CN107092836A - A kind of data guard method and device based on system encryption - Google Patents
A kind of data guard method and device based on system encryption Download PDFInfo
- Publication number
- CN107092836A CN107092836A CN201710200519.8A CN201710200519A CN107092836A CN 107092836 A CN107092836 A CN 107092836A CN 201710200519 A CN201710200519 A CN 201710200519A CN 107092836 A CN107092836 A CN 107092836A
- Authority
- CN
- China
- Prior art keywords
- operating system
- terminal device
- disk space
- module
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
This application discloses a kind of data guard method and device based on system encryption, the problem of security to solve data guard method presence in the prior art is poor.This method includes:Receive the access password of user's input;Judge to access whether password is the corresponding access password of the first operating system;If not the corresponding access password of the first operating system, judges whether terminal device connects default hardware identification equipment;If connecting default hardware identification equipment, authentication is carried out to default hardware identification equipment according to authentication information;If certification passes through, the corresponding disk drive file of enciphering hiding virtual disk space in terminal device is decrypted according to file encryption-decryption information, enciphering hiding virtual disk space is obtained;Enciphering hiding virtual disk space is decrypted according to file encryption-decryption information, the second operating system is logged in, the second operating system is arranged in enciphering hiding virtual disk space, and the local data of protection in need is preserved in the second operating system.
Description
Technical field
The application is related to information security field, more particularly to a kind of data guard method and device based on system encryption.
Background technology
With the arrival of information age, the safety issue of data is increasingly valued by people.
In actual applications, typically local data can be encrypted by user, to protect local data, it is to avoid local data
It is stolen by others, such as provides the data in password authentication protection compressed package by tool of compression software, or, it is soft using encrypting
Part local data is encrypted protection etc..
But above-mentioned data guard method security is poor, such as, and the terminal where undesirable invades local data
The operations such as after equipment, undesirable is tracked by decryption software for the data after encryption, decompiling, just may crack and add
Close data, or, after the terminal device where undesirable's invasion local data, encrypted data can be arbitrarily deleted,
Again or, the data after encryption may be by wooden horse or viral subversive etc..
Therefore, at present, a kind of data guard method is needed badly, for solving the peace that data guard method is present in the prior art
The problem of property is poor entirely.
The content of the invention
The embodiment of the present application provides a kind of data guard method and device based on system encryption, to solve prior art
The problem of security that middle data guard method is present is poor.
The embodiment of the present application uses following technical proposals:
A kind of data guard method based on system encryption, methods described includes:
Receive the access password of user's input;
Judge user input access password whether be terminal device the corresponding access password of the first operating system,
Wherein, first operating system, which is not preserved, needs local data to be protected;
If the access password for judging user's input is the corresponding access password of first operating system, basis
The access password of user's input, logs in first operating system;
If the access password for judging user's input is not the corresponding access password of first operating system, sentence
Whether the terminal device that breaks connects default hardware identification equipment, wherein, include and recognize in the default hardware identification equipment
Demonstrate,prove information and file encryption-decryption information;
If judging, the terminal device is not connected with the default hardware identification equipment, exports for reminding the use
The information of the access code error of family input;
If judging, the terminal device connects the default hardware identification equipment, right according to the authentication information
The default hardware identification equipment carries out authentication;
If authentication does not pass through, the information of the access code error for reminding user's input is exported;
It is empty to the enciphering hiding in the terminal device according to the file encryption-decryption information if authentication passes through
Intend the corresponding disk drive file of disk space to be decrypted, obtain the enciphering hiding virtual disk space;
According to the file encryption-decryption information, the enciphering hiding virtual disk space is decrypted, the end is logged in
Second operating system of end equipment, wherein, second operating system is arranged in the enciphering hiding virtual disk space, institute
State the local data that protection in need is preserved in the second operating system.
A kind of data protecting device based on system encryption, described device includes:
Receiving module, the access password for receiving user's input;
Judge module, for judge user input access password whether be terminal device the first operating system pair
The access password answered, wherein, first operating system, which is not preserved, needs local data to be protected;
Login module, for judging that the access password of user's input is the described first operation in the judge module
System is corresponding when accessing password, and the access password inputted according to the user logs in first operating system;
The judge module, is additionally operable to judge that the access password of user's input is not described in the judge module
First operating system it is corresponding access password when, judge whether the terminal device connects default hardware identification equipment, wherein,
Authentication information and file encryption-decryption information are included in the default hardware identification equipment;
Output module, for judging that the terminal device is not connected with the default hardware identification in the judge module
During equipment, the information of the access code error for reminding user's input is exported;
Authentication module, for judging that the terminal device connects the default hardware identification and set in the judge module
It is standby, according to the authentication information, authentication is carried out to the default hardware identification equipment;
The output module, is additionally operable to when the authentication module gets the unsanctioned result of authentication, output is used
In the information for the access code error for reminding user's input;
Deciphering module, for when the authentication module gets the result that authentication passes through, being added according to the file
Confidential information is solved, the corresponding disk drive file of enciphering hiding virtual disk space in the terminal device is decrypted, obtained
Take the enciphering hiding virtual disk space;
The deciphering module, is additionally operable to according to the file encryption-decryption information, to the enciphering hiding virtual disk space
It is decrypted, then login module, is additionally operable to log in the second operating system of the terminal device, wherein, the second operation system
System is arranged in the enciphering hiding virtual disk space, and the local number of protection in need is preserved in second operating system
According to.
At least one above-mentioned technical scheme that the embodiment of the present application is used can reach following beneficial effect:
The data guard method based on system encryption provided using the embodiment of the present application, installs two in terminal device
Being not present in operating system, i.e. the first operating system and the second operating system, the first operating system needs local number to be protected
According to, the local of protection in need is preserved in the second operating system, wherein, after terminal device is unlocked, logging in the first operation system
Before system and the second operating system, the first operating system can be perceived, but the second operating system can not be but perceived
Arrive, the mode being only combined in software and hardware, i.e., the access password only inputted in user does not access for the first operation is corresponding
Password, terminal device connect upper default hardware identification equipment and the default hardware identification equipment identities certification passes through rear,
The file encryption-decryption information that can be included according to default hardware identification equipment so that the second operating system is by that can not be perceived
To state be changed into the state that can be perceived.
On the one hand, undesirable can be mistakenly considered in terminal device to only exist the first operating system, even if undesirable enters
Invade into the first operating system, local data to be protected is needed due to being not present in the first operating system, undesirable can not yet
Stealing or destroying needs local data to be protected, and computer virus or wooden horse can not also perceive depositing for the second operating system
Can not also be destroyed in, computer virus or wooden horse needs data to be protected, so as to improve data guard method in the prior art
Security;
Still further aspect, the shape that can be perceived is changed into by the second operating system by the state that can not be perceived
State is, it is necessary to which the condition met is more complicated, not only including software condition, in addition to hardware condition wherein in the condition, even if illegal
One's share of expenses for a joint undertaking know in terminal device exist the second operating system, undesirable also it is more difficult by the second operating system by that can not be perceived
State be changed into the state that can be perceived, so as to improve the security of data guard method in the prior art.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, constitutes the part of the application, this Shen
Schematic description and description please is used to explain the application, does not constitute the improper restriction to the application.In the accompanying drawings:
A kind of implementation process signal for data guard method based on system encryption that Fig. 1 provides for the embodiment of the present application
Figure;
A kind of concrete structure signal for data protecting device based on system encryption that Fig. 2 provides for the embodiment of the present application
Figure.
Embodiment
To make the purpose, technical scheme and advantage of the application clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described corresponding accompanying drawing.Obviously, described embodiment is only the application one
Section Example, rather than whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Go out the every other embodiment obtained under the premise of creative work, belong to the scope of the application protection.
Below in conjunction with accompanying drawing, the technical scheme that each embodiment of the application is provided is described in detail.
In order to solve the problem of security that data guard method in the prior art is present is poor, application embodiment provides one
Plant the data guard method based on system encryption.In the embodiment of the present application, executive agent can be but be not limited to PC, put down
Equipment such as plate computer or mobile phone etc., or the application (Application, APP) run in these equipment.Wherein it is to be appreciated that
The executive agent of this method is above equipment or application a kind of simply exemplary explanation, is not construed as the limit to this method
It is fixed.For ease of description, the executive agent of the embodiment of the present application in this way be terminal device exemplified by, to the embodiment of this method
It is introduced.
The idiographic flow schematic diagram of this method is as shown in figure 1, comprise the steps:
Step 101, the access password of user's input is received.
Terminal device after power-up, terminal device and indirect register system, but first have to user identity
It is authenticated, after authenticating user identification after, then performs follow-up cycle and taking corresponding operation, can so prevent to a certain extent
Undesirable's using terminal equipment.
Specifically, terminal device is after power-up, just eject can include in a user interface, the user interface for
Family input accesses the input frame of password, and determines control, and user is clicked on after input accesses password and determines control, and terminal is set
It is standby just to receive the access password of user's input.
Above-mentioned terminal device can be any terminal device, such as the terminal device such as PC, tablet personal computer or mobile phone,
As long as the terminal device can realize the data guard method based on system encryption that the embodiment of the present application is provided.
Step 102, judge user input access password whether be terminal device the first operating system it is corresponding
Password is accessed, wherein, not preserved in first operating system needs local data to be protected.
If the access password for judging user's input is the corresponding access password of first operating system, perform
Step 107;If the access password for judging user's input is not the corresponding access password of first operating system, hold
Row step 103.
In the embodiment of the present application, the corresponding access password of the first operating system can be preserved in terminal device in advance,
After terminal device receives the access password of user's input, terminal device just can be stored in this by the access password, and in advance
The corresponding password that accesses of first operating system on ground is compared, if identical, judges the access password of user's input as first
The corresponding access password of operating system;Otherwise, then judge that the access password of user's input is not visited as the first operating system is corresponding
Ask password.
Step 103, judge whether the terminal device connects default hardware identification equipment, wherein, it is described default hard
Authentication information and file encryption-decryption information are included in part authenticating device.
If judging, the terminal device is not connected with the default hardware identification equipment, performs step 108;If judging
Go out the terminal device and connect the default hardware identification equipment, then perform step 104.
Wherein, above-mentioned terminal device, including the interface that can be attached with external equipment, such as USB interface.It is above-mentioned pre-
If hardware identification equipment, can be set for the hardware that can set up data cube computation by the interface on terminal device and terminal device
It is standby, such as can be the hardware device such as USB flash disk or USB Key.
In the embodiment of the present application, terminal device can first judge whether terminal device has connected hardware device, if sentencing
Break and terminal device connection and gone up hardware device, then judge whether the hardware device is default hardware identification equipment, if judging
Go out the hardware device for default hardware identification equipment, then judge that default hardware identification equipment has been gone up in terminal device connection.
Specifically, generally, terminal device possesses the ability whether monitoring terminal equipment connects hardware device, when
When terminal device does not monitor that terminal device connects upper hardware device, the not connected upper hardware device of the terminal device is just judged;
When terminal device monitors terminal device connection above hardware device, the upper hardware device of terminal device connection is just judged.
On terminal device connection is judged after hardware device, terminal device can be judged in connection by following methods
Hardware device whether be default hardware identification equipment:
Hardware device itself is provided with identity, and when the upper terminal device of hardware device connection, terminal device just can be obtained
Get the identity of the hardware device.So in the embodiment of the present application, it can be set in advance for default hardware identification equipment
Put identity, and it is local that the identity is stored in into terminal device in advance.When terminal device monitors terminal device itself
In connection after hardware device, the identity of the hardware device can be obtained, if the identity with being stored in terminal device in advance
Local identity is identical, and just can determine whether out the hardware device is default hardware identification equipment, otherwise, just judges that this is hard
Part equipment is not default hardware identification equipment.
When the hardware device for judging terminal device connection is default hardware identification equipment, terminal device is just judged
Default hardware identification equipment in connection;When the hardware device for judging terminal device connection does not set for default hardware identification
When standby, the not connected default hardware identification equipment of terminal device is just judged.
Step 104, according to the authentication information, authentication is carried out to the default hardware identification equipment.
If authentication does not pass through, step 108 is performed;If authentication passes through, step 105 is performed.
Can be as follows to the mode that default hardware identification equipment carries out authentication:
After terminal device connection above default hardware identification equipment is judged, terminal device can eject PIN code certification window
Mouthful, the input frame that PIN code is inputted for user is may include in the authentication window, user is inputted after PIN code in the input frame, terminal
The PIN that the PIN code and authentication information that equipment can input user include is compared, if differing, and judges that identity is recognized
Card does not pass through;If identical, the digital certificate included according to the authentication information enters to the default hardware identification equipment
Row authentication, so judge authentication by or do not pass through.
, wherein it is desired to explanation, the digital certificate in default hardware identification equipment is to default hardware identification
Equipment carry out authentication, and then judge authentication by or unsanctioned method, be prior art, no longer gone to live in the household of one's in-laws on getting married herein
State.
Step 105, according to the file encryption-decryption information, to the enciphering hiding virtual disk space in the terminal device
Corresponding disk drive file is decrypted, and obtains the enciphering hiding virtual disk space.
Step 106, according to the file encryption-decryption information, the enciphering hiding virtual disk space is decrypted, stepped on
The second operating system of terminal device is recorded, wherein, second operating system is arranged on the enciphering hiding virtual disk space
In, the local data of protection in need is preserved in second operating system.
In order that reader be readily appreciated that why the embodiment of the present application provide the data guard method based on system encryption
The problem of security that data guard method in the prior art is present is relatively low can be solved, encrypted virtual is first introduced below and hides disk
The creation method in space, the first operating system and the second operating system:
(1) encrypted virtual can be created according to following methods and hides disk space:
When first operating system and the second operating system are not installed in the terminal device, log in the terminal and set
Standby the 3rd operating system being currently installed on, wherein, the 3rd operating system is arranged on system disk space, judges the terminal
Whether equipment connects default hardware identification equipment, if judging, the terminal device connects the default hardware identification and set
It is standby, then according to the authentication information, authentication is carried out to the default hardware identification equipment, if authentication passes through,
Encryption folder is created in any one local disk space outside the system disk space, is mapped by virtual disk
Technology, encrypted virtual disk space is mapped to by the encryption folder, according to the file encryption-decryption information, to the encryption
The corresponding disk drive file of virtual disk space is encrypted, and the corresponding encryption of the disk drive file after encryption is empty
Intend disk space and be defined as the hiding disk space of the encrypted virtual.
Wherein, it may include not only to be used to encrypt but also the key for decrypting in file encryption-decryption information, and/or it is asymmetric close
Key.Can be according to actual conditions, selection is using key not only for encrypting but also for decrypting, or the public affairs in unsymmetrical key
Key, above-mentioned disk drive file is encrypted.If what is used is not only used to encrypt but also be used for the key decrypted to above-mentioned disk
Drive file carry out encryption, then when above-mentioned disk drive file is decrypted, just can be used this be not only used for encryption but also
Key for decryption is to above-mentioned disk drive file is decrypted;If the public key in the unsymmetrical key used is to above-mentioned
The encryption that disk drive file is carried out, then when above-mentioned disk drive file is decrypted, above-mentioned public key pair just can be used
Above-mentioned disk drive file is decrypted the private key answered.In addition, above-mentioned virtual disk mapping techniques are prior art, herein not
Repeated again.
(2) the second operating system can be created according to following methods:
The corresponding encrypted virtual disk space of the disk drive file after encryption is defined as the encrypted virtual hidden
Hide after disk space, the corresponding 3rd operating system installation file of the 3rd operating system is cloned into the encrypted virtual
Disk space is hidden, the terminal device is restarted, the 3rd operating system is logged in, judges whether the terminal device connects pre-
If hardware identification equipment, if judging, the terminal device connects the default hardware identification equipment, recognizes according to
Information is demonstrate,proved, authentication is carried out to the default hardware identification equipment, if authentication passes through, solution is added according to the file
Confidential information, hides the corresponding disk drive file of disk space to the encrypted virtual and is decrypted, obtain the encrypted virtual
Hide disk space, according to the file encryption-decryption information, disk space hidden to the encrypted virtual and is decrypted, according to gram
The encrypted virtual hides the 3rd operating system installation file of disk space, and disk is hidden in the encrypted virtual
4th operating system is installed in space, the terminal device and the connection of the default hardware identification equipment is disconnected, institute is wiped
The 3rd operating system is stated, the 4th operating system is defined as second operating system.
Wherein, above-mentioned 3rd operating system and the 4th operating system are identical operating system, and only above two is grasped
Make system in different disk spaces, in order to be distinguish between to the two operating systems, just will be arranged on encrypted virtual
The operating system hidden in disk space is named as the 4th operating system.
According to above it will be appreciated that, may include not only to be used to encrypt and for the key of decryption in file encryption-decryption information, it is and/or non-
Symmetric key.Can be according to actual conditions, selection is the key using being not only used to encrypt but also for decrypting, or in unsymmetrical key
Public key, to above-mentioned encrypted virtual hide disk space be encrypted.If what is used is not only used for encryption but also close for what is decrypted
Key hides the encryption that disk space is carried out to above-mentioned encrypted virtual, then solved hiding disk space to above-mentioned encrypted virtual
When close, this just can be used not only to be used to encrypt but also solved for the key of decryption to hiding disk space to above-mentioned encrypted virtual
It is close;If the public key in the unsymmetrical key used hides the encryption that disk space is carried out to above-mentioned encrypted virtual, then right
When the hiding disk space of above-mentioned encrypted virtual is decrypted, it just can be used the corresponding private key of above-mentioned public key hidden to above-mentioned encrypted virtual
Disk space is hidden to be decrypted.
In the embodiment of the present application, to the corresponding disk drive text of enciphering hiding virtual disk space in terminal device
Part, and enciphering hiding virtual disk space is when being encrypted, can be according to actual conditions, it is determined that being to use identical key pair
Above-mentioned disk drive file, and enciphering hiding virtual disk space are encrypted, or using different keys to above-mentioned magnetic
Dish driving file, and enciphering hiding virtual disk space are encrypted, and the embodiment of the present application is limited without any this.
After the second operating system is created that, in order to further improve the sheet protected in the second operating system the need for preservation
The security of ground data, can also set the corresponding access password of the second operating system, with cause the second operating system be more difficult to by
Open.So, in the step 102 in performing the data guard method that the application is provided, if judging user's input
It is not the corresponding access password of first operating system to access password, before step 103 and subsequent step is performed, can also be sentenced
Whether the access password of disconnected user's input is the corresponding access password of the second operating system.If judging, the access of user's input is close
Code is the corresponding access password of the second operating system, then performs step 103 and subsequent step;If judging the visit of user's input
It is not the corresponding access password of the second operating system to ask password, then performs step 108.Special instruction is needed exist for, due to
Corresponding access password is provided with to the second operating system, so can not be according to upper when performing the operation for logging in the second operating system
The step 106 that text is referred to is performed, and the enciphering hiding virtual disk space can be entered according to the file encryption-decryption information
After row decryption, the second operating system of the access password login terminal device inputted according to user.In addition, the second operating system pair
The access password password that accesses corresponding from the first operating system answered should be different, and otherwise, terminal device just can not perform step all the time
Rapid 103 and follow-up correlation step, the second operating system just can not be logged in, leads to not need local data preservation to be protected
In the second operating system, and then it just can not protect need local data to be protected.
In addition, in order to further enhance be stored in the second operating system the need for the security of local data protected,
The key not only for encrypting but also for decrypting included in file encryption-decryption information, or unsymmetrical key key can be used, it is right
The local data protected the need for being stored in the second operating system is encrypted, and after the second operating system is logged in, terminal is set
Above-mentioned need local data to be protected is decrypted the standby corresponding key just included according to file encryption-decryption information.
(3) the first operating system can be created according to following methods:
4th operating system is defined as after second operating system, the terminal device is restarted, institute is judged
State whether terminal device connects default hardware identification equipment, the terminal device connects the default hardware and recognized if judging
Equipment is demonstrate,proved, then according to the authentication information, authentication is carried out to the default hardware identification equipment, if authentication is logical
Cross, then according to the file encryption-decryption information, to the corresponding disk of enciphering hiding virtual disk space in the terminal device
Driving file is decrypted, and obtains the enciphering hiding virtual disk space, according to the file encryption-decryption information, adds to described
Close hiding virtual disk space is decrypted, the second operating system of registration terminal equipment, pacifies in the system disk space
The 5th operating system is filled, the 5th operating system is defined as first operating system.
In order to strengthen the security of the first operating system, it is the 5th operating system is defined as into first operation
Before system, can also transparent encryption be carried out to the 5th operating system.Wherein transparent encryption is prior art, is no longer carried out herein
It is any to repeat.
Wherein, above-mentioned 5th operating system can be identical with the first operating system and the second operating system, can also not
Together, the application is limited without any this.In addition, any one operating system mentioned hereinabove can be any type of
Operating system, the application is also limited this without any.
The creation method that encrypted virtual hides disk space, the first operating system and the second operating system is finished introducing
Afterwards, just introduce why the data guard method based on system encryption that the embodiment of the present application is provided can be solved in the prior art below
Data guard method exist security it is relatively low the problem of:
First, after terminal device is opened, and the first operating system not in registration terminal equipment and the second behaviour
When making system, the corresponding disk drive file of disk space is hidden due to encrypted virtual and is in encrypted state, then encrypted virtual
The data hidden disk space, the second operating system and protected the need for being stored in the second operating system, are also at nothing
The perceived state of method;And the corresponding disk drive file of system disk space is not encrypted, then said system disk is empty
Between and the first operating system be in the state that can be perceived.Due to the first operating system can only be perceived, it will cause
Undesirable is mistakenly considered to only exist an operating system, i.e. the first operating system in terminal device, then even if undesirable
The first operating system has been invaded, local data to be protected has been needed due to being not present in the first operating system, therefore, undesirable is just
Can not steal or damage needs data to be protected, even if in addition, computer virus or inbreaking of Trojan horse terminal device, due to the second behaviour
Make system and need local data to be protected not to be perceived, so computer virus or wooden horse also can only be to the first operation
Data in system are stolen or damaged, and can not steal or damage the local number protected the need for being preserved in the second operating system
According to.
Second, it is necessary in the case where software and hardware condition is satisfied by, just can be by the second operating system by that can not be perceived
The state arrived, is changed into the state that can be perceived, even if undesirable, which is known, has two operating systems in terminal device,
There is the first operating system and the second operating system, due to the second operating system, by the state that can not be perceived, being changed
The condition of state for that can be perceived is more complicated, therefore, and undesirable invades the second operating system and then steals or damage
Need the possibility of local data to be protected relatively low.
Therefore, the data guard method that the embodiment of the present application is provided, which can solve data guard method of the prior art, to be present
Security it is relatively low the problem of.
Step 107, the access password inputted according to the user, logs in first operating system.
Step 108, the information of the access code error for reminding user's input is exported.
Wherein, can be with image during the information for the access code error that terminal device is used to remind user to input in output
Or the arbitrary form such as sound exports the information of the access for reminding user to input.
The data guard method based on system encryption provided using the embodiment of the present application, installs two in terminal device
Being not present in operating system, i.e. the first operating system and the second operating system, the first operating system needs local number to be protected
According to, the local of protection in need is preserved in the second operating system, wherein, after terminal device is unlocked, logging in the first operation system
Before system and the second operating system, the first operating system can be perceived, but the second operating system can not be but perceived
Arrive, the mode being only combined in software and hardware, i.e., the access password only inputted in user does not access for the first operation is corresponding
Password, terminal device connect upper default hardware identification equipment and the default hardware identification equipment identities certification passes through rear,
The file encryption-decryption information that can be included according to default hardware identification equipment so that the second operating system is by that can not be perceived
To state be changed into the state that can be perceived;
On the one hand, undesirable can be mistakenly considered in terminal device to only exist the first operating system, even if undesirable enters
Invade into the first operating system, local data to be protected is needed due to being not present in the first operating system, undesirable can not yet
Stealing or destroying needs local data to be protected, and computer virus or wooden horse can not also perceive depositing for the second operating system
Can not also be destroyed in, computer virus or wooden horse needs data to be protected, so as to improve data guard method in the prior art
Security;
Still further aspect, the shape that can be perceived is changed into by the second operating system by the state that can not be perceived
State is, it is necessary to which the condition met is more complicated, not only including software condition, in addition to hardware condition wherein in the condition, even if illegal
One's share of expenses for a joint undertaking know in terminal device exist the second operating system, undesirable also it is more difficult by the second operating system by that can not be perceived
State be changed into the state that can be perceived, so as to improve the security of data guard method in the prior art.
The data guard method based on system encryption provided above for the embodiment of the present application, based on same thinking, sheet
Application also provides a kind of data protecting device based on system encryption.
As shown in Fig. 2 a kind of structure of the data protecting device based on system encryption provided for the embodiment of the present application is shown
It is intended to, mainly including following apparatus:
Receiving module 21, the access password for receiving user's input.
Judge module 22, for judge user input access password whether be terminal device the first operating system
Corresponding access password, wherein, first operating system, which is not preserved, needs local data to be protected.
Login module 23, for judging that the access password of user's input is the described first behaviour in the judge module
When making that system is corresponding to access password, the access password inputted according to the user logs in first operating system.
The judge module 22, is additionally operable to judge that the access password of user's input is not institute in the judge module
State the first operating system it is corresponding access password when, judge whether the terminal device connects default hardware identification equipment, its
In, authentication information and file encryption-decryption information are included in the default hardware identification equipment.
Output module 24, for judging that the terminal device is not connected with the default hardware and recognized in the judge module
When demonstrate,proving equipment, the information of the access code error for reminding user's input is exported.
Authentication module 25, for judging that the terminal device connects the default hardware identification in the judge module
Equipment, according to the authentication information, authentication is carried out to the default hardware identification equipment;
The output module 24, is additionally operable to when the authentication module gets the unsanctioned result of authentication, output
For the information for the access code error for reminding user's input.
Deciphering module 26, for when the authentication module gets the result that authentication passes through, according to the file
Encryption and decryption information, the corresponding disk drive file of enciphering hiding virtual disk space in the terminal device is decrypted,
Obtain the enciphering hiding virtual disk space.
The deciphering module 26, is additionally operable to, according to the file encryption-decryption information, circle or whirl in the air to the enciphering hiding virtual magnetic
Between be decrypted, then login module, is additionally operable to the second operating system of registration terminal equipment, wherein, second operating system
In the enciphering hiding virtual disk space, the local data of protection in need is preserved in second operating system.
In a kind of implement scene, the login module 23 is additionally operable in the terminal device not install described first
When operating system and the second operating system, the 3rd operating system that the terminal device is currently installed on is logged in, wherein, the described 3rd
Operating system is arranged on system disk space;Then
The judge module 22, for judging whether the terminal device connects default hardware identification equipment;Then
The authentication 25, for judging that the terminal device connection is described default hard in the judge module 22
During part authenticating device, according to the authentication information, authentication is carried out to the default hardware identification equipment;Then
Described device also includes:
Creation module, for when the authentication module 25 gets the result that authentication passes through, in the system
Encryption folder is created in any one local disk space outside system disk space;
Mapping block, for by virtual disk mapping techniques, the encryption folder to be mapped into encrypted virtual disk
Space;
Encrypting module, for according to the file encryption-decryption information, disk corresponding to the encrypted virtual disk space
Driving file is encrypted;
Determining module, for the corresponding encrypted virtual disk space of the disk drive file after encryption to be defined as into institute
State encrypted virtual and hide disk space.
In a kind of implement scene, described device also includes:
Cloning module, in the determining module by the corresponding encrypted virtual magnetic of the disk drive file after encryption
Disk space is defined as after the hiding disk space of the encrypted virtual, by corresponding 3rd operating system of the 3rd operating system
Installation file is cloned into the encrypted virtual and hides disk space;Then
The login module 23, is additionally operable to restart the terminal device, logs in the 3rd operating system;
The judge module 22, for judging whether the terminal device connects default hardware identification equipment;Then
The authentication 25, for judging that the terminal device connection is described default hard in the judge module 22
During part authenticating device, according to the authentication information, authentication is carried out to the default hardware identification equipment;
The deciphering module 26, for when the authentication module 25 gets the result that authentication passes through, according to institute
File encryption-decryption information is stated, the corresponding disk drive file of enciphering hiding virtual disk space in the terminal device is carried out
Decryption, obtains the enciphering hiding virtual disk space;
The deciphering module 26, is additionally operable to, according to the file encryption-decryption information, circle or whirl in the air to the enciphering hiding virtual magnetic
Between be decrypted;Then
Described device also includes:
Module is installed, for being installed according to the 3rd operating system for being cloned into the hiding disk space of the encrypted virtual
File, the 4th operating system is installed in the encrypted virtual hides disk space;
Disconnect module, the connection for disconnecting the terminal device and the default hardware identification equipment;
Module is wiped, for wiping the 3rd operating system;Then
The determining module, is additionally operable to the 4th operating system being defined as second operating system.
In a kind of implement scene, the judge module 22 is additionally operable to operate system by the described 4th in the determining module
System is defined as after second operating system, restarts the terminal device, judges whether the terminal device connects default
Hardware identification equipment;
The authentication 25, for judging that the terminal device connection is described default hard in the judge module 22
During part authenticating device, according to the authentication information, authentication is carried out to the default hardware identification equipment;
The deciphering module 26, for when the authentication module 25 gets the result that authentication passes through, according to institute
File encryption-decryption information is stated, the corresponding disk drive file of enciphering hiding virtual disk space in the terminal device is carried out
Decryption, obtains the enciphering hiding virtual disk space;
The deciphering module 26, is additionally operable to, according to the file encryption-decryption information, circle or whirl in the air to the enciphering hiding virtual magnetic
Between be decrypted, then
The login module 22, for logging in second operating system;
The installation module, for installing the 5th operating system in the system disk space;
The determining module, is additionally operable to the 5th operating system being defined as first operating system.
In a kind of implement scene, the encrypting module 26 is additionally operable to operate system by the described 5th in the determining module
System is defined as before first operating system, and transparent encryption is carried out to the 5th operating system.
In a kind of implement scene, the default hardware identification equipment is USB Key.
The data protecting device based on system encryption provided using the embodiment of the present application, installs two in terminal device
Being not present in operating system, i.e. the first operating system and the second operating system, the first operating system needs local number to be protected
According to, the local of protection in need is preserved in the second operating system, wherein, after terminal device is unlocked, logging in the first operation system
Before system and the second operating system, the first operating system can be perceived, but the second operating system can not be but perceived
Arrive, the mode being only combined in software and hardware, i.e., the access password only inputted in user does not access for the first operation is corresponding
Password, terminal device connect upper default hardware identification equipment and the default hardware identification equipment identities certification passes through rear,
The file encryption-decryption information that can be included according to default hardware identification equipment so that the second operating system is by that can not be perceived
To state be changed into the state that can be perceived;
On the one hand, undesirable can be mistakenly considered in terminal device to only exist the first operating system, even if undesirable enters
Invade into the first operating system, local data to be protected is needed due to being not present in the first operating system, undesirable can not yet
Stealing or destroying needs local data to be protected, and computer virus or wooden horse can not also perceive depositing for the second operating system
Can not also be destroyed in, computer virus or wooden horse needs data to be protected, so as to improve data guard method in the prior art
Security;
Still further aspect, the shape that can be perceived is changed into by the second operating system by the state that can not be perceived
State is, it is necessary to which the condition met is more complicated, not only including software condition, in addition to hardware condition wherein in the condition, even if illegal
One's share of expenses for a joint undertaking know in terminal device exist the second operating system, undesirable also it is more difficult by the second operating system by that can not be perceived
State be changed into the state that can be perceived, so as to improve the security of data guard method in the prior art.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein
Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of key elements are not only including those key elements, but also wrap
Include other key elements being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Also there is other identical element in process, method, commodity or the equipment of element.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product.
Therefore, the application can be using the embodiment in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Form.Deposited moreover, the application can use to can use in one or more computers for wherein including computer usable program code
The shape for the computer program product that storage media is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art
For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent
Replace, improve etc., it should be included within the scope of claims hereof.
Claims (12)
1. a kind of data guard method based on system encryption, it is characterised in that methods described includes:
Receive the access password of user's input;
Judge user input access password whether be terminal device the corresponding access password of the first operating system, its
In, not preserved in first operating system needs local data to be protected;
If the access password for judging user's input is the corresponding access password of first operating system, according to described
The access password of user's input, logs in first operating system;
If the access password for judging user's input is not the corresponding access password of first operating system, institute is judged
State whether terminal device connects default hardware identification equipment, wherein, believe in the default hardware identification equipment comprising certification
Breath and file encryption-decryption information;
If judging, the terminal device is not connected with the default hardware identification equipment, exports for reminding the user defeated
The information of the access code error entered;
If judging, the terminal device connects the default hardware identification equipment, according to the authentication information, to described
Default hardware identification equipment carries out authentication;
If authentication does not pass through, the information of the access code error for reminding user's input is exported;
If authentication passes through, according to the file encryption-decryption information, to the enciphering hiding virtual magnetic in the terminal device
The corresponding disk drive file of disk space is decrypted, and obtains the enciphering hiding virtual disk space;
According to the file encryption-decryption information, the enciphering hiding virtual disk space is decrypted, the terminal is logged in and sets
The second standby operating system, wherein, second operating system is arranged in the enciphering hiding virtual disk space, and described the
The local data of protection in need is preserved in two operating systems.
2. the method as described in claim 1, it is characterised in that it is by following methods that the encrypted virtual, which hides disk space,
Create:
When first operating system and the second operating system are not installed in the terminal device, log in the terminal device and work as
3rd operating system of preceding installation, wherein, the 3rd operating system is arranged on system disk space;
Judge whether the terminal device connects default hardware identification equipment;
If judging, the terminal device connects the default hardware identification equipment, according to the authentication information, to described
Default hardware identification equipment carries out authentication;
If authentication passes through, encryption text is created in any one local disk space outside the system disk space
Part is pressed from both sides;
By virtual disk mapping techniques, the encryption folder is mapped to encrypted virtual disk space;
According to the file encryption-decryption information, disk drive file corresponding to the encrypted virtual disk space is encrypted;
The corresponding encrypted virtual disk space of the disk drive file after encryption is defined as the encrypted virtual and hides magnetic
Disk space.
3. method as claimed in claim 2, it is characterised in that second operating system is installed by following methods:
The corresponding encrypted virtual disk space of the disk drive file after encryption is defined as the encrypted virtual and hides magnetic
After disk space, the corresponding 3rd operating system installation file of the 3rd operating system is cloned into the encrypted virtual and hidden
Disk space;
Restart the terminal device, log in the 3rd operating system;
Judge whether the terminal device connects default hardware identification equipment;
If judging, the terminal device connects the default hardware identification equipment, according to the authentication information, to described
Default hardware identification equipment carries out authentication;
If authentication passes through, according to the file encryption-decryption information, disk space is hidden to the encrypted virtual corresponding
Disk drive file is decrypted, and obtains the encrypted virtual and hides disk space;
According to the file encryption-decryption information, disk space is hidden to the encrypted virtual and is decrypted;
It is empty in the encryption according to the 3rd operating system installation file for being cloned into the hiding disk space of the encrypted virtual
Intend hiding and the 4th operating system is installed in disk space;
Disconnect the connection of the terminal device and the default hardware identification equipment;
Wipe the 3rd operating system;
4th operating system is defined as second operating system.
4. method as claimed in claim 3, it is characterised in that first operating system is installed by following methods:
4th operating system is defined as after second operating system, the terminal device is restarted, the end is judged
Whether end equipment connects default hardware identification equipment;
If judging, the terminal device connects the default hardware identification equipment, according to the authentication information, to described
Default hardware identification equipment carries out authentication;
If authentication passes through, according to the file encryption-decryption information, to the enciphering hiding virtual magnetic in the terminal device
The corresponding disk drive file of disk space is decrypted, and obtains the enciphering hiding virtual disk space;
According to the file encryption-decryption information, the enciphering hiding virtual disk space is decrypted, second behaviour is logged in
Make system;
5th operating system is installed in the system disk space;
5th operating system is defined as first operating system.
5. method as claimed in claim 4, it is characterised in that the 5th operating system is defined as into first operation is
Before system, methods described also includes:
Transparent encryption is carried out to the 5th operating system.
6. the method as described in claim 1, it is characterised in that the default hardware identification equipment is USB Key.
7. a kind of data protecting device based on system encryption, it is characterised in that described device includes:
Receiving module, the access password for receiving user's input;
Judge module, for judge user input access password whether be terminal device the first operating system it is corresponding
Password is accessed, wherein, not preserved in first operating system needs local data to be protected;
Login module, for judging that the access password of user's input is first operating system in the judge module
During corresponding access password, the access password inputted according to the user logs in first operating system;
The judge module, is additionally operable to judge that the access password of user's input is not described first in the judge module
Operating system it is corresponding access password when, judge whether the terminal device connects default hardware identification equipment, wherein, it is described
Authentication information and file encryption-decryption information are included in default hardware identification equipment;
Output module, for judging that the terminal device is not connected with the default hardware identification equipment in the judge module
When, export the information of the access code error for reminding user's input;
Authentication module, for judging that the terminal device connects the default hardware identification equipment in the judge module,
According to the authentication information, authentication is carried out to the default hardware identification equipment;
The output module, is additionally operable to, when the authentication module gets the unsanctioned result of authentication, export for carrying
The information for the access code error that the user that wakes up inputs;
Deciphering module, for when the authentication module gets the result that authentication passes through, according to the file encryption-decryption
Information, the corresponding disk drive file of enciphering hiding virtual disk space in the terminal device is decrypted, and obtains institute
State enciphering hiding virtual disk space;
The deciphering module, is additionally operable to according to the file encryption-decryption information, and the enciphering hiding virtual disk space is carried out
Decryption, then login module, is additionally operable to log in the second operating system of the terminal device, wherein, the second operating system peace
In the enciphering hiding virtual disk space, the local data of protection in need is preserved in second operating system.
8. device as claimed in claim 7, it is characterised in that:
The login module, is additionally operable to not install first operating system and the second operating system in the terminal device
When, the 3rd operating system that the terminal device is currently installed on is logged in, wherein, the 3rd operating system is arranged on system disk
Space;
The judge module, for judging whether the terminal device connects default hardware identification equipment;Then
The authentication, for judging that the terminal device connects the default hardware identification and set in the judge module
When standby, according to the authentication information, authentication is carried out to the default hardware identification equipment;Then
Described device also includes:
Creation module, for when the authentication module gets the result that authentication passes through, in the system disk
Encryption folder is created in any one local disk space outside space;
Mapping block, for by virtual disk mapping techniques, the encryption folder to be mapped into encrypted virtual disk space;
Encrypting module, for according to the file encryption-decryption information, disk drive corresponding to the encrypted virtual disk space
File is encrypted;
Determining module, for the corresponding encrypted virtual disk space of the disk drive file after encryption to be defined as into described add
Close virtually hiding disk space.
9. device as claimed in claim 8, it is characterised in that institute's device also includes:
Cloning module, in the determining module that the corresponding encrypted virtual disk of the disk drive file after encryption is empty
Between be defined as after the encrypted virtual hides disk space, will the installation of the 3rd operating system corresponding 3rd operating system
File is cloned into the encrypted virtual and hides disk space;Then
The login module, is additionally operable to restart the terminal device, logs in the 3rd operating system;
The judge module, for judging whether the terminal device connects default hardware identification equipment;Then
The authentication, for judging that the terminal device connects the default hardware identification and set in the judge module
When standby, according to the authentication information, authentication is carried out to the default hardware identification equipment;
The deciphering module, for when the authentication module gets the result that authentication passes through, being added according to the file
Confidential information is solved, the corresponding disk drive file of enciphering hiding virtual disk space in the terminal device is decrypted, obtained
Take the enciphering hiding virtual disk space;
The deciphering module, is additionally operable to according to the file encryption-decryption information, and the enciphering hiding virtual disk space is carried out
Decryption;Then
Described device also includes:
Module is installed, for installing text according to the 3rd operating system for being cloned into the hiding disk space of the encrypted virtual
Part, the 4th operating system is installed in the encrypted virtual hides disk space;
Disconnect module, the connection for disconnecting the terminal device and the default hardware identification equipment;
Module is wiped, for wiping the 3rd operating system;Then
The determining module, is additionally operable to the 4th operating system being defined as second operating system.
10. device as claimed in claim 9, it is characterised in that:
The judge module, is additionally operable to the 4th operating system being defined as after second operating system, restarts described
Terminal device, judges whether the terminal device connects default hardware identification equipment;
The authentication, for judging that the terminal device connects the default hardware identification and set in the judge module
When standby, according to the authentication information, authentication is carried out to the default hardware identification equipment;
The deciphering module, for when the authentication module gets the result that authentication passes through, being added according to the file
Confidential information is solved, the corresponding disk drive file of enciphering hiding virtual disk space in the terminal device is decrypted, obtained
Take the enciphering hiding virtual disk space;
The deciphering module, is additionally operable to according to the file encryption-decryption information, and the enciphering hiding virtual disk space is carried out
Decryption, then
The login module, for logging in second operating system;
The installation module, for installing the 5th operating system in the system disk space;
The determining module, is additionally operable to the 5th operating system being defined as first operating system.
11. device as claimed in claim 10, it is characterised in that:
The encrypting module, is additionally operable to that the 5th operating system is defined as into first operating system in the determining module
Before, transparent encryption is carried out to the 5th operating system.
12. device as claimed in claim 7, it is characterised in that the default hardware identification equipment is USB Key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710200519.8A CN107092836A (en) | 2017-03-29 | 2017-03-29 | A kind of data guard method and device based on system encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710200519.8A CN107092836A (en) | 2017-03-29 | 2017-03-29 | A kind of data guard method and device based on system encryption |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107092836A true CN107092836A (en) | 2017-08-25 |
Family
ID=59646242
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710200519.8A Pending CN107092836A (en) | 2017-03-29 | 2017-03-29 | A kind of data guard method and device based on system encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107092836A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107392039A (en) * | 2017-09-22 | 2017-11-24 | 华北理工大学 | Computer hard disk data encrypting method and its device |
| CN110134339A (en) * | 2019-05-22 | 2019-08-16 | 北京明朝万达科技股份有限公司 | A kind of data guard method and system based on file virtual disk |
| CN110392033A (en) * | 2018-04-23 | 2019-10-29 | 北京华为数字技术有限公司 | A kind of cipher management method and device |
| CN110889125A (en) * | 2019-11-15 | 2020-03-17 | 珠海豹趣科技有限公司 | File protection method and device and electronic equipment |
| CN111797379A (en) * | 2020-07-15 | 2020-10-20 | 上海瀚之友信息技术服务有限公司 | Processing method and device for improving information security |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101796764A (en) * | 2007-07-31 | 2010-08-04 | 国际商业机器公司 | Biometric authentication device, system and method of biometric authentication |
| CN104077512A (en) * | 2013-03-25 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Personnel information safety management method and management device |
| CN104090853A (en) * | 2014-07-03 | 2014-10-08 | 武汉迅存科技有限公司 | Solid-state disc encryption method and system |
| CN104484625A (en) * | 2014-12-29 | 2015-04-01 | 北京明朝万达科技有限公司 | Computer with dual operating systems and implementation method thereof |
| CN104850767A (en) * | 2014-02-18 | 2015-08-19 | 宇龙计算机通信科技(深圳)有限公司 | Unlocking method and system for mobile terminal |
| CN105069333A (en) * | 2015-08-20 | 2015-11-18 | 宇龙计算机通信科技(深圳)有限公司 | User domain access method, access system and terminal |
-
2017
- 2017-03-29 CN CN201710200519.8A patent/CN107092836A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101796764A (en) * | 2007-07-31 | 2010-08-04 | 国际商业机器公司 | Biometric authentication device, system and method of biometric authentication |
| CN104077512A (en) * | 2013-03-25 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Personnel information safety management method and management device |
| CN104850767A (en) * | 2014-02-18 | 2015-08-19 | 宇龙计算机通信科技(深圳)有限公司 | Unlocking method and system for mobile terminal |
| CN104090853A (en) * | 2014-07-03 | 2014-10-08 | 武汉迅存科技有限公司 | Solid-state disc encryption method and system |
| CN104484625A (en) * | 2014-12-29 | 2015-04-01 | 北京明朝万达科技有限公司 | Computer with dual operating systems and implementation method thereof |
| CN105069333A (en) * | 2015-08-20 | 2015-11-18 | 宇龙计算机通信科技(深圳)有限公司 | User domain access method, access system and terminal |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107392039A (en) * | 2017-09-22 | 2017-11-24 | 华北理工大学 | Computer hard disk data encrypting method and its device |
| CN107392039B (en) * | 2017-09-22 | 2020-06-30 | 华北理工大学 | Computer hard disk data encryption method and device |
| CN110392033A (en) * | 2018-04-23 | 2019-10-29 | 北京华为数字技术有限公司 | A kind of cipher management method and device |
| CN110134339A (en) * | 2019-05-22 | 2019-08-16 | 北京明朝万达科技股份有限公司 | A kind of data guard method and system based on file virtual disk |
| CN110889125A (en) * | 2019-11-15 | 2020-03-17 | 珠海豹趣科技有限公司 | File protection method and device and electronic equipment |
| CN110889125B (en) * | 2019-11-15 | 2024-01-23 | 珠海豹趣科技有限公司 | File protection method and device and electronic equipment |
| CN111797379A (en) * | 2020-07-15 | 2020-10-20 | 上海瀚之友信息技术服务有限公司 | Processing method and device for improving information security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104951409B (en) | A kind of hardware based full disk encryption system and encryption method | |
| US9077747B1 (en) | Systems and methods for responding to security breaches | |
| CN106529308B (en) | data encryption method and device and mobile terminal | |
| EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
| CN107092836A (en) | A kind of data guard method and device based on system encryption | |
| CN112513857A (en) | Personalized cryptographic security access control in a trusted execution environment | |
| CN102624699B (en) | Method and system for protecting data | |
| US9800560B1 (en) | Systems and methods for monitoring encrypted data transmission | |
| WO2015180691A1 (en) | Key agreement method and device for verification information | |
| US20190258782A1 (en) | Securing temporal digital communications via authentication and validation for wireless user and access devices with securitized containers | |
| CN113841145A (en) | Lexus software in inhibit integration, isolation applications | |
| CN106997439A (en) | TrustZone-based data encryption and decryption method and device and terminal equipment | |
| US9529733B1 (en) | Systems and methods for securely accessing encrypted data stores | |
| EP3449607B1 (en) | Systems and methods for managing encryption keys for single-sign-on applications | |
| CN102136048A (en) | Mobile phone Bluetooth-based ambient intelligent computer protection device and method | |
| CN102262599A (en) | Trusted root-based portable hard disk fingerprint identification method | |
| CN106778337A (en) | Document protection method, device and terminal | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| WO2020186457A1 (en) | Authentication method and apparatus for ip camera | |
| CN103440462A (en) | Embedded control method for improving security and secrecy performance of security microprocessor | |
| CN107066868A (en) | A kind of data guard method and device of identity-based certification | |
| CN104955043B (en) | A kind of intelligent terminal security protection system | |
| US10192056B1 (en) | Systems and methods for authenticating whole disk encryption systems | |
| US10803155B2 (en) | Method and system for preventing unauthorized computer processing | |
| CN115048662A (en) | File protection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor Applicant after: Beijing Bang Bang Safety Technology Co. Ltd. Address before: 100083 Xueyuan Road, Haidian District, Haidian District, Beijing, Haidian District, Beijing Applicant before: Yangpuweiye Technology Limited |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170825 |
|
| RJ01 | Rejection of invention patent application after publication |