CN101634992A - Light-weight file encryption and decrypting and recovering method in NTFS file system - Google Patents
Light-weight file encryption and decrypting and recovering method in NTFS file system Download PDFInfo
- Publication number
- CN101634992A CN101634992A CN200910052890A CN200910052890A CN101634992A CN 101634992 A CN101634992 A CN 101634992A CN 200910052890 A CN200910052890 A CN 200910052890A CN 200910052890 A CN200910052890 A CN 200910052890A CN 101634992 A CN101634992 A CN 101634992A
- Authority
- CN
- China
- Prior art keywords
- data
- index
- file
- entry
- search
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A light-weight file encryption and decrypting and recovering method in an NTFS file system belongs to the technical field of information security. The method comprises the following steps: selecting a proper data block replacement method to overwrite data following the attribute of a file referred to by a legal file path according to encryption options selected by a user, and storing a seed generating a random data block replacement sequence; then generating a reverse replacement sequence according to the seed generating the random data block replacement sequence to overwrite the data of a file referred to by a legal file path, thus recovering raw data. The method helps achieve the purposes of encrypting light-weight files and preventing file reconstruction and data intrusion by optimally selecting random replacement file data blocks according to structural properties of the NTFS file system.
Description
Technical field
What the present invention relates to is a kind of encryption and decryption restoration method thereof of field of information security technology, specifically is that lightweight file is encrypted and the decryption restoration method under a kind of new technology file system.
Background technology
Now, the mass-memory unit development that has been accompanied by information and networking society is widely used in the fields of society.Government bodies, academic institution of school, commercial company, personal user etc. all in various degree depend on reliable memory device; Especially first three class computer user, security, credibility and the confidentiality of the significant data information of preserving in the storage medium is the problem of being concerned about the most.The main target of data protection is to prevent that rogue attacks is to distorting of data and stealing data.Each viroid and other attack meanses make data insincere, thereby realize the purpose that self is illegal by the rewrite data content.Simultaneously, the equipment that stores significant data also may be lost or is stolen.Illegally distorting of protected data how, to attempt to read the illegal operation of the data information of losing device storage and reduce added burden in the actual use of validated user as far as possible be one of problem of paying close attention to of modern memory technology when the memory device that has significant data is lost, can be stoped effectively when stolen.
Operation has different file system on the different storage systems, and new technology file system as current mainstream operation system (as the Windows of MS) the file system selected for use of recommendation, adopted by most PC user.Therefore, invention is a kind of can farthest satisfy the requirement of different user to data credibility and confidentiality based on simply efficient, the safe and reliable file data guard method of main flow file system now.
Find through literature search prior art, number of patent application 200510083571.7, Granted publication CN1722052C has put down in writing a kind of " digital data document encrypting apparatus and method ", this method provides the encrypted digital data file by digital server, thereby the permission PC is decrypted the enciphered data of downloading and resets.This method need produce key according to the ID of data storage medium, thereby enciphered data is reset.Its shortcoming is that the insincere property of storage medium ID and expense that total data is added, deciphers are excessive.
Find by retrieval again; number of patent application 03152584.9; Granted publication CN1480829C has put down in writing a kind of " data encryption, decryption method, equipment and program "; this technology utilization is based on encrypting ratio and encrypting with respect to encrypting object element; and keep the identical characteristic of data length before and after the encryption; a partial data is divided and encrypted ratio by difference and come enciphered data, thereby reach certain protecting data encryption effect and reduce the purpose that ciphering process is loaded.But the method that this patent adopted only proposes the notion of a general segmentation enciphered data, does not further optimize the effect of encrypting and protecting files in conjunction with the characteristic of file system.
Summary of the invention
The present invention is directed to the prior art above shortcomings, lightweight file encryption and decryption restoration method thereof under a kind of new technology file system are provided, Encryption Options according to user's selection, the attribute of the file that refers to by legal file path, select suitable data piece method of replacing that data are rewritten, and preserve the seed that produces data block random permutation sequence.Produce the reverse replacement sequence by the seed that produces data block random permutation sequence then, the file that legal file path is referred to carries out data rewriting, thereby is reduced into raw data.The present invention utilizes the architectural characteristic of new technology file system, thereby reaches the lightweight encrypt file by optimization selection random permutation file data blocks, prevents that file is by reconstruct and invasion.
The present invention is achieved by the following technical solutions:
The present invention relates to lightweight file encryption method under the new technology file system, may further comprise the steps:
The first step, prompting user select adaptive model or self-defined pattern, when the user selects adaptive model, then carry out for the 7th step, otherwise the prompting user selects to treat the size of replacement data piece, ratio, replacement algorithm complexity and the data block permutation cipher of displacement.
The path that the replacement data piece is treated in second step, prompting user input is decomposed into file path then: the filename and the extension name thereof of logical partition identifier, folder name at different levels, need replacement data block file.
The 3rd step, according to the file path after decomposing, read No. 0 sectors of data in boot sector place of the logical partition of this document path correspondence, calculate the disk physical deflection address that the crucial metadata of NTFS document framework system is deposited under this logical partition then, resolve master file record, the file system root index entry information for the treatment of the replacement data piece at last.
Described parsing is treated that the replacement data piece is meant according to new technology file system definition the file that need carry out the data block displacement is resolved.
The 4th step, according to file system root index entry information, the actual physical disk address of depositing of the index of replacement data piece is treated in analysis, then according to the pathname that obtains in second step, from file system root index entry, name by each grade file is searched, until finding the index entry for the treatment of the replacement data piece.
The described index entry for the treatment of the replacement data piece of searching, be meant: at first find and treat replacement data piece De $INDEX_ROOT attribute from the index entry, reading type then is 0x90 De $INDEX_ROOT attribute data record, reads Qi Zhong $INDEX_ENTRY record again from $INDEX_ROOT attribute data record one by one:
The information that refers to as reading De $INDEX_ENTRY is the file that will search, then stops to search and Fan Hui $INDEX_ENTRY, otherwise searches Xia Yige $INDEX_ENTRY;
When traversing Zui Houyige $INDEX_ENTRY, then stop to search and Fan Hui $INDEX_ENTRY;
The filename that has referred in having read, then stops to search and returning less than the filename for the treatment of the replacement data piece by the scale-of-two comparison;
When search fail after stopping to obtain to search treat replacement data piece correspondence De $INDEX_ENTRY, then return last and read De $INDEX_ENTRY and carry out side-play amount and search processing.
Described side-play amount is searched to handle and is meant: reading type is 0xA0 De $INDEX_ALLOCATION attribute data record, resolve the data run data that comprise in the Ji Luzai $INDEX_ALLOCATION attribute then, definition is shone upon according to new technology file system, thereby the virtual cluster numbering VCN of $INDEX_ALLOCATION real data deposit position is mapped to disk actual logic bunch address LCN;
Be file system root entry address, Du Qu $INDEX_ENTRY record one by one with a disk actual logic bunch address LCN then:
The information that refers to as reading De $INDEX_ENTRY is file or the file for the treatment of the replacement data piece, then stops to search, otherwise searches Xia Yige $INDEX_ENTRY;
When reading Zui Houyige $INDEX_ENTRY, then stop to search;
The filename that has referred in having read, then stops to search less than the folder name for the treatment of the replacement data piece or filename by the scale-of-two comparison.
When search fail after stopping to obtain to search treat replacement data piece correspondence De $INDEX_ENTRY, then return Zui Houyige $INDEX_ENTRY content, and with the information of Di Yige $INDEX_ENTRY skew among this $INDEX_ALLOCATION as the entry address, repeat Cha Zhao $INDEX_ENTRY.
The 5th step, obtain De $INDEX_ENTRY according to locating file index in the 4th step, wherein treated the MFT numbering of replacement data piece, according to the crucial metadata of the NTFS document framework system that obtains in the 3rd step, searched the MFT record of corresponding MFT numbering then.
In the 6th step, according to type type $80 De $DATA attribute in the MFT file, Dang $DATA attribute mark is resident, then finishes for the 6th step; Dang $DATA attribute mark is non-resident, and the virtual cluster numbering VCN that then describes in the Du Qu $DATA attribute is to the mapping relations of disk actual logic bunch address LCN.
In the 7th step, type type $80 De $DATA attribute is taked different strategies in different mode of selecting according to the user and the corresponding MFT file, and is specific as follows:
When the user selects adaptive model and specified Wen Jian $DATA attribute mark is resident, then is minimum particle size with the byte, produces constant series with the data block permutation cipher, and all data are carried out random permutation;
When the user selects adaptive model and specified Wen Jian $DATA attribute mark for non-resident, then bunch to be minimum particle size, choose account for total number of clusters preceding 50 percent bunch, with data block permutation cipher generation constant series, all data are carried out random permutation.And with first bunch of file, be granularity, data are carried out random permutation according to byte;
When the user selects self-defined pattern and specified Wen Jian $DATA attribute mark is resident, then is minimum particle size with the byte, produces constant series with the data block permutation cipher, and user's data designated total amount is carried out random permutation;
When the user selects self-defined pattern and specified Wen Jian $DATA attribute mark for non-resident, then, produce constant series with the data block permutation cipher bunch to be minimum particle size, user's data designated total amount is carried out random permutation; And with first bunch of file, be granularity, user's data designated total amount is carried out random permutation according to byte.
The 8th step, according to the data block Replacement Strategy of selecting in the 7th step, call the file system interface function, the data block of specified file is replaced.
In the 9th step, when above-mentioned steps all runs succeeded, then return the executable operations success, otherwise return the mistake numbering of this failure link correspondence.
The present invention relates to the decryption restoration method of lightweight file encryption method under the new technology file system, may further comprise the steps:
The 1st step, prompting user input: need the data block Replacement Strategy of recovery file and data block to recover password.
The 2nd step, obtaining the user wants the path of encrypt file as input, check the legitimacy of this pathname, and resolve this pathname, will be decomposed into: the filename and the extension name thereof of logical partition identifier, folder name at different levels, need replacement data block file file path
The 3rd step, according to the file path of having resolved, at first read No. 0 sectors of data in boot sector place of the logical partition of this document path correspondence, calculate the disk physical deflection address that the crucial metadata of NTFS document framework system is deposited under this logical partition then, resolve master file record, the file system root index entry information of data block to be restored at last.
The described parsing data block of changing to be restored is meant that defining the file that need are reduced according to new technology file system resolves.
The 4th step, according to file system root index entry information, the actual physical disk address of depositing of the index of replacement data piece is treated in analysis, then according to the pathname that obtains in second step, from file system root index entry, name by each grade file is searched, until finding the index entry for the treatment of the replacement data piece.
The described index entry for the treatment of the replacement data piece of searching, be meant: at first find and treat replacement data piece De $INDEX_ROOT attribute from the index entry, reading type then is 0x90 De $INDEX_ROOT attribute data record, reads Qi Zhong $INDEX_ENTRY record again from $INDEX_ROOT attribute data record one by one:
The information that refers to as reading De $INDEX_ENTRY is the file that will search, then stops to search and Fan Hui $INDEX_ENTRY, otherwise searches Xia Yige $INDEX_ENTRY;
When traversing Zui Houyige $INDEX_ENTRY, then stop to search and Fan Hui $INDEX_ENTRY;
The filename that has referred in having read, then stops to search and returning less than the filename for the treatment of the replacement data piece by the scale-of-two comparison;
When search fail after stopping to obtain to search treat replacement data piece correspondence De $INDEX_ENTRY, then return last and read De $INDEX_ENTRY and carry out side-play amount and search processing.
Described side-play amount is searched to handle and is meant: reading type is 0xA0 De $INDEX_ALLOCATION attribute data record, resolve the data run data that comprise in the Ji Luzai $INDEX_ALLOCATION attribute then, definition is shone upon according to new technology file system, thereby the virtual cluster numbering VCN of $INDEX_ALLOCATION real data deposit position is mapped to disk actual logic bunch address LCN;
Be file system root entry address, Du Qu $INDEX_ENTRY record one by one with a disk actual logic bunch address LCN then:
The information that refers to as reading De $INDEX_ENTRY is file or the file for the treatment of the replacement data piece, then stops to search, otherwise searches Xia Yige $INDEX_ENTRY;
When reading Zui Houyige $INDEX_ENTRY, then stop to search;
The filename that has referred in having read, then stops to search less than the folder name for the treatment of the replacement data piece or filename by the scale-of-two comparison.
When search fail after stopping to obtain to search treat replacement data piece correspondence De $INDEX_ENTRY, then return Zui Houyige $INDEX_ENTRY content, and with the information of Di Yige $INDEX_ENTRY skew among this $INDEX_ALLOCATION as the entry address, repeat Cha Zhao $INDEX_ENTRY.
The 5th step, obtain De $INDEX_ENTRY according to locating file index in the 4th step, wherein treated the MFT numbering of replacement data piece, according to the crucial metadata of the NTFS document framework system that obtains in the 3rd step, searched the MFT record of corresponding MFT numbering then.
The 6th step, the Study document attribute.According to respective items De $DATA attribute in the MFT, Dang $DATA attribute mark is resident, then finishes for the 6th step; Dang $DATA attribute mark is non-resident, and the virtual cluster numbering VCN that then describes in the Du Qu $DATA attribute is to the mapping relations of disk actual logic bunch address LCN.
The 7th step, take different strategies according to the data block Replacement Strategy of user's input with the password recovery file data, specific as follows:
Adopt adaptive model encryption and data De $DATA attribute mark for resident when the user indicates the data block of the file that needs recovery, then produce the reverse replacement sequence according to password, and according to this sequence restore data;
When indicating the data block that needs recovery file, the user adopt adaptive model encryption and data De $DATA attribute mark for non-resident, then produce the reverse replacement sequence, and account for 50 percent bunch carry out data and recover of total number of clusters before choosing according to this sequence according to password.And the data of first bunch in bunch sequence after will recovering are granularity with the byte, carry out a secondary data again and recover;
When indicating the data block of the file that needs recovery, the user adopt self-defined pattern encryption and data De $DATA attribute mark for resident, it then is minimum particle size with the byte, produce constant series with the data block permutation cipher, user's data designated total amount is carried out random permutation;
When indicating the data block of the file that needs recovery, the user adopt self-defined pattern encryption and data De $DATA attribute mark for non-resident, then earlier bunch being minimum particle size, produce the reverse replacement sequence with the data block permutation cipher, user's data designated total amount is carried out data recover.And the data of first bunch in bunch sequence after will recovering are granularity according to byte, carry out a secondary data again and recover.
In the 8th step, return execution result.
The characteristic of the new technology file system that the present invention utilizes is made different encryption policys at the file of different sizes.This method has the following advantages: encrypt data at file system level (1), need not to rely on high-level file attribute and file structure.(2) utilized the new technology file system self characteristics, different files has been taked different protection strategies, efficient height.Can effectively prevent the reconstruct and the invasion of data when (3) the computing expense of encryption policy is little.(4) close friend of system, user can adopt different protection strategies to make compromise in time overhead and security; Big with respect to traditional strategic flexibility that total data is encrypted.(5) the data block Replacement Strategy only processes data itself and can not produce the inconsistency of file system metadata.The invention provides the document protection method of lightweight; provide prevent effectively that necessarily file is by the ability prerequisite of invalid data reconstruct and invasion under; between security and computing expense, taked more excellent compromise to handle; thereby more traditional file encryption algorithm flexibility ratio is high and safe and reliable, has protected the integrality and the confidence level of user data efficiently.
Description of drawings
Fig. 1 is the synoptic diagram that the present invention realizes data encryption and recovery;
Fig. 2 is the process flow diagram of data ciphering method of the present invention;
Fig. 3 is the process flow diagram of data reconstruction method of the present invention;
Fig. 4 is a large file piece Replacement Strategy synoptic diagram;
Fig. 5 is a small documents data block Replacement Strategy synoptic diagram;
The new technology file system index list data structure synoptic diagram that Fig. 6 is.
Embodiment
Below embodiments of the invention are elaborated, present embodiment is being to implement under the prerequisite with the technical solution of the present invention, provided detailed embodiment and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
As depicted in figs. 1 and 2, lightweight file encryption method under the new technology file system in the present embodiment specifically may further comprise the steps:
S1: obtain encryption mode and password that the user selects;
S2: obtain the encrypt file path, check legitimacy, parsing, decomposition path-ways name;
S3: the analysis guide sector, read the system core metadata of new technology file system;
S4: find going into oral thermometer and traveling through file index of specific log file index, obtain the index record inlet of hidden file;
S5:, resolve the residing hard disc physical address information of actual file data according to the file index record entry;
S6: Study document attribute;
S7: choose the data block replacement algorithm;
S8: carry out the data block displacement;
S9: return execution result;
Below specifically introduce each step.
One, step S1
Obtain encryption mode and password that the user selects.Carrying out cryptographic operation in the present embodiment only needs to come executable operations according to encryption mode and password that the user selects.Wherein encryption mode comprises adaptive model and self-defined pattern dual mode.Adaptive model is by the size of system according to actual file, take (1) to small documents with the byte be granularity all carry out random data block displacement (2) to big file bunch be granularity to preceding 50% bunch carry out random data block displacement and be that granularity is all carried out the strategy that random data block is replaced with the byte to first bunch.Wherein the key that provides of user is used to produce the random permutation sequence.
Two, step S2
Obtain the encrypt file path, check legitimacy, parsing, decomposition path-ways name.Carry out the complete trails that cryptographic operation need be specified the file that needs encryption in the present embodiment.As one of necessary input information of carrying out cryptographic operation, the correctness of this information has directly determined the success or not of cryptographic operation execution result.If import illegal pathname, can't carry out correct hiding operation.
The legitimacy of so-called inspection file path is such: system must guarantee at first whether the pathname of importing comprises the unallowed character of new technology file system.Whether logical partition, file at different levels, the file of checking input path appointment simultaneously exist.For example: the input " c: A1 B1 C.DOC ", at first check the unallowable instruction digit that whether comprises the new technology file system definition in this string character string, check whether there is A1 by the logical partition that whether has called after " C: " then successively, whether B1 two-stage file exists the C.DOC file.If there is any inspection to make mistakes in the above-mentioned steps, then stop to carry out whole cryptographic operation, the notice exception handling is handled relevant error and is returned error code.
So-called to analyze, decompose file path be such: with the definition according to the NTFS file path of the file path character string of input, subregion is divided into logical partition name, files at different levels and filename.For example: input " c: A1 B1 C.DOC ", then finally resolve into logical partition name " c: ", two-stage file " A1 " and " B1 ", and filename " C.DOC ".This step decomposition result will direct input data as the S3 step.
Three, step S3
The system core metadata of new technology file system is read in the analysis guide sector.So-called analysis guide sector is such: the boot sector effect of NTFS is the DBR that is guided to active partition by MBR, again by DBR pilot operationp system.And BPB (BIOS Parameter Block) and expansion have defined the necessary data of loading operation system among the BPB on the NTFS volume, and these data also are that present embodiment is carried out the necessary data of cryptographic operation.These are must the BPB parameter information as shown in table 1 below:
Table 1
| Byte offset | Length | Accepted value | Meaning |
| ??0x0B | Word | ??0x0002 | Every sector byte number |
| ??0x0D | Byte | ??0x08 | Every bunch of sector number |
| ??0x30 | 8 bytes | ??0x0400000000000000 | The initial Logic Cluster of $MFT number |
| ??0x38 | 8 bytes | ??0x54FF070000000000 | The initial Logic Cluster of $MFTMirr number |
| ??0x40 | Double word | ??0xF6000000 | Every MFT record number of clusters |
| ??0x44 | Double word | ??0x01000000 | Every index number of clusters |
| ??0x48 | 8 bytes | ??0x14A51B74C91B741C | Label |
Just can obtain the inlet Wen Jian $MFT of new technology file system by reading above-mentioned these data, this also is that present embodiment is carried out setting about a little of encrypt file operation.
The system core metadata that what is called reads new technology file system is such: the crucial meta data definition of new technology file system is such: every kind of data of different types all is a file in new technology file system, and simultaneously preceding 24 MFT record all is the system core meta file.Present embodiment is carried out the NTFS meta file that relates in the cryptographic operation and is defined as follows shown in the table 2:
Table 2
| Sequence number | Meta file | Function |
| ??0 | ??$MFT | MFT itself |
| ??5 | ??$Root | Guiding index file root directory |
By obtaining the initial disk Logic Cluster of De $MFT number in the analysis guide sector, just can read above-mentioned meta file successively.Qi Zhong $MFT specifies the index number and the physical address of itself and other all MFT files.$Root is the root directory "/" of file system, and All Files all can obtain by the root directory index under the logical partition of place.
Four, step S4
Find going into oral thermometer and traveling through file index of specific log file index, obtain the index record inlet of hidden file.Stipulate in the new technology file system that every type data all exist with the form of file.That is: system metadata, file, user file all are present in the new technology file system with the form of file.Each file all has the MFT record of a particular number corresponding.Different is that system metadata has defined the relevant necessary information of new technology file system.Root directory and the performance of each file are the inlet of an index, and index has comprised current file folder all son files and sub-folder down.And the data that the MFT of user file has specified user data to deposit.The numbering of above-mentioned all MFT records all can traverse from the index that root directory begins.Therefore, committed step of present embodiment is from correct root directory index entry, and finding needs the position of hidden file in index.As shown in Figure 6.The index record inlet specific implementation substep of searching hidden file is such:
1. locate and read the header file of file system root index entry, analyze the actual disk physical location of depositing of all index of record in this record.
2. according to the pathname of resolving,, search the final parent folder index entry that obtains the hidden file of wanting by the name of each grade file from the root index entry.Concrete steps comprise:
3. define Zhao Dao $INDEX_ROOT attribute according to index file from the index entry.
4. the attribute head of Fen Xi $INDEX_ROOT attribute, Du Qu $INDEX_ROOT attribute data record.
5. Yi $INDEX_ROOT attribute data is recorded as initially, and 5. Du Qu $INDEX_ENTRY record if the information that the De $INDEX_ENTRY that reads refers to is file or the file that will search, then stops step one by one.Otherwise search Xia Yige $INDEX_ENTRY.If read Zui Houyige $INDEX_ENTRY, then stop step 5..If 5. the filename that has referred in having read less than the folder name that will search or filename, then stops step by the scale-of-two comparison
If 6. 5. step has obtained the file or the file correspondence De $INDEX_ENTRY that will search, then finish this and search.Otherwise note the Zui Houyige $INDEX_ENTRY content that step reads in 5., analyze the information that wherein refers to Di Yige $INDEX_ENTRY skew among the Zai $INDEX_ALLOCATION.
7. the attribute head of Fen Xi $INDEX_ROOT attribute, Du Qu $INDEX_ALLOCATION attribute data record.
8. resolve the data run data that Ji Luzai $INDEX_ALLOCATION attribute head comprises, shine upon according to definition, thereby $INDEX_ALLOCATION real data attribute Data attribute deposit position virtual cluster numbering VCN is mapped to disk actual logic bunch address LCN.
9. the LCN with 8. middle acquisition is the entry address, one by one Du Qu $INDEX_ENTRY record.If the information that the De $INDEX_ENTRY that reads refers to is file or the file that will search, then stop step 9..Otherwise search Xia Yige $INDEX_ENTRY.If read Zui Houyige $INDEX_ENTRY, then stop step 9..If 9. the filename that has referred in having read less than the folder name that will search or filename, then stops step by the scale-of-two comparison.
If 10. 5. step has obtained the file or the file correspondence De $INDEX_ENTRY that will search, then finish this and search.Otherwise note the Zui Houyige $INDEX_ENTRY content that step reads in 10., analyze the information that wherein refers to Di Yige $INDEX_ENTRY skew among the Zai $INDEX_ALLOCATION, as the entry address, repeating step 9.
Five, step S5
According to the file index record entry, obtain the residing hard disc physical address information of actual file data.In the index structure of new technology file system, each file all has a corresponding file index record inlet $INDEX_ENTRY.In the such data structure of $INDEX_ENTRY, of paramount importance data have promptly been described the MFT numbering of its corresponding file.This step specifically is implemented as: that will search arrives De $INDEX_ENTRY, reads its MFT that refers to numbering according to definition.Read the MFT file logging that needs encrypt file according to the start address of obtaining De $MFT list item among the step S3 then.
Six, step S6
The Study document attribute.According to the MFT file logging that step S5 obtains, resolve wherein type type $80 De $DATA attribute, whether Qi Zhongbaokuo $DATA attribute is resident attribute and attribute length.
Ru Guo $DATA attribute mark is resident, the total data among the Du Qu $DATA then, end step S6.
Ru Guo $DATA attribute mark is non-resident, and the virtual cluster numbering VCN that then describes in the Du Qu $DATA attribute is to the mapping relations of disk actual logic bunch address LCN.This mapping relations are represented by the data layout of a kind of Data of being called runs.
Seven, step S7
Choose the data block replacement algorithm.
1. the different pieces of information piece displacement patterns of selecting according to the user is taked different strategies, as shown in Figure 4 and Figure 5.Specific as follows:
If 2. the user selects adaptive model and specified Wen Jian $DATA attribute mark for resident, then is minimum particle size with the byte, produce constant series with the data block permutation cipher, all data are carried out random permutation.
If 3. the user selects adaptive model and specified Wen Jian $DATA attribute mark for non-resident, then bunch being minimum particle size, choose account for total number of clusters preceding 50 percent bunch, produce constant series with the data block permutation cipher, all data are carried out random permutation.And with first bunch of file, be granularity, data are carried out random permutation according to byte.
If 4. the user selects self-defined pattern and specified Wen Jian $DATA attribute mark for resident, then is minimum particle size with the byte, produce constant series with the data block permutation cipher, user's data designated total amount is carried out random permutation.
If 5. the user selects self-defined pattern and specified Wen Jian $DATA attribute mark for non-resident, then, produce constant series with the data block permutation cipher bunch to be minimum particle size, user's data designated total amount is carried out random permutation.And with first bunch of file, be granularity, user's data designated scope is carried out random permutation according to byte.
Eight, step S8
Carry out the data block displacement.This step is defined as follows: according to the data block replacement algorithm of making a strategic decision among the step S7, call corresponding system disk input-output function and carry out the data in magnetic disk read-write.
Nine, step S9
Return execution result.This step is defined as follows: if above-mentioned steps all runs succeeded, then return the executable operations success, allow to carry out other users or system call operation.If a certain link is carried out failure in the above-mentioned steps, then according to the exception handling in the present embodiment, return the mistake numbering of failure link correspondence, allow follow-up wrong analysis and the processing of carrying out.Thereby guarantee the safe reliability that cryptographic operation is carried out.
As shown in figures 1 and 3, the decryption restoration method for lightweight file encryption method under the aforesaid new technology file system of present embodiment specifically may further comprise the steps:
S1: obtain encryption mode and password that the user selects;
S2: obtain the encrypt file path, check legitimacy, parsing, decomposition path-ways name;
S3: the analysis guide sector, read the system core metadata of new technology file system;
S4: find going into oral thermometer and traveling through file index of specific log file index, obtain the index record inlet that needs the data recovery file;
S5:, resolve the residing hard disc physical address information of actual file data according to the file index record entry;
S6: Study document attribute;
S7: according to the data block Replacement Strategy and the password recovery file data of user's input;
S8: return execution result;
Below specifically introduce each step.
One, step S1
Obtain encryption mode and password that the user selects.Concrete steps are defined as follows: the execution data restore operation need be specified encryption policy one adaptive model or the self-defined pattern when carrying out the data cryptographic operation in the present embodiment.As one of necessary input information of carrying out data restore operation, the correctness of this information has directly determined the success or not of data restore operation execution result.Simultaneously, also need obtain the key that uses when the user carries out cryptographic operation, this key is used to produce reverse data block constant series to be used for restoring data piece initial order.
Two, step S2
Obtain the encrypt file path, check legitimacy, parsing, decomposition path-ways name.Concrete steps are defined as follows: (1) guarantees whether the pathname of importing comprises the unallowed character of new technology file system.(2) with the file path character string of input according to the definition of NTFS file path, subregion is divided into logical partition name, files at different levels and filename.If make mistakes in the above-mentioned proof procedure, then return the corresponding error message of user, and stop whole data recovery implementation.
Three, step S3
The system core metadata of new technology file system is read in the analysis guide sector.Present embodiment is carried out the data of the related boot sector data of data restore operation with the required data consistent of execution data encryption, and is as shown in table 3:
Table 3
| Byte offset | Length | Accepted value | Meaning |
| ??0x0B | Word | ??0x0002 | Every sector byte number |
| ??0x0D | Byte | ??0x08 | Every bunch of sector number |
| ??0x30 | 8 bytes | ??0x0400000000000000 | The initial Logic Cluster of $MFT number |
| ??0x38 | 8 bytes | ??0x54FF070000000000 | The initial Logic Cluster of $MFTMirr number |
| ??0x40 | Double word | ??0xF6000000 | Every MFT record number of clusters |
| ??0x44 | Double word | ??0x01000000 | Every index number of clusters |
| ??0x48 | 8 bytes | ??0x14A51B74C91B741C | Label |
Just can obtain the inlet file of new technology file system by reading above-mentioned these data, this also is the inlet file that present embodiment is carried out data restore operation.This step is defined as follows:
1. according to file path, the system I/O resource of the logical partition of this document path correspondence is read in acquisition.
2. the data at No. 0 bunch at the boot sector place of the logical partition opened in 1. of read step.This No. 0 bunch has been write down under the current logical partition, the relevant important information of file system.
Four, step S4
Find going into oral thermometer and traveling through file index of specific log file index, obtain the index record inlet of hidden file.Stipulate in the new technology file system that every type data all exist with the form of file.That is: system metadata, file, user file all are present in the new technology file system with the form of file.Each file all has the MFT record of a particular number corresponding.Different is that system metadata has defined the relevant necessary information of new technology file system.Root directory and the performance of each file are the inlet of an index, and index has comprised current file folder all son files and sub-folder down.And the data that the MFT of user file has specified user data to deposit.The numbering of above-mentioned all MFT records all can traverse from the index that root directory begins.Therefore, committed step of present embodiment is from correct root directory index entry, and finding needs the position of hidden file in index.The index record inlet specific implementation substep of searching hidden file is such:
1. locate and read the header file of file system root index entry, analyze the actual disk physical location of depositing of all index of record in this record.
2. according to the pathname of resolving,, search the final parent folder index entry that obtains the hidden file of wanting by the name of each grade file from the root index entry.Concrete steps comprise:
3. define Zhao Dao $INDEX_ROOT attribute according to index file from the index entry.
4. the attribute head of Fen Xi $INDEX_ROOT attribute, Du Qu $INDEX_ROOT attribute data record.
5. Yi $INDEX_ROOT attribute data is recorded as initially, and 5. Du Qu $INDEX_ENTRY record if the information that the De $INDEX_ENTRY that reads refers to is file or the file that will search, then stops step one by one.Otherwise search Xia Yige $INDEX_ENTRY.If read Zui Houyige $INDEX_ENTRY, then stop step 5..If 5. the filename that has referred in having read less than the folder name that will search or filename, then stops step by the scale-of-two comparison
If 6. 5. step has obtained the file or the file correspondence De $INDEX_ENTRY that will search, then finish this and search.Otherwise note the Zui Houyige $INDEX_ENTRY content that step reads in 5., analyze the information that wherein refers to Di Yige $INDEX_ENTRY skew among the Zai $INDEX_ALLOCATION.
7. the attribute head of Fen Xi $INDEX_ROOT attribute, Du Qu $INDEX_ALLOCATION attribute data record.
8. resolve the data run data that Ji Luzai $INDEX_ALLOCATION attribute head comprises, shine upon according to definition, thereby $INDEX_ALLOCATION real data attribute Data attribute deposit position virtual cluster numbering VCN is mapped to disk actual logic bunch address LCN.
9. the LCN with 8. middle acquisition is the entry address, one by one Du Qu $INDEX_ENTRY record.If the information that the De $INDEX_ENTRY that reads refers to is file or the file that will search, then stop step 9..Otherwise search Xia Yige $INDEX_ENTRY.If read Zui Houyige $INDEX_ENTRY, then stop step 9..If 9. the filename that has referred in having read less than the folder name that will search or filename, then stops step by the scale-of-two comparison.
If 10. 5. step has obtained the file or the file correspondence De $INDEX_ENTRY that will search, then finish this and search.Otherwise note the Zui Houyige $INDEX_ENTRY content that step reads in 10., analyze the information that wherein refers to Di Yige $INDEX_ENTRY skew among the Zai $INDEX_ALLOCATION, as the entry address, repeating step 9.
Five, step S5
According to the file index record entry, resolve the residing hard disc physical address information of actual file data.This step specifically is implemented as: that will search arrives De $INDEX_ENTRY, reads its MFT that refers to numbering according to definition.Read the MFT file logging that needs encrypt file according to the start address of obtaining De $MFT list item among the step S3 then.
Six, step S6
The Study document attribute.This step specifically is implemented as: according to the MFT file logging that step S5 obtains, resolve wherein type type $80 De $DATA attribute, whether Qi Zhongbaokuo $DATA attribute is resident attribute and attribute length.
Seven, step S7
Data block Replacement Strategy and password recovery file data according to user's input.This step is defined as follows:
If 1. the user indicates the data block of the file that needs recovery to adopt adaptive model encryption and data De $DATA attribute mark for resident, then produce the reverse replacement sequence according to password, and according to this sequence restore data.
If 2. the user indicates the data block of the file that needs recovery to adopt adaptive model encryption and data De $DATA attribute mark for non-resident, then produce the reverse replacement sequence, and account for 50 percent bunch carry out data and recover of total number of clusters before choosing according to this sequence according to password.And to the data of first bunch in bunch sequence after recovering, be granularity with the byte, carry out a data block backward again and recover.
If 3. the user indicates the data block of the file that needs recovery to adopt self-defined pattern encryption and data De $DATA attribute mark for resident, it then is minimum particle size with the byte, produce constant series with the data block permutation cipher, user's data designated total amount is carried out random permutation.
If 4. the user indicates the data block of the file that needs recovery to adopt self-defined pattern encryption and data De $DATA attribute mark for non-resident, then earlier bunch being minimum particle size, produce the reverse replacement sequence with the data block permutation cipher, user's data designated total amount is carried out data recover.And the data of first bunch in bunch sequence after will recovering are granularity according to byte, carry out a data block backward again and recover.
Eight, step S8
Return execution result.This step is defined as follows: if above-mentioned steps all runs succeeded, then return the executable operations success, allow to carry out other users or system call operation.If a certain link is carried out failure in the above-mentioned steps, then according to the exception handling in the present embodiment, return the mistake numbering of failure link correspondence, allow follow-up wrong analysis and the processing of carrying out.Thereby guarantee the safe reliability that cryptographic operation is carried out.
Claims (10)
1, lightweight file encryption method under a kind of new technology file system is characterized in that, may further comprise the steps:
The first step, prompting user select adaptive model or self-defined pattern, when the user selects adaptive model, then carry out for the 7th step, otherwise the prompting user selects to treat the size of replacement data piece, ratio, replacement algorithm complexity and the data block permutation cipher of displacement;
The path that the replacement data piece is treated in second step, prompting user input is decomposed into file path then: the filename and the extension name thereof of logical partition identifier, folder name at different levels, need replacement data block file;
The 3rd step, according to the file path after decomposing, read No. 0 sectors of data in boot sector place of the logical partition of this document path correspondence, calculate the disk physical deflection address that the crucial metadata of NTFS document framework system is deposited under this logical partition then, resolve master file record, the file system root index entry information for the treatment of the replacement data piece at last;
The 4th step, according to file system root index entry information, the actual physical disk address of depositing of the index of replacement data piece is treated in analysis, then according to the pathname that obtains in second step, from file system root index entry, search the parent folder index entry for the treatment of the replacement data piece by the name of each grade file;
The 5th step, obtain De $INDEX_ENTRY according to locating file index in the 4th step, wherein treated the MFT numbering of replacement data piece, according to the crucial metadata of the NTFS document framework system that obtains in the 3rd step, searched the MFT file of corresponding MFT numbering then;
In the 6th step, according to type type $80 De $DATA attribute in the MFT file, Dang $DATA attribute mark is resident, then finishes for the 6th step; Dang $DATA attribute mark is non-resident, and the virtual cluster numbering VCN that then describes in the Du Qu $DATA attribute is to the mapping relations of disk actual logic bunch address LCN;
In the 7th step, type type $80 De $DATA attribute is taked different strategies in different mode of selecting according to the user and the corresponding MFT file;
The 8th step, according to the data block Replacement Strategy of selecting in the 7th step, call the file system interface function, the data block of specified file is replaced;
In the 9th step, when above-mentioned steps all runs succeeded, then return the executable operations success, otherwise return the mistake numbering of this failure link correspondence.
2, lightweight file encryption method under the new technology file system according to claim 1 is characterized in that, the parsing described in the 3rd step treats that the replacement data piece is meant that defining the file that need are encrypted according to new technology file system resolves.
3, lightweight file encryption method under the new technology file system according to claim 1, it is characterized in that, the parent folder index entry for the treatment of the replacement data piece described in the 4th step, be meant: at first find and treat replacement data piece De $INDEX_ROOT attribute from the index entry, reading type then is 0x90 De $INDEX_ROOT attribute data record, reads Qi Zhong $INDEX_ENTRY record again from $INDEX_ROOT attribute data record one by one:
The information that refers to as reading De $INDEX_ENTRY is the file that will search, then stops to search and Fan Hui $INDEX_ENTRY, otherwise searches Xia Yige $INDEX_ENTRY;
When traversing Zui Houyige $INDEX_ENTRY, then stop to search and Fan Hui $INDEX_ENTRY;
The filename that has referred in having read, then stops to search and returning less than the filename for the treatment of the replacement data piece by the scale-of-two comparison;
Treat replacement data piece correspondence De $INDEX_ENTRY when what fail to obtain to search when searching after stopping, then returning last and read De $INDEX_ENTRY and carry out side-play amount and search processing.
4, lightweight file encryption method under the new technology file system according to claim 3, it is characterized in that, described side-play amount is searched to handle and is meant: reading type is 0xA0 De $INDEX_ALLOCATION attribute data record, resolve the data run data that comprise in the Ji Luzai $INDEX_ALLOCATION attribute then, definition is shone upon according to new technology file system, thereby the virtual cluster numbering VCN of $INDEX_ALLOCATION real data deposit position is mapped to disk actual logic bunch address LCN;
Be file system root entry address, Du Qu $INDEX_ENTRY record one by one with a disk actual logic bunch address LCN then:
The information that refers to as reading De $INDEX_ENTRY is file or the file for the treatment of the replacement data piece, then stops to search, otherwise searches Xia Yige $INDEX_ENTRY;
When reading Zui Houyige $INDEX_ENTRY, then stop to search;
The filename that has referred in having read, then stops to search less than the folder name for the treatment of the replacement data piece or filename by the scale-of-two comparison;
Treat replacement data piece correspondence De $INDEX_ENTRY when what fail to obtain to search when searching after stopping, then return Zui Houyige $INDEX_ENTRY content, and with the information of Di Yige $INDEX_ENTRY skew among this $INDEX_ALLOCATION as address, file system root index entry, repeat this side-play amount and search processing.
5, lightweight file encryption method under the new technology file system according to claim 1, it is characterized in that, strategy described in the 7th step is meant: when the user selects adaptive model and specified Wen Jian $DATA attribute mark is resident, it then is minimum particle size with the byte, produce constant series with the data block permutation cipher, all data are carried out random permutation;
When the user selects adaptive model and specified Wen Jian $DATA attribute mark is non-resident, then bunch being minimum particle size, choose account for total number of clusters preceding 50 percent bunch, produce constant series with the data block permutation cipher, all data are carried out random permutation, and with first bunch of file, be granularity, data are carried out random permutation according to byte;
When the user selects self-defined pattern and specified Wen Jian $DATA attribute mark is resident, then is minimum particle size with the byte, produces constant series with the data block permutation cipher, and user's data designated total amount is carried out random permutation;
When the user selects self-defined pattern and specified Wen Jian $DATA attribute mark for non-resident, then, produce constant series with the data block permutation cipher bunch to be minimum particle size, user's data designated total amount is carried out random permutation; And with first bunch of file, be granularity, user's data designated total amount is carried out random permutation according to byte.
6, the decryption restoration method of lightweight file encryption method under a kind of new technology file system according to claim 1 is characterized in that, may further comprise the steps:
The 1st step, prompting user input: need the data block Replacement Strategy of recovery file and data block to recover password;
The 2nd step, obtaining the user wants the path of encrypt file as input, check the legitimacy of this pathname, and resolve this pathname, will be decomposed into: the filename and the extension name thereof of logical partition identifier, folder name at different levels, need replacement data block file file path
The 3rd step, according to the file path of having resolved, at first read No. 0 sectors of data in boot sector place of the logical partition of this document path correspondence, calculate the disk physical deflection address that the crucial metadata of NTFS document framework system is deposited under this logical partition then, resolve master file record, the file system root index entry information of data block to be restored at last;
The 4th step, according to file system root index entry information, the actual physical disk address of depositing of the index of replacement data piece is treated in analysis, then according to the pathname that obtains in second step, from file system root index entry, name by each grade file is searched, until finding the index entry for the treatment of the replacement data piece;
The 5th step, obtain De $INDEX_ENTRY according to locating file index in the 4th step, wherein treated the MFT numbering of replacement data piece, according to the crucial metadata of the NTFS document framework system that obtains in the 3rd step, searched the MFT record of corresponding MFT numbering then;
In the 6th step, the Study document attribute: according to respective items De $DATA attribute in the MFT, Dang $DATA attribute mark is resident, then finishes for the 6th step; Dang $DATA attribute mark is non-resident, and the virtual cluster numbering VCN that then describes in the Du Qu $DATA attribute is to the mapping relations of disk actual logic bunch address LCN;
In the 7th step, take different strategies with the password recovery file data according to the data block Replacement Strategy of user's input;
In the 8th step, return execution result.
7, the decryption restoration method of lightweight file encryption method under the new technology file system according to claim 6 is characterized in that, the data block of changing to be restored of the parsing described in the 3rd step is meant that defining the file that need are reduced according to new technology file system resolves.
8, the decryption restoration method of lightweight file encryption method under the new technology file system according to claim 6, it is characterized in that, search the index entry for the treatment of the replacement data piece described in the 4th step, be meant: at first find and treat replacement data piece De $INDEX_ROOT attribute from the index entry, reading type then is 0x90 De $INDEX_ROOT attribute data record, reads Qi Zhong $INDEX_ENTRY record again from $INDEX_ROOT attribute data record one by one:
The information that refers to as reading De $INDEX_ENTRY is the file that will search, then stops to search and Fan Hui $INDEX_ENTRY, otherwise searches Xia Yige $INDEX_ENTRY;
When traversing Zui Houyige $INDEX_ENTRY, then stop to search and Fan Hui $INDEX_ENTRY;
The filename that has referred in having read, then stops to search and returning less than the filename for the treatment of the replacement data piece by the scale-of-two comparison;
When search fail after stopping to obtain to search treat replacement data piece correspondence De $INDEX_ENTRY, then return last and read De $INDEX_ENTRY and carry out side-play amount and search processing.
9, the decryption restoration method of lightweight file encryption method under the new technology file system according to claim 6, it is characterized in that, side-play amount described in the 4th step is searched to handle and is meant: reading type is 0xA0 De $INDEX_ALLOCATION attribute data record, resolve the data run data that comprise in the Ji Luzai $INDEX_ALLOCATION attribute then, definition is shone upon according to new technology file system, thereby the virtual cluster numbering VCN of $INDEX_ALLOCATION real data deposit position is mapped to disk actual logic bunch address LCN;
Be file system root entry address, Du Qu $INDEX_ENTRY record one by one with a disk actual logic bunch address LCN then:
The information that refers to as reading De $INDEX_ENTRY is file or the file for the treatment of the replacement data piece, then stops to search, otherwise searches Xia Yige $INDEX_ENTRY;
When reading Zui Houyige $INDEX_ENTRY, then stop to search;
The filename that has referred in having read, then stops to search less than the folder name for the treatment of the replacement data piece or filename by the scale-of-two comparison;
When search fail after stopping to obtain to search treat replacement data piece correspondence De $INDEX_ENTRY, then return Zui Houyige $INDEX_ENTRY content, and with the information of Di Yige $INDEX_ENTRY skew among this $INDEX_ALLOCATION as the entry address, repeat Cha Zhao $INDEX_ENTRY.
10, the decryption restoration method of lightweight file encryption method under the new technology file system according to claim 6, it is characterized in that, strategy described in the 7th step specifically is meant: adopt adaptive model encryption and data De $DATA attribute mark for resident when the user indicates the data block of the file that needs recovery, then produce the reverse replacement sequence according to password, and according to this sequence restore data;
When indicating the data block that needs recovery file, the user adopt adaptive model encryption and data De $DATA attribute mark for non-resident, then produce the reverse replacement sequence according to password, and account for 50 percent bunch carry out data and recover of total number of clusters before choosing according to this sequence, and the data of first bunch in bunch sequence after will recovering, with the byte is granularity, carries out a secondary data again and recovers;
When indicating the data block of the file that needs recovery, the user adopt self-defined pattern encryption and data De $DATA attribute mark for resident, it then is minimum particle size with the byte, produce constant series with the data block permutation cipher, user's data designated total amount is carried out random permutation;
When indicating the data block of the file that needs recovery, the user adopt self-defined pattern encryption and data De $DATA attribute mark for non-resident, then earlier bunch being minimum particle size, produce the reverse replacement sequence with the data block permutation cipher, user's data designated total amount is carried out data to be recovered, and the data of first bunch in bunch sequence after will recovering, according to byte is granularity, carries out a secondary data again and recovers.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910052890XA CN101634992B (en) | 2009-06-11 | 2009-06-11 | Light-weight file encryption and decrypting and recovering method in NTFS file system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910052890XA CN101634992B (en) | 2009-06-11 | 2009-06-11 | Light-weight file encryption and decrypting and recovering method in NTFS file system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101634992A true CN101634992A (en) | 2010-01-27 |
| CN101634992B CN101634992B (en) | 2011-04-13 |
Family
ID=41594182
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910052890XA Expired - Fee Related CN101634992B (en) | 2009-06-11 | 2009-06-11 | Light-weight file encryption and decrypting and recovering method in NTFS file system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101634992B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102012993A (en) * | 2010-11-29 | 2011-04-13 | 北京卓微天成科技咨询有限公司 | Methods and devices for selectively encrypting and decrypting data |
| CN102855433A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking method and device |
| CN102902925A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | Infected file processing method and system |
| CN102930208A (en) * | 2012-09-29 | 2013-02-13 | 北京奇虎科技有限公司 | Method and system for processing files affected by virus |
| CN102945194A (en) * | 2012-11-08 | 2013-02-27 | 珠海市彦安科技有限公司 | EFS-encrypted (encrypting file system-encrypted) file recovery method and EFS-encrypted file recovery system |
| CN104199909A (en) * | 2014-08-28 | 2014-12-10 | 上海爱数软件有限公司 | Method for recovering NTFS advanced encryption file in VMware scene |
| CN104732143A (en) * | 2011-06-27 | 2015-06-24 | 北京奇虎科技有限公司 | Method and device for unlocking file |
| CN104732142A (en) * | 2011-06-27 | 2015-06-24 | 北京奇虎科技有限公司 | Method and device for unlocking file |
| CN105812329A (en) * | 2014-12-31 | 2016-07-27 | 中国科学院沈阳自动化研究所 | Mobile security encryption method for complex production management system |
| CN107153791A (en) * | 2017-03-27 | 2017-09-12 | 联想(北京)有限公司 | A kind of data presentation method and electronic equipment |
| CN109062582A (en) * | 2018-07-23 | 2018-12-21 | 北京云测信息技术有限公司 | A kind of encryption method and device of application installation package |
| CN110334065A (en) * | 2019-07-11 | 2019-10-15 | 中国联合网络通信集团有限公司 | A kind of document handling method and system |
| CN111552974A (en) * | 2020-03-19 | 2020-08-18 | 沈阳通用软件有限公司 | USB flash disk encryption and decryption method based on Windows operating system |
| CN111783077A (en) * | 2020-06-15 | 2020-10-16 | 中国电子科技集团公司第三十研究所 | TrueCrypt encryption software password recovery method, encrypted data evidence obtaining system and storage medium |
-
2009
- 2009-06-11 CN CN200910052890XA patent/CN101634992B/en not_active Expired - Fee Related
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102012993B (en) * | 2010-11-29 | 2012-07-11 | 北京卓微天成科技咨询有限公司 | Methods and devices for selectively encrypting and decrypting data |
| CN102012993A (en) * | 2010-11-29 | 2011-04-13 | 北京卓微天成科技咨询有限公司 | Methods and devices for selectively encrypting and decrypting data |
| CN102855433B (en) * | 2011-06-27 | 2016-03-30 | 北京奇虎科技有限公司 | A kind of method of file unlock and device |
| CN102855433A (en) * | 2011-06-27 | 2013-01-02 | 奇智软件(北京)有限公司 | File unlocking method and device |
| CN104732142B (en) * | 2011-06-27 | 2017-12-12 | 北京奇虎科技有限公司 | A kind of method and device of file unblock |
| CN104732143A (en) * | 2011-06-27 | 2015-06-24 | 北京奇虎科技有限公司 | Method and device for unlocking file |
| CN104732142A (en) * | 2011-06-27 | 2015-06-24 | 北京奇虎科技有限公司 | Method and device for unlocking file |
| CN102902925A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | Infected file processing method and system |
| CN102930208A (en) * | 2012-09-29 | 2013-02-13 | 北京奇虎科技有限公司 | Method and system for processing files affected by virus |
| CN102930208B (en) * | 2012-09-29 | 2015-11-25 | 北京奇虎科技有限公司 | A kind of disposal route of file of contaminating and system |
| CN102945194A (en) * | 2012-11-08 | 2013-02-27 | 珠海市彦安科技有限公司 | EFS-encrypted (encrypting file system-encrypted) file recovery method and EFS-encrypted file recovery system |
| CN104199909A (en) * | 2014-08-28 | 2014-12-10 | 上海爱数软件有限公司 | Method for recovering NTFS advanced encryption file in VMware scene |
| CN105812329A (en) * | 2014-12-31 | 2016-07-27 | 中国科学院沈阳自动化研究所 | Mobile security encryption method for complex production management system |
| CN105812329B (en) * | 2014-12-31 | 2018-07-20 | 中国科学院沈阳自动化研究所 | For the mobile security encryption method in complicated production management system |
| CN107153791A (en) * | 2017-03-27 | 2017-09-12 | 联想(北京)有限公司 | A kind of data presentation method and electronic equipment |
| CN107153791B (en) * | 2017-03-27 | 2020-12-18 | 联想(北京)有限公司 | Data presentation method and electronic equipment |
| CN109062582A (en) * | 2018-07-23 | 2018-12-21 | 北京云测信息技术有限公司 | A kind of encryption method and device of application installation package |
| CN109062582B (en) * | 2018-07-23 | 2022-02-01 | 北京云测信息技术有限公司 | Encryption method and device for application installation package |
| CN110334065A (en) * | 2019-07-11 | 2019-10-15 | 中国联合网络通信集团有限公司 | A kind of document handling method and system |
| CN110334065B (en) * | 2019-07-11 | 2022-02-11 | 中国联合网络通信集团有限公司 | File processing method and system |
| CN111552974A (en) * | 2020-03-19 | 2020-08-18 | 沈阳通用软件有限公司 | USB flash disk encryption and decryption method based on Windows operating system |
| CN111552974B (en) * | 2020-03-19 | 2023-12-05 | 三六零数字安全科技集团有限公司 | USB flash disk encryption and decryption method based on Windows operating system |
| CN111783077A (en) * | 2020-06-15 | 2020-10-16 | 中国电子科技集团公司第三十研究所 | TrueCrypt encryption software password recovery method, encrypted data evidence obtaining system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101634992B (en) | 2011-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101634992B (en) | Light-weight file encryption and decrypting and recovering method in NTFS file system | |
| CN101464900B (en) | Light file hiding method in NTFS file system | |
| EP1451664B1 (en) | Systems, methods and devices for secure computing | |
| US11232216B1 (en) | Systems and methods for generation of secure indexes for cryptographically-secure queries | |
| Storer et al. | POTSHARDS: secure long-term storage without encryption | |
| CN107220559B (en) | Encryption storage method for non-tamperable file | |
| Storer et al. | POTSHARDS—a secure, recoverable, long-term archival storage system | |
| EP3688955B1 (en) | Secure storage of data through encryption and segmentation | |
| CN105426708A (en) | Reinforcing method of application program of Android system | |
| CN101082883A (en) | Storage apparatus having multiple layer encrypting protection | |
| CN102693399B (en) | System and method for on-line separation and recovery of electronic documents | |
| CN104834840B (en) | Cipher code protection method based on mapping drift technology | |
| Iftikhar et al. | A reversible watermarking technique for social network data sets for enabling data trust in cyber, physical, and social computing | |
| CN115659417A (en) | Audit log storage method, audit log verification method, audit log storage device, audit log verification device and computer equipment | |
| Storer et al. | Long-term threats to secure archives | |
| CN111539042B (en) | Safe operation method based on trusted storage of core data files | |
| CN103544443A (en) | Application layer file hiding method under NTFS file system | |
| CN112380559B (en) | Android file password box system based on dual-chaos hash file control | |
| CN111523885B (en) | Encryption multi-account construction method for blockchain wallet, computer readable storage medium and blockchain encryption multi-account wallet | |
| CN112580068B (en) | SQLite database security enhancement method | |
| Jiang et al. | An anti-forensic method based on rs coding and distributed storage | |
| CN108885576B (en) | Removing information from data | |
| CN201054250Y (en) | A storage device with multi-layer encryption protection | |
| Parab et al. | Database Security Technique with Database Cache | |
| Augier | Trustworthy Cloud Storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110413 Termination date: 20140611 |
|
| EXPY | Termination of patent right or utility model |