CN100446024C - Protection method and system of electronic document - Google Patents
Protection method and system of electronic document Download PDFInfo
- Publication number
- CN100446024C CN100446024C CNB2007100631028A CN200710063102A CN100446024C CN 100446024 C CN100446024 C CN 100446024C CN B2007100631028 A CNB2007100631028 A CN B2007100631028A CN 200710063102 A CN200710063102 A CN 200710063102A CN 100446024 C CN100446024 C CN 100446024C
- Authority
- CN
- China
- Prior art keywords
- file
- protection
- name
- module
- system filter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
This invention discloses one method to code and protect electron files by use of modifying file names and combining file system filter and intelligent key device and its realization protection system, wherein, this invention adopts file system filter drive to process files; user needs not adopt protection actions when visiting and operating files for user easy; its adopts intelligent key device combining with file system filter coding files to make the file of higher safety.
Description
Technical field
The present invention relates to information security technology, relate in particular to a kind of method and system thereof that carries out the e-file protection that drive by the revised file name and in conjunction with file system filter.
Background technology
Along with the fast development of computer technology and infotech, computing machine has become people's daily life, office and study necessary tool, and more and more data information is preserved on computers by the form of e-file.When this form offered convenience to people, security hidden danger had also appearred---and a lot of document information have confidentiality, can not and distort by desultory reading, therefore need to guarantee the security of sensitive information.At present people mainly utilize and encrypt and cipher verification technique is controlled the visit of illegal operation person to sensitive information, for example utilize various key mechanisms to file encryption, or utilize the password authentification person's that comes the verification operation identity, thereby prevent illegal operation person's access file.
Though above-mentioned document protection method with file encryption can to a certain degree play a protective role to e-file; if but user's cold call file or illegal operation person's access file; because file is stored with the ciphertext form; so file can be attempted automatic recovery, file will damage and can't use like this.And this kind method need be set up the file that listed files is listed encipherment protection, and in a single day listed files is lost just and can not the file of encrypting be decrypted, and causes and can't operate file.And the above-mentioned method of utilizing the password authentification protected file because password is forgotten easily and leaked, also can threaten to the safety of file.So above-mentioned two kinds of methods all can not play effective protective effect to e-file.
Intelligent key apparatus is a kind of small hardware device that has processor and storer, and it can be connected with computing machine by the data communication interface of computing machine.Intelligent key apparatus adopts the legitimacy of password authentification user identity, when carrying out authentication, intelligent key apparatus is linked to each other with computing machine, the user inputs password on computers, the correctness of automatic this password of verification of intelligent key apparatus meeting, have only when the password of user's input is correct, just allow user's operative intelligence key device.Intelligent key apparatus also has the key systematic function, but and safe storage key and preset cryptographic algorithm.The intelligent key apparatus computing relevant with key be fully at the device internal operation, and intelligent key apparatus has the anti-characteristic of attacking of physics, and security is high.If intelligent key technology that can this security is higher is applied to the file protection field, safety of files will improve greatly.
Our structure of the Windows file system used is layering at present, upper level applications access file system all needs to write down and manage by I/O request package (IRP), and each I/O visit all can impel an I/O request package to be sent to the file system driving.In each I/O request package, write down the file handle that obtains when process is opened this document.Usually also can add one deck file system filter on the upper strata that file system drives and drive, it can filter the I/O request package that upper layer application sends, and then sends to the file system Drive Layer.
Summary of the invention
The present invention is directed to the potential safety hazard that e-file under the prior art exists, proposed to utilize the revised file name and drive and intelligent key apparatus carries out the solution of encipherment protection to e-file in conjunction with file system filter.
A kind of e-file guard method comprises the protection to file, and browsing and visiting agent-protected file.
(1) the protection process to file comprises:
Encrypt file;
Revise the original document name of described encrypt file;
Store the described encrypt file of revising filename;
(2) process of browsing agent-protected file comprises:
Upper level applications sends the IRP_MJ_DIRECT_CONTROL request;
By the file system filter driving filename in the request package is reverted to described original document name, and show agent-protected file with described original document name;
(3) process of visit agent-protected file comprises:
Upper level applications sends the IRP_MJ_CREATE request;
File system filter drives makes amendment the mode of the revised file name so that file is implemented protection of the filename in the request package;
Operating system drives sets up file handle;
Upper level applications utilizes described file ten days handle transmission IRP_MJ_READ request to read file, and file system filter drives and is decrypted;
Or upper level applications utilizes described file handle to send IRP_MJ_WRITE request revised file, and file system filter drives and encrypts.
In above-mentioned protection process to file, the operation of encrypt file can be driven by file system filter and finish, and also can be finished by upper level applications.
In above-mentioned protection process to file, the operation of revised file name is to add the signature identification string in the extension name of original document name.
In above-mentioned protection process to file, the operation of revised file name can be driven by file system filter and finish, and also can be finished by upper level applications.
In above-mentioned protection process to file, after finishing the described encrypt file of revising filename of storage, can be with original file delete.
Intelligent key apparatus participates in described file protection, browses or visits the process of agent-protected file.Before carrying out described file protection, browse or visiting agent-protected file, whether system detects intelligent key apparatus and exists, and if there is no then can not carry out file protection, browse or visit the operation of agent-protected file.
The encryption of file or decryption oprerations driven by file system filter call described intelligent key apparatus and finish.
The file protecting system of using above-mentioned e-file guard method comprises: file protection module, document creation module, browsing file module, read file module, written document module and file system filter driver module;
Described file protection module is encrypted and the revised file name file;
Described document creation module receives the document creation request, revises the original document name and creates file handle;
Described browsing file module receives browsing file request, recovery file original document name by name and with the display file of described original document name;
The described file module of reading receives and to read file request, reads file and deciphering by the file system filter driver module according to file handle;
Described written document module receives the written document request, by file system filter driver module encrypt file and according to file handle file is write disk.
Described e-file protection system also comprises the intelligent key apparatus that is called by the file system filter driver module, and file is encrypted or decryption oprerations.
Described e-file protection system also comprises the intelligent key apparatus monitoring module, whether to be connected with intelligent key apparatus in the supervisory system.
Compared with prior art, the invention has the beneficial effects as follows:
(1) the revised file name has guaranteed when user misoperation or unauthorized access file, and system is recovery file automatically not, avoids file destroyed; And the present invention need not set up listed files, has avoided tabulation to lose the trouble that causes;
(2) owing to adopt the file system filter driving that file is handled, the user need not take safeguard measure to file in addition when visit and operation file, convenient for users;
(3) adopt intelligent key apparatus to drive encrypt file, make file have higher security in conjunction with file system filter.
Description of drawings
Fig. 1 is with the process flow diagram of intelligent key apparatus to file encryption;
Fig. 2 is the process flow diagram of user capture agent-protected file;
The structural representation of Fig. 3 e-file protection system.
Embodiment
Now reaching embodiment in conjunction with the accompanying drawings is described in further detail the present invention.
The present invention to the protection mechanism of file is: utilize existing key mechanism to drive in conjunction with file system filter, with shielded file encryption, (embodiment is with the expansion of revised file example by name for the extension name of revised file ciphertext again, the method of revised file name is identical with the method for revised file extension name), drive by file system at last file is write computer disk; When the shielded file of user capture, file system filter drives and automatically filename is reduced to the original document name, and again with file decryption, the user is an accessible file.Below to concrete file protection, browse, open, the read-write process sets forth one by one.
The process that system protects file is:
Step 101, the user selects to want the file protected by upper level applications;
Step 102, upper level applications utilizes cryptographic algorithm to encrypt described file, and the cryptographic algorithm here can adopt existing cryptographic algorithm such as DES, 3DES, AES, can also be driven by file system filter and call the encryption of intelligent key apparatus realization to file;
Step 103, the extension name of the file after upper level applications will be encrypted is made amendment according to certain rule, can also drive the modification of finishing described extension name by file system filter;
Step 104, amended file drive by file system and write the computer disk preservation, simultaneously can be with original file delete.
The process of user's browser document is:
Step 201, the user is the browser document tabulation in explorer, and upper level applications sends the IPR_MJ_DIRECT_CONTROL request to lower floor;
Step 202, file system filter drive the file extent of recovering in IRP request package original document name by name, the file that makes the Windows system show in internal memory original document name by name;
Step 203, the listed files that the user sees in explorer are the listed files that shows with the original document name.
The process that the user opens agent-protected file is:
Step 301, the agent-protected file that user's selection will be opened;
Step 302, upper level applications send the IRP_MJ_CREATE request, at this moment the original document name by name of the file in the request package;
Step 303, file system filter drive to be revised filename in the request package, and this alter mode is identical with alter mode in the step 103;
Step 304 is set up file handle, uses for revised file or when reading file.
The process that the user reads file is:
Step 401, operating system is according to the file handle visit corresponding document that generates in the step 304;
Step 402, upper level applications sends the IRP_MJ_READ request package, reads the ciphertext of file on disk;
Step 403, according in the step 102 to the encryption method of file, adopt corresponding decryption method to drive and call the intelligent key apparatus declassified document by file system filter;
Step 404, system is shown to the user with the file of deciphering.
The process of user's modification file is:
Step 501, file system is according to the file handle visit corresponding document that generates in the step 304;
Step 502, upper level applications sends the IRP_MJ_WRITE request package, adopts corresponding encryption method to call intelligent key apparatus by the file system filter driving amended clear text file is encrypted;
Step 503, the file after system will encrypt is saved on the computer disk.
Ciphering process to file in the said process has adopted file system filter to drive the method for calling intelligent key apparatus, the further like this safety of files that improved.Whether at this moment, needing to add the detection of intelligent key apparatus watchdog routine has intelligent key apparatus to be connected to current system, and mutual and the intelligent key apparatus and the user's of driving of convenience file system filtration and intelligent key apparatus is mutual.When intelligent key apparatus is connected to computing machine, can encrypt or decipher file, when system does not connect intelligent key apparatus, the user can not visit the agent-protected file of encrypting or deciphering with intelligent key apparatus.
With reference to figure 1, as follows to the step of file encryption with intelligent key apparatus:
Step 601 is connected to computing machine with intelligent key apparatus;
With reference to figure 2, when satisfying when having intelligent key apparatus to be connected to the condition of computing machine, the step of user capture agent-protected file is as follows:
Step 701 is connected to computing machine with intelligent key apparatus;
Fig. 3 is the structural representation of e-file protection system.With reference to figure 3, comprising:
Read file module 804---be used to receive the file request of reading that the file system core layer sends, read file and declassified document according to file handle by file system filter driver module 806;
Written document module 805---be used to receive the written document request that the file system core layer is sent, file write disk by file system filter driver module 806 encrypt files and according to file handle;
And file system filter driver module 806 and intelligent key apparatus 807.
Wherein, the encrypt and decrypt documents operation is called intelligent key apparatus 807 realizations by file system filter driver module 806; The operation of revised file name is realized by file system filter driver module 806.
The above embodiment only is the preferred embodiments of the present invention; the invention is not restricted to the foregoing description; for persons skilled in the art; the any conspicuous change of under the prerequisite that does not deviate from the principle of the invention it being done all belongs to the protection domain of design of the present invention and claims.
Claims (13)
1. e-file guard method is characterized in that:
(1) the protection process to file comprises:
Encrypt file;
Revise the original document name of described encrypt file;
Store the described encrypt file of revising filename;
(2) process of browsing agent-protected file comprises:
Upper level applications sends IRP_MJ_DIRECT_CONTROL and asks file system;
By the file system filter driving filename in the request package is reverted to described original document name, and show agent-protected file with described original document name;
(3) process of visit agent-protected file comprises:
Upper level applications sends IRP_MJ_CREATE and asks file system;
File system filter drives makes amendment the mode of the revised file name so that file is implemented protection of the filename in the request package;
Operating system is set up file handle;
Upper level applications utilizes described file handle transmission IRP_MJ_READ to ask file system requests to read file, and file system filter drives and is decrypted;
Or upper level applications utilizes described file handle to send IRP_MJ_WRITE to ask the file system requests revised file, and file system filter drives and encrypts.
2. e-file guard method according to claim 1 is characterized in that: in the protection process to file, the operation of encrypt file is driven by file system filter and finishes.
3. e-file guard method according to claim 1 is characterized in that: in the protection process to file, the operation of encrypt file is finished by upper level applications.
4. e-file guard method according to claim 1 is characterized in that: in the protection process to file, the operation of revised file name is to add the signature identification string in the extension name of original document name.
5. e-file guard method according to claim 1 is characterized in that: in the protection process to file, the operation of revised file name is finished by upper level applications.
6. e-file guard method according to claim 1 is characterized in that: in the protection process to file, the operation of revised file name is driven by file system filter and finishes.
7. e-file guard method according to claim 1 is characterized in that: in the protection process to file, finish behind the described encrypt file of revising filename of storage original file delete.
8. e-file guard method according to claim 1 is characterized in that: intelligent key apparatus participates in described file protection, browses or visits the process of agent-protected file.
9. e-file guard method according to claim 8; it is characterized in that: before carrying out described file protection, browse or visiting agent-protected file; whether system detects intelligent key apparatus and exists, and if there is no then can not carry out file protection, browse or visit the operation of agent-protected file.
10. e-file guard method according to claim 8 is characterized in that: the encryption of file or decryption oprerations are driven by file system filter call described intelligent key apparatus and finish.
11. realize the system of one of claim 1 to 10 described e-file guard method, it is characterized in that comprising: file protection module, document creation module, browsing file module, read file module, written document module and file system filter driver module;
Described file protection module is encrypted and the revised file name file;
Described document creation module receives the document creation request, revises the original document name and creates file handle;
Described browsing file module receives browsing file request, recovery file original document name by name and with the display file of described original document name;
The described file module of reading receives and to read file request, reads file and deciphering by the file system filter driver module according to file handle;
Described written document module receives the written document request, by file system filter driver module encrypt file and according to file handle file is write disk.
12. e-file protection system according to claim 11 is characterized in that: described file system filter driver module comes file is encrypted or decryption oprerations by calling intelligent key apparatus.
13., it is characterized in that: comprise the intelligent key apparatus monitoring module, whether to be connected with intelligent key apparatus in the supervisory system according to right 11 described protection systems to e-file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100631028A CN100446024C (en) | 2007-01-26 | 2007-01-26 | Protection method and system of electronic document |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100631028A CN100446024C (en) | 2007-01-26 | 2007-01-26 | Protection method and system of electronic document |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101008974A CN101008974A (en) | 2007-08-01 |
| CN100446024C true CN100446024C (en) | 2008-12-24 |
Family
ID=38697394
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007100631028A Expired - Fee Related CN100446024C (en) | 2007-01-26 | 2007-01-26 | Protection method and system of electronic document |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100446024C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576908A (en) * | 2009-03-12 | 2009-11-11 | 北京中星微电子有限公司 | Method and system for acquiring file handle by file name |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2942334B1 (en) * | 2009-02-18 | 2011-02-18 | Att | METHOD AND DEVICE FOR SECURING DOCUMENTS AGAINST COUNTERFEITING |
| CN101576947B (en) * | 2009-06-05 | 2012-08-08 | 成都市华为赛门铁克科技有限公司 | Method, device and system for file protection treatment |
| CN101853363B (en) * | 2010-05-07 | 2012-08-08 | 飞天诚信科技股份有限公司 | File protection method and system |
| CN101930521A (en) * | 2010-05-11 | 2010-12-29 | 湖州信安科技有限公司 | File protecting method and device thereof |
| CN102902910B (en) | 2011-07-28 | 2013-10-23 | 腾讯科技(深圳)有限公司 | Method and system for drive protection |
| CN102306255B (en) * | 2011-08-29 | 2013-06-19 | 飞天诚信科技股份有限公司 | Document protection method and system |
| CN102819702B (en) | 2012-07-19 | 2015-11-25 | 腾讯科技(深圳)有限公司 | File encryption operation method and file encryption operational system |
| CN103077354B (en) * | 2013-02-19 | 2015-03-25 | 成都索贝数码科技股份有限公司 | Method for controlling Windows file system access permissions |
| CN103441923B (en) * | 2013-08-27 | 2016-09-28 | 北京明朝万达科技股份有限公司 | A kind of Implementation of File Transfer method and apparatus based on network application software |
| CN105574431B (en) * | 2015-12-10 | 2018-08-03 | 武汉理工大学 | It is a kind of based on mostly as the encrypted file system of file |
| CN106161013A (en) * | 2016-08-30 | 2016-11-23 | 江苏南世桥信息技术有限公司 | A kind of file encrypting method based on computer machine code |
| CN107480538A (en) * | 2017-06-30 | 2017-12-15 | 武汉斗鱼网络科技有限公司 | File encrypting method, device, computer-readable recording medium and equipment |
| CN109271341B (en) * | 2018-08-31 | 2021-10-26 | 黄疆 | Mirror image disk file filtering method |
| CN112035860B (en) * | 2020-09-03 | 2024-08-13 | 深圳市百富智能新技术有限公司 | File encryption method, terminal, device, equipment and medium |
| CN114155885B (en) * | 2022-02-08 | 2022-05-20 | 成都统信软件技术有限公司 | File encryption method, recording method, decryption method, device and computing equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1776563A (en) * | 2005-12-19 | 2006-05-24 | 清华紫光股份有限公司 | File encrypting device based on USB interface |
| CN1794210A (en) * | 2006-01-05 | 2006-06-28 | 北京中讯锐尔科技有限公司 | Data safety storage and processing method of mobile storage equipment |
| CN1832597A (en) * | 2005-03-11 | 2006-09-13 | 佛山市顺德区顺达电脑厂有限公司 | Method for protecting private file in intelligent mobile phone |
-
2007
- 2007-01-26 CN CNB2007100631028A patent/CN100446024C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1832597A (en) * | 2005-03-11 | 2006-09-13 | 佛山市顺德区顺达电脑厂有限公司 | Method for protecting private file in intelligent mobile phone |
| CN1776563A (en) * | 2005-12-19 | 2006-05-24 | 清华紫光股份有限公司 | File encrypting device based on USB interface |
| CN1794210A (en) * | 2006-01-05 | 2006-06-28 | 北京中讯锐尔科技有限公司 | Data safety storage and processing method of mobile storage equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576908A (en) * | 2009-03-12 | 2009-11-11 | 北京中星微电子有限公司 | Method and system for acquiring file handle by file name |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101008974A (en) | 2007-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100446024C (en) | Protection method and system of electronic document | |
| CN104951409B (en) | A hardware-based full disk encryption system and encryption method | |
| US6292899B1 (en) | Volatile key apparatus for safeguarding confidential data stored in a computer system memory | |
| US6351813B1 (en) | Access control/crypto system | |
| EP2165284B1 (en) | Method and apparatus for securing data in memory device | |
| US8296585B2 (en) | Method of encrypting/decrypting the document and a safety management storage device and system method of its safety management | |
| US20090150631A1 (en) | Self-protecting storage device | |
| US20080016127A1 (en) | Utilizing software for backing up and recovering data | |
| CN101256609B (en) | memory card and security method thereof | |
| CN102831346B (en) | A kind of file protecting system carries out the method for file encryption-decryption | |
| US20050246551A1 (en) | System and method for rendering selective presentation of documents | |
| CN100535876C (en) | Smart card and USB combined equipment and method of self-destroy forillegal access and try to pass valve value | |
| US20080123858A1 (en) | Method and apparatus for accessing an encrypted file system using non-local keys | |
| CN103440462A (en) | Embedded control method for improving security and secrecy performance of security microprocessor | |
| CN101114256B (en) | Real-time data privacy method | |
| CN201590091U (en) | Encryption type memory card read/write device based on password authentication | |
| JP2009526472A (en) | Data security including real-time key generation | |
| CN106100851B (en) | Password management system, intelligent wristwatch and its cipher management method | |
| CN100399304C (en) | Method for automatic protecting magnetic disk data utilizing filter driving program combined with intelligent key device | |
| CN111539042B (en) | Safe operation method based on trusted storage of core data files | |
| CN1266617C (en) | A kind of computer data protection method | |
| CN103873521A (en) | Cloud architecture-based mobile phone privacy file protection system and method | |
| CN101539972A (en) | Method for protecting electronic document information and system thereof | |
| CN101339589B (en) | Method for implementing information safety by dummy machine technology | |
| JP2006172351A (en) | Method and system for managing expiration date of contents using removable media |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN TECHNOLOGY CO., LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co.,Ltd. Address before: 100083, Haidian District, Xueyuan Road, Beijing No. 40 research, 7A building, 5 floor Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20081224 |