CN102831346B - A kind of file protecting system carries out the method for file encryption-decryption - Google Patents
A kind of file protecting system carries out the method for file encryption-decryption Download PDFInfo
- Publication number
- CN102831346B CN102831346B CN201210270185.9A CN201210270185A CN102831346B CN 102831346 B CN102831346 B CN 102831346B CN 201210270185 A CN201210270185 A CN 201210270185A CN 102831346 B CN102831346 B CN 102831346B
- Authority
- CN
- China
- Prior art keywords
- file
- deciphering
- module
- hardware
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of file protecting system and method, described file protecting system comprises: authentication module, hardware enciphering and deciphering peripheral module, filter Driver on FSD module, and file encryption certificate; Described hardware enciphering and deciphering peripheral module is connected with computer telecommunication number, and described file encryption certificate is issued in the secure memory space of hardware encryption module by legal means.Key of the present invention is to force confidential document encryption, encryption key is kept in hardware encipher peripheral module, hardware encipher is used in ciphering process, certification is by rear automatic transparent encryption and decryption, ensure that in disk and do not retain expressly, cryptographic algorithm safety, certification uses upper unaffected by rear user.
Description
Technical field
The present invention relates to computer file ciphering field, especially one to be specially adapted between enterprises and institutions inside, department and file protection Chengdu file protecting system and method between individual.
Background technology
Along with the development of IT application in enterprises and E-Government, increasing application system is used to the routine work of people with life.The form that various important information all have employed electronization stores, and computer documents is exactly most important information carrier.Each application system can gather, processes, exports and store a large amount of data, and usually comprises a lot of sensitive information in these data.In order to ensure information security, the encrypted storage of a large amount of confidential document in a computer.Encrypted by user oneself after but existing cipher mode generally adopts and finishes using, manner of decryption when needing.And carry out in the CPU that encryption process carries at computer and internal memory, the key of encryption also exists in internal memory, so not only encrypt file is used and bring inconvenience, also cause serious potential safety hazard because cryptographic key protection is not enough.
Summary of the invention
An object of the present invention is to provide a kind of file protecting system forcing confidential document to be encrypted, and encryption key is kept in hardware encryption module, uses hardware encipher in ciphering process, and certification is by rear automatic transparent encryption and decryption.
For realizing goal of the invention, the present invention adopts technical scheme: a kind of file protecting system, comprising: authentication module, hardware enciphering and deciphering module, filter Driver on FSD module, and file encryption certificate; Described hardware enciphering and deciphering peripheral module is connected with computer telecommunication number, and described file encryption certificate is issued in the secure memory space of hardware encipher peripheral module by legal means.
Preferably: described file encryption certificate comprises: user's ID authentication information, file encryption key, controlled file type and corresponding process.
The present invention also comprises another technical scheme: use the file protecting system described in last goal of the invention to carry out the method for file encryption-decryption, comprise step:
Step 1): user starts authentication module, if encryption peripheral module does not connect, authentication module prompting connects hardware encipher peripheral module and carries out certification; If encryption peripheral module connects, then connect hardware encipher peripheral module, described hardware enciphering and deciphering peripheral module has issued file encryption certificate, and authentication module requires input authentication information;
Step 2): user's input authentication information, authentication module is communicated with hardware encipher peripheral module and carries out certification, and certification is by pointing out successfully and startup file filtration drive module, otherwise failure;
Step 3): after filtration drive module starts, connects hardware enciphering and deciphering peripheral module and obtains corresponding controlled file type and corresponding process;
Step 4): after certification is passed through, client uses the corresponding software for editing of file to open the confidential document comprising sensitive information; Filter Driver on FSD block intercepts creates accordingly, reading and writing operation, and first file reading encrypted identification information, judges the whether bright ciphertext of this file, if file is expressly, then normally reads; During preservation, filter Driver on FSD module calls hardware enciphering and deciphering module encrypt file content, and by unique identification writing in files identification information structures such as the hardware ID of hardware enciphering and deciphering peripheral hardware, user profile, then key (being produced by random algorithm) encrypt file identification information structure is immediately used, finally incite somebody to action key writing in files identification information structure fixed position immediately, again call hardware enciphering and deciphering peripheral module and use user key encrypt file message structure, writing in files; If this file is ciphertext, then first judge the information such as user profile and hardware ID in file whether with the information match of current environment, do not mate, direct application program that ciphertext is returned to, or forbid that application program reads this file; If information matches, then file reading content is to buffer zone, and the content of reading is called the deciphering of hardware enciphering and deciphering peripheral module, returns to application program after deciphering;
Step 5): client uses confidential document, disconnect hardware module, certification was lost efficacy by state, and filter Driver on FSD module stops, and encrypt file can not be opened.
Preferably: encryption and decryption file uses hardware adaptor module; The content read according to application software in encryption process uses hardware to decipher in internal memory, does not store expressly at local disk; Filtration drive and hardware enciphering and deciphering peripheral hardware directly communicate acquisition relevant information; Authenticating user identification needs hardware adaptor;
It is even more preferred that
When described step 4) client makes application program open confidential document, filter Driver on FSD block intercepts creates accordingly, reading and writing operation, and first file reading encrypted identification information, judges the whether bright ciphertext of this file, if file is expressly, then normally reads; When needing to preserve, filter Driver on FSD module calls hardware enciphering and deciphering module encrypt file content, and the unique identifications such as the hardware ID of hardware enciphering and deciphering peripheral hardware, user profile are used secret key encryption immediately, writing in files identification information structure, then key writing in files identification information structure is immediately incited somebody to action, reuse hardware enciphering and deciphering peripheral module and use user key encrypt file message structure, writing in files; If this file is ciphertext, then first judge the information such as user profile and hardware ID in file whether with the information match of current environment, do not mate, direct application program that ciphertext is returned to, or forbid that application program reads this file; If information matches, then file reading content is to buffer zone, and the content of reading is called hardware enciphering and deciphering module decrypts, returns to application program after deciphering.Key of the present invention is to force confidential document encryption, and encryption key is kept in hardware encryption module, uses hardware encipher in ciphering process, certification is by rear automatic transparent encryption and decryption, ensure that in disk and do not retain expressly, cryptographic algorithm safety, certification uses upper unaffected by rear user.
Accompanying drawing explanation
Fig. 1 is file protecting system structural representation of the present invention.
Embodiment
Below in conjunction with drawings and the specific embodiments, the invention will be further described.
As shown in Figure 1, the present embodiment uses the operating process of the concerning security matters doc file encrypted for user, be described in detail mechanism of the present invention.
Step 1: user starts authentication module, authentication module allows connection hardware encipher peripheral hardware carry out certification.
Step 2: if encrypting module does not connect, then connect hardware encryption module, authentication module requires input authentication information.
Step 3: user's input authentication information, authentication module carries out certification together with hardware encryption module, and certification successfully starts driving by pointing out, otherwise failure.
Step 4: after certification is passed through, client uses the Document Editing software of oneself to open the concerning security matters doc file encrypted.Filter Driver on FSD module judges whether whether user profile and hardware ID mate, if coupling, calls the data in hardware enciphering and deciphering module decrypts filebuf in the process of Document Editing software file reading.Document Editing software can read normally encrypt file, revise and preserve as operation unencryption file.If do not mated, then return ciphertext to the Document Editing software of user or forbid its read-write to file.
Step 5: user uses confidential document, disconnect hardware module, certification was lost efficacy by state, and filter Driver on FSD module stops, and encrypt file can not be opened.
Claims (2)
1. file protecting system carries out a method for file encryption-decryption, it is characterized in that: described file protecting system comprises authentication module, hardware enciphering and deciphering peripheral module, filter Driver on FSD module, and file encryption certificate; Described hardware enciphering and deciphering peripheral module is connected with computer telecommunication number, and described file encryption certificate is issued by legal means in the secure memory space of hardware enciphering and deciphering peripheral module;
The method of described file encryption-decryption comprises step:
Step 1): user starts authentication module, if hardware enciphering and deciphering peripheral module does not connect, authentication module prompting connects hardware enciphering and deciphering peripheral module and carries out certification; Described hardware enciphering and deciphering peripheral module has issued file encryption certificate, and authentication module requires input authentication information;
Step 2): user's input authentication information, authentication module is communicated with hardware enciphering and deciphering peripheral module and carries out certification, and certification is by pointing out successfully and startup file filtration drive module, otherwise failure;
Step 3): after filtration drive module starts, connects hardware enciphering and deciphering peripheral module and obtains corresponding controlled file type and corresponding process;
Step 4): after certification is passed through, client uses the corresponding software for editing of file to open the confidential document comprising sensitive information; Filter Driver on FSD block intercepts creates accordingly, reading and writing operation, and first file reading encrypted identification information, judges the whether bright ciphertext of this file, if file is expressly, then normally reads; During preservation, filter Driver on FSD module calls hardware enciphering and deciphering peripheral module encrypt file content, and by the hardware ID of hardware enciphering and deciphering peripheral hardware, user profile unique identification writing in files identification information structure, then random key encrypt file identification information structure is used, finally by random key writing in files identification information structure fixed position, again call hardware enciphering and deciphering peripheral module and use user key encrypt file message structure, writing in files; If this file is ciphertext, then first judge user profile in file and hardware ID information whether with the information match of current environment, do not mate, direct ciphertext returned to application program, or forbid that application program reads this file; If information matches, then file reading content is to buffer zone, and the content of reading is called the deciphering of hardware enciphering and deciphering peripheral module, returns to application program after deciphering;
Step 5): client uses confidential document, disconnect hardware enciphering and deciphering peripheral module, certification was lost efficacy by state, and filter Driver on FSD module stops, and encrypt file can not be opened;
Encryption and decryption file uses hardware enciphering and deciphering peripheral module; The content read according to application software in encryption process uses hardware to decipher in internal memory, does not store expressly at local disk; Filtration drive and hardware enciphering and deciphering peripheral hardware directly communicate acquisition relevant information; Authenticating user identification needs hardware enciphering and deciphering peripheral module.
2. the method for file encryption-decryption as claimed in claim 1, is characterized in that:
When described step 4) client makes application program open confidential document, filter Driver on FSD block intercepts creates accordingly, reading and writing operation, and first file reading encrypted identification information, judges the whether bright ciphertext of this file, if file is expressly, then normally reads; When needing to preserve, filter Driver on FSD module calls hardware enciphering and deciphering module encrypt file content, and the hardware ID of hardware enciphering and deciphering peripheral module, user profile unique identification are used secret key encryption immediately, writing in files identification information structure, then key writing in files identification information structure is immediately incited somebody to action, reuse hardware enciphering and deciphering peripheral module and use user key encrypt file message structure, writing in files; If this file is ciphertext, then first judge user profile in file and hardware ID information whether with the information match of current environment, do not mate, direct ciphertext returned to application program, or forbid that application program reads this file; If information matches, then file reading content is to buffer zone, and the content of reading is called hardware enciphering and deciphering module decrypts, returns to application program after deciphering.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210270185.9A CN102831346B (en) | 2012-07-31 | 2012-07-31 | A kind of file protecting system carries out the method for file encryption-decryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210270185.9A CN102831346B (en) | 2012-07-31 | 2012-07-31 | A kind of file protecting system carries out the method for file encryption-decryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102831346A CN102831346A (en) | 2012-12-19 |
| CN102831346B true CN102831346B (en) | 2015-09-02 |
Family
ID=47334479
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210270185.9A Active CN102831346B (en) | 2012-07-31 | 2012-07-31 | A kind of file protecting system carries out the method for file encryption-decryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102831346B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103390135A (en) * | 2013-06-24 | 2013-11-13 | 北京素志科技发展有限公司 | File protection system and implement method thereof |
| CN104376270A (en) * | 2013-08-12 | 2015-02-25 | 深圳中兴网信科技有限公司 | File protection method and system |
| CN103488954B (en) * | 2013-10-16 | 2016-03-30 | 武汉理工大学 | A kind of file encryption system |
| CN105117661B (en) * | 2015-08-04 | 2018-05-08 | 北京金山安全软件有限公司 | File protection method and device |
| CN107426151B (en) * | 2017-03-31 | 2020-07-31 | 武汉斗鱼网络科技有限公司 | File decryption method and device |
| CN107220192B (en) * | 2017-05-31 | 2020-08-14 | 广州视源电子科技股份有限公司 | Electronic equipment, channel switching control method and control circuit |
| CN108229190B (en) * | 2018-01-02 | 2021-10-22 | 北京亿赛通科技发展有限责任公司 | Transparent encryption and decryption control method, device, program, storage medium and electronic equipment |
| CN108509802B (en) * | 2018-02-28 | 2020-01-14 | 郑州信大捷安信息技术股份有限公司 | Application data anti-leakage method and device |
| CN115618435B (en) * | 2022-10-28 | 2023-09-15 | 长江量子(武汉)科技有限公司 | File management and control method applied to office equipment and office equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100429668C (en) * | 2006-06-23 | 2008-10-29 | 北京飞天诚信科技有限公司 | Electronic file automatic protection method and system |
| CN100399304C (en) * | 2006-07-26 | 2008-07-02 | 北京飞天诚信科技有限公司 | Method for automatic protecting magnetic disk data utilizing filter driving program combined with intelligent key device |
-
2012
- 2012-07-31 CN CN201210270185.9A patent/CN102831346B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102831346A (en) | 2012-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102831346B (en) | A kind of file protecting system carries out the method for file encryption-decryption | |
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| CN100446024C (en) | Protection method and system of electronic document | |
| CN104573551A (en) | File processing method and mobile terminal | |
| CN109547215B (en) | Document information protection method based on mobile terminal fingerprint | |
| US20130124860A1 (en) | Method for the Cryptographic Protection of an Application | |
| CN102750497A (en) | Method and device for deciphering private information | |
| CN101795450A (en) | Method and device for carrying out security protection on mobile phone data | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| CN100399304C (en) | Method for automatic protecting magnetic disk data utilizing filter driving program combined with intelligent key device | |
| CN101815292B (en) | Device and method for protecting data of mobile terminal | |
| CN104778954B (en) | A kind of CD subregion encryption method and system | |
| CN101770559A (en) | Data protecting device and data protecting method | |
| CN106100851B (en) | Password management system, intelligent wristwatch and its cipher management method | |
| CN101114319A (en) | Shear plate information protecting equipment and method thereof | |
| CN101751531A (en) | File encryption device with USB electronic key | |
| CN102831335A (en) | Safety protecting method and safety protecting system of Windows operating system | |
| CN103207976A (en) | Mobile storage file leakage-preventing method and confidential U-disk based on same | |
| CN103873521A (en) | Cloud architecture-based mobile phone privacy file protection system and method | |
| CN102768646A (en) | Serial port hard disk encryption and decryption device | |
| CN102761559B (en) | Network security based on private data shares method and communication terminal | |
| CN101099207B (en) | Portable data support with watermark function | |
| CN102004873B (en) | Method for restoring encrypted information in encryption card | |
| CN201199439Y (en) | Mobile storage apparatus | |
| CN101901320A (en) | Data leakage prevention method for electronic book reader |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |