CN100547543C - A kind of protecting computer file method - Google Patents
A kind of protecting computer file method Download PDFInfo
- Publication number
- CN100547543C CN100547543C CNB031571239A CN03157123A CN100547543C CN 100547543 C CN100547543 C CN 100547543C CN B031571239 A CNB031571239 A CN B031571239A CN 03157123 A CN03157123 A CN 03157123A CN 100547543 C CN100547543 C CN 100547543C
- Authority
- CN
- China
- Prior art keywords
- file
- operation requests
- computer documents
- protection
- class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of guard method of computer documents, comprise the steps: that the computer documents of in advance needs being protected is provided with file protection information; In receiving after the file operation requests of file system from computer operating system; read the file protection information that sets in advance; and file operation requests is carried out filtration treatment according to file protection information, the file system that then filter result information is sent to bottom drives.The present invention can realize the flexible protection to the system-level and granular of all computer documentss, can improve the security of protection, and the user is easy to use.
Description
Technical field
The present invention relates to computer information safety technique, be specifically related to a kind of guard method of computer documents.
Background technology
Along with development of computer, people are stored in the form of important information by computer documents in hard disc of computer, floppy disk or other storage mediums more and more, and by computer operating system it are carried out such as editing operations such as reading and writing.Compare the mode of traditional usefulness paper records, the superiority of computer documents preservation information is self-evident.
When but the file that uses a computer is preserved information, also relate to the problem of file security.For example the information in some computer documents of user is very secret, does not wish to be read by other users, more can not allow by other users certainly and distort.Therefore, people more and more pay close attention to and how important computer documents are carried out the protection and the control of higher level.
In present computer-readable storage medium, memory devices such as floppy disk, USB flash disk all have physical data write-protect function, thereby the malice that can effectively prevent data writes or misoperation of users is brought loss to the user.But hard disk but can not be protected the computer documents of being stored by physics mode as the topmost storage medium of preserving computer documents.
Protection to computer documents in the hard disk at present mainly contains two kinds of technology.A kind of is to utilize encryption and authentication techniques to control the visit of user to file.For example utilize various key mechanisms to file encryption, thereby prevent that the disabled user from reading; Perhaps certificate of utility comes the identity of authenticated, with the visit of control to file.Another method is by partitions of file and in conjunction with basic input output system of computer (BIOS), and the All Files in the whole logical partition is read and write restriction, for example the preservation of hidden partition technology and fdisk and recovery technology or the like.
But all there is a very large shortcoming in these two kinds of technology, and that can not carry out system-level and granular control to computer documents exactly.For example utilize encryption and authentication techniques can only read and write control, can not control deletion, can not control retouching operation filename to some files.And use partitions of file can only the All Files in the whole logical partition to be protected and controls in conjunction with the BIOS technology, and can not carry out corresponding protection and control to the some and several concrete computer documentss in this logical partition.Therefore these two kinds of technology all can not realize the flexible control to computer documents, can not satisfy user's actual demand.
In addition, these two kinds of technology are poor for user's complicated operation, the transparency, so efficient is not high.
Summary of the invention
In view of this, fundamental purpose of the present invention provides a kind of use protecting computer file method more flexibly.
Above-mentioned purpose of the present invention is solved by the following technical solutions:
A kind of guard method of computer documents comprises the steps:
The computer documents that needs are protected is provided with file protection information in advance;
In receiving after the file operation requests of file system from computer operating system; read the described file protection information that sets in advance; and described file operation requests is carried out filtration treatment according to described file protection information, the file operation requests that will the not be filtered file system that sends to bottom drives then.
In said method, file protection information can whether allow to read file read protection, whether allow the revised file content write-protect, whether allow the deletion protection of deleted file and whether allow the combination in any of any one or they in the protection that renames of revised file name.
In said method; according to file protection information file operation requests being carried out filtration treatment is: if the file protection information setting be forbid reading, forbid writing, forbid deleting and forbid renaming in a kind of or their combination; then filter the file operation requests of reading file, written document, deleted file or the file that renames accordingly, otherwise file operation requests is passed through the file system driving of bottom.
In said method, if the file protection information setting is write for forbidding, the present invention further comprises the step of judging file class, and filters corresponding file operation requests according to different file classs.
In said method, judge that file class is to judge according to the suffix information of file.
In said method, file class comprises Office class file, BMP class file and the ordinary file except these two kinds of files; For the Office class file, filter operation comprises the file operation requests of filtering operating writing-file request and the deletion original and the temporary file that renames simultaneously; For the BMP class file, filter operation comprises the file operation requests of filtering the operating writing-file request simultaneously and creating file of the same name; For ordinary file, filter operation is only to filter the operating writing-file request.
In said method, the Office class file comprises file that the Office groupware, the Visual Studio groupware produce and the compressed file that is produced by compressed software, and the BMP class file comprises the file that graphic file and Wordpad software produce.
In said method, file operation requests is input and output request package IRP, and comprises information such as filename, process name and operation mark.
From technical scheme of the present invention as can be seen; the present invention is by being set in advance the file protection information to the computer documents that needs protection by the user; between driving, the file system of file system and bottom increases step according to the corresponding file operation requests of file protection information filtering; can carry out corresponding protection according to the file protection information that the user is provided with for each individual files; therefore overcome the shortcoming of prior art, realized flexible protection computer documents.
In addition; the present invention is when handling write operation; with all files according to the mechanism of writing of operating system be divided into three kinds dissimilar; and carry out different write operation requests according to different file types and filter; thereby realized write-protect, further increased the security that computer documents is preserved All Files.
Flow processing of the present invention is automatically performed by system, and the user only need be provided with corresponding file protection information to each file and get final product, and therefore method of the present invention is simple and easy to use for the user very much.
Description of drawings
Fig. 1 is implementation framework figure of the present invention;
Fig. 2 is overall process flow figure of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments the present invention is described in more detail.
The present invention has utilized existing computer filters Driving technique; and combine the file association module that is used for according to different protection policy filtering corresponding document operation requests proposed by the invention, realized flexible control jointly to the system-level and granular of computer documents.
Fig. 1 shows realization block diagram of the present invention.As can be seen from Figure 1, from such as the file system of the document processing module of Windows operating system to the file system of operating system Drive Layer drive and bottom layer driving, comprise a filter Driver on FSD program that is used to realize file monitor and read-write protection.The filter Driver on FSD program is a kind of selectable special driver, can be carried on other driver, be used to revise or increase the function that original driver can be realized, and needn't revise original driver, also needn't revise the application program of using this original driver.
In the present invention, the further integrated file association module that is used to mate the protection strategy and carries out respective handling according to different file types in the filter Driver on FSD program.By the file association module, the user can be provided with four kinds of protection features that have different level of securitys respectively to the computer documents in the hard disk: read protection, write-protect, deletion protection and the protection that renames.After file was set to forbid reading, other users can not be by the application program under the Windows operating system to operations such as this document carry out reading and writing, deletes and renames; After file is set to forbid writing, other users can not operation such as write, delete and rename to this document by the application program under the Windows operating system, but allow normal read operation; After file is set to forbid deletion, other users can not delete this document by the application program under the Windows operating system, but allow normal read operation, write operation and the operation that renames; After file was set to forbid renaming, other users can not rename to this document by the application program under the Windows operating system, but allowed normal read operation, write operation and deletion action.The user can be provided with the kinds of protect in these four kinds of protections simultaneously, as long as can satisfy the logical relation of their inherences.
When concrete the processing, file system is to the file operation requests of filter Driver on FSD program submission to file, and the file operation requests is here just operated input and output request package (IRP) such as file carry out reading and writing, deletes and renames.The filter Driver on FSD program is analyzed it after receiving IRP, according to features such as the filename that comprises among the IRP, process name and operation mark, filter with different IRP operation requests in conjunction with file type, thereby realize reading and writing, delete and the monitoring of operation such as rename, result after will filtering then submits to file system and drives and bottom layer driving, drive and the required corresponding operating of bottom layer driving execution user by file system, for example rewrite content in the file or the like.
In above-mentioned treatment scheme, how to filter in conjunction with file type and different IRP operation requests is core of the present invention place.Below in conjunction with Fig. 2 overall process flow of the present invention is described, focuses on illustrating how the present invention carries out the filter operation of IRP according to concrete file type and IRP operation requests.
As shown in Figure 2, in step 201, file system is presented a paper to the filter Driver on FSD program and is operated IRP.In step 202, the filter Driver on FSD program promptly judges that according to corresponding Data Identification among the IRP whether this IRP is for writing the IRP request behind the file operation IRP that receives from file system.If, execution in step 203 and subsequent step thereof, otherwise execution in step 207 and subsequent step thereof.
If the judged result of step 202 is IRP is to write the IRP request, and filter drive program calls the file association module, further judges the classification of file in step 203.File class is divided three classes according to the difference of handling operation of writing of operating system in the present invention, is respectively OFFICE class file, BMP class file and the alternative document except these two kinds of files, is called ordinary file here.The OFFICE class file comprises the file that the Office groupware and the Visual Studio groupware are produced, and the compressed file etc. of zip file for example.The BMP class file comprises the graphic file of BMP file for example and board (Wordpad) file etc.Alternative document except these two kinds of files then is an ordinary file.In this step, relating module is to discern and distinguish different files according to the suffix information that is included in the filename among the IRP.If it is an ordinary file that judged result shows the file that will protect, then execution in step 204; If the file of protecting is an OFFICE class file, then execution in step 205; If the file of protecting is a BMP class file, then execution in step 206.
In step 204, because for example the operating system of Windows is directly to make amendment, therefore there is not other special processing on original when handling the write operation of ordinary file, directly carry out filtration treatment to writing the IRP request here according to the protection strategy.
In step 205, because for example the operating system of Windows is not directly original to be made amendment, but at first create a temporary file when handling the OFFICE class file, in the temporary file of being created, carry out write operation.After finishing write operation, the deletion original is renamed as original with temporary file.Therefore except writing the IRP request, also has the IRP request of a deletion original and rename temporary file in this case.For the OFFICE class file, correspondingly need filtration treatment to be carried out in these two kinds of IRP requests simultaneously according to the protection strategy.
In step 206, because for example the operating system of Windows neither directly be made amendment to original, but create a file of the same name with original when treatments B MP class file, after original is covered, in new file, carry out write operation again.Therefore except writing the IRP request, also has an IRP request of creating file of the same name in this case.For the BMP class file, correspondingly need filtration treatment to be carried out in these two kinds of IRP requests simultaneously according to the protection strategy.
If the judged result of step 202 is IRP is not to write the IRP request, just reads IRP request, deletion IRP request or the IRP request that renames, and then execution in step 207, just directly according to the protection strategy filtration treatment carried out in corresponding IRP request by relating module.
The file protection information of deleting and allowing to rename is read, allows to write, allowed to the protection strategy of mentioning to the step 207 in step 204 just whether allowing of being provided with of user.The protection strategy here is provided with by upper layer application, and is kept in the strategy file of application program.According to protection strategy corresponding IRP request being carried out that filtration treatment just decides according to the information that whether allows to carry out corresponding operating is to drive and the corresponding IRP of bottom layer driving transparent transmission asks to file system; still filter out corresponding IRP request and be not sent to file system driving and bottom layer driving, thereby reach the purpose of protecting a concrete file neatly.For example; when the user is set to allow to read to some files in the protection strategy; then filter drive program can be read this IRP request and pass through file system driving and bottom layer driving in step 207; on the contrary; if the user is provided with and does not allow to read; then filter drive program will filter out this and read the IRP request in step 207; file system drives and bottom layer driving does not receive the IRP request of reading; certainly just read operation can not have been carried out; just user's file just can not be seen by other people, thereby has guaranteed security.
After step 204 to step 207 has been carried out corresponding filtration treatment, in step 208 result is sent to file system and drive and bottom layer driving, thereby finish final file protection operation.This part is identical with processing of the prior art, therefore no longer this is elaborated here.
Should be appreciated that above-mentioned explanation just is used to show the present invention, rather than be used to limit protection scope of the present invention.
Claims (10)
1. the guard method of a computer documents comprises the steps:
The computer documents that needs are protected is provided with file protection information in advance;
In receiving after the file operation requests of file system from computer operating system; read the described file protection information that sets in advance; and described file operation requests is carried out filtration treatment according to described file protection information, the file operation requests that will the not be filtered file system that sends to bottom drives then.
2. the guard method of computer documents according to claim 1; it is characterized in that, described file protection information whether allow to read file read protection, whether allow the revised file content write-protect, whether allow the deletion protection of deleted file and whether allow the combination in any of any one or they in the protection that renames of revised file name.
3. the guard method of computer documents according to claim 2; it is characterized in that; describedly according to file protection information file operation requests is carried out filtration treatment and is: if the file protection information setting be forbid reading, forbid writing, forbid deleting and forbid renaming in a kind of or their combination; then filter the file operation requests of reading file, written document, deleted file or the file that renames accordingly, otherwise file operation requests is passed through the file system driving of bottom.
4. the guard method of computer documents according to claim 3 is characterized in that, if the file protection information setting is write for forbidding, the present invention further comprises the step of judging file class, and filters corresponding file operation requests according to different file classs.
5. the guard method of computer documents according to claim 4 is characterized in that, described judgement file class is to judge according to the suffix information of file.
6. the guard method of computer documents according to claim 4 is characterized in that, described file class comprises Office class file, BMP class file and the ordinary file except these two kinds of files; For the Offce class file, described filter operation comprises the file operation requests of filtering operating writing-file request and the deletion original and the temporary file that renames simultaneously; For the BMP class file, described filter operation comprises the file operation requests of filtering the operating writing-file request simultaneously and creating file of the same name; For ordinary file, described filter operation is only to filter the operating writing-file request.
7. the guard method of computer documents according to claim 6 is characterized in that, described Office class file comprises file that the Office groupware, the Visual Studio groupware produce and the compressed file that is produced by compressed software.
8. the guard method of computer documents according to claim 6 is characterized in that, described BMP class file comprises the file that graphic file and Wordpad software produce.
9. the guard method of computer documents according to claim 1 is characterized in that, described file operation requests is input and output request package IRP.
10. the guard method of computer documents according to claim 9 is characterized in that, described input and output request package IRP comprises information such as filename, process name and operation mark.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031571239A CN100547543C (en) | 2003-09-15 | 2003-09-15 | A kind of protecting computer file method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031571239A CN100547543C (en) | 2003-09-15 | 2003-09-15 | A kind of protecting computer file method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1598764A CN1598764A (en) | 2005-03-23 |
| CN100547543C true CN100547543C (en) | 2009-10-07 |
Family
ID=34660204
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031571239A Expired - Fee Related CN100547543C (en) | 2003-09-15 | 2003-09-15 | A kind of protecting computer file method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100547543C (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901313B (en) * | 2010-06-10 | 2013-12-18 | 中科方德软件有限公司 | Linux file protection system and method |
| CN102254128A (en) * | 2011-08-17 | 2011-11-23 | 重庆君盾科技有限公司 | Method for automatically hiding files during running of operating system |
| CN102609495B (en) * | 2012-01-29 | 2014-06-25 | 北京奇虎科技有限公司 | Method for deleting file and system |
| CN103995842B (en) * | 2012-01-29 | 2020-08-28 | 北京奇虎科技有限公司 | File deletion method and system |
| CN104090903B (en) * | 2012-01-29 | 2017-12-19 | 北京奇虎科技有限公司 | Document handling method |
| CN103077243B (en) * | 2013-01-16 | 2016-03-09 | 北京数码视讯科技股份有限公司 | The disposal route of file system access and system |
| CN104252601B (en) * | 2013-06-28 | 2017-05-24 | 苏州捷泰科信息技术有限公司 | Data protection method and device |
| CN106407831A (en) * | 2015-07-31 | 2017-02-15 | 中兴通讯股份有限公司 | File protection method and device, and mobile terminal |
-
2003
- 2003-09-15 CN CNB031571239A patent/CN100547543C/en not_active Expired - Fee Related
Non-Patent Citations (4)
| Title |
|---|
| Word文档安全保护妙招七则. 商明.公务员学电脑. 2002 |
| Word文档安全保护妙招七则. 商明.公务员学电脑. 2002 * |
| Word文档的实用保护技术. 黄淑萍.本溪冶金高等专科学校学报,第4卷第1期. 2002 |
| Word文档的实用保护技术. 黄淑萍.本溪冶金高等专科学校学报,第4卷第1期. 2002 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1598764A (en) | 2005-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2603344B2 (en) | How to manage sensitive access to files on computer systems | |
| US8782089B2 (en) | Selective file erasure using metadata modifications and apparatus | |
| KR101012222B1 (en) | Electronic computer data management method, and storing medium storing the program for the method | |
| US7257717B2 (en) | Method with the functions of virtual space and data encryption and invisibility | |
| US20090249464A1 (en) | Firewall for removable mass storage devices | |
| US20080046997A1 (en) | Data safe box enforced by a storage device controller on a per-region basis for improved computer security | |
| CN1585325B (en) | Zoned based security administration for data items | |
| WO2008001823A1 (en) | Computer data management method, program, and recording medium | |
| CN100547543C (en) | A kind of protecting computer file method | |
| JP4516598B2 (en) | How to control document copying | |
| CN101349980A (en) | Hard disk data backup and protection method | |
| JPH02181846A (en) | File protecting method | |
| JP3478968B2 (en) | Password processing apparatus and method | |
| JPS61114355A (en) | Secrecy protecting method of file | |
| US20090055683A1 (en) | Method of restoring previous computer configuration | |
| CN109901783A (en) | A kind of information technology for eliminating of storage medium | |
| JP5156559B2 (en) | Electronic computer data management method and program therefor | |
| CN100346319C (en) | BIOS layer based linux hard disk data backup and restore method | |
| CN1797372B (en) | Storing method and device in use for data process system | |
| CN106650497B (en) | Implement the method for Encryption management to computer documents | |
| JP2004220400A (en) | File protecting method and file protection program | |
| CN109635588A (en) | A kind of document protection method based on Linux Virtual File System | |
| JPH02122348A (en) | File protecting method | |
| TWI263432B (en) | Data security method for storage apparatus and storage media and electronic device | |
| JP2006344104A (en) | File management program and file management device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091007 Termination date: 20200915 |