CN104615946A - Virtual encrypted disk data protection system and method based on intelligent mobile terminals - Google Patents
Virtual encrypted disk data protection system and method based on intelligent mobile terminals Download PDFInfo
- Publication number
- CN104615946A CN104615946A CN201510075859.3A CN201510075859A CN104615946A CN 104615946 A CN104615946 A CN 104615946A CN 201510075859 A CN201510075859 A CN 201510075859A CN 104615946 A CN104615946 A CN 104615946A
- Authority
- CN
- China
- Prior art keywords
- disk
- intelligent mobile
- mobile terminal
- virtual encryption
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a virtual encrypted disk data protection system and method based on intelligent mobile terminals. A server transmits a virtual encrypted disk management strategy configured, to an intelligent mobile terminal under control of the server; the intelligent mobile terminal analyzes the strategy received and performs creating, mounting, password changing or virtual encrypted disk deleting. The virtual encrypted disk data protection system and method has the advantages that protection is provided for important documents, otherness is prevented from removing sensitive information of an owner of the intelligent mobile terminal, operating a virtual encrypted disk is totally transparent to users, and redirecting security application generation data is also totally transparent to the users.
Description
Technical field
The present invention relates to a kind of virtual encryption data in magnetic disk protection system and method, particularly relate to a kind of virtual encryption data in magnetic disk protection system and the method that are applicable to intelligent mobile terminal.
Background technology
Current phone terminal is enough universal, the operating system market of mobile phone terminal than in, the occupation ratio of android system holds a safe lead always, and meanwhile, and the safety problem of mobile phone safe problem especially Android phone emerges in an endless stream again.Therefore the protection problem of the private data in the especially special post of the private data of user is more and more important; and can from the viewpoint of two for the protection of private data; to initiatively stoping the behavior of access private data on the one hand; be passive being encrypted data message on the other hand, wherein data encryption is in vital effect at whole information security field.Therefore in android system, create the virtual disk of data encryption, realize encryption disk credible, and in the data redirection of user being specified to virtual encryption disk, just effectively can ensure the safety of privacy of user data.
Summary of the invention
The technical problem to be solved in the present invention is to provide one and is applicable to intelligent mobile terminal, especially based on virtual encryption data in magnetic disk protection system and the method for the intelligent mobile terminal of android system.
The technical solution used in the present invention is as follows: a kind of virtual encryption data in magnetic disk protection system based on intelligent mobile terminal, comprise service end and intelligent mobile terminal, it is characterized in that: described service end comprises virtual encryption disk management policy distribution module, issue the operating strategy for the establishment of virtual encryption disk, carry, change or deletion to intelligent mobile terminal;
Described intelligent mobile terminal comprises
Strategy processing module, receives the virtual encryption disk management strategy that service end issues, and carries out parsing execution;
Virtual encryption disk drive module, carry out creating for virtual encryption disk, carry, unloading, change password or deletion;
Redirection module, according to system call, calls the part system under system and is redirected, and operates virtual encryption disk and be redirected the file operation of application.
As preferably, described service end also comprises safety applications policy distribution module, issues application protection list security strategy to tactful processing module, and as the basis for estimation that redirection module can be redirected a certain application file.
As preferably, described virtual encryption disk management policy distribution module, according to level of encryption demand, issues the operating strategy for the establishment of virtual encryption disk, carry, change or deletion to intelligent mobile terminal.
As preferably, described safety applications policy distribution module, according to level of security demand, issues application protection list security strategy to intelligent mobile terminal.
A virtual encryption hard disk data protection method for intelligent mobile terminal, service end is sent to intelligent mobile terminal in its controlled area charactert by configuring virtual encryption disk management strategy; Intelligent mobile terminal resolve the strategy that receives and create accordingly, carry, change password or delete the operation of virtual encryption disk.
As preferably, for the virtual encryption disk that intelligent mobile terminal carry is good, user is saved to needing the private data preserved in this virtual encryption disk, and is used to complete this virtual encryption disk of rear unloading.
As preferably, described method also comprises, and just can carry out continuations access when carry access again after needing input password.
As preferably, described method also comprises, and the application protection list safety applications strategy needing to carry out data protection configured is sent to the intelligent mobile terminal in controlled area charactert by service end; When intelligent mobile terminal has the request starting new opplication, the data protection information of this application will be intercepted, judge that this application is the need of data protection, is, file operations all for this safety applications is redirected in the virtual encryption disk opened.
As preferably, the title of safety applications and corresponding virtual encryption Disk name is comprised in described safety applications strategy, when intelligent mobile terminal starts this application, by the virtual encryption disk also carry of correspondence, all data that this application produces and associated documents are all redirected in this virtual encryption disk.
As preferably, described method also comprises, and when creating virtual encryption disk, creates the empty virtual disk files of specifying size according to the policing parameter that service end issues; During mount virtual encryption disk, virtual disk files is mapped to the winding equipment in file system in the mode of encryption, then this winding device format is changed into ext4 file system format, under again this winding hanging equipment being connected to system path, when unloading virtual encryption disk, unload the winding equipment of this carry, and remove the mapping relations between disk file and winding equipment.
Compared with prior art; the invention has the beneficial effects as follows: important documents is protected; prevent other people from removing the sensitive information of owner, concerning the operation of virtual encryption disk for completely transparent user, produce being redirected of data to safety applications is also completely transparent for user.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with embodiment, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
Arbitrary feature disclosed in this instructions (comprising any accessory claim and summary), unless specifically stated otherwise, all can be replaced by other equivalences or the alternative features with similar object.That is, unless specifically stated otherwise, each feature is an example in a series of equivalence or similar characteristics.
This specific embodiment is specifically described for the data protection system of the virtual encryption disk based on Android phone end and guard method.
Described data protection system, comprises service end and Android phone end, and described service end comprises virtual encryption disk management policy distribution module, issues the operating strategy for the establishment of virtual encryption disk, carry, change or deletion to mobile phone terminal; Needed to formulate encryption disk management strategy according to management or client by service end, and issue to mobile phone terminal, performed by mobile phone terminal.
Described mobile phone terminal comprises tactful processing module, receives the virtual encryption disk management strategy that service end issues, and carries out parsing execution.
Described mobile phone terminal also comprises virtual encryption disk drive module, carry out creating for virtual encryption disk, carry, unloading, change password or deletion.
Described mobile phone terminal also comprises redirection module, according to system call, calls be redirected (hook) the part system under android system, and operates virtual encryption disk and be redirected the file operation of application.
Described service end also comprises safety applications policy distribution module; issue application protection list (containing the application needing to carry out data protection in list) security strategy to tactful processing module; represent concrete a certain application need carry out data protection, and as the basis for estimation that can redirection module be redirected this application file.
Described virtual encryption disk management policy distribution module is according to level of encryption demand, service end is according to the level of encryption demand of cell-phone customer terminal, formulate accordingly for the operating strategy of virtual encryption disk, and issue the operating strategy for the establishment of this virtual encryption disk, carry, change or deletion to intelligent mobile terminal.
Described safety applications policy distribution module, according to level of security demand, issues application protection list security strategy to intelligent mobile terminal.According to level of security height demand, formulate application protection list, and be handed down to mobile phone terminal.
The virtual encryption hard disk data protection method of intelligent mobile terminal, service end is sent to intelligent mobile terminal in its controlled area charactert by configuring virtual encryption disk management strategy; The strategy that service end configures uses TLS cryptographic protocol to be sent to the mobile phone terminal of specifying in controlled area charactert after being assembled into certain format.Intelligent mobile terminal resolve the virtual encryption disk management strategy that receives and create accordingly, carry, change password or delete the operation of virtual encryption disk.Important documents is protected, prevents other people from removing the sensitive information of owner, concerning the operation of virtual encryption disk for completely transparent user.
For the virtual encryption disk that intelligent mobile terminal carry is good, access mount point the same as other class linux system paths carries out file operation, user is saved to needing the private data preserved in this virtual encryption disk, and unloads this virtual encryption disk after being used to complete again.
Described method also comprises, and just can carry out continuation access when carry is accessed again after needing input password.
User can select the virtual encryption disk created to copy out equally, and carry out carry access on the platform that other support this virtual encryption disk system, or in Android terminal, import the virtual encryption disk of other Android terminal or platform establishment and access.Virtual encryption disk reusability is high, the virtual encryption disk that an Android terminal creates can import very easily on another station terminal, and the enterprising enforcement of platform (Windows, Linux) even having filled this virtual encryption disk management program at other is used.
Described method also comprises, and the application protection list safety applications strategy needing to carry out data protection configured is sent to the intelligent mobile terminal in controlled area charactert by service end; When intelligent mobile terminal has the request starting new opplication, the data protection information of this application will be intercepted, judge that this application is the need of data protection, is, file operations all for this safety applications is redirected in the virtual encryption disk opened.Being redirected for completely transparent user of data is produced concerning safety applications.
According to strategy; if user starts the application that is named as safety applications; then open corresponding virtual encryption disk; and all data redirection this application produced are in this virtual encryption disk; its private data is protected, and this whole redirected ciphering process is completely transparent for user.And after turning off this safety applications, corresponding virtual encryption disk is also unloaded.
The title of safety applications and corresponding virtual encryption Disk name is comprised in described safety applications strategy, when intelligent mobile terminal starts this application, by the virtual encryption disk also carry of correspondence, the interface calling virtual encryption disk drive module carries out the switching action of virtual encryption disk, and all data simultaneously this application produced and associated documents are all redirected in this virtual encryption disk.
Described method also comprises, and when creating virtual encryption disk, creates the empty virtual disk files of specifying size according to the policing parameter that service end issues; During mount virtual encryption disk, virtual disk files is mapped to winding (loop) equipment in file system in the mode of encryption, then this winding device format is changed into ext4 file system format, under again this winding hanging equipment being connected to system path, so just can access the virtual encryption disk of this carry as access ordinary file path; When unloading virtual encryption disk, unload the winding equipment of this carry, and remove the mapping relations between disk file and winding equipment.
Claims (10)
1. the virtual encryption data in magnetic disk protection system based on intelligent mobile terminal, comprise service end and intelligent mobile terminal, it is characterized in that: described service end comprises virtual encryption disk management policy distribution module, issue the operating strategy for the establishment of virtual encryption disk, carry, change or deletion to intelligent mobile terminal;
Described intelligent mobile terminal comprises
Strategy processing module, receives the virtual encryption disk management strategy that service end issues, and carries out parsing execution;
Virtual encryption disk drive module, carry out creating for virtual encryption disk, carry, unloading, change password or deletion;
Redirection module, according to system call, calls the part system under system and is redirected, and operates virtual encryption disk and be redirected the file operation of application.
2. the virtual encryption data in magnetic disk protection system based on intelligent mobile terminal according to claim 1; it is characterized in that; described service end also comprises safety applications policy distribution module; issue application protection list security strategy to tactful processing module, and as the basis for estimation that redirection module can be redirected a certain application file.
3. the virtual encryption data in magnetic disk protection system based on intelligent mobile terminal according to claim 1 and 2; it is characterized in that; described virtual encryption disk management policy distribution module, according to level of encryption demand, issues the operating strategy for the establishment of virtual encryption disk, carry, change or deletion to intelligent mobile terminal.
4. the virtual encryption data in magnetic disk protection system based on intelligent mobile terminal according to claim 2, is characterized in that, described safety applications policy distribution module, according to level of security demand, issues application protection list security strategy to intelligent mobile terminal.
5. a virtual encryption hard disk data protection method for intelligent mobile terminal, service end is sent to intelligent mobile terminal in its controlled area charactert by configuring virtual encryption disk management strategy; Intelligent mobile terminal resolve the strategy that receives and create accordingly, carry, change password or delete the operation of virtual encryption disk.
6. the virtual encryption hard disk data protection method based on intelligent mobile terminal according to claim 5; for the virtual encryption disk that intelligent mobile terminal carry is good; user is saved to needing the private data preserved in this virtual encryption disk, and is used to complete this virtual encryption disk of rear unloading.
7. the virtual encryption hard disk data protection method based on intelligent mobile terminal according to claim 6, described method also comprises, and just can carry out continuation access when carry is accessed again after needing input password.
8. the virtual encryption hard disk data protection method based on intelligent mobile terminal according to claim 5, described method also comprises, and the application of data protection that needs configured protects list safety applications strategy to be sent to intelligent mobile terminal in controlled area charactert by service end; When intelligent mobile terminal has the request starting new opplication, the data protection information of this application will be intercepted, judge that this application is the need of data protection, is, file operations all for this application is redirected in the virtual encryption disk opened.
9. the virtual encryption hard disk data protection method based on intelligent mobile terminal according to claim 8; the title of safety applications and corresponding virtual encryption Disk name is comprised in described safety applications strategy; when intelligent mobile terminal starts this application; by the virtual encryption disk also carry of correspondence, all data that this application produces and associated documents are all redirected in this virtual encryption disk.
10. according to the virtual encryption hard disk data protection method based on intelligent mobile terminal one of claim 5 to 9 Suo Shu, described method also comprises, when creating virtual encryption disk, create the empty virtual disk files of specifying size according to the policing parameter that service end issues; During mount virtual encryption disk, virtual disk files is mapped to the winding equipment in file system in the mode of encryption, then this winding device format is changed into ext4 file system format, under again this winding hanging equipment being connected to system path, when unloading virtual encryption disk, unload the winding equipment of this carry, and remove the mapping relations between disk file and winding equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510075859.3A CN104615946A (en) | 2015-02-13 | 2015-02-13 | Virtual encrypted disk data protection system and method based on intelligent mobile terminals |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510075859.3A CN104615946A (en) | 2015-02-13 | 2015-02-13 | Virtual encrypted disk data protection system and method based on intelligent mobile terminals |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104615946A true CN104615946A (en) | 2015-05-13 |
Family
ID=53150385
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510075859.3A Pending CN104615946A (en) | 2015-02-13 | 2015-02-13 | Virtual encrypted disk data protection system and method based on intelligent mobile terminals |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104615946A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106650477A (en) * | 2016-12-28 | 2017-05-10 | 郑州云海信息技术有限公司 | Encryption method and apparatus |
| CN107944292A (en) * | 2017-11-15 | 2018-04-20 | 北京邮电大学 | A kind of private data guard method and system |
| WO2019071892A1 (en) * | 2017-10-13 | 2019-04-18 | 平安科技(深圳)有限公司 | Method for transmitting masking rules for sensitive information, application server, and computer readable storage medium |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101800811A (en) * | 2010-02-02 | 2010-08-11 | 中国软件与技术服务股份有限公司 | Mobile phone data security protection method |
| CN101847184A (en) * | 2009-12-16 | 2010-09-29 | 深圳市虹安信息技术有限公司 | Method for encrypting files by adopting encryption sandbox |
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN101950347A (en) * | 2010-09-21 | 2011-01-19 | 烟台海颐软件股份有限公司 | Method and system for encrypting data |
| CN102184356A (en) * | 2011-04-21 | 2011-09-14 | 奇智软件(北京)有限公司 | Method, device and safety browser by utilizing sandbox technology to defend |
| CN102223359A (en) * | 2010-07-29 | 2011-10-19 | 上海华御信息技术有限公司 | Network hard disk backup file data safe system and method based on virtual disk |
| WO2012045128A1 (en) * | 2010-10-08 | 2012-04-12 | Ecred Pty Ltd | System and method of conducting transactions |
| CN102457567A (en) * | 2010-11-08 | 2012-05-16 | 中标软件有限公司 | Mirror image backup/recovery method and tool of web management mode |
| CN102761559A (en) * | 2012-08-02 | 2012-10-31 | 上海上讯信息技术有限公司 | Private data-based network security sharing method and communication terminal |
| CN102880498A (en) * | 2012-09-13 | 2013-01-16 | 深圳市佳创软件有限公司 | Method of virtual SD (Security Digital) card on device with android system |
| CN103425936A (en) * | 2012-05-18 | 2013-12-04 | 联想(北京)有限公司 | Method and electronic instrument for achieving data security |
| CN104200176A (en) * | 2014-08-28 | 2014-12-10 | 电子科技大学 | System and method for carrying out transparent encryption and decryption on file in intelligent mobile terminal |
-
2015
- 2015-02-13 CN CN201510075859.3A patent/CN104615946A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101847184A (en) * | 2009-12-16 | 2010-09-29 | 深圳市虹安信息技术有限公司 | Method for encrypting files by adopting encryption sandbox |
| CN101800811A (en) * | 2010-02-02 | 2010-08-11 | 中国软件与技术服务股份有限公司 | Mobile phone data security protection method |
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN102223359A (en) * | 2010-07-29 | 2011-10-19 | 上海华御信息技术有限公司 | Network hard disk backup file data safe system and method based on virtual disk |
| CN101950347A (en) * | 2010-09-21 | 2011-01-19 | 烟台海颐软件股份有限公司 | Method and system for encrypting data |
| WO2012045128A1 (en) * | 2010-10-08 | 2012-04-12 | Ecred Pty Ltd | System and method of conducting transactions |
| CN102457567A (en) * | 2010-11-08 | 2012-05-16 | 中标软件有限公司 | Mirror image backup/recovery method and tool of web management mode |
| CN102184356A (en) * | 2011-04-21 | 2011-09-14 | 奇智软件(北京)有限公司 | Method, device and safety browser by utilizing sandbox technology to defend |
| CN103425936A (en) * | 2012-05-18 | 2013-12-04 | 联想(北京)有限公司 | Method and electronic instrument for achieving data security |
| CN102761559A (en) * | 2012-08-02 | 2012-10-31 | 上海上讯信息技术有限公司 | Private data-based network security sharing method and communication terminal |
| CN102880498A (en) * | 2012-09-13 | 2013-01-16 | 深圳市佳创软件有限公司 | Method of virtual SD (Security Digital) card on device with android system |
| CN104200176A (en) * | 2014-08-28 | 2014-12-10 | 电子科技大学 | System and method for carrying out transparent encryption and decryption on file in intelligent mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| 陈向群等: "《Windows内核实验教程》", 30 September 2002 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106650477A (en) * | 2016-12-28 | 2017-05-10 | 郑州云海信息技术有限公司 | Encryption method and apparatus |
| WO2019071892A1 (en) * | 2017-10-13 | 2019-04-18 | 平安科技(深圳)有限公司 | Method for transmitting masking rules for sensitive information, application server, and computer readable storage medium |
| CN107944292A (en) * | 2017-11-15 | 2018-04-20 | 北京邮电大学 | A kind of private data guard method and system |
| CN107944292B (en) * | 2017-11-15 | 2020-06-02 | 北京邮电大学 | Privacy data protection method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109460660B (en) | Mobile device safety management system | |
| US10511601B2 (en) | Security control method for social network user, social application device and terminal | |
| US10003962B2 (en) | Method and terminal for keeping subscriber identity module card in standby state | |
| US9143512B2 (en) | Communication devices, computer readable storage devices, and methods for secure multi-path communication | |
| KR101505763B1 (en) | Method for exporting and importing data of a javacard application | |
| US9781255B1 (en) | Authentication of phone call origination | |
| CN109474650B (en) | Configuration file downloading method and terminal | |
| US20120278611A1 (en) | Vpn-based method and system for mobile communication terminal to access data securely | |
| WO2016101384A1 (en) | Dual-system switch based data security processing method and apparatus | |
| KR20160009966A (en) | A method and apparatus for updating profile managing server | |
| CN103647784B (en) | A kind of method and apparatus of public and private isolation | |
| WO2021016275A1 (en) | Systems and methods of gesture triggered automatic erasure on a private network | |
| CN105657712B (en) | Access control method and device for WiFi hotspot | |
| EP2965553A1 (en) | Method and apparatus for multisim devices with embedded sim functionality | |
| WO2017045417A1 (en) | Remote control method and apparatus and mobile terminal | |
| CN109857571B (en) | Clipboard control method and device | |
| KR20060120057A (en) | Binding content to a user | |
| WO2012041228A1 (en) | Method for component access control and electronic device | |
| CN101917513A (en) | Method and device for implementing graded display of privacy information | |
| CN104615946A (en) | Virtual encrypted disk data protection system and method based on intelligent mobile terminals | |
| CN100459816C (en) | Encrypted information processing method and terminal | |
| CN106375996B (en) | Virtual user identity identification card protection method, application processor and terminal | |
| CN102368798A (en) | Mobile phone setting control system, control method thereof, mobile phone setting method, apparatus thereof and mobile phone | |
| CN106648974A (en) | Data backup method and mobile terminal | |
| CN104994498B (en) | The method and system that a kind of terminal applies are interacted with mobile phone card application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150513 |