CN101692265A - Method of encrypting and protecting files - Google Patents
Method of encrypting and protecting files Download PDFInfo
- Publication number
- CN101692265A CN101692265A CN200910070594A CN200910070594A CN101692265A CN 101692265 A CN101692265 A CN 101692265A CN 200910070594 A CN200910070594 A CN 200910070594A CN 200910070594 A CN200910070594 A CN 200910070594A CN 101692265 A CN101692265 A CN 101692265A
- Authority
- CN
- China
- Prior art keywords
- key
- file
- cpu
- encryption
- encrypting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method of encrypting and protecting files by using the CPU ID. The files are encrypted and protected by final encrypting keys under the Windows operation system platform of the Intel CPU, and the final encrypting keys are generated from the mobile keys, the user keys and the CPU ID. After being encrypted, the files are stored in a designated directory, the illegal access to the designated directory by the common program are restricted by a Windows bottom file filtering system, and the designated directory are hidden to avoid the access of the common program. The invention solves the problem that the original encrypted files can be easily decrypted by violence, has the characteristics of high encryption degree, safety, reliability and simple operation and is suitable for encrypting various files.
Description
Technical field
The invention belongs to the computer security technique field, relate to a kind of encryption protecting method of file.
Background technology
Modern society, file data is very important to everyone, how can effectively protect the file data of individual or company, prevents that the disabled user from obtaining, and has become the topic that people pay close attention to.
The encryption protecting method of current file is of a great variety, but most method generally is the key that the requirement user imports certain-length to the cryptoguard insufficient strength of enciphered data itself.The hiding defencive function of encrypting the back file is generally realized by the bottom document filtering system; but because not well protection of the password of user's input; deciphering only needs the password of designated length; be easy to by assault instrument Brute Force, so greatly wasted the function that bottom layer driving is hidden.
The CPU of Intel is from Intel486
TMWork the function of supporting to detect the CPU sequence number, the CPU of Intel sequence number is shown by 24 16 system numerical tables, because the identical probability of sequence number is
Be approximately 0, make decryption oprerations on same PC, to carry out, so use the CPU sequence number to generate encryption key, the security that has improved encryption key.The length of security of Jia Miing and password has direct relation simultaneously, and the short more easy crack more of Password Length, and Password Length is long more is inconvenient more from the angle of using, and causes password to be forgotten promptly easily more.The mobile cryptographic key technology can address this problem.The key that the mobile cryptographic key technology is used final cryptographic algorithm is divided into two parts: local key that generates and the mobile cryptographic key that imports from the outside.For the present invention, the security of encryption not only depends on first, more depends on second portion, and what the user need remember is first.So its encryption is safe, and be convenient to remember easy to use.Utilize keyboard equipments of recording, IE cache resources extracting tool etc. can be easy to the password that finds the user to input from keyboard, for only needing the manually software of input password, its security does not just guarantee.And, adopt soft keyboard to carry out the key input for the present invention, and can effectively prevent key leakage, even if manually the password of input is cracked, there is not mobile cryptographic key just can not be decrypted operation, improved the security of encrypting and protecting files so greatly.
Summary of the invention
The object of the invention is to overcome the above-mentioned deficiency of prior art; provide a kind of and under the Windows operating system platform of using the CPU of Intel, realize encrypting and protecting files; in conjunction with mobile cryptographic key; CPU sequence number and bottom document filtering system; make the safer method of file after the encryption, thereby protect encrypt file not visited and obtain effectively by the disabled user.
In order to achieve the above object, technical scheme of the present invention is:
A kind of method of encrypting and protecting files, under the Windows operating system platform of using the CPU of Intel, use, it is characterized in that: the key of encrypt file is made up of two parts key, a part is to obtain from the mobile cryptographic key file, and another part is to use the part position of the key of soft keyboard input and PC CPU sequence number to carry out the new key that generates behind the XOR by the user; Then use cryptographic algorithm that file is carried out encryption, the file after the encryption by the protection of bottom document filtering system, stops unauthorized access by leaving assigned catalogue in.
Above-mentioned encryption protecting method specifically can may further comprise the steps:
(1) user uses soft keyboard input designated length key.
(2) on PC, detect this machine CPU sequence number.
(3) the XOR processing is carried out in the part position of the key that (1) is obtained and (2), generates new key.
(4) determine mobile cryptographic key, and from the mobile cryptographic key file, obtain the designated length key.
(5) key that (3) and (4) are generated according to certain selection principle, is linked in sequence into the required key of final cryptographic algorithm.
(6) use cryptographic algorithm, wherein (5) key of generating is as encryption key, and the file of required encryption is as input, the file after finally obtaining encrypting.
(7) leave in the encrypt file that generates in the file directory of appointment by designated program;
Whether, by judge visit process be the process of appointment program, be then can visit the specified file catalogue file is decrypted, otherwise can't visit if (8) using the bottom document filtering system.
The length of the described mobile cryptographic key of above-mentioned step (4) should be greater than described designated length, and by being divided into several equal portions, the key that selection mediates from every part finally obtains the designated length key.
In the said method, described Windows operating system refers to Windows 2000 operating systems, Windows XP operating system and Windows VISTA operating system; The described CPU of Intel refers to Intel486
TMCPU after the model.
Substantive distinguishing features of the present invention is: by using the CPU sequence number, because the identical probability of sequence number is
Be approximately 0, make decryption oprerations on same PC, to carry out; By using the mobile cryptographic key file, making that the disabled user only obtains user key can't declassified document; By using Windows bottom filtering system protection assigned catalogue, make and just can visit file after the encryption by designated program.During deciphering, have only by using designated program on the PC when encrypting, and it is all identical with mobile cryptographic key to guarantee that the user inputs password, just can visit the file of encryption, and then be decrypted operation, obtains original file.
Compared with prior art, the present invention has following tangible advantage: because the present invention has used the CPU of the Intel sequence number of PC when encryption key generates, even only get its preceding 6, identical probability
Approach 0, make declassified document on the PC of encrypt file, to carry out; Adopt soft keyboard input user key, prevent of the threat of relevant hacker software effectively keyboard input record; Adopt the mobile cryptographic key method, improved the complicacy of encryption key greatly,, do not have mobile cryptographic key still can't obtain original even make the disabled user obtain the key of user's input; Use Windows bottom document filtering system, strengthened protection, prevent that effectively general hacker software or disabled user from conducting interviews to encrypting the back file, and then carry out the possibility of Brute Force after obtaining the file after encrypting.
Description of drawings
Fig. 1 is that encryption key of the present invention generates synoptic diagram.
Fig. 2 is that the key behind mobile cryptographic key of the present invention and user key and the CPU sequence number XOR is linked in sequence and generates final encryption key synoptic diagram.
Fig. 3 is that bottom document filtering system of the present invention is hidden protection encrypt file assigned catalogue synoptic diagram.
Embodiment
Referring to Fig. 1, be example with the aes algorithm, ciphering process of the present invention comprises the steps:
At first obtain to encrypt required key, aes algorithm needs 16, i.e. the key of 128bit length:
(1) user uses 6 keys of soft keyboard input.It is long that the reason of selecting 6 bit lengths for use is that the user imports, and is not easy to user's self memory.If the user imports 6 of curtailments, then add and specify key to form 6 by designated program; If user's input surpasses 6, then can designated program ignore unnecessary key, only stay top 6 keys.
(2) on PC, obtain the preceding 6 bit CPU sequence numbers of this machine, the probability that Intel's first six digits sequence number is identical by designated program
This shows that probability is approximately zero, and the CPU of AMD do not support sequence number, so declassified document is impossible substantially on different computers.
(3) the xor operation processing is carried out in each 6 the key step-by-step that (1) and (2) is obtained, and generates 6 new keys.
(4) from the mobile cryptographic key file, obtain 10 keys.Mobile cryptographic key is one piece of article, or a large amount of characters, and the user can be provided with voluntarily, but length need be greater than the length of appointment.By key being divided into 10 equal portions, the key that selection mediates from every part is selected 10 keys altogether.Mobile cryptographic key should be stored in the move media, cannot be stored on the residing PC of encrypt file, and mobile cryptographic key must be kept properly by the user.
(5) 10 keys that 6 keys that (3) generated and (4) generate according to 1 key getting earlier in (3), are then got 2 keys in (4), are linked in sequence into 16 keys that final cryptographic algorithm is required.
Use aes algorithm then, 16 keys that (5) are generated carry out the input of the file of encryption as algorithm, the file after finally obtaining encrypting as encryption key with preparing.
Then the encrypt file that generates is left in the file directory of appointment by designated program.Can whether delete the file before encrypting according to user's needs.
Whether at last, use the bottom document filtering system, be the process of appointment program by judging the visit process; be then can visit the specified file catalogue; otherwise can't visit, the file after then encrypting is in hidden state, to reach the visit that the protection designated directory prevents disabled user or process.
With reference to Fig. 2, the cohesive process of final encryption key is: according to 1 key in 6 keys getting earlier after XOR is handled, then get 2 keys in 10 keys in the mobile cryptographic key, be linked in sequence into 16 keys that final cryptographic algorithm is required.
With reference to Fig. 3; whether the bottom document filtering system is hidden the process that protection encrypts the back file: when the catalogue of hiding of routine access appointment, be to specify the process that allows to reach whether to refuse the function of specifying collapse directories to visit by judge the visit process in the distribution routine IRP_MJ_CREATE of IRP.When the parent directory of the catalogue of hiding of routine access appointment, judge that by distribution routine IRP_MJ_CREATE whether the visit process is to specify the process that allows to reach the function of hiding assigned catalogue whether at the distribution routine IRP_MJ_DIRECTORY_CONTROL of IRP at IRP.All functions mainly are to realize by interception and modification to IRP
By the following examples the present invention is carried out more detailed description: ciphering process comprises the steps that the present invention is example with the aes algorithm:
At first obtain to encrypt required key, aes algorithm needs 16, i.e. the key of 128bit length: (1) user uses 6 keys of soft keyboard input: 123456.
(2) on PC, obtain the CPU sequence number of this machine: 0EBFBFF0000000000000678, preceding 6 bit CPU sequence number: 0FEBFB by designated program.
(3) 6 key step-by-steps of each that (1) and (2) is obtained are carried out xor operation and are handled, generate 6 new key: tsvvt ".
(4) obtain 10 key: behknqtwzg from the mobile cryptographic key file, wherein the mobile cryptographic key file is: abcdefghijklmnopqrstuvwxyzwcgd.
(5) 10 keys that 6 keys that (3) generated and (4) generate according to 1 key getting earlier in (3), are then got 2 keys in (4), be linked in sequence into 16 key that final cryptographic algorithm is required: tbeshkvnqvtwtzg ".
Use aes algorithm then, 16 keys that (5) are generated carry out the input of the file of encryption as algorithm, the file after finally obtaining encrypting as encryption key with preparing.
Then the encrypt file that generates is left in the file directory of appointment by designated program.Can whether delete the file before encrypting according to user's needs.
Whether at last, use the bottom document filtering system, be the process of appointment program by judging the visit process; be then can visit the specified file catalogue; otherwise can't visit, the file processing hidden state after then encrypting is to reach the visit that the protection designated directory prevents disabled user or process.
The present invention only carries out the elaboration of the inventive method as cryptographic algorithm with aes algorithm, but cryptographic algorithm can be not limited to aes algorithm, when choosing other cryptographic algorithm, can be according to the length of the required key of algorithm, the key length that adjustment is obtained from mobile cryptographic key is perhaps adjusted the length of the manual key of importing of user and the length of the CPU sequence number that uses.
The management of mobile cryptographic key among the present invention can manage by specifically setting up the mobile cryptographic key database according to the software company of the invention process development.For legal user, company need set up man-to-man mobile cryptographic key database, if legal user loses mobile cryptographic key, company need provide mobile cryptographic key to give service for change, do like this and can prevent effectively that its product is by piracy, because the key of pirate user generally is consistent, and is very dangerous, and pirate user can't be enjoyed key and gives service for change.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (5)
1. method of encrypting and protecting files, under the Windows operating system platform of using the CPU of Intel, use, it is characterized in that: the key of encrypt file is made up of two parts key, a part is to obtain from the mobile cryptographic key file, and another part is to use the part position of the key of soft keyboard input and PC CPU sequence number to carry out the new key that generates behind the XOR by the user; Then use cryptographic algorithm that file is carried out encryption, the file after the encryption by the protection of bottom document filtering system, stops unauthorized access by leaving assigned catalogue in.
2. encryption protecting method according to claim 1, it is characterized in that: process may further comprise the steps:
(1) user uses soft keyboard input designated length key.
(2) on PC, detect this machine CPU sequence number.
(3) the XOR processing is carried out in the part position of the key that (1) is obtained and (2), generates new key.
(4) determine mobile cryptographic key, and from the mobile cryptographic key file, obtain the designated length key.
(5) choose the key that (3) and (4) generate respectively, be linked in sequence into the required key of final cryptographic algorithm.
(6) use cryptographic algorithm, wherein (5) key of generating is as encryption key, and the file of required encryption is as input, the file after finally obtaining encrypting.
(7) leave in the encrypt file that generates in the file directory of appointment by designated program;
Whether, by judge visit process be the process of appointment program, be then can visit the specified file catalogue file is decrypted, otherwise can't visit if (8) using the bottom document filtering system.
3. method according to claim 1 and 2 is characterized in that, the length of the described mobile cryptographic key of step (4) is greater than described designated length, and by being divided into several equal portions, the key that selection mediates from every part finally obtains the designated length key.
4. according to the described method of claim 1 to 3, wherein said Windows operating system refers to Windows 2000 operating systems, Windows XP operating system and Windows VISTA operating system.
5. according to the described method of claim 1 to 4, the wherein said CPU of Intel refers to Intel486
TMCPU after the model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910070594A CN101692265A (en) | 2009-09-25 | 2009-09-25 | Method of encrypting and protecting files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910070594A CN101692265A (en) | 2009-09-25 | 2009-09-25 | Method of encrypting and protecting files |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101692265A true CN101692265A (en) | 2010-04-07 |
Family
ID=42080949
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910070594A Pending CN101692265A (en) | 2009-09-25 | 2009-09-25 | Method of encrypting and protecting files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101692265A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101833625A (en) * | 2010-05-11 | 2010-09-15 | 上海众烁信息科技有限公司 | File and folder safety protection method based on dynamic password and system thereof |
| CN102254128A (en) * | 2011-08-17 | 2011-11-23 | 重庆君盾科技有限公司 | Method for automatically hiding files during running of operating system |
| CN103473490A (en) * | 2013-08-16 | 2013-12-25 | 亚太宝龙科技(湖南)有限公司 | Directory encryption and access method and device of encrypted directory |
| CN104966010A (en) * | 2015-06-23 | 2015-10-07 | 深圳市九洲电器有限公司 | File protection method and system |
| CN108370315A (en) * | 2015-09-22 | 2018-08-03 | 万事达卡国际股份有限公司 | With encrypted fail-safe computer cluster |
| CN109815729A (en) * | 2018-12-28 | 2019-05-28 | 北京奇安信科技有限公司 | A kind of storage processing method and device of source file of auditing |
-
2009
- 2009-09-25 CN CN200910070594A patent/CN101692265A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101833625A (en) * | 2010-05-11 | 2010-09-15 | 上海众烁信息科技有限公司 | File and folder safety protection method based on dynamic password and system thereof |
| CN102254128A (en) * | 2011-08-17 | 2011-11-23 | 重庆君盾科技有限公司 | Method for automatically hiding files during running of operating system |
| CN103473490A (en) * | 2013-08-16 | 2013-12-25 | 亚太宝龙科技(湖南)有限公司 | Directory encryption and access method and device of encrypted directory |
| CN103473490B (en) * | 2013-08-16 | 2016-10-12 | 亚太宝龙科技(湖南)有限公司 | A kind of encrypted directory and access method thereof and device |
| CN104966010A (en) * | 2015-06-23 | 2015-10-07 | 深圳市九洲电器有限公司 | File protection method and system |
| CN108370315A (en) * | 2015-09-22 | 2018-08-03 | 万事达卡国际股份有限公司 | With encrypted fail-safe computer cluster |
| CN109815729A (en) * | 2018-12-28 | 2019-05-28 | 北京奇安信科技有限公司 | A kind of storage processing method and device of source file of auditing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2002213436B2 (en) | Method and apparatus for automatic database encryption | |
| US7587608B2 (en) | Method and apparatus for storing data on the application layer in mobile devices | |
| US6976167B2 (en) | Cryptography-based tamper-resistant software design mechanism | |
| US20030208686A1 (en) | Method of data protection | |
| US20080155276A1 (en) | Secure storage system and method of use | |
| JP2007280180A (en) | Electronic document | |
| CN105740725A (en) | File protection method and system | |
| CN106575342A (en) | Kernel program including relational data base, and method and device for executing said program | |
| JP2007280181A (en) | Electronic document processing program and electronic document processor | |
| KR20130039354A (en) | Database management system and encrypting method thereof | |
| CN101692265A (en) | Method of encrypting and protecting files | |
| CN1834977A (en) | Authentication protection method based on USB device | |
| US20120096280A1 (en) | Secured storage device with two-stage symmetric-key algorithm | |
| CN112380557A (en) | Relational database encryption method and encrypted database query method | |
| CN104573536A (en) | File protection method and device | |
| CN1588365A (en) | Ciphertext global search technology | |
| US20110107109A1 (en) | Storage system and method for managing data security thereof | |
| CN102868826A (en) | Terminal and terminal data protection method | |
| CN101692266A (en) | Method of intensively encrypting and protecting files by using hidden partition (HPA) and CPU ID | |
| WO2009110878A1 (en) | Secure storage system and method of use | |
| CN1266617C (en) | Computer data protective method | |
| CN201130381Y (en) | Electric signature tool with cryptogram management function | |
| CN103379133A (en) | Safe and reliable cloud storage system | |
| KR101485968B1 (en) | Method for accessing to encoded files | |
| CN104463003A (en) | File encryption protecting method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20100407 |