Embodiment
We,, in connection with accompanying drawing, are described in detail embodiment of the present invention below.
Refer to Fig. 1, the process flow diagram of the guard method of a kind of file filter providing for the embodiment of the present invention, described method comprises:
Step 101: when receiving while storing the file of opening the request of storage medium into, the data on the predeterminated position of described file are clipped in the primary importance of described file, the primary importance of described file is the clear position of described file; Wherein, this clear position can be the afterbody of this file.
Here the shearing of indication can be the shearing on ordinary meaning, also can be that the data Replica on the predeterminated position of described file is deleted the data on predeterminated position after in the primary importance of described file again, also can be the primary importance to described file by the data Replica on the predeterminated position of described file, treat in the predeterminated position of described file, with encryption identification, original data cover to be fallen in step 102.
Wherein, described predeterminated position is: the optional position between the initial address of described file and last address, and the length of the data of described predeterminated position determines, such as, 5 bytes, 32 bytes etc.
Described storage medium can be hard disk, can be flash memory, can be also solid state hard disc or other storeies.
Optionally, described in the file opened, that is to say that driving can read the state of this file.But be not limited to this.
Step 102: at the upper interpolation encryption identification of described file predeterminated position, and other data except described encryption identification in this file are encrypted;
Step 103: the data conversion storage in the primary importance of described file after encrypting, to driving in internal memory, and is stored into the data after the encryption the encryption identification in described file and the data in the primary importance of described file in storage medium.
In this embodiment, if when user stores the file of opening into storage medium, and need to encrypt storage, drive and need to be encrypted storage to this file, drive and first extract the data on predeterminated position in described file, data on the predeterminated position of described extraction are transferred in the primary importance (being clear position) of this file, and add encryption identification on the predeterminated position that produces data, and other data except described encryption identification in this file are encrypted, simultaneously, the transferring data that this file transfer is moved on in file primary importance dumps in driving internal memory, and the data after the encryption the encryption identification adding in this file and the data in the primary importance of described file are stored in storage medium.That is to say, in the present embodiment, the upper encryption identification that added of predeterminated position in the file of opening, and after interpolation mark, the size of file is the same with original text size, is about to the upper original data conversion storage of predeterminated position of interpolation encryption identification to driving in internal memory.Do not change the size of original text due to the encryption of file, this application programs is transparent, that is to say, the length that application call file reading size { GetFileSize (*) } function returns is exactly the readable length of this file, driver does not need length, the data etc. to this file again to process, thereby has improved the recognition efficiency of application program.Certainly, those skilled in the art should be understood that the difference due to application program, and function reading may not be also { GetFileSize (*) }, as long as the size of energy file reading.
Optionally, described method can also comprise:
In the time receiving the request of reading described file, from storage medium, obtain described file according to described encryption identification, and described file is decrypted, the file after being deciphered;
In the time reading described file, from described driving internal memory, obtain the data in the primary importance of described file, and the data in the primary importance of described file are decrypted, and it is upper that data in the primary importance of described file of deciphering are reverted to the predeterminated position of the file after described deciphering.
Optionally, on the predeterminated position of described file, can be: arbitrary address between the initial address of described file and last address, that is to say, can be any one fixed byte in file, the present embodiment does not limit.For example, can be fixed byte corresponding to start address etc.
In this embodiment, in the time that needs are opened encrypt file, first the size of encrypt file is changed into the size of original text, first from storage medium, recall the data after encryption according to described encryption identification, and the data after the described encryption recalling are decrypted to the data after being deciphered from storage medium; Then from driving the data in the primary importance of obtaining described file internal memory, and the data in the primary importance of described file are decrypted, the data in the primary importance of the described file of deciphering are reverted in the predeterminated position of the file after described deciphering.At file reading, because the encryption of file does not change the size of original text, this application programs is transparent, has improved the recognition efficiency of application program.
Also referring to Fig. 2, is the application example figure of the guard method of a kind of file filter of providing in the embodiment of the present invention; In this embodiment, to add encryption identification as example before clear text file, but be not limited to this.As shown in the figure, the clear text file .txt opening is carried out to encryption and decryption in the time storing, at this embodiment,
Step 201: drive the request of the clear text file .txt opening being stored into storage medium that receives; In figure, clear text file represents with oblique line.It should be noted that .txt file layout is only for for example, can be also the multiple file layout such as .xls .doc in other embodiments.
Step 202: drive the afterbody (being primary importance) of the data on the predeterminated position above of this clear text file being transferred to this file, wherein, the space on described predeterminated position as shown in dotted line in this clear text file;
Step 203: drive the place being available above in this clear text file (being predetermined position) added to encryption identification, its encryption identification is shown in " ... " in figure, and other data except this encryption identification in this clear text file are encrypted, the clear text file after its encryption represents with cross spider;
Step 204: drive the data of the transfer of the storage of afterbody in this clear text file after encrypting are sheared out;
Step 205: drive the data of shearing are out stored in driving internal memory, and the data after the encryption the encryption identification adding in this clear text file and the data in the primary importance of described file are stored in storage medium;
Step 206: drive in the time receiving the request of reading described clear text file, recall the clear text file after described encryption according to described encryption identification from storage medium, and described clear text file is decrypted, the clear text file after being deciphered; Drive in the time reading described clear text file, from described driving internal memory, obtain the data on the predeterminated position of described clear text file, and these data are decrypted; And it is upper that the data after described deciphering are reverted to the predeterminated position of the file after the deciphering of described decryption unit, and return to the clear text file after described reduction.
In embodiments of the present invention, the clear text file that needs are encrypted, first will be stored in the primary importance of afterbody of this clear text file in the upper data of the initial predeterminated position of clear text file, at the upper interpolation encryption identification of the predeterminated position in this clear text file, afterwards, other data except encryption identification in this clear text file are encrypted, finally, the data of the afterbody primary importance storage in the clear text file after encrypting are transferred to and driven in internal memory, so that after this encryption is read in driving when clear text file, first from drive internal memory, obtain the data of afterbody (the being primary importance) storage of this clear text file, upper at the predeterminated position that is reverted to former clear text file, so that the physical length of this clear text file is the same with the length of original text, like this, just can not cause the size of actual file and the problem causing not of uniform size of the accessed file of application program, this mode of file being carried out automatic encryption and decryption when to file filter, because its size of encrypting front and back file does not change, for application program, it is transparent in the time of file filter, file being carried out to automatic encryption and decryption, thereby improve the recognition efficiency of application program.
Also referring to Fig. 3, is the application example figure of the guard method of the another kind of file filter that provides in the embodiment of the present invention.In this embodiment, comprise write request and read request, certainly, at other embodiment, also can only include write request, or read request, the present embodiment does not limit, and the predeterminated position in the present embodiment is take fixed byte as example, and its implementation procedure comprises as shown in the figure:
Step 301: when application layer receives user and will store clear text file the request of storage medium into, send write request to driving;
Wherein, in described write request, can comprise and will after clear text file encryption, be stored on storage medium, but be not limited to this.
Step 302: drive the afterbody (be primary importance, this primary importance is clear position) of the data of fixed byte above of this clear text file being transferred to this file;
The afterbody that the present embodiment is transferred to this file take the data of fixed byte before this clear text file is as example, but is not limited to this.
Step 303: drive the place being available above in this clear text file (being fixed byte place) added to encryption identification, and other data except this encryption identification in this clear text file are encrypted;
Step 304: drive the data that are placed on after the transfer of this clear text file afterbody are sheared out, store into and drive in internal memory;
Step 305: drive the data after the encryption outside the data of the afterbody of the encryption identification in this clear text file and described this file are stored in storage medium;
Step 306: drive the write response of application layer feedback;
Step 307: application layer sends read request to driving;
Wherein, described read request comprises and reads the file of storing in storage medium.
Step 308: drive in the time receiving described read request, recall described clear text file according to described encryption identification from storage medium;
Step 309: drive the clear text file after the described encryption recalling from storage medium is decrypted, the clear text file after being deciphered;
Step 310: drive in the time reading described clear text file, obtain the data of the fixed byte of described clear text file from described driving internal memory; And the described data of obtaining are reverted in the fixed byte of the clear text file after deciphering;
Step 311: drive to application layer and send and read response;
Step 312: application layer receive drive send read response after, beat this clear text file, and this clear text file represented to user.
In this embodiment, in the clear text file of opening, the data conversion storage of fixed byte is in the idle bytes of this file, and add encryption identification in this fixed byte, afterwards, other data except this encryption identification in this clear text file are encrypted, and by the data conversion storage that is stored in idle component in this clear text file after encrypting to driving in internal memory, thereby after making to add encryption identification, the size of this clear text file is the same with the size of former clear text file, that is to say, because the encryption of file does not change the size of original text, this application programs is transparent, that is to say, the length that application call file reading size { GetFileSize (*) } function returns is exactly the readable length of this file, driver does not need the length to this file again, data etc. are processed, thereby improve the recognition efficiency of application program.
The embodiment of the present invention also provides a kind of driving arrangement, its structural representation as shown in Figure 4, described driving arrangement comprises: cut cells 41, adding device 42, ciphering unit 43 and unloading unit 44, wherein, cut cells 41, for receiving while storing the file of opening the request of storage medium into, the data on the predeterminated position of described file are clipped in the primary importance of described file, the primary importance of described file is the clear position of described file; Adding device 42, for the upper interpolation encryption identification of the predeterminated position at described file; Ciphering unit 43, for adding after encryption identification at described adding device 42, is encrypted other data except described encryption identification in this file; Unloading unit 44, for by the data conversion storage in the primary importance of described file after encrypting to driving internal memory, and data after encryption outside data in the primary importance of the encryption identification that adding device in described file is added and described file store in storage medium.
In described driving arrangement, the implementation procedure of the function of unit refers in said method corresponding implementation procedure, specifically refers to above-mentionedly, does not repeat them here.
In this embodiment, data conversion storage in the file of opening on predeterminated position is in the primary importance of this file, and at the upper interpolation encryption identification of this predeterminated position, afterwards, other data except this encryption identification in this file are encrypted, and by the data conversion storage of primary importance in this file after encrypting to driving in internal memory, thereby after making to add encryption identification, the size of this file is the same with the size of former clear text file, has improved the recognition efficiency of application program.
On the basis of Fig. 4, described driving arrangement can also comprise: file acquisition unit 51, decryption unit 52, data capture unit 53 and reduction unit 54, its structural representation refers to Fig. 5, the structural representation of the another kind of driving arrangement providing for the embodiment of the present invention, as shown in the figure, file acquisition unit 51, for in unloading unit, by described file, other data except the data of described unloading store into after storage medium, read the request of described file during if receive, from storage medium, recall the data after encryption according to described encryption identification; Decryption unit 52, is decrypted the file after being deciphered for the data the encryption that described file acquisition unit is recalled from storage medium; Data capture unit 53 in the time reading described file, obtains the data in the primary importance of described file, and the data in the primary importance of described file is decrypted from described driving internal memory; Reduction unit 54, upper for the data in the primary importance of the described file of described data capture unit deciphering being reverted to the predeterminated position of the file after described decryption unit deciphering; Can also return to the file after described reduction.
In embodiments of the present invention, described driving arrangement can be integrated in client, also can independently dispose, and the present embodiment does not limit.
In described driving arrangement, the implementation procedure of the function of unit refers in said method corresponding implementation procedure, specifically refers to above-mentionedly, does not repeat them here.
In this embodiment, in the time that needs are opened encrypt file, first the size of encrypt file is changed into the size of original text, first from storage medium, obtained described file according to described encryption identification, and described file is decrypted to the file after being deciphered; Then from drive internal memory, obtain data original in fixed byte, these data are reverted in the file after deciphering.At file reading, because the encryption of file does not change the size of original text, avoid in the time driving kill file because the encryption of file has changed the problem that original text size is brought, thereby improved the recognition efficiency of application program.
The embodiment of the present invention also provides a kind of client, and its a kind of structural representation refers to Fig. 6, and described client comprises: driving arrangement 61 and storage medium 62, and wherein, described storage medium 62, for storing the All Files of described client; Described driving arrangement 61, for receiving while storing the file of opening the request of storage medium into, clips to the data on the predeterminated position of described file in the primary importance of described file, and the primary importance of described file is the clear position of described file; At the upper interpolation encryption identification of predeterminated position of described file, and other data except described encryption identification in this file are encrypted; Data conversion storage in the primary importance of described file after encrypting, to driving in internal memory, and is stored into the data after the encryption outside the data in the primary importance of the encryption identification in described file and described file in storage medium.
Optionally, described driving arrangement comprises: cut cells 611, and adding device 612, ciphering unit 613 and unloading unit 614, the function and efficacy of its unit is identical with the function and efficacy of unit in Fig. 4, specifically refers to above-mentionedly, does not repeat them here.
Optionally, on the basis of Fig. 6, described driving arrangement can also comprise: file acquisition unit 615, decryption unit 616, data capture unit 617 and reduction unit 618, specifically as shown in Figure 7, the another kind of structural representation of the client providing for the embodiment of the present invention.Wherein, the function and efficacy of unit is identical with the function and efficacy of unit in Fig. 5, specifically refers to above-mentionedly, does not repeat them here.
Hence one can see that, in embodiments of the present invention, the file that needs are encrypted, in the time of storage, first this file is added to encryption identification, again other data except encryption identification in this file are encrypted, and by after encrypting so that in the time that this encrypt file is used, the physical length of its file is the same with the length of original text, just can not cause size and the inconsistent problem of the accessed file of application program of actual file, for application program, it is transparent in the time of file filter, file being carried out to automatic encryption and decryption.
The embodiment of the present invention is mainly to have added hereof partial document data (such as encryption identification), but in the time opening file, first the size of file is changed and gets back to original text size, so just can not have actual file size and the accessed inconsistent problem of file size of application program.That is to say, the file that needs are encrypted, in the time of storage, first to this clear text file added encryption identification (the present embodiment take expressly bright see add encryption identification as example above), again other data except encryption identification in this file are encrypted, then, data after afterbody in clear text file after encrypting is shifted are transferred to and are driven in internal memory, so that in the time reading this encrypt file, again it is reverted in former clear text file from drive internal memory, so that the physical length of this clear text file is the same with the length of original text, just can not cause the size of actual file and the problem causing not of uniform size of the accessed file of application program, this, file is carried out the mode of automatic encryption and decryption when to file filter, because its size of encrypting front and back file does not change, for application program, it is transparent in the time of file filter, file being carried out to automatic encryption and decryption.Thereby improve the recognition efficiency of application program.
It should be noted that, in this article, relational terms such as the first and second grades is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply and between these entities or operation, have the relation of any this reality or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thereby the process, method, article or the equipment that make to comprise a series of key elements not only comprise those key elements, but also comprise other key elements of clearly not listing, or be also included as the intrinsic key element of this process, method, article or equipment.The in the situation that of more restrictions not, the key element being limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises described key element and also have other identical element.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add essential general hardware platform by software and realize, and can certainly pass through hardware, but in a lot of situation, the former is better embodiment.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions (can be personal computers in order to make a computer equipment, server, or the network equipment etc.) carry out the method described in some part of each embodiment of the present invention or embodiment.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.