and decryption framework to realize, to save space-time expense, and reduction cost of development.
The realization of dispensing unit: tactful configuration interface is native system control core. above, summary of the invention one saves and provides description its function.It safeguards two files: for password md5 file and the encryption menu list file of comparison during authentication.It as common Android application program, but needs to hold administrator right, and by automatically when needing start, then scanning encryption menu table, is the catalogue carry encryption and decryption file system in table one by one.
The realization of kernel key management unit unit:
Kernel key management unit unit, acts on similar to kernel key ring.Directly do not use kernel key ring to be because it is too complicated, the limited time resource of embedded device that kernel takies and space resources should be reduced as far as possible.The close manager of kernel mainly comprises one and can, by the global buffer of other module accesses, be used for depositing key.This module is directly communicated by ioctl mode with application layer locking screen interface.Definition of T RANSPARENT_IOCAUTHEN order is accept the password from user's input, after md5 computing, the authentication file deposited with this locality is compared, if consistent, return and is verified, and converts password to 128bit key through sha1 computing and leave in global buffer.Simultaneously definition of T RANSPARENT_IOCCLEARKEY order is the task of key in the removing key management unit that needed during lock screen.
Fig. 4 is screen locking cell operation process flow diagram.The realization of screen locking unit: screen locking application accepts the pass phrase of user's input, and reads the switching value of whether opening encryption and decryption service.
These information are copied into kernel spacing, and here pass phrase is calculated by hash algorithm, with the MD5 value comparison of depositing in authentication file to confirm user identity.If do not conformed to, then prompting unlocks unsuccessfully, and user can carry out the trial of limited number of time; If conformed to, turn next step.
If authentication success, then judge whether the switching value of opening encryption and decryption service; If service is not opened, then turn next step; If service is opened, then key is carried out converting stored in key management unit, perform next step.
Unlock screen.
Screen locking unit provide two with the set of controls of user interactions: code input control group and a binary switch.The former is for the key of recording user input, and the latter determines it is only unlock mobile phone operating system or i.e. unlocking operation system but also unlock encrypt file.Screen locking unit itself only accepts and cache user password, not responsible authentication.Be in security consideration, authentication is completed by kernel cipher key management unit.Screen locking unit is communicated with middle layer dynamic base by JNI (Java local IP access interface), and key, passing through mode and the kernel communication of ioctl, is delivered to kernel spacing from user's space by middle layer.Consider that the user of trial edition system is divided into mobile phone operating system to customize business and personal user two kinds, so JNI disposes both can provide upper strata calling interface at application framework layer, routine call is employed as system API, or expanded by third party application, accomplish to combine closely with system, program can be employed as independently dynamic library file and load by direct compilation again, make personal user's deployment simple and convenient in android system screen locking and screen-unblocking be the message transmitted with BroadCast form.Native system screen locking application module monitors this message, makes corresponding process.The action that openScreen and closeScreen in code performs when being and unlocking/unblank screen, mainly calls JNI interface, and unblock has been authentication and Key Distribution, removes key during screen locking.
Above-described specific embodiments; further detailed description has been carried out to object of the present invention, technical scheme and beneficial effect; be understood that; the foregoing is only specific embodiment of the invention scheme; and be not used to limit scope of the present invention; any those skilled in the art, the equivalent variations made under the prerequisite not departing from design of the present invention and principle and amendment, all should belong to the scope of protection of the invention.
Claims (5)
1. a file transparent encipher-decipher method for Android platform, is characterized in that, comprise the following steps:
Step one, selection need the path of the file place file of protection and arrange password;
Step 2, according to the path of user's input and password, generate encryption path catalogue listing and authentication file respectively;
Step 3, scanning encryption path catalogue listing, if first time open operation system, first time initialization encryption will be carried out to agent-protected file according to list item, then carry out next step;
Step 4, when user triggers unlock screen event, then accept user input pass phrase, compare with the authentication file produced in step 2 after hash algorithm computing is carried out to pass phrase: if do not mated, then unlock failure; If coupling, then adopt pass phrase sha1 algorithm to be converted into key, stored by this key;
Step 5, when user's access file, if operation file or catalogue in encryption path catalogue listing, when user sends write request, the key-pair file that invocation step four stores is encrypted; When user sends read request, call key-pair file and be decrypted;
Step 6, when user triggers lock-screen event, then remove the key screen locking deposited.
2. the file transparent encipher-decipher method of a kind of Android platform according to claim 1, is characterized in that, described hash algorithm is MD5 hash algorithm.
3. a file transparent encrypting and deciphering system for Android platform, comprises line module and kernel module, it is characterized in that, line module comprises dispensing unit and screen locking unit, and kernel module comprises key management unit unit and stacking-type file system elements; Wherein,
Dispensing unit, generates strategy for receiving user, and strategy comprises password, authentication file, encryption menu routing table, and this password generates the first key through sha1 algorithm and stores; Authentication file inputs to key management unit unit, and encryption menu routing table inputs to stacking-type file system elements;
Screen locking unit, exports the pass phrase that user inputs to key management unit unit;
Key management unit unit, mates with authentication file: if do not mate, unlock failure after pass phrase is adopted hash algorithm computing; If coupling is consistent, while unlock screen, is adopted by pass phrase shal algorithm to be converted into the second key and store, when the screen locking of screen locking unit, remove the second key;
Stacking-type file system elements, when first time open operation system, the file called when receiving encryption menu routing table in the catalogue corresponding to the first key pair encryption directory path table carries out initialization encryption; And cover operating system support and on the All Files system of carry, call the second key in key management unit when user sends read request, file is decrypted; Call the second key in key management unit when user sends write request, file is encrypted.
4. the file transparent encrypting and deciphering system of a kind of Android platform according to claim 3, is characterized in that, the strategy that described user formulates also comprises whether enabling encrypting and deciphering system.
5. the file transparent encrypting and deciphering system of a kind of Android platform according to claim 3, is characterized in that, described hash algorithm is MD5 hash algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410475391.2A CN104252605B (en) | 2014-09-17 | 2014-09-17 | A kind of file transparent encrypting and deciphering system of Android platform and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410475391.2A CN104252605B (en) | 2014-09-17 | 2014-09-17 | A kind of file transparent encrypting and deciphering system of Android platform and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104252605A true CN104252605A (en) | 2014-12-31 |
CN104252605B CN104252605B (en) | 2017-03-15 |
Family
ID=52187488
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410475391.2A Active CN104252605B (en) | 2014-09-17 | 2014-09-17 | A kind of file transparent encrypting and deciphering system of Android platform and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104252605B (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104866778A (en) * | 2015-01-30 | 2015-08-26 | 武汉华工安鼎信息技术有限责任公司 | Document safety access control method and device based on Linux kernel |
CN105373744A (en) * | 2015-10-29 | 2016-03-02 | 成都卫士通信息产业股份有限公司 | Method for encrypting extended file system based on Linux |
WO2016112712A1 (en) * | 2015-01-16 | 2016-07-21 | 努比亚技术有限公司 | Secure access method, apparatus, and terminal, storage medium |
CN106060010A (en) * | 2016-05-11 | 2016-10-26 | 广东七洲科技股份有限公司 | Android platform transparent encryption and decryption system |
CN106127078A (en) * | 2016-07-11 | 2016-11-16 | 北京鼎源科技有限公司 | Cryptographic key protection method under a kind of Android environment and system |
WO2016206393A1 (en) * | 2015-06-26 | 2016-12-29 | 中兴通讯股份有限公司 | Method and apparatus for managing application and method and apparatus for implementing read-write operation |
WO2017181968A1 (en) * | 2016-04-20 | 2017-10-26 | 中兴通讯股份有限公司 | Method for processing application file, method and device for accessing application file, and storage medium |
CN109145623A (en) * | 2018-08-24 | 2019-01-04 | 深圳竹云科技有限公司 | A kind of equipment Id encryption technology based on Android kernel |
CN109492417A (en) * | 2018-11-13 | 2019-03-19 | 熊予舒 | Data ciphering method and system |
CN110209428A (en) * | 2018-12-28 | 2019-09-06 | 深圳市泰衡诺科技有限公司 | A kind of terminal screen awakening method, device, terminal and storage medium |
CN111062049A (en) * | 2019-11-21 | 2020-04-24 | 视联动力信息技术股份有限公司 | File protection method and device, terminal equipment and storage medium |
CN111079159A (en) * | 2019-12-03 | 2020-04-28 | 北京元心科技有限公司 | Encrypted communication method and system for Hypervisor multi-domain architecture |
CN111143879A (en) * | 2019-12-26 | 2020-05-12 | 厦门市美亚柏科信息股份有限公司 | Android platform SD card file protection method, terminal device and storage medium |
CN112182611A (en) * | 2020-09-27 | 2021-01-05 | 中孚安全技术有限公司 | File transparent encryption and decryption method and system based on Linux kernel layer |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030226025A1 (en) * | 2002-06-04 | 2003-12-04 | Chanson Lin | Data security method of storage media |
CN101674575A (en) * | 2009-09-17 | 2010-03-17 | 中兴通讯股份有限公司 | Method for protecting security of mobile communication terminal data and device thereof |
CN103078866A (en) * | 2013-01-14 | 2013-05-01 | 成都西可科技有限公司 | Transparent encryption method for mobile platform |
-
2014
- 2014-09-17 CN CN201410475391.2A patent/CN104252605B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030226025A1 (en) * | 2002-06-04 | 2003-12-04 | Chanson Lin | Data security method of storage media |
CN101674575A (en) * | 2009-09-17 | 2010-03-17 | 中兴通讯股份有限公司 | Method for protecting security of mobile communication terminal data and device thereof |
CN103078866A (en) * | 2013-01-14 | 2013-05-01 | 成都西可科技有限公司 | Transparent encryption method for mobile platform |
Non-Patent Citations (1)
Title |
---|
唐铭若: "基于Android平台的文件透明加密的设计与实现", 《中国优秀硕士论文全文数据库》 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016112712A1 (en) * | 2015-01-16 | 2016-07-21 | 努比亚技术有限公司 | Secure access method, apparatus, and terminal, storage medium |
CN104866778A (en) * | 2015-01-30 | 2015-08-26 | 武汉华工安鼎信息技术有限责任公司 | Document safety access control method and device based on Linux kernel |
WO2016206393A1 (en) * | 2015-06-26 | 2016-12-29 | 中兴通讯股份有限公司 | Method and apparatus for managing application and method and apparatus for implementing read-write operation |
CN105373744A (en) * | 2015-10-29 | 2016-03-02 | 成都卫士通信息产业股份有限公司 | Method for encrypting extended file system based on Linux |
WO2017181968A1 (en) * | 2016-04-20 | 2017-10-26 | 中兴通讯股份有限公司 | Method for processing application file, method and device for accessing application file, and storage medium |
CN106060010A (en) * | 2016-05-11 | 2016-10-26 | 广东七洲科技股份有限公司 | Android platform transparent encryption and decryption system |
CN106127078A (en) * | 2016-07-11 | 2016-11-16 | 北京鼎源科技有限公司 | Cryptographic key protection method under a kind of Android environment and system |
CN109145623A (en) * | 2018-08-24 | 2019-01-04 | 深圳竹云科技有限公司 | A kind of equipment Id encryption technology based on Android kernel |
CN109492417A (en) * | 2018-11-13 | 2019-03-19 | 熊予舒 | Data ciphering method and system |
CN110209428A (en) * | 2018-12-28 | 2019-09-06 | 深圳市泰衡诺科技有限公司 | A kind of terminal screen awakening method, device, terminal and storage medium |
CN110209428B (en) * | 2018-12-28 | 2023-08-29 | 深圳市泰衡诺科技有限公司 | Terminal screen awakening method and device, terminal and storage medium |
CN111062049A (en) * | 2019-11-21 | 2020-04-24 | 视联动力信息技术股份有限公司 | File protection method and device, terminal equipment and storage medium |
CN111079159A (en) * | 2019-12-03 | 2020-04-28 | 北京元心科技有限公司 | Encrypted communication method and system for Hypervisor multi-domain architecture |
CN111143879A (en) * | 2019-12-26 | 2020-05-12 | 厦门市美亚柏科信息股份有限公司 | Android platform SD card file protection method, terminal device and storage medium |
CN112182611A (en) * | 2020-09-27 | 2021-01-05 | 中孚安全技术有限公司 | File transparent encryption and decryption method and system based on Linux kernel layer |
Also Published As
Publication number | Publication date |
---|---|
CN104252605B (en) | 2017-03-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104252605B (en) | A kind of file transparent encrypting and deciphering system of Android platform and method | |
EP3913516B1 (en) | File access authority authentication method and electronic device | |
CN102254124B (en) | A kind of information of mobile terminal security protection system and method | |
US20130159699A1 (en) | Password Recovery Service | |
CN103686716B (en) | Android access control system for enhancing confidentiality and integrality | |
CN103106372A (en) | Lightweight class privacy data encryption method and system for Android system | |
US20090240956A1 (en) | Transparent encryption using secure encryption device | |
CN103595730A (en) | Ciphertext cloud storage method and system | |
CN101916342A (en) | Secure mobile storage device and method for realizing secure data exchange by using same | |
CN105981027A (en) | Secure authentication and switching to encrypted domains | |
CN101189617A (en) | Electronic device, update server device, key update device | |
CN102882923A (en) | Secure storage system and method for mobile terminal | |
CN102819702B (en) | File encryption operation method and file encryption operational system | |
CN105426775A (en) | Method and system for protecting information security of smartphone | |
CN101159754A (en) | Internet application management system operating on intelligent mobile terminal | |
CN102118503B (en) | Data protection method, device and terminal | |
WO2024045407A1 (en) | Virtual disk-based secure storage method | |
CN105279453B (en) | It is a kind of to support the partitions of file for separating storage management to hide system and method | |
WO2010038764A1 (en) | Encryption device, encryption method and program | |
CN101339589B (en) | Method for implementing information safety by dummy machine technology | |
CN104361265A (en) | Document protection method, device and system | |
CN106127078A (en) | Cryptographic key protection method under a kind of Android environment and system | |
CN101383833A (en) | Apparatus and method for enhancing PIN code input security of intelligent cipher key apparatus | |
CN106503580A (en) | A kind of guard method of private data and terminal | |
CN111625843A (en) | Data transparent encryption and decryption system suitable for big data platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20190820 Address after: Room 1009, Building B, Dongshou Software Industrial Park, Yingbin Avenue, Shuyang County, Suqian City, Jiangsu Province Patentee after: SUQIAN XINCHAO INFORMATION TECHNOLOGY CO., LTD. Address before: Zhongshan road Wuzhong District Mudu town of Suzhou city in Jiangsu province 215101 No. 70 Wuzhong Science Park Building 2 room 2310 Patentee before: Nanjing University of Information Science and Technology |