CN102609498A - Method and device for reusing data of safety desktop - Google Patents
Method and device for reusing data of safety desktop Download PDFInfo
- Publication number
- CN102609498A CN102609498A CN201210021838XA CN201210021838A CN102609498A CN 102609498 A CN102609498 A CN 102609498A CN 201210021838X A CN201210021838X A CN 201210021838XA CN 201210021838 A CN201210021838 A CN 201210021838A CN 102609498 A CN102609498 A CN 102609498A
- Authority
- CN
- China
- Prior art keywords
- file
- redirected
- safety desktop
- user
- desktop
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method and a device for reusing data of a safety desktop. The method includes: completely redirecting registries and user operating files of the safety desktop to generate redirection data; compressing the redirection data to generate a compressed file; and generating the compressed file into a file of a multiplex format and storing the file. The redirection data cannot be deleted when a user quits the safety desktop, the user can directly analyze the generated file of the multiplex format to reuse the redirection data, and thereby reuse of the data of the safety desktop is realized.
Description
Technical field
The present invention relates to the safety desktop field, relate in particular to a kind of method and device of safety desktop data multiplex.
Background technology
Along with popularizing of computing machine and internet, problems such as security of system, information security are more and more severeer.Security of system and information security become the significant problem that enterprise faces, and protection has huge demand to the enterprises and individuals to system information safety.Therefore virtualized desktop system should need and give birth to; So-called virtual desktop system; Be actually and generate a virtual desktop, this virtual desktop is isolated with true desktop each other, and the operation of virtual desktop the inside all is virtual; Make the user to move the higher software of some risks, and do not have influence on the acquiescence desktop in the virtual desktop the inside.Simultaneously, virtual desktop provides the file redirection encryption function, makes the user can in virtual desktop, write some vital documents, and these files can be by the virtual desktop encrypting storing, thereby reaches the anti-data-leakage function.Therefore, this virtual desktop system also is called as the safety desktop system.Safety desktop is a kind of concrete application of sandbox technology, adopts technology such as file redirection and registration table are redirected to protecting in the operation of safety desktop the inside.In safety desktop, can carry out file protection effectively, Registry Protection, Process Protection have reached memory headroom protection, the attack of protecting viral wooden horse.
Safety desktop can be deleted redirected data when withdrawing from present.This can be described as a kind of protection of security, if because suffered virus in safety desktop the inside, these redirected data that infected can be cleaned out when get into safety desktop next time.But on the other hand, all delete these redirected data is the waste on a kind of data to the user at every turn.Because document that these produce in safety desktop or file, itself is a kind of important file for the user.Moreover the function of the transparent encryption and decryption of safety desktop has also played protective effect to these files.And each withdraw from deletion, and these files can only use at this machine at every turn, for the user, be actually a kind of not convenient.
Summary of the invention
The technical matters that the present invention will solve is when withdrawing from, can delete redirected data to safety desktop in the prior art; The defective of bringing inconvenience for user's use provides a kind of method and the device that after withdrawing from safety desktop, still can reuse the safety desktop data multiplex that is redirected data.
The technical solution adopted for the present invention to solve the technical problems is:
A kind of method of safety desktop data multiplex is provided, may further comprise the steps:
The registration table of safety desktop and user's operation file are carried out redirected fully, generate and be redirected data;
Said redirected data are compressed, generated compressed file;
Said compressed file is generated the file and the preservation of multiplexed format.
In the method for the present invention, carry out redirected fully to registration table and user's operation file through the method for copy-on-write.
In the method for the present invention, also comprise step: the file copy of the multiplexed format that is generated is used in the safety desktop of other system.
In the method for the present invention, also comprise step: safety desktop is carried out snapshot, and each part snapshot is carried out associate management.
In the method for the present invention, also comprise step: said multiplexed format file is sent to service end, and the user gets into safety desktop through this service end of visit.
The present invention solves another technical scheme that its technical matters adopts:
A kind of safety desktop data multiplex device is provided, comprises:
Redirection module is used for the registration table of safety desktop and user's operation file are carried out redirected fully, generates and is redirected data;
Compression module is used for said redirected data are compressed, and generates compressed file;
The multiplexed format file generating module is used for said compressed file is generated the file and the preservation of multiplexed format.
In the device of the present invention, said redirection module is carried out redirected fully through the method for copy-on-write to registration table and user's operation file.
In the device of the present invention, this device also comprises:
Snapshot module is used for safety desktop is carried out snapshot;
The snapshot administration module is used for each part snapshot that said snapshot module generates is carried out associate management.
In the device of the present invention, this device also comprises:
Sending module, communicating by letter with service end is connected, and is used for said multiplexed format file is sent to said service end, and the user gets into safety desktop through this service end of visit.
The present invention solves the 3rd technical scheme that its technical matters adopts:
A kind of method of safety desktop data multiplex is provided, may further comprise the steps:
Resolve the file of safety desktop multiplexed format, the file of said multiplexed format is that the registration table of safety desktop and user's operation file are redirected and compresss the reusable file of generation afterwards;
The file of said multiplexed format is decompressed, obtain being redirected registration table and redirected user's operation file;
Articulate said redirected registration table, said redirected user's operation file is set, get into safety desktop.
The beneficial effect that the present invention produces is: the present invention is when the security of operation desktop; The registration table of safety desktop and user's operation file are carried out redirected fully, and the redirected data that will generate compress the file of back regeneration multiplexed format and preserve, promptly when withdrawing from safety desktop; Can not delete redirected data; The user directly resolves the file of this multiplexed format, just can reuse redirected data, reaches the effect of data multiplex.
Description of drawings
To combine accompanying drawing and embodiment that the present invention is described further below, in the accompanying drawing:
Fig. 1 is the method flow diagram of embodiment of the invention safety desktop data multiplex;
Fig. 2 is the structural representation one of embodiment of the invention safety desktop data multiplex device;
Fig. 3 is the structural representation two of embodiment of the invention safety desktop data multiplex device;
Fig. 4 is the structural representation three of embodiment of the invention safety desktop data multiplex device;
Fig. 5 is the method flow diagram that embodiment of the invention desktop multiplex data safe in utilization gets into safety desktop;
Fig. 6 is the process flow diagram that generates and use the multiplexed format file in the embodiment of the invention safety desktop.
Embodiment
In order to make the object of the invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with accompanying drawing and embodiment.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
The embodiment of the invention is when the security of operation desktop; Carry out registration table and user's operation file of safety desktop redirected fully; Generate the file of multiplexed format; The user directly resolved the file of this multiplexed format before getting into safety desktop next time, just can reuse redirected data, reached the effect of safety desktop data multiplex.If the file copy of this multiplexed format in another system, then can be realized data multiplex equally.
The method of the safety desktop data multiplex of the embodiment of the invention, as shown in Figure 1, mainly may further comprise the steps:
S101 carries out redirected fully to the registration table of safety desktop and user's operation file, generate and be redirected data; Safety desktop has been done redirect operation to user's operation file and registry operations, after file or registration table are done write operation, can encryptedly be redirected to an assigned catalogue.If accomplished redirectedly fully, promptly All Files and registration table all are redirected, and in fact these data and system have nothing to do.When accomplishing that all operations all is redirected; A software for example has been installed in safety desktop now; Registration table and file all are redirected, and then these redirected data and system have nothing to do, if want the program of this safety desktop are moved in another system; Then as long as all copy to correspondence in another system to redirected registration table and redirection file, promptly another system also equals to have installed this software.
S102 will be redirected data and compress, and generate compressed file; Existing safety desktop is not done special processing to redirection file, and the software of a 1G for example is installed in safety desktop, big redirection file such as generation so then, and the data volume of this document is very huge.Move to another system if desired, necessary these files of special processing promptly carry out processed compressed to it, just can accomplish data multiplex flexibly.User operation UI (User Interface user interface) can be provided, the user select multiplexing in, will have now through compress mode and to be redirected data compression and to become a file.The data backup of the similar once safety desktop of whole operation, the file after this part backup are the available reusable data that become.
S103 generates the file of multiplexed format with compressed file and preserves.
In one embodiment of the invention, carry out redirected fully through the method for copy-on-write to registration table and user's operation file.In fact so-called copy-on-write is exactly the user is writing, is duplicating and during deletion action, just registration table is being carried out redirect operation.When writing and duplicating, be actually on the registration table key assignments of writing after being redirected or item.For deletion action; Be not really to delete real registration table; But stamp a delete flag, then the function of opening, enumerate registration table is linked up with (HOOK), if a certain item or the key assignments of current register table have been played delete flag; Then returning to application layer message is that the current register table does not exist, and this is transparent for application layer.
When withdrawing from safety desktop, preserve these registration tablies that is redirected with document form so long, simultaneously the user's operation file that is redirected is also preserved.
Further, in embodiments of the present invention, also comprise step: the file copy of the multiplexed format that is generated is used in the safety desktop of other system.File as with multiplexed format copies to other main frame through USB flash disk or other form; As long as safety desktop has been installed a new system the inside; And these multiplex datas have been arranged, be equivalent to provide a kind of movably virtual working way, in the operation of a computer security desktop; Installed software or for example according to special requirement encrypted document in safety desktop, just can be seamless move on to another computer.
Further, in another embodiment of the present invention, also comprise step: safety desktop is carried out snapshot, and each part snapshot is carried out associate management.Generate a plurality of snapshots to difference safety desktop constantly, meanwhile the snapshot administration module can provide the relation between a plurality of snapshot mirror images, and this concerns that formed tree structure can browse and use the snapshot of generation easily.The safety desktop of band snapshot functions and the system reducing function class of virtual machine snapshot and system are seemingly; Each part snapshot all is that portion independently is redirected data, and through these multiplexing files of administration module management, being equivalent to provides backed up data for the safety desktop of this machine; When the user need reduce current state; As long as the multiplexing step of data-driven, the state in the time of just reverting to backup provides the function that backs up and reduce to the user.
Further, in third embodiment of the invention, also comprise step: the multiplexed format file is sent to service end, and the user gets into safety desktop through this service end of visit.Safety desktop mainly combines with VPN (Virtual Private Network VPN) at present, is authorized by VPN control.In fact, in personal user market, the virtual desktop product also is popular, and just reaches people up to ten thousand like news shadows (a virtual desktop application software) day any active ues.Can combine existing safety desktop, a kind of safety desktop with stores service is provided, promptly on safety desktop, service end storage data function is provided based on data multiplex to the user.Service end provides the service of these redirected data of storage, and the user will can be implemented in any system that can connect the internet and use the safety desktop of oneself so.
The safety desktop data multiplex device of the embodiment of the invention, as shown in Figure 2, mainly comprise:
Redirection module 201 is used for the registration table of safety desktop and user's operation file are carried out redirected fully, generates and is redirected data;
Multiplexed format file generating module 203 is used for compressed file is generated the file and the preservation of multiplexed format.
In the embodiment of the invention, redirection module 201 is carried out redirected fully through the method for copy-on-write to registration table and user's operation file.
The file copy of the multiplexed format that can the multiplexed format file generating module be generated in one embodiment of the invention, is used in the safety desktop of other system.File as with multiplexed format copies to other main frame through USB flash disk or other form; As long as safety desktop has been installed a new system the inside; And these multiplex datas have been arranged, be equivalent to provide a kind of movably virtual working way, in the operation of a computer security desktop; Installed software or for example according to special requirement encrypted document in safety desktop, just can be seamless move on to another computer.
In another embodiment of the present invention, can realize safety desktop with snapshot functions, the function of backup and reduction can be provided to the user.As shown in Figure 3, this device comprises redirection module 301, compression module 302 and multiplexed format file generating module 303, and this device also comprises in addition:
Snapshot module 304 is used for safety desktop is carried out snapshot;
Snapshot administration module 305 is used for each part snapshot that snapshot module 304 generates is carried out associate management.
In third embodiment of the invention, as shown in Figure 4, can realize individual's version safety desktop with the stores service function, the user can be implemented in any system that can connect the internet and use the safety desktop of oneself.This device comprises redirection module 401, compression module 402 and multiplexed format file generating module 403, and this device also comprises in addition:
Sending module 404 is connected with service end 405 communications, is used for the multiplexed format file is sent to service end 405, and the user gets into safety desktop through this service end 405 of visit.
In the method for embodiment of the invention safety desktop data multiplex, the method for using multiplexing safety desktop multiplexed format file is provided, as shown in Figure 5, mainly may further comprise the steps:
S501 resolves the file of safety desktop multiplexed format, and the file of multiplexed format is that the registration table of safety desktop and user's operation file are redirected and compresss the afterwards reusable file of generation, the i.e. file of the multiplexed format in the foregoing description.
S502 decompresses the file of multiplexed format, obtains being redirected registration table and redirected user's operation file;
S503 articulates redirected registration table, is provided with to be redirected user's operation file, gets into safety desktop.
In the embodiment of the invention; As shown in Figure 6; As in the safety desktop of a computer, generating the file of multiplexed format, comprise redirected registration table and redirected user's operation file, through transmission medium such as USB flash disk or network with the file copy of multiplexed format in another main frame; Unpack through file, the data of resolving multiplexed format and just can obtain redirected registration table and associated documents; Thereby can realize the data multiplex of safety desktop in former computer place in addition easily, realize portable safety desktop, even can on service end, use the safety desktop (i.e. individual's version safety desktop) of oneself through network.
Should be understood that, concerning those of ordinary skills, can improve or conversion, and all these improvement and conversion all should belong to the protection domain of accompanying claims of the present invention according to above-mentioned explanation.
Claims (10)
1. the method for a safety desktop data multiplex is characterized in that, may further comprise the steps:
The registration table of safety desktop and user's operation file are carried out redirected fully, generate and be redirected data;
Said redirected data are compressed, generated compressed file;
Said compressed file is generated the file and the preservation of multiplexed format.
2. method according to claim 1 is characterized in that, carries out redirected fully through the method for copy-on-write to registration table and user's operation file.
3. method according to claim 2 is characterized in that, also comprises step: the file copy of the multiplexed format that is generated is used in the safety desktop of other system.
4. method according to claim 2 is characterized in that, also comprises step: safety desktop is carried out snapshot, and each part snapshot is carried out associate management.
5. method according to claim 2 is characterized in that, also comprises step: said multiplexed format file is sent to service end, and the user gets into safety desktop through this service end of visit.
6. a safety desktop data multiplex device is characterized in that, comprising:
Redirection module is used for the registration table of safety desktop and user's operation file are carried out redirected fully, generates and is redirected data;
Compression module is used for said redirected data are compressed, and generates compressed file;
The multiplexed format file generating module is used for said compressed file is generated the file and the preservation of multiplexed format.
7. device according to claim 6 is characterized in that, said redirection module is carried out redirected fully through the method for copy-on-write to registration table and user's operation file.
8. device according to claim 7 is characterized in that, this device also comprises:
Snapshot module is used for safety desktop is carried out snapshot;
The snapshot administration module is used for each part snapshot that said snapshot module generates is carried out associate management.
9. device according to claim 7 is characterized in that, this device also comprises:
Sending module, communicating by letter with service end is connected, and is used for said multiplexed format file is sent to said service end, and the user gets into safety desktop through this service end of visit.
10. the method for a safety desktop data multiplex is characterized in that, may further comprise the steps:
Resolve the file of safety desktop multiplexed format, the file of said multiplexed format is that the registration table of safety desktop and user's operation file are redirected and compresss the reusable file of generation afterwards;
The file of said multiplexed format is decompressed, obtain being redirected registration table and redirected user's operation file;
Articulate said redirected registration table, said redirected user's operation file is set, get into safety desktop.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210021838XA CN102609498A (en) | 2012-01-31 | 2012-01-31 | Method and device for reusing data of safety desktop |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210021838XA CN102609498A (en) | 2012-01-31 | 2012-01-31 | Method and device for reusing data of safety desktop |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102609498A true CN102609498A (en) | 2012-07-25 |
Family
ID=46526870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210021838XA Pending CN102609498A (en) | 2012-01-31 | 2012-01-31 | Method and device for reusing data of safety desktop |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102609498A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577771A (en) * | 2013-11-08 | 2014-02-12 | 中科信息安全共性技术国家工程研究中心有限公司 | Virtual desktop data leakage-preventive protection technology on basis of disk encryption |
| CN112269985A (en) * | 2020-10-29 | 2021-01-26 | 深信服科技股份有限公司 | Snapshot management method, device and storage medium |
| WO2021052267A1 (en) * | 2019-09-17 | 2021-03-25 | 张维加 | Cross-device editing system for digital files |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425016A (en) * | 2007-11-01 | 2009-05-06 | 珠海金山软件股份有限公司 | Method and system for operating and installing software |
| CN101655805A (en) * | 2009-09-18 | 2010-02-24 | 林克仁 | Method and device for constructing multilayered virtual operating system |
| CN102043927A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Computer system for data divulgence protection |
| CN102043920A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Access quarantine method of public file in data divulgence protection system |
| CN102214127A (en) * | 2010-11-15 | 2011-10-12 | 上海安纵信息科技有限公司 | Method for intensively storing and backing up data based on operating system virtualization theory |
-
2012
- 2012-01-31 CN CN201210021838XA patent/CN102609498A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425016A (en) * | 2007-11-01 | 2009-05-06 | 珠海金山软件股份有限公司 | Method and system for operating and installing software |
| CN101655805A (en) * | 2009-09-18 | 2010-02-24 | 林克仁 | Method and device for constructing multilayered virtual operating system |
| CN102214127A (en) * | 2010-11-15 | 2011-10-12 | 上海安纵信息科技有限公司 | Method for intensively storing and backing up data based on operating system virtualization theory |
| CN102043927A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Computer system for data divulgence protection |
| CN102043920A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Access quarantine method of public file in data divulgence protection system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577771A (en) * | 2013-11-08 | 2014-02-12 | 中科信息安全共性技术国家工程研究中心有限公司 | Virtual desktop data leakage-preventive protection technology on basis of disk encryption |
| CN103577771B (en) * | 2013-11-08 | 2016-09-07 | 中科信息安全共性技术国家工程研究中心有限公司 | A kind of virtual desktop anti-data-leakage guard method based on disk encryption |
| WO2021052267A1 (en) * | 2019-09-17 | 2021-03-25 | 张维加 | Cross-device editing system for digital files |
| CN112269985A (en) * | 2020-10-29 | 2021-01-26 | 深信服科技股份有限公司 | Snapshot management method, device and storage medium |
| CN112269985B (en) * | 2020-10-29 | 2023-12-29 | 深信服科技股份有限公司 | Snapshot management method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10140370B1 (en) | Systems and methods for maintaining encrypted search indexes on third-party storage systems | |
| US20200184102A1 (en) | Data protection within an unsecured storage environment | |
| US9990512B2 (en) | File backup with selective encryption | |
| US8401185B1 (en) | Systems and methods for securely deduplicating data owned by multiple entities | |
| US8661259B2 (en) | Deduplicated and encrypted backups | |
| US8495392B1 (en) | Systems and methods for securely deduplicating data owned by multiple entities | |
| US9473297B2 (en) | Achieving storage efficiency in presence of end-to-end encryption using downstream decrypters | |
| EP2479697B1 (en) | System and method for netbackup data decryption in a high latency low bandwidth environment | |
| US8429364B1 (en) | Systems and methods for identifying the presence of sensitive data in backups | |
| JP2017523493A (en) | Distributed secure data storage and transmission of streaming media content | |
| US20130268545A1 (en) | Transparent adaptive file transform | |
| US9811676B1 (en) | Systems and methods for securely providing information external to documents | |
| US10002193B2 (en) | Implementation of data protection policies in ETL landscapes | |
| US10152487B1 (en) | System and method for a cloud storage provider to safely deduplicate encrypted backup objects | |
| CN101499027A (en) | Intelligent memory system based on independent kernel and distributed architecture | |
| CA2886511A1 (en) | Assembling of isolated remote data | |
| CN102609498A (en) | Method and device for reusing data of safety desktop | |
| US10223538B1 (en) | Preventing persistent storage of cryptographic information | |
| CN103049705B (en) | A kind of based on virtualized method for secure storing, terminal and system | |
| CN109065077B (en) | Method and device for manufacturing encrypted optical disk | |
| CN111309698A (en) | Disk redirection method, device and system | |
| US8725970B2 (en) | System and method for backing up data | |
| CN104036201A (en) | Application-layer file hiding method on Windows operating system | |
| US10719624B2 (en) | System for hiding sensitive messages within non-sensitive meaningful text | |
| US10909245B1 (en) | Secure quarantine of potentially malicious content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120725 |