CN111259431A - Computer software data encryption system and encryption method thereof - Google Patents
Computer software data encryption system and encryption method thereof Download PDFInfo
- Publication number
- CN111259431A CN111259431A CN202010098034.4A CN202010098034A CN111259431A CN 111259431 A CN111259431 A CN 111259431A CN 202010098034 A CN202010098034 A CN 202010098034A CN 111259431 A CN111259431 A CN 111259431A
- Authority
- CN
- China
- Prior art keywords
- file
- encryption
- user
- encryption module
- transparent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000008447 perception Effects 0.000 claims abstract description 14
- 244000035744 Hura crepitans Species 0.000 claims description 3
- 238000005336 cracking Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 claims description 3
- 230000002265 prevention Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a computer software data encryption system and an encryption method thereof, wherein the encryption system comprises a non-perception transparent encryption module, an intelligent semi-transparent encryption module, a read-only encryption module, a watermark adding module and a permission control module, and is characterized in that the encryption processes of the non-perception transparent encryption module, the intelligent semi-transparent encryption module and the read-only encryption module are in a read-only state and cannot be modified or cancelled, and the operation process of the non-perception transparent encryption module is transparent to a user. The invention encrypts the file data through the non-perception transparent encryption module and the intelligent semi-transparent encryption module, does not influence the normal operation of a user, intelligently encrypts and decrypts the file data, encrypts the file data through the AES256 algorithm, ensures that the user who does not pass system authentication can not directly open the file data, adopts one file and one Yue to encrypt by matching with a key of a business owner and the position of a file block, has various passwords, and increases the difficulty of external software in decrypting the encrypted data file in the system.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a computer software data encryption system and an encryption method thereof.
Background
In recent years, the frequency of information leakage events has been increasing, and the loss and influence on governments and enterprises have been expanding. As is well known, firewalls, IDS, intranet and extranet isolation, and other access control systems for external networks can effectively prevent attacks from outside the network, but have no good precaution for information privacy issues inside enterprises, because insiders can easily reveal confidential information in computers through networks, storage media, or printing.
Whether structured or unstructured data, which may be protected on a centralized server, are distributed over different terminals, basically in a state of bare running, and include design drawings of enterprises, development efforts, internal decisions, financial reports, business contracts, customer information, and the like. The protection of unstructured data becomes the weakness of the data security of the enterprise at present and is also the key point and the difficulty, information leakage prevention is the overall deployment project of a system, and encryption and monitoring become the common choice of information leakage prevention of most enterprises and public institutions.
Disclosure of Invention
Based on the technical problems in the background art, the invention provides a computer software data encryption system and an encryption method thereof.
The invention provides a computer software data encryption system, which comprises a non-perception transparent encryption module, an intelligent semi-transparent encryption module, a read-only encryption module, a watermark adding module and an authority control module, wherein the encryption processes of the non-perception transparent encryption module, the intelligent semi-transparent encryption module and the read-only encryption module are in a read-only state and can not be modified or cancelled, the operation process of the non-perception transparent encryption module is transparent to a user and is not perceived by the user, file data are automatically encrypted and decrypted in a memory when the user opens the file, the file is automatically encrypted when the user modifies and stores the file without any operation of the user, the intelligent semi-transparent encryption module carries out intelligent judgment according to the opened file, the opened file is an encrypted file, the file is still encrypted after the file is edited and stored, the opened file is a non-encrypted file, the file is still not encrypted after the file is edited and stored, the method comprises the steps of automatically isolating an encryption process and a non-encryption process by an advanced sandbox technology, and setting encryption grades, user permissions and security grade changes by the permission control module for flexible adjustment.
An encryption method of a computer software data encryption system comprises the following steps:
s1: when a user opens the encrypted document for editing and storing, the semitransparent encryption module continues to encrypt, and when the user opens the non-encrypted document for editing and storing, the semitransparent encryption module does not encrypt, intelligently identifies and intelligently processes;
s2: encrypting file data by an AES256 algorithm, converting the file data from a plaintext into a ciphertext, and when a legal user who installs the system and is authenticated by the system opens the encrypted file data, automatically decrypting the file data in the memory by the non-perception transparent encryption module, and allowing the decrypted plaintext to be visible to the user, and automatically encrypting the decrypted file data when the user modifies and stores the decrypted file data;
s3: when a legal user does not open the encrypted file data, the user can see the unopenable ciphertext, and after the user forcibly opens the file data, the user can see the messy code file data;
s4: the AES256 algorithm combines the key of the enterprise owner and the key of the file in the process of encrypting the file data, one file is used for one key, and the keys are different according to different positions of file blocks during encryption, so that the cracking difficulty of the modes of 'known plaintext' and 'known ciphertext' is greatly improved.
The invention has the beneficial effects that:
the invention encrypts the file data through the non-perception transparent encryption module and the intelligent semi-transparent encryption module, does not influence the normal operation of a user, intelligently encrypts and decrypts the file data, encrypts the file data through the AES256 algorithm, ensures that the user who does not pass system authentication can not directly open the file data, adopts one file and one Yue to encrypt by matching with a key of a business owner and the position of a file block, has various passwords, and increases the decryption difficulty of external software on the encrypted data file in the system.
Drawings
FIG. 1 is a schematic diagram of an encryption effect of a computer software data encryption system and an encryption method thereof according to the present invention;
fig. 2 is a schematic view of an encryption flow structure of an encryption method of a computer software data encryption system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1-2, a computer software data encryption system and an encryption method thereof, wherein the encryption system comprises an imperceptible transparent encryption module, an intelligent translucent encryption module, a read-only encryption module, a watermark adding module and an authority control module, the imperceptible transparent encryption module, the intelligent translucent encryption module and the read-only encryption module enter a read-only state and cannot be modified or cancelled, the operation process of the imperceptible transparent encryption module is transparent to a user, the user is imperceptible, file data are automatically encrypted and decrypted in a memory when the user opens the file, the file data are automatically encrypted when the user modifies and stores the file without any operation by the user, the intelligent translucent encryption module carries out intelligent judgment according to the opened file, the opened file is an encrypted file, the file is still encrypted after the file is edited and stored, and the opened file is a non-encrypted file, the file is not encrypted after being edited and stored, the encryption process and the non-encryption process are automatically isolated and processed by an advanced sandbox technology, the authority control module is used for setting encryption grade, user authority and secret grade change and flexibly adjusting, and the confidential method comprises the following steps:
s1: when a user opens the encrypted document for editing and storing, the semitransparent encryption module continues to encrypt, and when the user opens the non-encrypted document for editing and storing, the semitransparent encryption module does not encrypt, intelligently identifies and intelligently processes;
s2: encrypting file data by an AES256 algorithm, converting the file data from a plaintext into a ciphertext, and when a legal user who installs the system and is authenticated by the system opens the encrypted file data, automatically decrypting the file data in the memory by the non-perception transparent encryption module, and allowing the decrypted plaintext to be visible to the user, and automatically encrypting the decrypted file data when the user modifies and stores the decrypted file data;
s3: when a legal user does not open the encrypted file data, the user can see the unopenable ciphertext, and after the user forcibly opens the file data, the user can see the messy code file data;
s4: the AES256 algorithm combines the key of the enterprise owner and the key of the file in the process of encrypting the file data, one file is used for one key, and the keys are different according to different positions of file blocks during encryption, so that the cracking difficulty of the modes of 'known plaintext' and 'known ciphertext' is greatly improved.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (2)
1. A computer software data encryption system comprises a non-perception transparent encryption module, an intelligent semi-transparent encryption module, a read-only encryption module, a watermark adding module and an authority control module, and is characterized in that the encryption processes of the non-perception transparent encryption module, the intelligent semi-transparent encryption module and the read-only encryption module are in a read-only state and cannot be modified or cancelled, the operation process of the non-perception transparent encryption module is transparent to a user and is not perceived by the user, file data are automatically encrypted and decrypted in a memory when the user opens the file, the file data are automatically encrypted when the user modifies and stores the file without any operation of the user, the intelligent semi-transparent encryption module carries out intelligent judgment according to the opened file, the opened file is an encrypted file, the file is still encrypted after the file is edited and stored, the opened file is a non-encrypted file, the file is not encrypted after the file is edited and stored, the method comprises the steps of automatically isolating an encryption process and a non-encryption process by an advanced sandbox technology, and setting encryption grades, user permissions and security grade changes by the permission control module for flexible adjustment.
2. The encryption method of the computer software data encryption system according to claim 1, comprising the steps of:
s1: when a user opens the encrypted document for editing and storing, the semitransparent encryption module continues to encrypt, and when the user opens the non-encrypted document for editing and storing, the semitransparent encryption module does not encrypt, intelligently identifies and intelligently processes;
s2: encrypting file data by an AES256 algorithm, converting the file data from a plaintext into a ciphertext, and when a legal user who installs the system and is authenticated by the system opens the encrypted file data, automatically decrypting the file data in the memory by the non-perception transparent encryption module, and allowing the decrypted plaintext to be visible to the user, and automatically encrypting the decrypted file data when the user modifies and stores the decrypted file data;
s3: when a legal user does not open the encrypted file data, the user can see the unopenable ciphertext, and after the user forcibly opens the file data, the user can see the messy code file data;
s4: the AES256 algorithm combines the key of the enterprise owner and the key of the file in the process of encrypting the file data, one file is used for one key, and the keys are different according to different positions of file blocks during encryption, so that the cracking difficulty of the modes of 'known plaintext' and 'known ciphertext' is greatly improved.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010098034.4A CN111259431A (en) | 2020-02-18 | 2020-02-18 | Computer software data encryption system and encryption method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010098034.4A CN111259431A (en) | 2020-02-18 | 2020-02-18 | Computer software data encryption system and encryption method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111259431A true CN111259431A (en) | 2020-06-09 |
Family
ID=70947373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010098034.4A Pending CN111259431A (en) | 2020-02-18 | 2020-02-18 | Computer software data encryption system and encryption method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111259431A (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6981141B1 (en) * | 1998-05-07 | 2005-12-27 | Maz Technologies, Inc | Transparent encryption and decryption with algorithm independent cryptographic engine that allows for containerization of encrypted files |
| CN1781114A (en) * | 2004-01-30 | 2006-05-31 | 惠普匈牙利电脑及电子仪器贸易和服务有限公司 | Method and device for determining the authenticity of an object |
| CN1822014A (en) * | 2006-03-23 | 2006-08-23 | 沈明峰 | Protecting method for security files under cooperative working environment |
| CN102053996A (en) * | 2009-10-28 | 2011-05-11 | 无锡安腾软件开发有限公司 | Method of using general encryption algorithm in transparent encryption of application layer file |
| CN102075544A (en) * | 2011-02-18 | 2011-05-25 | 博视联(苏州)信息科技有限公司 | Encryption system, encryption method and decryption method for local area network shared file |
| CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
| CN103701611A (en) * | 2013-12-30 | 2014-04-02 | 天地融科技股份有限公司 | Method for accessing and uploading data in data storage system |
| CN103745162A (en) * | 2014-01-10 | 2014-04-23 | 武汉理工大学 | Secure network file storage system |
| CN103995990A (en) * | 2014-05-14 | 2014-08-20 | 江苏敏捷科技股份有限公司 | Method for preventing electronic documents from divulging secrets |
| CN105303074A (en) * | 2015-10-15 | 2016-02-03 | 江苏敏捷科技股份有限公司 | Method for protecting security of Web application |
| CN107145793A (en) * | 2017-04-08 | 2017-09-08 | 北京明朝万达科技股份有限公司 | A kind of method and device of the file permission management based on file Double buffer |
-
2020
- 2020-02-18 CN CN202010098034.4A patent/CN111259431A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6981141B1 (en) * | 1998-05-07 | 2005-12-27 | Maz Technologies, Inc | Transparent encryption and decryption with algorithm independent cryptographic engine that allows for containerization of encrypted files |
| CN1781114A (en) * | 2004-01-30 | 2006-05-31 | 惠普匈牙利电脑及电子仪器贸易和服务有限公司 | Method and device for determining the authenticity of an object |
| CN1822014A (en) * | 2006-03-23 | 2006-08-23 | 沈明峰 | Protecting method for security files under cooperative working environment |
| CN102053996A (en) * | 2009-10-28 | 2011-05-11 | 无锡安腾软件开发有限公司 | Method of using general encryption algorithm in transparent encryption of application layer file |
| CN102075544A (en) * | 2011-02-18 | 2011-05-25 | 博视联(苏州)信息科技有限公司 | Encryption system, encryption method and decryption method for local area network shared file |
| CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
| CN103701611A (en) * | 2013-12-30 | 2014-04-02 | 天地融科技股份有限公司 | Method for accessing and uploading data in data storage system |
| CN103745162A (en) * | 2014-01-10 | 2014-04-23 | 武汉理工大学 | Secure network file storage system |
| CN103995990A (en) * | 2014-05-14 | 2014-08-20 | 江苏敏捷科技股份有限公司 | Method for preventing electronic documents from divulging secrets |
| CN105303074A (en) * | 2015-10-15 | 2016-02-03 | 江苏敏捷科技股份有限公司 | Method for protecting security of Web application |
| CN107145793A (en) * | 2017-04-08 | 2017-09-08 | 北京明朝万达科技股份有限公司 | A kind of method and device of the file permission management based on file Double buffer |
Non-Patent Citations (2)
| Title |
|---|
| CHENCHEN_NEW: ""IPGuard文档加密基本设置步骤"", 《CSDN微信小程序》 * |
| CSISS: ""IP-guard文档加密系统"", 《HTTP://WWW.CSISS.CN/IP-GUARD-DOC/》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8625802B2 (en) | Methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management | |
| CN103716354B (en) | Security protection system and method for information system | |
| US7751570B2 (en) | Method and apparatus for managing cryptographic keys | |
| CN100449561C (en) | Divulging secrets prevention system of USB storage device date based on certificate and transparent encryption technology | |
| US8806200B2 (en) | Method and system for securing electronic data | |
| US7945586B1 (en) | Methods and apparatus to protect data | |
| US20070136572A1 (en) | Encrypting system to protect digital data and method thereof | |
| CN101098224B (en) | Method for encrypting/deciphering dynamically data file | |
| CN101441601B (en) | Ciphering transmission method of hard disk ATA instruction and system | |
| CN103530570A (en) | Electronic document safety management system and method | |
| CN114175580B (en) | Enhanced secure encryption and decryption system | |
| CN104125069A (en) | Secure file catalogue file encryption system towards sharing | |
| WO2019204650A1 (en) | Peer identity verification | |
| US8479020B2 (en) | Method and apparatus for providing an asymmetric encrypted cookie for product data storage | |
| CN102215214A (en) | Selective-transparent-encryption/decryption-based file protection method and system | |
| CN1819590A (en) | Enciphering method of computer electronic documents | |
| CN101339589B (en) | Method for implementing information safety by dummy machine technology | |
| CN111259431A (en) | Computer software data encryption system and encryption method thereof | |
| CN100550735C (en) | The method of multifunction intelligent key equipment and security control thereof | |
| US20220086000A1 (en) | Cryptographic systems | |
| CN100525176C (en) | Preventing system for information leakage under cooperative work environment and its realizing method | |
| CN113221139A (en) | Electronic information encryption method | |
| CN112906021B (en) | Document processing method and device | |
| KR100740658B1 (en) | A Method for Handling Crypto-Algorithm and a Crypto-Module, Supporting Polymorphism and Tamper-proof | |
| TWI790745B (en) | Data backup carrier and backup system having the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200609 |
|
| RJ01 | Rejection of invention patent application after publication |