[go: up one dir, main page]

CN105740725B - A kind of document protection method and system - Google Patents

A kind of document protection method and system Download PDF

Info

Publication number
CN105740725B
CN105740725B CN201610064511.9A CN201610064511A CN105740725B CN 105740725 B CN105740725 B CN 105740725B CN 201610064511 A CN201610064511 A CN 201610064511A CN 105740725 B CN105740725 B CN 105740725B
Authority
CN
China
Prior art keywords
file
user
ticket
key
directory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610064511.9A
Other languages
Chinese (zh)
Other versions
CN105740725A (en
Inventor
沈熳婷
俞银燕
汤帜
崔晓瑜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peking University
Original Assignee
Peking University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University filed Critical Peking University
Priority to CN201610064511.9A priority Critical patent/CN105740725B/en
Publication of CN105740725A publication Critical patent/CN105740725A/en
Application granted granted Critical
Publication of CN105740725B publication Critical patent/CN105740725B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Document Processing Apparatus (AREA)

Abstract

本发明公布了一种文件保护方法和系统,系统管理员创建安全目录,根据系统管理员信息生成所述系统管理员ID和系统管理员ticket;管理者拥有对用户权限描述表的操作权限;用户认证使用自定义的用户ticket来进行用户身份的验证;用户的所有权限信息都记录在用户权限描述表中;持续检测安全目录中的用户操作并实时做出是否对文件进行保护的响应;保护具体通过提取出文件内容进行加密之后重新封装为统一格式文件;采用文件的三层密钥生成结构达到对文件进行加密或解密的目的。本发明基于安全目录,通过管理用户、监视文件、分层生成文件密钥和文件管理,实现为任意格式的文件提供实时、安全、高效的保护。

The invention discloses a file protection method and system. The system administrator creates a security directory, and generates the system administrator ID and system administrator ticket according to the information of the system administrator; the administrator has the operation authority to the user authority description table; the user Authentication uses a custom user ticket to verify user identity; all user permission information is recorded in the user permission description table; continuously detects user operations in the security directory and responds in real time whether to protect files; protection specific By extracting the content of the file, encrypting it and repackaging it into a unified format file; using the three-layer key generation structure of the file to achieve the purpose of encrypting or decrypting the file. Based on the security directory, the invention provides real-time, safe and efficient protection for files in any format by managing users, monitoring files, generating file keys in layers and managing files.

Description

一种文件保护方法与系统A file protection method and system

技术领域technical field

本发明涉及文件保护,尤其涉及一种与被保护的文件格式无关的基于安全目录的敏感文件保护方法和系统。The present invention relates to file protection, in particular to a sensitive file protection method and system based on a safe directory which is independent of the format of the file to be protected.

背景技术Background technique

近年来,随着网络和数字化技术的蓬勃发展,文件的数字化使得文件成为了人们存储敏感信息最直接和普遍的载体。由于存储信息的敏感性和机密性,敏感文件的保护问题已经引起了越来越多的重视。In recent years, with the vigorous development of network and digital technology, the digitization of files has made files the most direct and common carrier for people to store sensitive information. Due to the sensitivity and confidentiality of stored information, the protection of sensitive files has attracted more and more attention.

现有的文件保护工具可以被分为两大类:文件保护系统和加密软件。目前最通用普及的文件保护系统是微软公司提供的EFS(加密文件系统)。EFS通过加密需要保护的文件来为用户提供敏感信息保护。然而,对于用户指定的需要保护的文件,EFS只提供全盘加密,也就是通过一次加密一整个磁盘分区来达到文件加密的效果。这无疑是相当耗时的,因为磁盘分区的大小动辄几个GB,远远大于文件本身的大小,一些和文件无关的信息也被加密了,这对用户来说是不需要的。而一些被广泛使用的加密软件(如Lockdir),事实上并没有对文件进行加密,而是将文件转移到一个Windows特定分区中,然后隐藏这些文件使一般用户都不可见,然后在文件原来的位置伪造一个假的文件夹,用以迷惑非法用户。事实上,如果攻击者使用一些文件嗅探工具(如FolderSniffer),就能很快发现这些被隐藏的文件。而由于文件本身是没有被加密的,那文件内的敏感信息就会直接被暴露,这样的所谓加密软件事实上是不安全的。Existing file protection tools can be divided into two categories: file protection systems and encryption software. The most common and popular file protection system at present is the EFS (Encrypted File System) provided by Microsoft Corporation. EFS provides users with sensitive information protection by encrypting the files that need to be protected. However, for files that need to be protected specified by users, EFS only provides full disk encryption, that is, the effect of file encryption is achieved by encrypting an entire disk partition at a time. This is undoubtedly quite time-consuming, because the size of the disk partition is often several GB, which is far larger than the size of the file itself, and some information irrelevant to the file is also encrypted, which is unnecessary for the user. However, some widely used encryption software (such as Lockdir) does not actually encrypt the files, but transfers the files to a Windows-specific partition, and then hides these files so that ordinary users cannot see them. Location forge a fake folder to confuse illegal users. In fact, if attackers use some file sniffing tools (such as FolderSniffer), they can quickly discover these hidden files. And because the file itself is not encrypted, the sensitive information in the file will be exposed directly, so the so-called encryption software is in fact unsafe.

因此,现有有关文件保护的方法和系统均存在以下问题,无法做到全面有效的保护文件:Therefore, the following problems exist in the existing methods and systems related to file protection, and it is impossible to protect files comprehensively and effectively:

(一)无法解决何时保护敏感文件的问题;(1) Unable to solve the problem of when to protect sensitive documents;

当一个敏感被攻击者所截获,如果信息以明文的形式存储在文件中,那么攻击者很容易就可以获得文件中的敏感信息。因此,理想的文件保护机制需要最小化文件中的信息以明文形式存在的时间。一些文件保护软件仅当用户使用软件并选中需要保护的文件时才对文件提供保护,而由于文件在被用户选中前是以明文形式存在的,容易被泄露和非法获取,因此这样的保护方式是相对不安全的。When a sensitive information is intercepted by an attacker, if the information is stored in a file in plain text, the attacker can easily obtain the sensitive information in the file. Therefore, an ideal file protection mechanism needs to minimize the time that the information in the file exists in plain text. Some file protection software only protect files when the user uses the software and selects the file to be protected. Since the file exists in plain text before being selected by the user, it is easy to be leaked and obtained illegally. Therefore, this protection method is Relatively unsafe.

(二)保护敏感文件方式的安全性很低;(2) The security of the method of protecting sensitive documents is very low;

保护敏感文件的方式目前主要有隐藏文件和将文件加密两种方式,后者的被保护文件的安全性要明显高于前者。然而,目前的文件保护软件(如Lockdir)基于方便实现的角度考虑,使用的大多是隐藏文件方法,使得敏感文件依旧以明文形式存在于计算机中,攻击者一旦使用文件探测工具探测到隐藏文件,便能够很容易获取文件中的敏感信息,安全性很低。At present, there are mainly two ways to protect sensitive files: hiding files and encrypting files. The security of the protected files of the latter is obviously higher than that of the former. However, current file protection software (such as Lockdir) is based on the perspective of convenient implementation, and most of them use the method of hiding files, so that sensitive files still exist in the computer in plain text. Once an attacker uses a file detection tool to detect hidden files, It is easy to obtain sensitive information in the file, and the security is very low.

(三)加密密钥管理方法的有效性低;(3) The effectiveness of encryption key management methods is low;

目前基于加密的文件保护工具生成文件加密密钥最普遍的方法是直接使用用户密码。由于密码通常包含用户信息(如生日,电话),这样的加密密钥无法抵御穷举攻击。多数的文件系统(如EFS)都使用上述方法来产生文件加密密钥。每个文件的加密密钥都是相同的。一旦某个文件的密钥被破解,那在系统中的其他的被保护的文件都变得不安全了。因此,为了为敏感文件提供更安全的保护,需要设计更有效的密钥生成算法。At present, the most common method for generating file encryption keys based on encryption-based file protection tools is to directly use user passwords. Since passwords usually contain user information (such as birthday, phone number), such encryption keys cannot resist brute force attacks. Most file systems (such as EFS) use the above methods to generate file encryption keys. The encryption key is the same for each file. Once the key of a file is cracked, other protected files in the system become unsafe. Therefore, in order to provide more secure protection for sensitive files, more efficient key generation algorithms need to be designed.

(四)难以支持多用户共享环境下的应用;(4) It is difficult to support applications in a multi-user sharing environment;

传统的文件保护软件(如文件夹加密大师)只能根据密码判定用户的合法性。当用户需要共享文件时,需要将密码给予共享用户。获得密码的共享用户具有和管理员一样的文件操作权限,不区分用户的使用权限和操作等级,这样的文件保护软件不能适应在多用户共享环境下的使用。Traditional file protection software (such as folder encryption master) can only determine the legitimacy of users based on passwords. When a user needs to share a file, a password needs to be given to the shared user. The shared user who has obtained the password has the same file operation authority as the administrator, and does not distinguish the user's use authority and operation level. Such file protection software cannot be used in a multi-user sharing environment.

(五)无法平衡安全性和有效性;(5) Unable to balance safety and effectiveness;

对于用户而言,理想的文件保护工具应当兼顾安全性和有效性。然而,现有的文件系统由于一次加密一整个磁盘分区,往往需要耗费相当长的时间来保护一个文件,忽视了用户的等待时间,效率不高。现有方法难以实现平衡文件保护工具的安全性和有效性的文件保护机制。For users, an ideal file protection tool should balance security and effectiveness. However, because the existing file system encrypts an entire disk partition at a time, it often takes a long time to protect a file, ignoring the user's waiting time, and the efficiency is not high. Existing methods are difficult to achieve a file protection mechanism that balances the security and effectiveness of file protection tools.

发明内容Contents of the invention

为了克服上述现有技术的不足,本发明提供一种高效的文件保护方法和系统,使用安全目录作为敏感文件的载体,为任意格式的文件提供实时安全的保护。In order to overcome the deficiencies of the above-mentioned prior art, the present invention provides an efficient file protection method and system, which uses a secure directory as a carrier of sensitive files to provide real-time security protection for files of any format.

本发明提供的技术方案是:The technical scheme provided by the invention is:

一种文件保护方法,该方法基于安全目录,通过管理用户、监视文件、分层生成文件密钥和文件管理方法,为任意格式的文件提供实时安全保护,包括如下步骤:A file protection method, the method is based on a safe directory, provides real-time security protection for files in any format by managing users, monitoring files, generating file keys in layers and file management methods, including the following steps:

1)系统管理员创建安全目录,并将该系统管理员的信息进行存储;1) The system administrator creates a security directory and stores the information of the system administrator;

具体是:系统管理员选择目录路径,系统接收文件路径后创建相应的安全目录,并将该管理员的信息存储在用户管理模块中;在本发明实施例中,管理员选择的安全目录路径将被处理和存储在系统中,同时用户管理模块在接收到管理员信息之后会生成其ID和ticket,并与其权限信息一同组成一条管理员权限记录自动记录在用户权限描述表UPDL中。管理员ticket由式1生成:Specifically: the system administrator selects the directory path, and the system creates a corresponding security directory after receiving the file path, and stores the administrator's information in the user management module; in the embodiment of the present invention, the security directory path selected by the administrator will be It is processed and stored in the system. At the same time, the user management module will generate its ID and ticket after receiving the administrator information, and form an administrator authority record with its authority information and automatically record it in the user authority description table UPDL. The administrator ticket is generated by Formula 1:

Ticketuhash=(passwordu|rand_numu|device_info) (式1)Ticket u hash=(password u |rand_num u |device_info) (Formula 1)

式1中,Ticketuhash是Ticketu的哈希值,Ticketu是用户u的ticket;passwordu指的是管理员密码;rand_numu指的是用户管理模块为管理员生成的随机数,这个随机数一旦生成则被记录在UPDL中管理员的记录中;而device_info则是指所绑定的设备信息(如小企业的服务器设备信息),在每次需要生成ticket的时候将会被动态抽取,无需记录。得到的ticket将会被计算其哈希值后记录在UPDL中,以便进行用户验证。由于哈希函数的不可逆性,即使得到了ticket,也很难得到用户的密码,因此这样的ticket是安全的。In Formula 1, Ticket u hash is the hash value of Ticket u , and Ticket u is the ticket of user u; password u is the password of the administrator; rand_num u is the random number generated by the user management module for the administrator. Once the number is generated, it will be recorded in the administrator's record in UPDL; and device_info refers to the bound device information (such as the server device information of a small business), which will be dynamically extracted every time a ticket needs to be generated , no logging is required. The obtained ticket will be recorded in UPDL after calculating its hash value for user verification. Due to the irreversibility of the hash function, even if the ticket is obtained, it is difficult to obtain the user's password, so such a ticket is safe.

2)普通用户通过输入用户信息进行注册,将动态提取的与安全目录绑定的设备信息进行串连,得到该用户的用户ticket,并记录在用户权限描述表(UPDL)中;具体执行如下操作:2) Ordinary users register by entering user information, and concatenate the dynamically extracted device information bound to the security directory to obtain the user ticket of the user, and record it in the user permission description table (UPDL); the specific operations are as follows :

用户管理模块接收用户信息(包括用户名和密码)并为该用户生成一个随机数,并将该随机数与用户密码以及动态提取的与安全目录绑定的设备信息(默认为创建安全目录的本地计算机/服务器)进行串连,用哈希函数进行运算之后得到该用户的用户ticket。每个新注册的用户都将生成一条七元组{用户ID,用户码,用户角色,随机数,起始时间,终止时间,用户ticket}并记录在用户权限描述表(UPDL)中;The user management module receives user information (including user name and password) and generates a random number for the user, and combines the random number with the user password and dynamically extracted device information bound to the security directory (the default is the local computer that created the security directory /server) in series, and get the user ticket of the user after operation with the hash function. Each newly registered user will generate a seven-tuple {user ID, user code, user role, random number, start time, end time, user ticket} and record it in the user permission description table (UPDL);

3)普通用户使用用户名和密码进行登录时,通过该用户的用户ticket与记录在UPDL中的该用户的ticket进行比较,确定是否登录成功;具体执行如下操作:3) When an ordinary user logs in with a user name and password, the user ticket of the user is compared with the ticket of the user recorded in UPDL to determine whether the login is successful; the specific operations are as follows:

用户管理模块在获取用户名和密码之后,为该用户以与注册时相同的方式生成一张临时ticket,并解密扫描UPDL,与记录在UPDL中的该用户的正确ticket进行对比,若完全相同,登录成功,否则拒绝用户登录;After obtaining the user name and password, the user management module generates a temporary ticket for the user in the same way as when registering, decrypts and scans the UPDL, and compares it with the correct ticket of the user recorded in the UPDL. If they are identical, log in Success, otherwise deny user login;

4)当普通用户新建文件时,执行如下操作:4) When a common user creates a new file, perform the following operations:

通过持续监测安全目录中的用户行为,当用户在安全目录中新建一个文件时,该文件即为需要保护的文件,本发明将该文件进行保护;具体通过文件监视器进行监测,文件监视器检测到用户的新建行为立即通知文件管理模块将该文件保护起来;By continuously monitoring the user behavior in the safe directory, when the user creates a new file in the safe directory, the file is a file that needs to be protected, and the present invention protects the file; specifically, it monitors through the file monitor, and the file monitor detects Notify the file management module immediately of the user's new behavior to protect the file;

对该文件进行保护,执行如下操作:To protect the file, do the following:

41)为该新建文件生成文件加密密钥,所述文件加密密钥为三层密钥生成结构;41) Generate a file encryption key for the newly created file, and the file encryption key is a three-layer key generation structure;

具体包括:文件管理模块接收到文件监视器传来的文件保护通知,向分层密钥管理模块请求该文件的文件加密密钥。分层密钥管理模块通过三层密钥结构的生成方法,利用文件摘要、该文件对应的随机数、设备信息的哈希值、安全目录的绝对路径的哈希值,以及一个主密钥,通过两层计算生成该新建文件的加密密钥并返回给文件管理模块;Specifically include: the file management module receives the file protection notification from the file monitor, and requests the file encryption key of the file from the layered key management module. The hierarchical key management module uses the generation method of the three-layer key structure, using the file summary, the random number corresponding to the file, the hash value of the device information, the hash value of the absolute path of the security directory, and a master key, Generate the encryption key of the newly created file through two-layer calculation and return it to the file management module;

所述三层密钥结构的生成方法具体包括如下步骤:The method for generating the three-layer key structure specifically includes the following steps:

首先,用硬件指纹生成一个主密钥,由主密钥来生成的生成密钥将作为密钥加密UPDL,以及生成各个敏感文件的文件加密密钥。其中生成密钥由式2生成First, use hardware fingerprints to generate a master key, and the generated key generated by the master key will be used as a key to encrypt UPDL and generate file encryption keys for each sensitive file. The generated key is generated by formula 2

geneKeySD=ZMK|path_SDmodP (式2)geneKey SD =Z MK|path_SD modP (Formula 2)

式2中,MK是位于图5结构顶端的主密钥,而pathSD是在创建安全目录时指定的安全目录地址的哈希值。P是一个大质数,而Z则是P有限域中的质因子。通过式2计算得到生成密钥之后,密钥管理模块通过式3最终生成该文件的文件加密密钥:In Formula 2, MK is the master key at the top of the structure in Figure 5, and path SD is the hash value of the security directory address specified when creating the security directory. P is a large prime number, and Z is a prime factor in the finite field of P. After the generated key is calculated by formula 2, the key management module finally generates the file encryption key of the file by formula 3:

其中,geneKeySD指的是式2中所生成的生成密钥,而则是由式4生成的针对每个文件不同的文件信息。G是一种构造函数,用于增强整个生成函数的安全性(如选取奇数位的值构造文件加密密钥)Among them, geneKey SD refers to the generation key generated in formula 2, and It is different file information for each file generated by Formula 4. G is a constructor used to enhance the security of the entire generator function (such as selecting an odd-numbered value to construct a file encryption key)

在式4中,是每个文件不同的消息认证码,而则是记录在统一格式文件中每个文件不同的随机数,devinfo指的是在文件信息生成时动态抽取的与安全目录绑定的设备信息的哈希值;In Equation 4, is a different message authentication code for each file, and It is a different random number recorded in the uniform format file for each file, and dev info refers to the hash value of the device information bound to the security directory that is dynamically extracted when the file information is generated;

42)利用该新建文件的加密密钥,加密新建文件的内容并封装为自定义的统一格式文件;42) Utilize the encryption key of the newly-created file to encrypt the content of the newly-created file and package it into a self-defined unified format file;

具体是:文件管理模块接收从分层密钥管理模块返回的文件密钥,加密新建文件的内容并封装为自定义的统一格式文件;自定义统一格式文件包括文件头和文件内容两大部分,文件内容为原文件加密后的密文,文件头是原始文件名及其文件名长度,封装后文件总长度及其文件头长度,设备信息哈希值,消息验证码的明文。这样的一种与文件格式无关的文件保护系统能够最大程度的满足用户需求,而不是只能对特定的文件进行加密,增加了该发明的实用性。Specifically: the file management module receives the file key returned from the hierarchical key management module, encrypts the content of the newly created file and encapsulates it into a custom unified format file; the custom unified format file includes two parts: the file header and the file content, The content of the file is the encrypted ciphertext of the original file, and the file header is the original file name and its length, the total length of the encapsulated file and its header length, the device information hash value, and the plaintext of the message verification code. Such a file protection system which has nothing to do with the file format can meet the needs of users to the greatest extent, instead of only encrypting specific files, which increases the practicability of the invention.

本发明实施例中,采用的自定义统一文件格式具体包括:In the embodiment of the present invention, the self-defined unified file format adopted specifically includes:

42a)一个被保护文件的文件头首先用一个8Byte的十六进制字符串来指示统一格式文件的总长度,紧接着的8Bytes则表示统一格式文件头的长度;42a) The file header of a protected file first uses an 8Byte hexadecimal string to indicate the total length of the unified format file, and the next 8Bytes then represents the length of the unified format file header;

42b)统一格式文件头接下来的32Byte是和安全目录绑定的设备信息的哈希值,和一个16Byte的随机数,以及用于检验被保护文件完整性的32Byte的消息认证码;42b) The next 32Byte of the unified format file header is the hash value of the device information bound to the security directory, a 16Byte random number, and a 32Byte message authentication code for checking the integrity of the protected file;

42c)在统一格式文件头的最后还包含了初始文件的文件名和其长度,用于在解密还原原文件;42c) At the end of the unified format file header, the file name and the length of the initial file are also included, which are used to decrypt and restore the original file;

42d)在统一格式文件头之后是加密后的原文件,作为统一格式文件的文件内容,以密文的形式呈现;由于文件内容的大小未知并且可能会相当大,因此采用对称加密算法对文件内容进行加密;42d) After the unified format file header is the encrypted original file, as the file content of the unified format file, presented in the form of cipher text; since the size of the file content is unknown and may be quite large, a symmetric encryption algorithm is used to encrypt the file content encrypt;

5)当用户修改现有被保护的文件时,本发明通过解密密钥对该文件进行解密,并恢复为原文件格式;用户对原文件进行修改并保存后,本发明再采用步骤4)所述保护方法对该文件进行重新保护;5) When the user modifies the existing protected file, the present invention decrypts the file through the decryption key, and restores it to the original file format; after the user modifies and saves the original file, the present invention adopts step 4) again Re-protect the file using the above protection method;

修改现有被保护的文件具体是:文件监视器检测到用户试图打开一个被保护的文件,通知文件管理模块对被保护的文件进行恢复。文件管理模块使用分层密钥管理模块产生的解密密钥对该文件进行解密,并恢复为原文件格式。用户对原文件进行修改并保存。Specifically, modifying the existing protected file is: the file monitor detects that the user tries to open a protected file, and notifies the file management module to recover the protected file. The file management module uses the decryption key generated by the layered key management module to decrypt the file and restore the original file format. The user modifies and saves the original file.

重新保护具体是:文件监视器检测到用户的修改行为并通知文件管理模块的对文件进行重新保护;文件管理模块向分层密钥管理模块请求新的文件加密密钥,分层密钥管理模块根据修改后文件的新文件摘要生成新的加密密钥,并返回给文件管理模块;文件管理模块接收到新的文件加密密钥,重新对修改后的文件进行加密,并封装为统一格式文件保护起来。The re-protection is specifically: the file monitor detects the modification behavior of the user and notifies the file management module to re-protect the file; the file management module requests a new file encryption key from the hierarchical key management module, and the hierarchical key management module Generate a new encryption key according to the new file summary of the modified file, and return it to the file management module; the file management module receives the new file encryption key, re-encrypts the modified file, and encapsulates it into a unified format file for protection stand up.

本发明同时提供一种基于安全目录的文件保护系统,包括以下模块:The present invention simultaneously provides a file protection system based on a security directory, including the following modules:

M1)用户管理模块M1) User Management Module

该模块主要用于控制用户对于安全目录的访问,提供用户权限分配和用户认证功能,主要分为两个部分:访问控制和权限管理。本发明使用了自定义的用户ticket来进行用户身份的验证,用户ticket对于用户是透明的。一个安全目录有其创建者,这样的用户便成为了安全目录的管理者,而对于其他用户的管理则是通过管理他们所拥有的角色以达到管理他们的权限的目的。用户的所有权限信息都记录在一张加锁的用户权限描述表(UPDL)中,只有管理员拥有对UPDL的操作权限,管理员通过修改UPDL中的相关信息来管理在多用户的操作环境下其他用户对于安全目录的使用权限。This module is mainly used to control the user's access to the security directory, and provides user authority distribution and user authentication functions. It is mainly divided into two parts: access control and authority management. The present invention uses a user-defined user ticket to verify user identity, and the user ticket is transparent to the user. A security directory has its creator, such users become the managers of the security directory, and the management of other users is to manage their rights by managing their roles. All user authority information is recorded in a locked user authority description table (UPDL). Only administrators have the authority to operate UPDL. Administrators can manage other users in a multi-user operating environment by modifying relevant information in UPDL. Access to the secure directory.

M2)文件监视器M2) File Monitor

用户在创建一个新文件,修改一个文件之后,本系统的文件监视器都能检测到用户对于文件的操作行为并且在第一时间通知文件管理模块对文件进行保护。文件夹监视器作为一个后台一直运行的进程,持续的检测安全目录中的用户操作并实时的作出响应。After the user creates a new file or modifies a file, the file monitor of this system can detect the user's operation behavior on the file and notify the file management module to protect the file at the first time. As a background process that has been running all the time, Folder Monitor continuously detects user operations in the secure directory and responds in real time.

M3)文件管理模块M3) file management module

文件管理模块是本系统的核心模块,负责对文件提供安全保护。本发明在提供保护服务的过程中,不考虑文件的原有格式,而是提取出文件内容进行加密之后重新封装为统一格式文件(见图4)。统一格式文件包括文件头和文件内容两大部分,文件内容为原文件加密后的密文,文件头是原始文件名及其文件名长度,封装后文件总长度及其文件头长度,设备信息哈希值,消息验证码的明文。这样的一种与文件格式无关的文件保护系统能够最大程度的满足用户需求,而不是只能对特定的文件进行加密,增加了该发明的实用性。The file management module is the core module of this system, which is responsible for providing security protection for files. In the process of providing the protection service, the present invention does not consider the original format of the file, but extracts the content of the file, encrypts it, and repackages it into a unified format file (see FIG. 4 ). The unified format file includes two parts: the file header and the file content. The file content is the encrypted ciphertext of the original file. The file header is the original file name and the length of the file name, the total length of the packaged file and the length of the file header, and the device information hash. Hash value, the plaintext of the message authentication code. Such a file protection system which has nothing to do with the file format can meet the needs of users to the greatest extent, instead of only encrypting specific files, which increases the practicability of the invention.

M4)分层密钥管理模块M4) Hierarchical key management module

在本发明的加密过程中,密钥的生成将采用三层密钥生成结构,分别产生主密钥,生成密钥和文件加密密钥,保证第一层的主密钥能够尽量少被使用和修改,同时为不同的文件生成不同的加密密钥,用以保证在一个文件密钥被泄露之后其他的文件密钥依旧是安全的并且无法从被泄露的密钥中获取任何能够破解其他密钥的信息。In the encryption process of the present invention, the generation of key will adopt three-layer key generation structure, produces master key respectively, generates key and file encryption key, guarantees that the master key of the first layer can be used as little as possible and Modify, and generate different encryption keys for different files at the same time, to ensure that after a file key is leaked, other file keys are still safe and it is impossible to obtain any key from the leaked key that can crack other keys Information.

与现有技术相比,本发明的有益效果是:Compared with prior art, the beneficial effect of the present invention is:

本发明提供一种文件保护方法和系统,基于安全目录,通过管理用户、监视文件、分层生成文件密钥和文件管理方法,为任意格式的文件提供实时安全保护。本发明提供的技术方案具有以下优点:The present invention provides a file protection method and system, which provide real-time security protection for files in any format by managing users, monitoring files, generating file keys in layers and a file management method based on a security directory. The technical solution provided by the invention has the following advantages:

首先,用户可以根据需要在权限范围操作文件。对于一个管理员权限的用户而言,可以根据需要创建多个安全目录。就单个安全目录的使用,对于任何进入安全目录的用户而言,使用本系统自定义的用户ticket而不是直接使用用户输入的密码来对用户进行验证,能够在保证用户的密码的安全性情况下正确的验证用户的身份。同时,为了使得多用户共享文件,本发明还设计和维护一个用户权限描述表(UPDL),对于不同的用户,我们赋予其不同的角色,通过为角色授予权限来为用户定义操作和使用安全目录的一系列规则,以实现一个改进的基于角色的访问控制;First, users can operate files within the scope of permissions as needed. For a user with administrator rights, multiple security directories can be created as required. As far as the use of a single security directory is concerned, for any user entering the security directory, use the user ticket customized by the system instead of directly using the password entered by the user to verify the user, which can ensure the security of the user's password Properly authenticate the user's identity. At the same time, in order to enable multiple users to share files, the present invention also designs and maintains a User Permission Description Table (UPDL). For different users, we give them different roles, and define operations and use security directories for users by granting permissions to roles. A set of rules for an improved role-based access control;

其次,考虑到用户的使用方便性,同时实现对于敏感文件实时全面的保护,本发明设计了一个文件监视器。监视器作为后台守护进程一直监控安全目录的文件操作行为,当用户在安全目录新建一个文件,或者从其他文件夹拷贝目录到安全目录中,文件监视器能够立即检测并通知文件管理组件进行文件加密保护。当用户对敏感文件进行修改后,文件监视器也能够监视到该行为并通知文件管理组件对修改后的文件进行重新加密。文件监视器使得用户的行为能够被持续和实时的检测到,用户无需特别的选择某些文件来加密,能够有效防止用户在新建敏感文件之后由于疏忽而遗忘加密的情况;Secondly, considering the user's ease of use and simultaneously realizing real-time and comprehensive protection of sensitive files, the present invention designs a file monitor. As a background daemon process, the monitor has been monitoring the file operation behavior of the safe directory. When the user creates a new file in the safe directory, or copies the directory from other folders to the safe directory, the file monitor can immediately detect and notify the file management component to encrypt the file Protect. When a user modifies a sensitive file, the file monitor can also monitor this behavior and notify the file management component to re-encrypt the modified file. The file monitor enables the user's behavior to be continuously and real-time detected, and the user does not need to specifically select certain files to be encrypted, which can effectively prevent the user from forgetting to encrypt due to negligence after creating a new sensitive file;

再次,现有的加密软件都只能对特定的文件的格式进行加密,对于一些文件格式比如.7Z(7-zip软件使用的格式)和.iso等文件格式都不能进行加密和保护。为了解决这种文件保护依赖于文件格式的问题,本发明自定义了一种新文件格式,将原始敏感文件封装在统一格式文件内,使得任意格式的文件都能在该系统下被加密保护。最后,为了增强本发明的保护系统的安全性,我们还设计了一种分层密钥生成结构。使用主密钥,生成密钥和文件加密密钥三层密钥,最终达到为每一个被保护的文件生成特有的且不相关的加密密钥的目的。既能保证文件加密的核心-主密钥不被频繁使用而导致泄露,又能保证文件加密的密钥定期的更换以增加破解难度。Again, the existing encryption software can only encrypt specific file formats, and cannot encrypt and protect some file formats such as .7Z (the format used by 7-zip software) and .iso. In order to solve the problem that the file protection depends on the file format, the present invention customizes a new file format, and encapsulates the original sensitive file in a unified format file, so that files of any format can be encrypted and protected under the system. Finally, in order to enhance the security of the protection system of the present invention, we also design a hierarchical key generation structure. Using the master key, generating key and file encryption key three-layer key, finally achieve the purpose of generating a unique and irrelevant encryption key for each protected file. It can not only ensure that the core-master key of file encryption is not leaked due to frequent use, but also ensure that the key of file encryption is replaced regularly to increase the difficulty of cracking.

附图说明Description of drawings

图1为本发明实施例的系统结构图。FIG. 1 is a system structure diagram of an embodiment of the present invention.

图2为本发明实施例提供的文件保护方法流程和系统模块关系图。FIG. 2 is a flowchart of a file protection method provided by an embodiment of the present invention and a relationship diagram of system modules.

图3为本发明实施例中用户访问控制的流程图。FIG. 3 is a flowchart of user access control in an embodiment of the present invention.

图4为本发明实施例中定义的统一文件格式。Fig. 4 is a unified file format defined in the embodiment of the present invention.

图5为本发明实施例中的分层密钥管理结构图。FIG. 5 is a structural diagram of hierarchical key management in an embodiment of the present invention.

具体实施方式Detailed ways

下面结合附图,通过实施例进一步描述本发明,但不以任何方式限制本发明的范围。Below in conjunction with accompanying drawing, further describe the present invention through embodiment, but do not limit the scope of the present invention in any way.

本发明提供一种文件保护方法和系统,基于安全目录,通过管理用户、监视文件、分层生成文件密钥和文件管理方法,为任意格式的文件提供实时安全保护。The present invention provides a file protection method and system, which provide real-time security protection for files in any format by managing users, monitoring files, generating file keys in layers and a file management method based on a security directory.

下面以用户在服务器创建一个共享的安全目录为例,对本发明进行详细阐述。图1所示为本实施例的系统结构,图2为本实施例提供的文件保护方法流程和系统模块关系图,本发明具体实施包括以下步骤:The present invention will be described in detail below by taking a shared security directory created by a user on a server as an example. Fig. 1 shows the system structure of the present embodiment, and Fig. 2 is the file protection method process and the system module relationship diagram provided by the present embodiment, and the specific implementation of the present invention includes the following steps:

A1)管理员创建安全目录A1) The administrator creates a security directory

管理员输入账号密码进入文件保护系统,在服务器选择一个安装路径,向文件保护系统申请创建一个安全目录。The administrator enters the account password to enter the file protection system, selects an installation path on the server, and applies to the file protection system to create a safe directory.

管理员选择的安全目录路径将被处理和存储在系统中,同时用户管理模块在接收到管理员信息之后会生成其ID和ticket,并与其权限信息一同组成一条管理员权限记录自动记录在UPDL中。管理员ticket由式1生成:The security directory path selected by the administrator will be processed and stored in the system. At the same time, the user management module will generate its ID and ticket after receiving the administrator information, and form an administrator authority record with its authority information and automatically record it in UPDL . The administrator ticket is generated by Formula 1:

Ticketuhash=(passwordu|rand_numu|device_info) (式1)Ticket u hash=(password u |rand_num u |device_info) (Formula 1)

式1中,Ticketuhash是Ticketu的哈希值,Ticketu是用户u的ticket;passwordu指的是管理员密码;rand_numu指的是用户管理模块为管理员生成的随机数,这个随机数一旦生成则被记录在UPDL中管理员的记录中;而device_info则是指所绑定的设备信息(如小企业的服务器设备信息),在每次需要生成ticket的时候将会被动态抽取,无需记录。得到的ticket将会被计算其哈希值后记录在UPDL中,以便进行用户验证。由于哈希函数的不可逆性,即使得到了ticket,也很难得到用户的密码,因此这样的ticket是安全的。In Formula 1, Ticket u hash is the hash value of Ticket u , and Ticket u is the ticket of user u; password u is the password of the administrator; rand_num u is the random number generated by the user management module for the administrator. Once the number is generated, it will be recorded in the administrator's record in UPDL; and device_info refers to the bound device information (such as the server device information of a small business), which will be dynamically extracted every time a ticket needs to be generated , no logging is required. The obtained ticket will be recorded in UPDL after calculating its hash value for user verification. Due to the irreversibility of the hash function, even if the ticket is obtained, it is difficult to obtain the user's password, so such a ticket is safe.

A2)普通用户注册A2) Ordinary user registration

普通用户登录服务器后,使用被管理员创建的安全目录之前,需要先注册。普通用户注册后,用户管理模块将会接受用户的用户名和密码,并为该用户生成一条{ID,角色,用户码,起始时间,终止时间,ticket,随机数}的七元组记录自动保存在UPDL中。其实ID是UPDL为每个用户分配的ID,用户码是用户名的哈希值,起始时间和终止时间指的是用户能够使用安全目录的生命周期,ticket的生成方式如式1所述。角色信息默认是普通用户。After ordinary users log in to the server, they need to register first before using the security directory created by the administrator. After a common user registers, the user management module will accept the user's username and password, and generate a seven-tuple record of {ID, role, user code, start time, end time, ticket, random number} for the user and save it automatically in UPDL. In fact, the ID is the ID assigned by UPDL to each user, the user code is the hash value of the user name, the start time and the end time refer to the life cycle of the user's access to the security directory, and the generation method of the ticket is as described in formula 1. The default role information is a common user.

A3)用户登录A3) User login

图3为本发明实施例中用户访问控制的流程图。用户登录安全目录以操作敏感文件。在用户输入用户名密码登陆时,用户管理模块会接收用户输入的登录用户名和密码后,并且用模块内的检验机制来判断该用户是否是合法用户。检验时,用户管理模块的访问控制由式1生成一个临时的ticket,随后解密UPDL查找该用户的记录。在对比记录的ticket和临时ticket后,如果两者完全一致,则该用户登录成功进入安全目录,否则系统将会判定该用户非法并拒绝用户进入安全目录。FIG. 3 is a flowchart of user access control in an embodiment of the present invention. Users log into the secure directory to manipulate sensitive files. When the user enters the username and password to log in, the user management module will receive the login username and password input by the user, and use the verification mechanism in the module to determine whether the user is a legitimate user. When checking, the access control of the user management module generates a temporary ticket according to formula 1, and then decrypts the UPDL to find the user's record. After comparing the recorded ticket with the temporary ticket, if the two are exactly the same, the user has successfully logged in and entered the security directory, otherwise the system will determine that the user is illegal and refuse the user to enter the security directory.

A4)合法用户新建文件A4) Legal users create new files

合法用户使用本发明在安全目录内新建一个文件。本发明所设计的文件监视器将会调用内部函数实时的监控安全目录中的用户行为,当探测到用户的这一“新建文件”操作时,文件监视器立即通知文件管理模块对文件进行保护。文件管理模块接收到文件监视器的文件保护请求。A legitimate user uses the present invention to create a new file in the safe directory. The file monitor designed by the present invention will call the internal function to monitor the user's behavior in the safe directory in real time. When detecting the user's "new file" operation, the file monitor will immediately notify the file management module to protect the file. The file management module receives a file protection request from the file monitor.

A5)生成文件加密密钥A5) Generate file encryption key

图5为本发明实施例提供的分层密钥管理结构。文件管理模块在收到文件监视器发送的文件保护请求后,向分层密钥管理模块请求该文件的加密密钥。文件加密密钥生成由图5所示的密钥结构。首先,用硬件指纹生成一个主密钥,由主密钥来生成的生成密钥将作为密钥加密UPDL,以及生成各个敏感文件的文件加密密钥。其中生成密钥由式2生成Fig. 5 is a hierarchical key management structure provided by an embodiment of the present invention. After receiving the file protection request sent by the file monitor, the file management module requests the encryption key of the file from the hierarchical key management module. The file encryption key is generated by the key structure shown in Figure 5. First, use hardware fingerprints to generate a master key, and the generated key generated by the master key will be used as a key to encrypt UPDL and generate file encryption keys for each sensitive file. The generated key is generated by formula 2

geneKeySD=ZMK|path_SDmodP (式2)geneKey SD =Z MK|path_SD modP (Formula 2)

式2中,MK是位于图5结构顶端的主密钥,而pathSD是在创建安全目录时指定的安全目录地址的哈希值。P是一个大质数,而Z则是P有限域中的质因子。通过式2计算出生成密钥之后,密钥管理模块通过式3最终生成该文件的文件加密密钥:In Formula 2, MK is the master key at the top of the structure in Figure 5, and path SD is the hash value of the security directory address specified when creating the security directory. P is a large prime number, and Z is a prime factor in the finite field of P. After calculating the generated key through formula 2, the key management module finally generates the file encryption key of the file through formula 3:

其中,geneKeySD指的是式2中所生成的生成密钥,而则是由式4生成的针对每个文件不同的文件信息。G是一种构造函数,用于增强整个生成函数的安全性(如选取奇数位的值构造文件加密密钥)Among them, geneKey SD refers to the generation key generated in formula 2, and It is different file information for each file generated by Formula 4. G is a constructor used to enhance the security of the entire generator function (such as selecting an odd-numbered value to construct a file encryption key)

在式4中,是每个文件不同的消息认证码,而则是记录在统一格式文件中每个文件不同的随机数,devinfo指的是在文件信息生成时动态抽取的与安全目录绑定的设备信息的哈希值。In Equation 4, is a different message authentication code for each file, and It is a different random number recorded in the uniform format file for each file, and dev info refers to the hash value of the device information bound to the security directory that is dynamically extracted when the file information is generated.

A6)返回文件加密密钥A6) Return the file encryption key

分层密钥管理模块将生成的该文件的加密密钥返回给文件管理模块。The hierarchical key management module returns the generated encryption key of the file to the file management module.

A7)生成统一格式文件A7) Generate a unified format file

文件加密模块在接收到文件加密密钥之后,使用对称加密算法对敏感文件的内容信息进行加密,并将文件加密密钥,原始文件名等信息作为文件头,封装为一种统一的被保护文件格式,图4为本发明实施例中定义的统一文件格式,其中,一个被保护文件的文件头首先用一个8Byte的十六进制字符串来指示统一格式文件的总长度,紧接着的8Bytes则表示了统一格式文件头的长度。接下来的32Byte是和安全目录绑定的设备信息的哈希值,和一个16Byte的随机数,以及用于检验被保护文件完整性的32Byte的消息认证码。在统一格式文件头的最后还包含了初始文件的文件名和其长度,用于在解密还原原文件。在统一格式文件头之后是加密后的原文件,作为统一格式文件的文件内容,以密文的形式呈现。由于文件内容的大小未知并且可能会相当大,因此采用对称加密算法对文件内容进行加密。After the file encryption module receives the file encryption key, it uses a symmetric encryption algorithm to encrypt the content information of the sensitive file, and uses the file encryption key, the original file name and other information as the file header, and encapsulates it into a unified protected file format, Fig. 4 is the unified file format defined in the embodiment of the present invention, wherein, the file header of a protected file at first indicates the total length of the unified format file with a hexadecimal character string of 8Byte, followed by 8Bytes then Indicates the length of the unified format file header. The next 32Byte is the hash value of the device information bound to the security directory, a 16Byte random number, and a 32Byte message authentication code used to verify the integrity of the protected file. The file name and length of the original file are also included at the end of the unified format file header, which are used for decrypting and restoring the original file. After the unified format file header is the encrypted original file, which is presented as the content of the unified format file in the form of ciphertext. Since the size of the file content is unknown and can be quite large, the file content is encrypted using a symmetric encryption algorithm.

A8)用户打开一个被保护文件A8) The user opens a protected file

用户打开阅读一个被保护的文件。文件监视器检测到用户的打开操作,通知文件管理模块对文件实施解密以供用户使用。The user opens a protected file for reading. The file monitor detects the user's opening operation, and notifies the file management module to decrypt the file for use by the user.

A9)分层密钥管理模块返回解密密钥A9) The hierarchical key management module returns the decryption key

分层密钥管理模块根据式3生成该文件的文件解密密钥,并返回给文件管理模块。The hierarchical key management module generates the file decryption key of the file according to Formula 3, and returns it to the file management module.

本实施例采用对称加密密钥,其中加密密钥和解密密钥是相同的,所以也通过式3生成解密密钥。本实施例中不存储密钥,每次均由式3动态生成密钥。This embodiment adopts a symmetric encryption key, where the encryption key and the decryption key are the same, so the decryption key is also generated by formula 3. In this embodiment, the key is not stored, and the key is dynamically generated by formula 3 each time.

A10)文件管理模块恢复被保护文件A10) The file management module restores protected files

文件管理模块接收到分层密钥管理模块返回的文件解密密钥,使用解密密钥对被该保护的文件进行解密,并恢复为原始文件,供用户使用。The file management module receives the file decryption key returned by the hierarchical key management module, uses the decryption key to decrypt the protected file, and restores it to the original file for use by the user.

A11)用户拷贝一个文件至安全目录A11) The user copies a file to the safe directory

用户拷贝一个文件至安全目录,安全目录中出现了新的未保护的文件。文件监视器检测安全目录中的用户行为,捕捉到新文件被拷贝至安全目录中,立即通知文件管理模块,文件管理模块将新拷贝的文件按照新建文件的保护方法加密封装成被保护文件。The user copies a file to the safe directory, and a new unprotected file appears in the safe directory. The file monitor detects user behavior in the safe directory, captures that a new file is copied to the safe directory, and immediately notifies the file management module, which encrypts and encapsulates the newly copied file into a protected file according to the protection method of the newly created file.

A12)用户从安全目录拷贝文件A12) The user copies files from the secure directory

用户从安全目录中拷贝一个被保护的文件到别的文件夹,文件所在的文件夹路径发生了改变。密钥生成模块根据式2所生成的生成密钥由于path_SD的改变而发生了变化,从而此时的文件解密密钥和正确的解密密钥已经不同,文件不能被解密复原,保证了敏感文件只能在安全目录中操作,控制了敏感文件的传播。The user copies a protected file from the security directory to another folder, and the path of the folder where the file is located has changed. The generated key generated by the key generation module according to formula 2 has changed due to the change of path_SD, so the file decryption key at this time is different from the correct decryption key, and the file cannot be decrypted and restored, ensuring that sensitive files can only be decrypted. The ability to operate in a secure directory controls the spread of sensitive files.

A13)用户修改文件A13) The user modifies the file

用户修改了一个敏感文件后,文件的摘要信息发生了变化,文件监视器检测到用户的修改行为,通知文件管理模块对文件进行重新加密封装。文件管理模块接收从密钥管理模块传递的新的文件加密密钥对原文件的内容从新加密并且封装成新的统一格式文件保存在安全目录中。由于文件摘要发生了变化,旧的密钥将不能对修改后的文件进行解密。After a user modifies a sensitive file, the summary information of the file changes. The file monitor detects the user's modification behavior and notifies the file management module to re-encrypt and package the file. The file management module receives the new file encryption key transmitted from the key management module, re-encrypts the content of the original file and encapsulates it into a new unified format file and saves it in the safe directory. Since the file digest has changed, the old key will not be able to decrypt the modified file.

A14)管理员修改普通用户权限A14) Administrators modify ordinary user permissions

管理员根据公司的人事调动修改普通用户的相关权限。用户管理模块用式2的生成密钥对UPDL进行解密。管理员通过修改用户的角色来修改用户的权限。修改完毕之后用户管理模块会将UPDL自动保存加密。The administrator modifies the relevant permissions of ordinary users according to the company's personnel transfer. The user management module decrypts the UPDL with the key generated in Formula 2. The administrator modifies the user's permissions by modifying the user's role. After modification, the user management module will automatically save and encrypt the UPDL.

上述实施例中,本发明技术方案能够实现如下效果:In the above embodiments, the technical solution of the present invention can achieve the following effects:

(一)现存的文件保护系统(如典型的windows文件保护系统EFS)以磁盘分区为单位进行文件保护,一次对文件的保护就是对磁盘的一次加密。由于磁盘分区的大小往往非常的大,加密时间相当的长。实验表明,同等大小的文件,EFS的保护时间是本发明的数十倍。而本发明以文件为单位对敏感文件进行保护,保护一个文件的时间远小于EFS等文件系统;(1) Existing file protection systems (such as the typical Windows file protection system EFS) perform file protection in units of disk partitions, and one time of file protection is exactly one encryption of the disk. Since the size of the disk partition is often very large, the encryption time is quite long. Experiments show that for files of the same size, the protection time of EFS is dozens of times longer than that of the present invention. However, the present invention protects sensitive files in units of files, and the time to protect a file is far shorter than file systems such as EFS;

(二)流行的文件保护软件对于文件的保护都是基于特定的格式的。对于一些非软件指定的格式,无法使用软件来进行保护。而现实的小型企业在管理敏感文件时,文件的种类往往是非常多且难以预知的,在这样的情况下,文件保护软件就不能对企业敏感文件提供全面可靠的保护措施。本发明提出的文件保护系统是一种文件格式无关的系统,无论原始文件的格式是什么,都会被加密封装为一种统一的格式,克服了现存的文件加密软件只能加密特定格式的文件的缺陷;(2) The protection of files by popular file protection software is based on specific formats. For some non-software-specified formats, software cannot be used for protection. However, when real small enterprises manage sensitive files, the types of files are often very large and unpredictable. Under such circumstances, file protection software cannot provide comprehensive and reliable protection measures for enterprise sensitive files. The file protection system proposed by the present invention is a file format-independent system. No matter what the format of the original file is, it will be encrypted and packaged into a unified format, which overcomes the problem that the existing file encryption software can only encrypt files of a specific format. defect;

(三)由于该系统是基于安全目录的,且绑定特定设备,也是说,如果将敏感文件拷贝到其他设备或其他目录中,敏感文件都不能被正确的解密阅读,保证了敏感文件只能在管理员的控制下进行操作,限制了敏感文件的传播;(3) Since the system is based on a secure directory and bound to a specific device, that is to say, if sensitive files are copied to other devices or other directories, the sensitive files cannot be decrypted and read correctly, ensuring that the sensitive files can only be Operating under the control of administrators, limiting the dissemination of sensitive files;

(四)现存的所有文件保护工具都不具备用户权限管理的功能,对于所有的用户,只要拥有密码就可以随意解密查看和修改文件内容。这样的文件保护方式只能基于本机,而在小型企业中,为了方便信息的管理,一些隐私文件不能不被放在服务器上共享,这就需要一种灵活的用户管理方式来针对不同等级的用户。本发明提出的改进的基于角色的访问控制方式为不同的用于定义了不同的角色,通过为角色赋予不同的权限来达到对用户进行管理的目的,使得本发明在多用户共享的环境中也能很好的发挥作用。(4) All existing file protection tools do not have the function of user rights management. For all users, as long as they have a password, they can decrypt and view and modify the file content at will. Such a file protection method can only be based on the local machine, and in small enterprises, in order to facilitate information management, some private files must be shared on the server, which requires a flexible user management method for different levels of users. user. The improved role-based access control method proposed by the present invention defines different roles for different users, and achieves the purpose of managing users by assigning different permissions to the roles, so that the present invention can also be used in an environment shared by multiple users. works well.

需要注意的是,公布实施例的目的在于帮助进一步理解本发明,但是本领域的技术人员可以理解:在不脱离本发明及所附权利要求的精神和范围内,各种替换和修改都是可能的。因此,本发明不应局限于实施例所公开的内容,本发明要求保护的范围以权利要求书界定的范围为准。It should be noted that the purpose of the disclosed embodiments is to help further understand the present invention, but those skilled in the art can understand that various replacements and modifications are possible without departing from the spirit and scope of the present invention and the appended claims of. Therefore, the present invention should not be limited to the content disclosed in the embodiments, and the protection scope of the present invention is subject to the scope defined in the claims.

Claims (10)

1.一种文件保护方法,该方法基于安全目录,通过管理用户、监视文件、分层生成文件密钥和文件管理,为任意格式的文件提供实时安全保护,包括如下步骤:1. A kind of file protection method, this method is based on safe directory, by managing user, monitoring file, layered generation file key and file management, provides real-time security protection for the file of any format, comprises the steps: 1)系统管理员创建安全目录;根据所述系统管理员信息生成所述系统管理员ID和系统管理员ticket;将所述系统管理员ID和系统管理员ticket,与所述系统管理员的权限信息一同组成一条系统管理员的权限记录,自动记录在用户权限描述表中;所述系统管理员的ticket包括所述系统管理员密码、为所述系统管理员生成的随机数和与安全目录绑定的设备信息;所述与安全目录绑定的设备信息在每次需要生成ticket的时候被动态抽取;1) The system administrator creates a security directory; generates the system administrator ID and the system administrator ticket according to the system administrator information; combines the system administrator ID and the system administrator ticket with the authority of the system administrator The information together forms a permission record of the system administrator, which is automatically recorded in the user permission description table; the ticket of the system administrator includes the password of the system administrator, the random number generated for the system administrator, and the security directory. Specified device information; the device information bound to the security directory is dynamically extracted each time a ticket needs to be generated; 2)普通用户通过输入用户信息进行注册,所述用户信息包括用户名和密码,将所述用户信息和动态抽取得到的所述与安全目录绑定的设备信息进行串连,生成该用户的用户ticket,再生成一条七元组{用户ID,用户码,用户角色,随机数,起始时间,终止时间,用户ticket},记录在用户权限描述表中;2) Ordinary users register by inputting user information, which includes user name and password, and concatenate the user information with the dynamically extracted device information bound to the security directory to generate a user ticket for the user , and then generate a seven-tuple {user ID, user code, user role, random number, start time, end time, user ticket}, which is recorded in the user permission description table; 3)普通用户进行登录,通过该用户的用户ticket与记录在用户权限描述表中的该用户的ticket进行比较,确定是否登录成功;3) A common user logs in, and compares the user ticket of the user with the ticket of the user recorded in the user authority description table to determine whether the login is successful; 4)当普通用户新建文件时,执行如下操作:4) When a common user creates a new file, perform the following operations: 通过持续监测安全目录中的用户行为,当用户在安全目录中新建一个文件时,该新建文件即为需要保护的文件,首先为所述新建文件生成文件加密密钥,再利用所述新建文件的加密密钥,加密新建文件的内容并封装为自定义的统一格式文件,由此保护所述新建文件;By continuously monitoring user behavior in the safe directory, when a user creates a new file in the safe directory, the newly created file is a file that needs to be protected. First, a file encryption key is generated for the newly created file, and then the newly created file is used to An encryption key, which encrypts the content of the newly created file and encapsulates it into a custom unified format file, thereby protecting the newly created file; 5)当用户修改现有被保护的文件时,通过解密密钥对所述文件进行解密,并恢复为原文件格式;用户对原文件进行修改并保存后,再采用步骤4)所述保护方法对该文件进行重新保护。5) When the user modifies the existing protected file, the file is decrypted by the decryption key and restored to the original file format; after the user modifies and saves the original file, the protection method described in step 4) is adopted Reprotect the file. 2.如权利要求1所述文件保护方法,其特征是,步骤1)所述系统管理员ticket由式1生成:2. The file protection method according to claim 1, wherein the system manager ticket in step 1) is generated by formula 1: Ticketuhash=(passwordu|rand_numu|device_info) (式1)Ticket u hash=(password u |rand_num u |device_info) (Formula 1) 式1中,Ticketuhash是Ticketu的哈希值;Ticketu是用户u的ticket;passwordu指的是管理员密码;rand_numu指的是用户管理模块为管理员生成的随机数,这个随机数一旦生成则被记录在用户权限描述表中系统管理员的记录中;device_info是指安全目录所绑定的设备信息。In Formula 1, Ticket u hash is the hash value of Ticket u ; Ticket u is the ticket of user u; password u is the password of the administrator; rand_num u is the random number generated by the user management module for the administrator. Once the number is generated, it will be recorded in the record of the system administrator in the user rights description table; device_info refers to the device information bound to the security directory. 3.如权利要求1所述文件保护方法,其特征是,步骤2)具体执行如下操作:3. the file protection method as claimed in claim 1, is characterized in that, step 2) specifically performs the following operations: 21)根据用户的用户名和用户密码为该用户生成一个随机数;21) Generate a random number for the user according to the user's username and user password; 22)将该随机数、用户密码和动态提取的与安全目录绑定的设备信息进行串连,用哈希函数进行运算,得到该用户的用户ticket;22) concatenate the random number, the user password and the dynamically extracted device information bound to the security directory, and perform operations with a hash function to obtain the user ticket of the user; 23)生成一条七元组{用户ID,用户码,用户角色,随机数,起始时间,终止时间,用户ticket},记录在用户权限描述表中。23) Generate a seven-tuple {user ID, user code, user role, random number, start time, end time, user ticket}, and record it in the user permission description table. 4.如权利要求1所述文件保护方法,其特征是,所述与安全目录绑定的设备信息为创建安全目录的本地计算机或服务器。4. The file protection method according to claim 1, wherein the device information bound to the security directory is a local computer or server that creates the security directory. 5.如权利要求1所述文件保护方法,其特征是,步骤3)确定用户是否登录成功,具体通过执行如下操作来完成:5. The file protection method as claimed in claim 1, wherein step 3) determines whether the user logs in successfully, specifically by performing the following operations: 获取用户名和用户密码,按照步骤2)所述生成用户ticket的方法为该用户生成一张临时ticket,并解密扫描用户权限描述表,得到记录在用户权限描述表中的该用户的ticket;Obtain username and user password, generate a temporary ticket for the user according to the method of generating the user ticket described in step 2), and decrypt and scan the user authority description table to obtain the user's ticket recorded in the user authority description table; 将所述临时ticket与所述记录在用户权限描述表中的该用户的ticket进行比较,若完全相同,登录成功;否则拒绝用户登录,用户登录失败。Comparing the temporary ticket with the user's ticket recorded in the user authority description table, if they are identical, the login is successful; otherwise, the user login is rejected, and the user login fails. 6.如权利要求1所述文件保护方法,其特征是,步骤4)对文件进行保护,具体执行如下操作:6. the file protection method as claimed in claim 1, is characterized in that, step 4) file is protected, specifically perform the following operations: 41)为该新建文件生成文件加密密钥,所述文件加密密钥为三层密钥结构;所述生成文件加密密钥的具体方法是:针对所述文件生成一个主密钥,再利用所述文件的摘要、所述文件对应的随机数、所述设备信息的哈希值和安全目录的绝对路径的哈希值,通过两层计算生成该文件的加密密钥;41) Generate a file encryption key for the new file, and the file encryption key is a three-layer key structure; the specific method for generating the file encryption key is: generate a master key for the file, and then use the The abstract of the file, the random number corresponding to the file, the hash value of the device information and the hash value of the absolute path of the security directory, generate the encryption key of the file through two-layer calculation; 42)利用所述加密密钥,加密所述文件的内容,封装为自定义的统一格式文件,由此完成对所述文件进行保护。42) Using the encryption key to encrypt the content of the file, and package it into a self-defined unified format file, thereby completing the protection of the file. 7.如权利要求6所述文件保护方法,其特征是,所述生成一个主密钥具体通过硬件指纹生成一个主密钥;所述两层计算生成加密密钥,具体是:通过式3生成文件加密密钥:7. The file protection method as claimed in claim 6, wherein said generating a master key specifically generates a master key through a hardware fingerprint; said two-layer calculation generates an encryption key, specifically: generating through formula 3 File encryption key: 式3中,geneKeySD指的是通过式2生成的生成密钥;则是由式4生成的针对每个文件不同的文件信息;G是构造函数,用于增强整个生成函数的安全性;In formula 3, geneKey SD refers to the generated key generated by formula 2; It is different file information for each file generated by formula 4; G is a constructor, which is used to enhance the security of the entire generation function; 所述式2为:Described formula 2 is: geneKeySD=ZMK|path_SDmod P (式2)geneKey SD =Z MK|path_SD mod P (Formula 2) 式2中,MK是主密钥;path_SD是在创建安全目录时指定的安全目录地址的哈希值;P是一个大质数;Z是P有限域中的质因子;In Formula 2, MK is the master key; path_SD is the hash value of the security directory address specified when creating the security directory; P is a large prime number; Z is the prime factor in the finite field of P; 所述式4为:Described formula 4 is: 式4中,是每个文件不同的消息认证码;是记录在统一格式文件中每个文件不同的随机数;devinfo指的是在文件信息生成时动态抽取的与安全目录绑定的设备信息的哈希值。In formula 4, is a different message authentication code for each file; It is a different random number recorded in the uniform format file for each file; dev info refers to the hash value of the device information bound to the security directory that is dynamically extracted when the file information is generated. 8.如权利要求1所述文件保护方法,其特征是,步骤4)所述自定义的统一文件格式具体包括文件头和文件内容,具体如下:8. the file protection method as claimed in claim 1, is characterized in that, step 4) described self-defining unified file format specifically comprises file header and file content, specifically as follows: 42a)所述文件头包括一个用于指示统一格式文件的总长度的8Bytes 的十六进制字符串和一个表示统一格式文件头的长度的8Bytes的十六进制字符串;42a) The file header includes a hexadecimal string of 8Bytes for indicating the total length of the unified format file and a hexadecimal string of 8Bytes representing the length of the unified format file header; 42b)所述文件头还包括紧接着的32Bytes 的和安全目录绑定的设备信息的哈希值、一个16Bytes 的随机数和用于检验被保护文件完整性的32Bytes 的消息认证码;42b) The file header also includes the following 32Bytes hash value of the device information bound to the security directory, a 16Bytes random number and a 32Bytes message authentication code for verifying the integrity of the protected file; 42c)在所述文件头的最后包含初始文件的文件名和初始文件的长度,用于在解密时还原原文件;42c) include the file name of the initial file and the length of the initial file at the end of the file header, for restoring the original file when decrypting; 42d)在所述文件头之后是加密后的原文件,作为统一格式文件的文件内容,以密文的形式呈现。42d) After the file header is the encrypted original file, which is presented in the form of ciphertext as the file content of the unified format file. 9.一种实现权利要求1~8任一所述文件保护方法的文件保护系统,所述文件保护系统包括用户管理模块、文件监视器、文件管理模块和分层密钥管理模块;9. A file protection system for realizing the file protection method according to any one of claims 1 to 8, said file protection system comprising a user management module, a file monitor, a file management module and a layered key management module; 用户管理模块用于控制用户对于安全目录的访问,实现用户权限分配和用户认证;所述安全目录的创建为安全目录的管理者,拥有对用户权限描述表的操作权限;所述用户认证使用自定义的用户ticket来进行用户身份的验证;用户的所有权限信息都记录在用户权限描述表中;The user management module is used to control the user's access to the security directory, and realizes user authority distribution and user authentication; the creation of the security directory is the manager of the security directory, and has the operation authority to the user authority description table; the user authentication uses the The defined user ticket is used to verify the identity of the user; all the permission information of the user is recorded in the user permission description table; 文件监视器用于持续检测安全目录中的用户操作并实时做出是否对文件进行保护的响应;The file monitor is used to continuously detect user operations in the security directory and respond in real time whether to protect the file; 文件管理模块用于对文件提供安全保护,所述保护通过提取出文件内容进行加密之后重新封装为统一格式文件;The file management module is used to provide security protection for the file, and the protection is repackaged into a unified format file after extracting the file content for encryption; 分层密钥管理模块用于产生文件的三层密钥生成结构,所述三层密钥生成结构包括主密钥、生成密钥和文件加密密钥,以达到对文件进行加密或解密的目的。The hierarchical key management module is used to generate the three-layer key generation structure of the file, and the three-layer key generation structure includes the master key, the generation key and the file encryption key, so as to achieve the purpose of encrypting or decrypting the file . 10.如权利要求9所述文件保护系统,其特征是,所述统一格式文件的格式包括文件头和文件内容,所述文件内容为原文件加密后的密文;所述文件头包括原始文件名、原始文件名长度、封装后文件总长度、文件头长度、设备信息哈希值和消息验证码的明文。10. file protection system as claimed in claim 9, is characterized in that, the format of described unified format file comprises file header and file content, and described file content is the ciphertext after original file encryption; Described file header comprises original file Name, length of original file name, total length of encapsulated file, length of file header, hash value of device information and plain text of message authentication code.
CN201610064511.9A 2016-01-29 2016-01-29 A kind of document protection method and system Active CN105740725B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610064511.9A CN105740725B (en) 2016-01-29 2016-01-29 A kind of document protection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610064511.9A CN105740725B (en) 2016-01-29 2016-01-29 A kind of document protection method and system

Publications (2)

Publication Number Publication Date
CN105740725A CN105740725A (en) 2016-07-06
CN105740725B true CN105740725B (en) 2018-08-28

Family

ID=56248016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610064511.9A Active CN105740725B (en) 2016-01-29 2016-01-29 A kind of document protection method and system

Country Status (1)

Country Link
CN (1) CN105740725B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106650492B (en) * 2016-12-14 2019-06-07 北京大学 A kind of multiple device file guard method and device based on security catalog
CN108985075A (en) * 2017-06-02 2018-12-11 成都小娱网络科技有限公司 A kind of image file disk encryption system and method for lightweight
CN109598137B (en) * 2017-09-30 2021-08-13 广东亿迅科技有限公司 Method and system for safely processing data
CN110688647A (en) * 2018-07-06 2020-01-14 英研智能移动股份有限公司 Computer task determination method and server system applying the method
CN109299617A (en) * 2018-09-19 2019-02-01 中国农业银行股份有限公司贵州省分行 A kind of file encryption and decryption system
CN110046134B (en) * 2019-04-09 2021-08-31 北京信安世纪科技股份有限公司 Database log recording method and system and database log recording detection method
CN110166458B (en) * 2019-05-23 2022-08-02 王怀尊 Three-level key encryption method
CN112398791B (en) * 2019-08-15 2023-08-01 奇安信安全技术(珠海)有限公司 Method and device for protecting website from tampering, system, storage medium and electronic device
CN112380554A (en) * 2020-11-26 2021-02-19 北京京航计算通讯研究所 Electronic document encryption calibration system and method based on operating system
CN113377813B (en) * 2021-06-08 2023-08-29 上海商米科技集团股份有限公司 Global unique identification code generation method, device, system and computer readable medium
CN114490541A (en) * 2021-12-24 2022-05-13 云南云电同方科技有限公司 Method and system for storing file on block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101652767A (en) * 2007-03-30 2010-02-17 微软公司 Model-based access control
CN102201040A (en) * 2010-03-22 2011-09-28 北京大学 Method, system and device for processing electronic documents
CN104125069A (en) * 2014-07-07 2014-10-29 武汉理工大学 Secure file catalogue file encryption system towards sharing
CN104717643A (en) * 2013-12-12 2015-06-17 北京大学 Mobile device safety communication platform

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7921284B1 (en) * 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
WO2014036403A2 (en) * 2012-08-31 2014-03-06 Pkware, Inc. System and methods for data verification and replay prevention

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101652767A (en) * 2007-03-30 2010-02-17 微软公司 Model-based access control
CN102201040A (en) * 2010-03-22 2011-09-28 北京大学 Method, system and device for processing electronic documents
CN104717643A (en) * 2013-12-12 2015-06-17 北京大学 Mobile device safety communication platform
CN104125069A (en) * 2014-07-07 2014-10-29 武汉理工大学 Secure file catalogue file encryption system towards sharing

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"SDDRM:基于分段的电子文档动态版权管理";许东阳等;《北京大学学报(自然科学版)》;20120731;第48卷(第4期);第565-573页 *
"The UCONABC Usage Control Model";Jaehong Park et al.;《ACM Transactions on Information and System Security》;20040229;第7卷(第1期);第128-174页 *
"基于角色和规则引擎的UCON应用模型";熊智等;《计算机工程与设计》;20130331;第34卷(第3期);第831-836页 *

Also Published As

Publication number Publication date
CN105740725A (en) 2016-07-06

Similar Documents

Publication Publication Date Title
CN105740725B (en) A kind of document protection method and system
JP6606156B2 (en) Data security service
CN102546764B (en) Safe access method of cloud storage system
US8799651B2 (en) Method and system for encrypted file access
US8245042B2 (en) Shielding a sensitive file
JP4240297B2 (en) Terminal device, authentication terminal program, device authentication server, device authentication program
CN102483792B (en) Method and device for sharing documents
US20140019753A1 (en) Cloud key management
JP5833146B2 (en) Apparatus and method for preventing leakage of confidential data
JP6300286B1 (en) Access management system, access management method and program
CN109923548A (en) Method, system and the computer program product that encryption data realizes data protection are accessed by supervisory process
CN109361668A (en) A method of reliable data transmission
WO2002023797A1 (en) System for establishing an audit trail to protect objects distributed over a network
CN105827574A (en) File access system, file access method and file access device
CN106533693B (en) Access method and device of railway vehicle monitoring and overhauling system
JP5380063B2 (en) DRM system
JP2022531538A (en) Cryptographic system
WO2001073533A1 (en) System and method for safeguarding electronic files and digital information in a network environment
KR102055888B1 (en) Encryption and decryption method for protecting information
CN114942729A (en) Data safety storage and reading method for computer system
JP2018110442A (en) Access management system, access management method, and program
CN106650492B (en) A kind of multiple device file guard method and device based on security catalog
CN100525176C (en) Preventing system for information leakage under cooperative work environment and its realizing method
JP2008035449A (en) Data distributing method using self-decryption file and information processing system using the same
JP3840580B1 (en) Software management system and software management program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant