CN101763485A - Data protecting method - Google Patents
Data protecting method Download PDFInfo
- Publication number
- CN101763485A CN101763485A CN200810189713A CN200810189713A CN101763485A CN 101763485 A CN101763485 A CN 101763485A CN 200810189713 A CN200810189713 A CN 200810189713A CN 200810189713 A CN200810189713 A CN 200810189713A CN 101763485 A CN101763485 A CN 101763485A
- Authority
- CN
- China
- Prior art keywords
- data
- mentioned
- encryption
- storage device
- guard method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a data protecting method, which includes that: data encryption is performed in software manner, the stored data is encrypted and decryption through a storage device encryption-decryption program during data access process. The software encryption program can improve the data security and prevent the leakage of confidential data caused by a lost storing device; meanwhile, the data encryption implemented by software not only realizes convenient installation, but also reduces the hardware manufacturing cost.
Description
Technical field
The invention relates to a kind of storage device method of encrypting, and particularly relevant for a kind of method of carrying out data encryption with software.
Background technology
Along with the science and technology of the science and technology of making rapid progress and popularizing of computing machine, various computer systems become instrument indispensable in the daily life gradually, main data processing tools when also being work simultaneously.On data storing, (Hard Disk for having the storage device of max cap. in the present storage device, also is topmost data memory device HD) to hard disk simultaneously.At present, though computer system does not replace traditional paper fully, under Data Digital and with no paper trend, many significant datas are often deposited in the middle of the storage device, for example minutes, meeting report and company's secret or the like.Therefore, when storage device is lost, user's significant data will leak thereupon.
In order to prevent the generation of above-mentioned situation, the hard disk of cipher protection function then appears having on the market.The controller that this kind has in the hard disk of cipher protection function can be according to Basic Input or Output System (BIOS) (Basic InputOutput System, the BIOS) special instruction that is sent, hard disk is locked (1ock) or release (unlock).In addition, the mode of cryptoguard is arranged also, avoid other user to use the interior data of its hard disk.Yet most on the market at present hard disk does not still have data protection function, just can read interior data on other computing machine as long as hard disk is installed in, and when causing hard disk to be lost, confidential data just leaks thereupon.
Summary of the invention
The invention provides a kind of data guard method; carry out the action of data encryption with software mode; when data storing; be stored in the storage device again after advanced line data is encrypted; because the data in the storage device are all the data of encrypting, even therefore storage device is taken out the confidential data that also can't read wherein.
Hold above-mentioned; the present invention proposes a kind of data guard method and comprises the following steps: at first, and the activation manipulation system loads storage device encryption and decryption program then to operating system; then carry out storage device encryption and decryption program and login picture, and login information via logining picture requirement input with demonstration.Confirm its login information correct after, obtain one according to the information of logining and encrypt golden key.When operating system reads data in the storage device, use to encrypt to export operating system again to after data that key pair read are decrypted.When operating system writes data to storage device the time, use to encrypt to be stored in the storage device again after the key pair data are encrypted.
In an embodiment of the present invention, wherein more comprise and carry out the storage device driver with the data in the accessing storing device in the step of using the encryption data that key pair read to be decrypted or to encrypt, and when data need be compressed or decompress, data are compressed and decompression via storage device encryption and decryption program.
In an embodiment of the present invention, more comprise and provide user's interface to set corresponding to encrypting pairing secret grade of golden key or encryption path.If the data of access are to be positioned under the encryption path, then can before access data, see through storage device encryption and decryption program data are carried out the encrypt and decrypt action.
In an embodiment of the present invention, above-mentioned data guard method more comprises: storage device is divided into encrypts zone and normal areas.When the data of operating system storage data in encrypting zone or reading encrypted zone, the corresponding use encrypted golden key and carried out data encryption or deciphering.When the operating system storage data to normal areas or when reading data in the normal areas, then directly carry out data storing or read via the storage device driver.
In an embodiment of the present invention, wherein more comprise via identification of fingerprint, face recognition or pupil identification and obtain the above-mentioned information of logining obtaining the step of encrypting golden key according to the information of logining.
Based on above-mentioned, the present invention utilizes the mode of software to carry out data encryption and deciphering, therefore do not need additionally to be provided with trusted security platform module hardware units such as (trusted platform module are called for short TPM) and can carry out data encryption, can reduce the manufacturing cost of computer installation by this.In addition, different users can set individual golden key on same computing machine, encrypts to avoid secret to leak at the enterprising line data of exclusive encryption path.
For above-mentioned feature and advantage of the present invention can be become apparent, embodiment cited below particularly, and conjunction with figs. is described in detail below.
Description of drawings
Fig. 1 is data processing structure synoptic diagram according to an embodiment of the invention.
Fig. 2 is the data guard method process flow diagram according to present embodiment.
Fig. 3 is the data guard method process flow diagram according to present embodiment.
Embodiment
Please refer to Fig. 1, Fig. 1 is data processing structure synoptic diagram according to an embodiment of the invention.Operating system 110 provides user's interface to allow the user carry out data access and processing, when the user reads data in the storage device 140 via the application program on the operating system 110, operating system 110 can see through the data that storage device driver 130 remove to read relative position in the storage device 140, and carries out and export operating system 110 again to after 120 pairs of data that read of storage device encryption and decryption program are decrypted.Otherwise when the user needed storage data to storage device 140, storage device encryption and decryption program 120 can be with elder generation with data encryption, and then via storage device driver 130 it was stored in the storage device 140.Storage device 140 for example be hard disk or solid state hard disc (solid-state drive, SSD)
In other words, storage device encryption and decryption program 120 meeting frameworks make the action of all accessing storing device data all see through storage device encryption and decryption program 120 on storage device driver 130.The supvr can set the different information of logining (for example account number, password or personal biology characteristics, as identification of fingerprint, face identification or pupil identification etc.) via storage device encryption and decryption program 120.The different data of logining can be corresponding to different encryption gold keys, encrypt golden key and can produce corresponding cryptographic algorithm (or can be described as encryption algorithm) and come user's data are encrypted or deciphered.In addition, the user also can optionally use at different data folders or data access path and encrypt golden key and carry out data encryption, for example if data belong to system file or are positioned at following time of path of system file, then its data is not encrypted.The user can be only personal confidential data set the data folder or the data routing of maintaining secrecy, when the data of access are to be positioned at data routing following time, storage device encryption and decryption program 120 promptly can be used automatically encrypt golden key to carry out the action of encryption and decryption.
In addition, it should be noted that, storage device encryption and decryption program 120 also can be supported compression and decompressing function, when operating system 110 reads the data of having compressed in the storage device 140, storage device encryption and decryption program 120 can be behind data decryption, returns to operating system 110 after data are decompressed again.Otherwise, when operating system 110 storage datas are to storage device 140, if the function of system's turn-on data compression, then storage device encryption and decryption program 12 is understood first packed data, and then the data of compressing are encrypted, transfer to storage device driver 130 at last again and be stored in the storage device 140.Access flow process by above-mentioned data encryption and deciphering; the data that are stored in the storage device can obtain complete protection; because the confidential data that is stored in the storage device all is via data encrypted; just can't read active data without 120 deciphering of storage device encryption and decryption program; therefore; even storage device is lost, wherein stored data also can't be read by others.
Next, further specify the implementing procedure of present embodiment, please also refer to Fig. 1 and Fig. 2, Fig. 2 is the data guard method process flow diagram according to present embodiment.At first, activate an operating system (step S210), operating system 110 can load storage device encryption and decryption program to above-mentioned operating system 110 (step S220) then.It should be noted that and comprise more that in this step loading storage device driver 130 is to drive storage device.Then, carry out storage device encryption and decryption program 120 and login picture, and login information (step S230) via logining picture requirement input one to show.After determining that the information of logining that the user is imported is correct, can obtain one according to the information of logining and encrypt golden key (step S240).In step S240, but the hardware of coupled computer is equipped with, utilize biological identification modes such as identification of fingerprint, speech recognition or face identification to be used as logining information or set different account numbers, password is distinguished the user, more can the user set or computing machine produces and encrypts golden key.
After obtaining, when operating system 110 need read data in the storage device 140, can use to encrypt to export operating system 110 (step S250) again to after data that key pair read are decrypted corresponding to user's encryption gold key.When operating system 110 needs storage data to storage device 140, can use equally to encrypt to write to (step S260) in the storage device 140 via storage device driver 130 again after data that key pair read are encrypted.It should be noted that in above-mentioned steps S250, S260, can to storage device 140, compress, when reading of data, be reversed decompression then to revert back data originally in data storing.
In addition, in the present embodiment, also storage device 140 can be divided into and encrypt zone and normal areas, it is corresponding to different files or store the path.When the user wants the data of access to be arranged in normal areas, can directly utilize storage device driver 130 to come access data, storage device encryption and decryption program 120 can not encrypted its data.When the user wants the data of access to be arranged in the encrypted area territory,, all can see through the encrypt and decrypt that storage device encryption and decryption program 120 is carried out data no matter read or store.Can be set in normal areas as for system folder, as " WINDOWS " file under the Windows, owing to wherein have the system file that operating system is often used, be set to normal areas and can avoid regular encrypt and decrypt computing, reduce the employed calculation resources of system by this.The depositing file and then can be set at and encrypt the zone of personal data to reach the effect of its data protection.
On practice, storage device encryption and decryption program 120 can provide user's interface to encrypt zone, secret grade or options such as its encryption path, encryption folder to set it, allows the user can be according to the personalized data protection mechanism of requirements set own.When access was positioned at data under the encryption path, storage device encryption and decryption program 120 just can play a role automatically, and the data that store are encrypted, and the data that read are decrypted.In case of necessity, can carry out the action of data compression and decompression simultaneously to reduce required storage area.
With the system data is example, if the set positions that system data is stored is a normal areas, then can promote the operation efficiency of computing machine, and the flow process of its data access please refer to Fig. 3, and Fig. 3 is the data guard method process flow diagram according to present embodiment.At first, system boot (step S310) shows then and logins picture (step S320), determine then whether the information of logining correct? (step S330).Obtain correct login information after, can produce corresponding encryption gold key according to the information of logining, and obtain and encrypt adding/decoding algorithm (encrypt and decrypt can be considered a kind of flow process of raising the price and deciphering) (step S340) of golden key coupling.Next, judge whether the data that read are system data (step S350), if system data then directly comes accessing storing device (step S390) by the storage device driver.If not system data then judges it is to write or reading of data (step S360), when writing data, transfer to the storage device driver after then encrypting and recompress and write storage device (step S370, S390) through storage device encryption and decryption program; When reading of data, then see through storage device driver reading of data (step S380) earlier, see through storage device encryption and decryption program then and be decrypted, and after decompression, export operating system to (step S385).
In sum, the present invention utilizes software to carry out the data encrypt and decrypt, replaces hardware with software, the not only convenient manufacturing cost that also reduces hardware simultaneously of installing.Storage device encryption and decryption program of the present invention can be encrypted at whole storage device or specified path, not only can adjust according to user's demand, can increase the execution speed of system simultaneously under the situation that system file is not encrypted.
Though the present invention discloses as above with embodiment; right its is not in order to limit the present invention; have in the technical field under any and know the knowledgeable usually; without departing from the spirit and scope of the present invention; when doing a little change and retouching, so protection scope of the present invention is worked as with being as the criterion that claim was defined.
Claims (10)
1. data guard method comprises:
The activation manipulation system;
Load storage device encryption and decryption program to above-mentioned operating system;
Carry out said storage unit encryption and decryption program and login picture, and login picture requirement input and login information via above-mentioned with demonstration;
Obtain the golden key of encryption according to the above-mentioned information of logining;
When the aforesaid operations system reads first data in the said storage unit, after being decrypted, above-mentioned first data of using above-mentioned encryption key pair to be read export the aforesaid operations system again to; And
After writing second data to the above-mentioned storage device the time, use above-mentioned second data of above-mentioned encryption key pair to encrypt, the aforesaid operations system is stored to said storage unit again.
2. data guard method as claimed in claim 1 is characterized in that, states in the use to encrypt the step that above-mentioned first data that key pair read are decrypted and more comprise:
Carry out the storage device driver to read above-mentioned first data in the said storage unit.
3. data guard method as claimed in claim 2 is characterized in that, states in the use to encrypt the step that above-mentioned first data that key pair read are decrypted and more comprise:
Above-mentioned first data are decompressed.
4. data guard method as claimed in claim 1 is characterized in that, states in the use to encrypt the step that above-mentioned second data of key pair encrypt and more comprise:
Carry out the storage device driver to store above-mentioned second data to above-mentioned storage device.
5. data guard method as claimed in claim 4 is characterized in that, states in the use to encrypt the step that above-mentioned second data of key pair encrypt and more comprise:
Above-mentioned second data are compressed.
6. data guard method as claimed in claim 4 is characterized in that, above-mentioned first data and above-mentioned second data are corresponding to an encryption path.
7. data guard method as claimed in claim 1 is characterized in that, more comprises:
Provide user's interface to set secret grade or encryption path corresponding to above-mentioned encryption gold key.
8. data guard method as claimed in claim 1 is characterized in that, more comprises:
Said storage unit is divided into encryption zone and normal areas;
When aforesaid operations system stores data to above-mentioned encrypted area territory or when reading data in the above-mentioned encryption zone, use above-mentioned encryption gold key to carry out data encryption or deciphering; And
When aforesaid operations system stores data to above-mentioned normal areas or when reading data in the above-mentioned normal areas, then directly carry out data storing or read via a storage device driver.
9. data guard method as claimed in claim 1 is characterized in that, is logining the step that information obtains above-mentioned encryption gold key and more comprises according to above-mentioned:
Obtain the above-mentioned information of logining via identification of fingerprint, face recognition or pupil identification.
10. data guard method as claimed in claim 1 is characterized in that, said storage unit is hard disk or solid state hard disc.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810189713A CN101763485A (en) | 2008-12-26 | 2008-12-26 | Data protecting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810189713A CN101763485A (en) | 2008-12-26 | 2008-12-26 | Data protecting method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101763485A true CN101763485A (en) | 2010-06-30 |
Family
ID=42494645
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810189713A Pending CN101763485A (en) | 2008-12-26 | 2008-12-26 | Data protecting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101763485A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103620690A (en) * | 2011-04-29 | 2014-03-05 | Lsi公司 | Encrypted transport solid-state disk controller |
| CN104967511A (en) * | 2014-07-11 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Processing method for enciphered data, and apparatus thereof |
-
2008
- 2008-12-26 CN CN200810189713A patent/CN101763485A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103620690A (en) * | 2011-04-29 | 2014-03-05 | Lsi公司 | Encrypted transport solid-state disk controller |
| US9069703B2 (en) | 2011-04-29 | 2015-06-30 | Seagate Technology Llc | Encrypted-transport solid-state disk controller |
| US9760502B2 (en) | 2011-04-29 | 2017-09-12 | Seagate Technology Llc | Encrypted transport solid-state disk controller |
| CN104967511A (en) * | 2014-07-11 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Processing method for enciphered data, and apparatus thereof |
| CN104967511B (en) * | 2014-07-11 | 2018-08-28 | 腾讯科技(深圳)有限公司 | The processing method and processing device of encryption data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101196855B (en) | Mobile encrypted memory device and cipher text storage area data encrypting and deciphering processing method | |
| US9037875B1 (en) | Key generation techniques | |
| US8352751B2 (en) | Encryption program operation management system and program | |
| CN101149709B (en) | Encryption processor of memory card and method for writing and reading data using the same | |
| US8325921B2 (en) | Portable memory and a method for encrypting the same | |
| KR102139179B1 (en) | Security subsystem | |
| JP2012090286A (en) | Memory system having encryption/decryption function of in stream data | |
| US20070014416A1 (en) | System and method for protecting against dictionary attacks on password-protected TPM keys | |
| CN102073808B (en) | Method for encrypting and storing information through SATA interface and encryption card | |
| TWI570590B (en) | Dynamic encryption keys for use with xts encryption systems employing reduced-round ciphers | |
| CN103020537A (en) | Data encrypting method, data encrypting device, data deciphering method and data deciphering device | |
| CN102163267A (en) | Solid state disk as well as method and device for secure access control thereof | |
| CN101881997A (en) | Trusted safe mobile storage device | |
| JP5118494B2 (en) | Memory system having in-stream data encryption / decryption function | |
| CN104063672A (en) | Data security storage method | |
| CN103684786A (en) | Method and system for storing digital certificate and binding digital certificate to hardware carrier | |
| JP2008524969A5 (en) | ||
| US20110107109A1 (en) | Storage system and method for managing data security thereof | |
| CN107315966B (en) | Solid state disk data encryption method and system | |
| CN111177773B (en) | Full disk encryption and decryption method and system based on network card ROM | |
| US20100241870A1 (en) | Control device, storage device, data leakage preventing method | |
| CN102609368B (en) | Solid-state-drive data encryption and decryption method and solid state drive | |
| CN102769525A (en) | Backup and recovery method of user key of TCM (Trusted Cryptography Module) | |
| US8332658B2 (en) | Computer system, management terminal, storage system and encryption management method | |
| CN101763485A (en) | Data protecting method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20100630 |