CN103065082A - Software security protection method based on Linux system - Google Patents
Software security protection method based on Linux system Download PDFInfo
- Publication number
- CN103065082A CN103065082A CN2012102288067A CN201210228806A CN103065082A CN 103065082 A CN103065082 A CN 103065082A CN 2012102288067 A CN2012102288067 A CN 2012102288067A CN 201210228806 A CN201210228806 A CN 201210228806A CN 103065082 A CN103065082 A CN 103065082A
- Authority
- CN
- China
- Prior art keywords
- file
- linux system
- key
- data
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000012545 processing Methods 0.000 claims abstract description 19
- 238000007726 management method Methods 0.000 claims abstract description 12
- 230000003139 buffering effect Effects 0.000 claims abstract description 8
- 238000001914 filtration Methods 0.000 claims abstract description 6
- 238000005192 partition Methods 0.000 claims description 14
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 7
- 241001269238 Data Species 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000007850 degeneration Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 238000011176 pooling Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of information security, and particularly relates to a software security protection method based on a Linux system. The software security protection method based on the Linux system aims to solve the problems that soft encryption strength is low, encryption speed is slow and the like in a traditional Linux system. By combining with a hardware encryption card, the software security protection method based on the Linux system improves the encryption protection intensity and processing speed of software, and reduces the influence on time sequence. The software security protection method based on the Linux system comprises a first step of combining the software security protection method based on the Linux system with the hardware encryption card and adopting a multi-level key management mechanism, a second step of adopting a classification filtering strategy and formulating a security file management method, a third step of establishing a security strategy abstract, loading the security strategy in a kernel policy repository, and processing a read-write request through a strategy security file module, a fourth step of utilizing a page buffering function to carry out data double buffering processing, and a fifth step of carrying out integrity checking to data needed to be decrypted and restored. Through the software security protection method based on the Linux system, the software security protection intensity is improved, time cost is saved, and data processing rate and efficiency are guaranteed.
Description
Technical field
The invention belongs to field of information security technology, relate to a kind of method that file encryption is processed, be specifically related to a kind of software security means of defence based on linux system, the method is applied to non-embedded software security protection process under the linux system environment, can guarantees the reliability of software cryptography.
Background technology
Along with the continuous application of software at space industries such as test, control, mission plannings, the software security problem is more and more outstanding, software runtime environment is transparent, and the program that leaves in the storer is easy to be read and crack, thereby causes the leakage of core technology and principle of work.Therefore, be badly in need of software is carried out security protection, improve that software anti-ly copies, anti-decompiling and degeneration-resistant ability to analyzing.Software is comprised of executable file, library file, data file etc. usually, the core content of software security protection is file security control, need to be under the prerequisite that guarantees the normal operation of software, adopt various measures that the content of the critical files such as executable file, data file is encrypted, to improve the security of software running process.
At present, when the enforcement personnel carry out security protection to the software of Linux environment, usually All Files has all been carried out encryption, because file is numerous, has the problems such as enciphering rate is slow, treatment effeciency is low, has increased time loss, affected the timing of running software, the soft encryption measure of commonly using in addition is combined less with hardware characteristics, security intensity is inadequate, and critical data and parameter are easy to analyzed and steal.
Summary of the invention
The objective of the invention is for the deficiencies in the prior art, propose a kind of software security means of defence based on the Linux environment, file is carried out the categorical filtering encryption, and fast operation, security intensity is high.
The present invention is achieved in that
A kind of software security means of defence based on linux system comprises the steps:
(1) generating security file module between Virtual File System and physical file system, and set up file-management services;
(2) encrypted card and carry out initialization is installed, secure file module and encrypted card are communicated;
(3) after the communication normally, load the secure file module, protected catalogue or file type are carried out categorical filtering and file encryption-decryption processing; Pre-define catalogue to be encrypted or file type, in carrying out the encryption and decryption process, defined file is carried out encryption and decryption, undefined file is not processed.
Aforesaid a kind of software security means of defence based on linux system, wherein: described secure file module uses Virtual File System VFS to carry out file management, VFS to as if a structure, comprise super object piece, index node object, directory entry object, file object, and the function pointer of its parent object of point operation, by inheriting the general purpose function that uses VFS.
Aforesaid a kind of software security means of defence based on linux system, wherein: described when file is carried out encryption and decryption, adopt the cipher key hierarchy management method: key is divided into master key, secondary key two-stage; Master key is done seed with the stochastic system time, is kept in the shielding area of hardware encryption card crypto chip; Use master key that working key is encrypted and generate secondary key; The working key seed is by at random antilog generator generation, and the antilog generator is cured in the crypto chip at random, each encrypt file is carried out the SHA1 computing by key seed respectively produce a working key.
Aforesaid a kind of software security means of defence based on linux system, wherein: during described encrypting and protecting files, use working key in conjunction with the SM1 algorithm file to be encrypted and form the encrypt file main body, master key is encrypted working key by aes algorithm and is generated secondary key, be stored in top of file, become the part of encrypt file;
During file decryption, take out the secondary key of file header part, use master key in conjunction with AES it to be deciphered, obtain working key; To the deciphering of encrypt file main part, obtain source file again.
Aforesaid a kind of software security means of defence based on linux system, wherein: set up hidden partition, and in hidden partition Saving Safe Strategy; When reading to process, after the secure file module is intercepted and read disk requests, check whether the process of access allows to access encrypt file, if do not allow, directly let pass; Judge by the encrypted bits of tail of file whether this document is encrypted, encrypted if this document does not have, so directly let pass; Otherwise re-construct request data package, read the data content of designated length, and data are decrypted, return to original request data package;
Write when processing, after the secure file module is intercepted disk write operation, judge whether needs encrypting storing of this document according to security strategy, if need to encrypt, then data are encrypted, and write disk.
Aforesaid a kind of software security means of defence based on linux system, wherein: adopt ciphertext and plaintext double buffering method: an encrypt file is provided with two kinds of page buffered datas, and a kind of page buffered data is that expressly another kind of enciphered data is ciphertext; Kernel module judges whether process allows to access clear data, if allow, then access expressly cushions, otherwise only accesses the ciphertext buffering.
Aforesaid a kind of software security means of defence based on linux system, wherein: adopt the file integrality method of calibration: if file is defined as trusted resource, it is carried out integrity protection; If file corruption, system are recovered its data automatically; In data recovery procedure, resource backup and resource SHA1 hash data are corresponding one by one, are stored in the disk hidden partition; Before the access trusted resource, relatively the SHA1 data if do not mate, are recovered resource so from hidden partition.
The invention has the beneficial effects as follows:
By set up a new secure file module between the file system of Linux environment and operating system nucleus, this module is loaded into kernel by service.When encryption and decryption is processed, carry out file class and filter judgement, if type is classification to be encrypted, then the secure file module is called and is encrypted the encryption key that integrated circuit board produces at random, uses SM1 algorithm for encryption file content, improves software security protection intensity; If not classification to be encrypted, then directly let slip and be left intact; By the categorical filtering measure, file encryption-decryption speed and data-handling efficiency have been improved.
Description of drawings
Fig. 1 is the process flow diagram of a kind of software security means of defence based on linux system provided by the invention;
Fig. 2 is the file encryption processing procedure;
Fig. 3 is the file decryption processing procedure;
Fig. 4 is that data file is read processing procedure;
Fig. 5 is that data file is write processing procedure.
Embodiment
Below in conjunction with drawings and Examples a kind of software security means of defence based on linux system provided by the invention is done further introduction:
Embodiment 1:
As shown in Figure 1: a kind of software security means of defence based on linux system comprises the steps:
(1) the generating security file module is set up file-management services, and selected protected catalogue or protected file type; File-management services is registered under the (SuSE) Linux OS with the form of module, then creates new Service name with graphic model, behind the Linux electrifying startup, just automatically performs this service like this;
Described secure file module is inserted between Virtual File System and the physical file system, serves as the role of " filtrator ".This secure file module can adopt OO design philosophy, use Virtual File System VFS to carry out file management, VFS to as if a structure, comprise super object piece, index node object, directory entry object, file object etc., the function pointer that comprises its parent object of point operation, by inheriting the general purpose function that uses VFS, a file system model unification, abstract is provided, support concrete file system.The secure file module also can adopt other design philosophys or function to realize should " filtrator " function.
(2) encrypted card and carry out initialization is installed, secure file module and encrypted card are communicated;
(3) after the communication normally, utilize the secure file module that protected catalogue or file type are carried out categorical filtering and file encryption processing and operating right processing; For guaranteeing that document classification filters, improve encryption/decryption speed, the sorting processor system of employing, namely pre-define catalogue to be encrypted or file type, in carrying out the encryption and decryption process, defined file is carried out encryption and decryption, undefined file is not processed, normal operation, thereby avoided time loss and the wasting of resources that non-vital document encryption and decryption is caused, guaranteed encryption/decryption speed.
The secure file module is carried in (for example PCR integrated circuit board) on the circuit-board card usually, circuit-board card is set up with encrypted card communicated by letter, communication loads the secure file module after leading to normally, and the modification CONFIG.SYS, start-up system is this secure file module of carry simultaneously.
Embodiment 2:
On the basis of embodiment 1, when file is carried out encryption and decryption, adopt the cipher key hierarchy management method: key is divided into master key, secondary key two-stage.Master key is done seed with the stochastic system time, is kept in the shielding area of hardware encryption card crypto chip, and word length can be 128, is unique root key.
Working key can not be deposited with the plaintext form, need to be encrypted processing, uses master key that working key is encrypted and generates secondary key.The working key seed is by at random antilog generator generation, and the antilog generator is cured in the crypto chip at random, each encrypt file is carried out the SHA1 computing by key seed respectively produce a working key (can be 128).
The file encryption decryption processing is as follows:
As shown in Figure 2; during encrypting and protecting files, use working key in conjunction with the SM1 algorithm file to be encrypted and form the encrypt file main body, master key is encrypted working key by aes algorithm and is generated secondary key; be stored in top of file, become the part of encrypt file.
As shown in Figure 3, during file decryption, take out the secondary key of file header part, use master key in conjunction with AES it to be deciphered, obtain working key.And then to the deciphering of encrypt file main part, obtain source file.
When accessing certain file, the secure file module can be judged whether encrypted file of this file, if file is not encrypted, then directly carries out this file; If this file is the file of encryption, the secure file module can be carried out communication with encrypted card, and the undesired meeting of communication is prompted to the user.After communication is normal, gives encrypted card with this file and do decryption work and put among the internal memory.Encrypted card is finished after the decryption work, gives operating system with the content of deciphering and does the program execution work.
Embodiment 3:
On the basis of embodiment 1 or 2, for obtaining better security protection effect, set up hidden partition.Be privately owned in hidden partition File system format, other programs can't read the data of this subregion.Security strategy is read from hidden partition by the process of waiting for, and is loaded in the kernel policy library by system call.This security strategy points out usually which file need to be encrypted or the access limit of file etc.
As shown in Figure 4, when reading to process, the secure file module is intercepted and is read (file read request) after the disk requests, checks whether the process of access allows to access encrypt file, if do not allow, and directly clearance; Judge this document whether encrypted (for example 1 expression is encrypted, 0 expression unencryption) by the encrypted bits of tail of file, encrypted if this document does not have, so directly let pass; Otherwise re-construct request data package, read the data content of designated length, and data are decrypted, return to original request data package.
As shown in Figure 5, write when processing, the secure file module is intercepted (file write request) after the disk write operation, judges whether needs encrypting storing of this document according to security strategy, if need to encrypt, then data is encrypted, and writes disk.
Embodiment 4:
On embodiment 1,2 or 3 basis, in use initiatively divulge a secret in order to prevent file, do not affect again simultaneously system performance, adopt ciphertext and plaintext double buffering mode to process, namely an encrypt file has two kinds of page buffered datas, a kind of page buffered data is that expressly another kind of enciphered data is ciphertext.Take full advantage of the page pooling feature of operating system, when accessing encrypt file simultaneously, trusted process and untrusted process need not be encrypted decryption processing to disk file frequently, system's processing speed is provided greatly, kernel module only need judge whether process allows to access clear data, if allow, then access expressly cushions, otherwise can only access the ciphertext buffering.
For further obtaining the security protection effect, can adopt the file integrality method of calibration: if file is defined as trusted resource, will carry out integrity protection to it.To executable program, can prevent other malicious process crypto process that disguises oneself as, the read data files content to important data file, can check in time whether file damages, if damage, system will recover its data automatically so.In data recovery procedure, resource backup and resource SHA1 hash data are corresponding one by one, are stored in the disk hidden partition; This hidden partition is formatted as privately owned file system format, and is invisible to the user, inaccessible.Before the access trusted resource, relatively the SHA1 data if do not mate, are recovered resource so from hidden partition, guarantee normally reading of data.
Claims (7)
1. the software security means of defence based on linux system comprises the steps:
(1) generating security file module between Virtual File System and physical file system, and set up file-management services;
(2) corresponding hardware driving and carry out initialization is installed, communicates the distribution hardware resource by hardware driving and encrypted card;
(3) after the communication normally, load the secure file module, protected catalogue or file type are carried out categorical filtering and file encryption-decryption processing; Pre-define catalogue to be encrypted or file type, in carrying out the encryption and decryption process, defined file is carried out encryption and decryption, undefined file is not processed.
2. a kind of software security means of defence based on linux system as claimed in claim 1, it is characterized in that: described secure file module uses Virtual File System VFS to carry out file management, VFS to as if a structure, comprise super object piece, index node object, directory entry object, file object, and the function pointer of its parent object of point operation, by inheriting the general purpose function that uses VFS.
3. a kind of software security means of defence based on linux system as claimed in claim 1 or 2 is characterized in that: described when file is carried out encryption and decryption, adopt the cipher key hierarchy management method: key is divided into master key, secondary key two-stage; Master key is done seed with the stochastic system time, is kept in the shielding area of hardware encryption card crypto chip; Use master key that working key is encrypted and generate secondary key; The working key seed is by at random antilog generator generation, and the antilog generator is cured in the crypto chip at random, each encrypt file is carried out the SHA1 computing by key seed respectively produce a working key.
4. a kind of software security means of defence based on linux system as claimed in claim 3, it is characterized in that: during described encrypting and protecting files, use working key in conjunction with the SM1 algorithm file to be encrypted and form the encrypt file main body, master key is encrypted working key by aes algorithm and is generated secondary key, be stored in top of file, become the part of encrypt file;
During file decryption, take out the secondary key of file header part, use master key in conjunction with AES it to be deciphered, obtain working key; To the deciphering of encrypt file main part, obtain source file again.
5. a kind of software security means of defence based on linux system as claimed in claim 4 is characterized in that: set up hidden partition, and in hidden partition Saving Safe Strategy; When reading to process, after the secure file module is intercepted and read disk requests, check whether the process of access allows to access encrypt file, if do not allow, directly let pass; Judge by the encrypted bits of tail of file whether this document is encrypted, encrypted if this document does not have, so directly let pass; Otherwise re-construct request data package, read the data content of designated length, and data are decrypted, return to original request data package;
Write when processing, after the secure file module is intercepted disk write operation, judge whether needs encrypting storing of this document according to security strategy, if need to encrypt, then data are encrypted, and write disk.
6. a kind of software security means of defence based on linux system as claimed in claim 4, it is characterized in that: adopt ciphertext and plaintext double buffering method: an encrypt file is provided with two kinds of page buffered datas, a kind of page buffered data is that expressly another kind of enciphered data is ciphertext; Kernel module judges whether process allows to access clear data, if allow, then access expressly cushions, otherwise only accesses the ciphertext buffering.
7. a kind of software security means of defence based on linux system as claimed in claim 6 is characterized in that: adopt the file integrality method of calibration: if file is defined as trusted resource, it is carried out integrity protection; If file corruption, system are recovered its data automatically; In data recovery procedure, resource backup and resource SHA1 hash data are corresponding one by one, are stored in the disk hidden partition; Before the access trusted resource, relatively the SHA1 data if do not mate, are recovered resource so from hidden partition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012102288067A CN103065082A (en) | 2012-07-04 | 2012-07-04 | Software security protection method based on Linux system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012102288067A CN103065082A (en) | 2012-07-04 | 2012-07-04 | Software security protection method based on Linux system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103065082A true CN103065082A (en) | 2013-04-24 |
Family
ID=48107710
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012102288067A Pending CN103065082A (en) | 2012-07-04 | 2012-07-04 | Software security protection method based on Linux system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103065082A (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778382A (en) * | 2014-01-16 | 2014-05-07 | 宇龙计算机通信科技(深圳)有限公司 | Access method of encrypted file and communication terminal |
| CN104866778A (en) * | 2015-01-30 | 2015-08-26 | 武汉华工安鼎信息技术有限责任公司 | A method and device for document security access control based on Linux kernel |
| CN104156659B (en) * | 2014-08-14 | 2017-02-01 | 电子科技大学 | Embedded system secure start method |
| CN106529350A (en) * | 2016-11-11 | 2017-03-22 | 郑州云海信息技术有限公司 | Secure storage system |
| CN104156672B (en) * | 2014-08-06 | 2017-05-10 | 厦门天锐科技股份有限公司 | data encryption protection method and system based on LINUX |
| CN108196981A (en) * | 2017-12-29 | 2018-06-22 | 成都三零嘉微电子有限公司 | The service protection strategy of power down during a kind of password TF card communication |
| CN108255644A (en) * | 2017-12-29 | 2018-07-06 | 北京元心科技有限公司 | File system recovery method and device |
| CN108616537A (en) * | 2018-04-28 | 2018-10-02 | 湖南麒麟信安科技有限公司 | A kind of conventional data encryption and decryption method and system of lower coupling |
| CN109905412A (en) * | 2019-04-28 | 2019-06-18 | 山东渔翁信息技术股份有限公司 | A kind of parallel encrypting and deciphering processing method of network data, device and medium |
| CN110807205A (en) * | 2019-09-30 | 2020-02-18 | 奇安信科技集团股份有限公司 | A file security protection method and device |
| CN111382433A (en) * | 2018-12-29 | 2020-07-07 | 龙芯中科技术有限公司 | Module loading method, device, equipment and storage medium |
| CN111539042A (en) * | 2020-07-13 | 2020-08-14 | 南京云信达科技有限公司 | Safe operation method based on trusted storage of core data files |
| CN112270012A (en) * | 2020-11-19 | 2021-01-26 | 北京炼石网络技术有限公司 | Device, method and system for distributed data security protection |
| CN112738083A (en) * | 2020-12-28 | 2021-04-30 | 福建正孚软件有限公司 | Cross-network cross-border data transmission based secure access key management system and method |
| CN114741706A (en) * | 2022-03-10 | 2022-07-12 | 新华三大数据技术有限公司 | Virtual disk file encryption method, device and equipment |
| CN119696928A (en) * | 2025-02-21 | 2025-03-25 | 西安热工研究院有限公司 | A method and system for transparent encryption and decryption of DCS controller files |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020019935A1 (en) * | 1997-09-16 | 2002-02-14 | Brian Andrew | Encrypting file system and method |
| US20050091487A1 (en) * | 2003-10-24 | 2005-04-28 | Cross David B. | System, method, and computer program product for file encrypton, decryption and transfer |
| CN1859088A (en) * | 2005-05-08 | 2006-11-08 | 联想(北京)有限公司 | Method for providing enciphering service and system using said method |
| CN101751536A (en) * | 2009-12-16 | 2010-06-23 | 深圳市虹安信息技术有限公司 | Transparent file encryption method for increasing file header |
| CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
-
2012
- 2012-07-04 CN CN2012102288067A patent/CN103065082A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020019935A1 (en) * | 1997-09-16 | 2002-02-14 | Brian Andrew | Encrypting file system and method |
| US20050091487A1 (en) * | 2003-10-24 | 2005-04-28 | Cross David B. | System, method, and computer program product for file encrypton, decryption and transfer |
| CN1859088A (en) * | 2005-05-08 | 2006-11-08 | 联想(北京)有限公司 | Method for providing enciphering service and system using said method |
| CN101751536A (en) * | 2009-12-16 | 2010-06-23 | 深圳市虹安信息技术有限公司 | Transparent file encryption method for increasing file header |
| CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778382A (en) * | 2014-01-16 | 2014-05-07 | 宇龙计算机通信科技(深圳)有限公司 | Access method of encrypted file and communication terminal |
| CN104156672B (en) * | 2014-08-06 | 2017-05-10 | 厦门天锐科技股份有限公司 | data encryption protection method and system based on LINUX |
| CN104156659B (en) * | 2014-08-14 | 2017-02-01 | 电子科技大学 | Embedded system secure start method |
| CN104866778A (en) * | 2015-01-30 | 2015-08-26 | 武汉华工安鼎信息技术有限责任公司 | A method and device for document security access control based on Linux kernel |
| CN106529350A (en) * | 2016-11-11 | 2017-03-22 | 郑州云海信息技术有限公司 | Secure storage system |
| CN108255644B (en) * | 2017-12-29 | 2021-12-31 | 北京元心科技有限公司 | File system recovery method and device |
| CN108196981B (en) * | 2017-12-29 | 2021-08-27 | 成都三零嘉微电子有限公司 | Power-down service protection strategy during password TF card communication |
| CN108255644A (en) * | 2017-12-29 | 2018-07-06 | 北京元心科技有限公司 | File system recovery method and device |
| CN108196981A (en) * | 2017-12-29 | 2018-06-22 | 成都三零嘉微电子有限公司 | The service protection strategy of power down during a kind of password TF card communication |
| CN108616537A (en) * | 2018-04-28 | 2018-10-02 | 湖南麒麟信安科技有限公司 | A kind of conventional data encryption and decryption method and system of lower coupling |
| CN111382433A (en) * | 2018-12-29 | 2020-07-07 | 龙芯中科技术有限公司 | Module loading method, device, equipment and storage medium |
| CN111382433B (en) * | 2018-12-29 | 2022-12-13 | 龙芯中科技术股份有限公司 | Module loading method, device, equipment and storage medium |
| CN109905412A (en) * | 2019-04-28 | 2019-06-18 | 山东渔翁信息技术股份有限公司 | A kind of parallel encrypting and deciphering processing method of network data, device and medium |
| CN110807205A (en) * | 2019-09-30 | 2020-02-18 | 奇安信科技集团股份有限公司 | A file security protection method and device |
| CN111539042A (en) * | 2020-07-13 | 2020-08-14 | 南京云信达科技有限公司 | Safe operation method based on trusted storage of core data files |
| CN112270012A (en) * | 2020-11-19 | 2021-01-26 | 北京炼石网络技术有限公司 | Device, method and system for distributed data security protection |
| CN112738083A (en) * | 2020-12-28 | 2021-04-30 | 福建正孚软件有限公司 | Cross-network cross-border data transmission based secure access key management system and method |
| CN112738083B (en) * | 2020-12-28 | 2023-05-19 | 福建正孚软件有限公司 | System and method for managing secure access key based on cross-network and cross-border data transmission |
| CN114741706A (en) * | 2022-03-10 | 2022-07-12 | 新华三大数据技术有限公司 | Virtual disk file encryption method, device and equipment |
| CN119696928A (en) * | 2025-02-21 | 2025-03-25 | 西安热工研究院有限公司 | A method and system for transparent encryption and decryption of DCS controller files |
| CN119696928B (en) * | 2025-02-21 | 2025-06-03 | 西安热工研究院有限公司 | Transparent encryption and decryption method and system for DCS controller file |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103065082A (en) | Software security protection method based on Linux system | |
| US11088846B2 (en) | Key rotating trees with split counters for efficient hardware replay protection | |
| CN112005237B (en) | Secure collaboration between processors and processing accelerators in a secure zone | |
| US20230080528A1 (en) | Smart data protection | |
| CN109587106B (en) | Cross-domain security in a password-partitioned cloud | |
| US9898624B2 (en) | Multi-core processor based key protection method and system | |
| US9798900B2 (en) | Flexible counter system for memory protection | |
| CN110032885B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| US10496841B2 (en) | Dynamic and efficient protected file layout | |
| US20040093505A1 (en) | Open generic tamper resistant CPU and application system thereof | |
| CN111901402A (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| CN108133144A (en) | A kind of virtual disk files guard method, device, equipment and readable storage medium storing program for executing | |
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| US10496814B2 (en) | Software integrity checking systems and methods | |
| CN110825672B (en) | High performance autonomous hardware engine for online encryption processing | |
| EP3271828B1 (en) | Cache and data organization for memory protection | |
| CN111651787A (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| CN104579689A (en) | Soft secret key system and implementation method | |
| CN104463020B (en) | The method of memory data integrity protection | |
| US20240073013A1 (en) | High performance secure io | |
| US8844024B1 (en) | Systems and methods for using tiered signing certificates to manage the behavior of executables | |
| CN107330336B (en) | Instant encryption and decryption method and system for memory page of Linux operating system | |
| Zhang et al. | QKPT: securing your private keys in cloud with performance, scalability and transparency | |
| EP4202748A1 (en) | Data oblivious cryptographic computing | |
| US20220014381A1 (en) | Message authentication code (mac) generation for live migration of encrypted virtual machiness |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130424 |