CN102662872B - A kind of user's virtual disk image file guard method based on credible password module - Google Patents
A kind of user's virtual disk image file guard method based on credible password module Download PDFInfo
- Publication number
- CN102662872B CN102662872B CN201210087649.2A CN201210087649A CN102662872B CN 102662872 B CN102662872 B CN 102662872B CN 201210087649 A CN201210087649 A CN 201210087649A CN 102662872 B CN102662872 B CN 102662872B
- Authority
- CN
- China
- Prior art keywords
- virtual disk
- image file
- user
- disk image
- password module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of user's virtual disk image file guard method based on credible password module; belong to a kind of information security field technology; comprise credible password module, described method comprises user's virtual disk image file creation operation, user's virtual disk image file protection operation and user's virtual disk image file deletion action. A kind of user's virtual disk image file guard method based on credible password module of the present invention; by in conjunction with credible password module technology; flexibly, conveniently, the mode to user transparent; guarantee the safety of user's virtual disk image file; solve user because of mistake deletion action or illegal user from malicious destruction, and caused user's loss of vital data problem.
Description
Technical field
The present invention relates to a kind of information security field technology, specifically a kind of user's void based on credible password moduleIntend disk mirroring document protection method.
Background technology
At present, we are kept at various user important informations and electronic document on the computed disk of institute conventionally,Comprising a lot of important and secret documents and the document that contains sensitive information. If there is assailant illegally to enter computerSystem, just can obtain these important documents easily. Computer lose, by network illegally enter you computer, hePeople obtains in the situations such as password, computer stay in the office, and what all have that important documents illegally revealed may. Along with more and moreMany individual subscriber incorporated businesses comprise storage to the security of personal sensitive information or company's security information and transmit heavy graduallyDepending on, wish by one easily instrument reach this object. On the basis that considers each safety factor, prior artDevelop a set of virtual disk files encryption system based on credible password module kernel level.
Although the virtual disk encryption system based on credible password module kernel level can well be protected user's important informationData security, but virtual disk image file is not protected, easily deleted or entered by disabled user by user's mistakeRow destroys, thereby causes the whole loss of user data.
In the market the method for the anti-deletion of file is mainly comprised: 1, based on operating system, calling system file driving,Write filter Driver on FSD and realize the anti-deletion action to specific file. The method is by compiling filter Driver on FSDJourney, utilizes the mode of pure software to carry out file protect, is easily cracked, and safety coefficient is low. 2, the mode that adopts physics is often rightSignificant data backs up. This is safest mode, if but user data often change, just need constantly to preserve standbyPart, be unfavorable for user's ease of Use.
Summary of the invention
Technical assignment of the present invention is for above weak point, provides a kind of and passes through in conjunction with credible password module technology,Mode flexibly, conveniently, to user transparent, has guaranteed the safety of user's virtual disk image file to have solved user because delete by mistakeRemove operation or illegal user from malicious destruction, and cause a kind of use based on credible password module of user's loss of vital data problemFamily virtual disk image file guard method.
The technical solution adopted for the present invention to solve the technical problems is: comprise credible password module, described method comprisesUser's virtual disk image file creation operation, user's virtual disk image file protection operation and user's virtual disk mirror image literary compositionPart deletion action;
Described user's virtual disk image file creation operation, performing step is as follows:
(1), administrator logins virtual disk encryption system;
(2), input user virtual disk Crypted password, invoke user process realizes virtual disk image file and creates;
(3), consumer process utilizes user to input password, call credible password module and drive and generate trusted key;
(4) trusted key, drive by kernel file, credible password module being generated writes virtual disk image fileIn head, complete the establishment of virtual disk image file;
Described user's virtual disk image file protection operation, performing step is as follows:
(1), invoke user level process realizes the deletion action of virtual disk image file;
(2), intercept and capture user corresponding operation requests by calling kernel file filtration drive, read virtual disk mirror image literary compositionPart head, utilizes algorithm built-in in credible password module, and whether measure this image file is the mirror image of credible password module protectionFile;
(3), if operated file is the file of credible password module protection, forbid the deletion behaviour to this image fileDo, prompting only has by virtual disk files system and could delete this file;
(4) if operated file is not the file of credible password module protection, call kernel file drive realize rightThe deletion of this image file;
Described user's virtual disk image file deletion action, performing step is as follows:
(1), user logs in virtual disk encryption system by authentication;
(2) the virtual disk image file that, selection will be deleted;
(3), input virtual disk image file Crypted password;
(4), call credible password module generating run authority tolerance key;
(5), authenticate by operating right, calling kernel file drives and deletes virtual disk image file.
Credible password module is the basis of credible calculating solution and supports part, adopts hardware and firmware is integrated establishesMeter, is a complete SOC chip, externally provides that platform identity proves, integrity measurement, storage and report service and data addThe cryptography services such as close, access authorization. Credible password module has defined a subsystem that has storage protection and carry out protection,This subsystem will be the computing platform foundation that breaks the wall of mistrust, and its independently computational resource will set up strict limited safeguard protectionMechanism.
A kind of user's virtual disk image file guard method based on credible password module of the present invention, advantage and usefulEffect is:
Adopt credible password module hardware device to carry out virtual disk image file operation power to virtual disk image fileLimit amount, with pure software realize the anti-deletion of virtual disk image file compared with more reliable and more stable; Anti-deletion action key is recognizedCard is inputted password by the built-in algorithm of credible password module and user and is dynamically generated, and whole protection process is completely saturating to userBright, credible password module adopts domestic close algorithm, and private key can not obtain, and by double factor authentication, has realized virtual disk mirror imageThe protection of file.
The advantage of maximum of the present invention is exactly to pass through in conjunction with credible password module technology, the side flexibly, conveniently, to user transparentFormula, has guaranteed the safety of user's virtual disk image file.
Brief description of the drawings
Below in conjunction with accompanying drawing, the present invention is further described.
Accompanying drawing 1 is a kind of virtual magnetic of user of the user's virtual disk image file guard method based on credible password moduleThe realization flow figure of disk mirroring file creation operation;
Accompanying drawing 2 is a kind of virtual magnetic of user of the user's virtual disk image file guard method based on credible password moduleThe realization flow figure of disk mirroring file protect operation;
Accompanying drawing 3 is a kind of virtual magnetic of user of the user's virtual disk image file guard method based on credible password moduleThe realization flow figure of disk mirroring file deletion action.
Detailed description of the invention
Below in conjunction with the drawings and specific embodiments, the invention will be further described.
A kind of user's virtual disk image file guard method based on credible password module of the present invention, comprises credible closeCode module, described method comprises user's virtual disk image file creation operation, user's virtual disk image file protection operationWith user's virtual disk image file deletion action;
As shown in Figure 1, described user's virtual disk image file creation operation, performing step is as follows:
(1), administrator logins virtual disk encryption system;
(2), input user virtual disk Crypted password, invoke user process realizes virtual disk image file and creates;
(3), consumer process utilizes user to input password, call credible password module and drive and generate trusted key;
(4) trusted key, drive by kernel file, credible password module being generated writes virtual disk image fileIn head, complete the establishment of virtual disk image file.
As shown in Figure 2, described user's virtual disk image file protection operation, performing step is as follows:
(1), invoke user level process realizes the deletion action of virtual disk image file;
(2), intercept and capture user corresponding operation requests by calling kernel file filtration drive, read virtual disk mirror image literary compositionPart head, utilizes algorithm built-in in credible password module, and whether measure this image file is the mirror image of credible password module protectionFile;
(3), if operated file is the file of credible password module protection, forbid the deletion behaviour to this image fileDo, prompting only has by virtual disk files system and could delete this file;
(4) if operated file is not the file of credible password module protection, call kernel file drive realize rightThe deletion of this image file.
As shown in Figure 3, described user's virtual disk image file deletion action, performing step is as follows:
(1), user logs in virtual disk encryption system by authentication;
(2) the virtual disk image file that, selection will be deleted;
(3), input virtual disk image file Crypted password;
(4), call credible password module generating run authority tolerance key;
(5), authenticate by operating right, calling kernel file drives and deletes virtual disk image file.
A kind of user's virtual disk image file guard method based on credible password module of the present invention, except description instituteOutside the technical characterictic of stating, be the known technology of those skilled in the art.
Claims (1)
1. the user's virtual disk image file guard method based on credible password module, comprises credible password module, itsBe characterised in that described method comprises user's virtual disk image file creation operation, user's virtual disk image file protection operationWith user's virtual disk image file deletion action;
Described user's virtual disk image file creation operation, performing step is as follows:
(1), administrator logins virtual disk encryption system;
(2), input user virtual disk Crypted password, invoke user process realizes virtual disk image file and creates;
(3), consumer process utilizes user to input password, call credible password module and drive and generate trusted key;
(4) trusted key, drive by kernel file, credible password module being generated writes virtual disk image file headIn, complete the establishment of virtual disk image file;
Described user's virtual disk image file protection operation, performing step is as follows:
(1), invoke user level process realizes the deletion action of virtual disk image file;
(2), intercept and capture user corresponding operation requests by calling kernel file filtration drive, read virtual disk image fileHead, utilizes algorithm built-in in credible password module, and whether measure this image file is the mirror image literary composition of credible password module protectionPart;
(3), if operated file is the image file of credible password module protection, forbid the deletion behaviour to this image fileDo, prompting only has by virtual disk files system and could delete this image file;
(4) if operated file is not the image file of credible password module protection, call kernel file drive realize rightThe deletion of this image file;
Described user's virtual disk image file deletion action, performing step is as follows:
(1), user logs in virtual disk encryption system by authentication;
(2) the virtual disk image file that, selection will be deleted;
(3), input virtual disk image file Crypted password;
(4), call credible password module generating run authority tolerance key;
(5), authenticate by operating right, calling kernel file drives and deletes virtual disk image file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210087649.2A CN102662872B (en) | 2012-03-29 | 2012-03-29 | A kind of user's virtual disk image file guard method based on credible password module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210087649.2A CN102662872B (en) | 2012-03-29 | 2012-03-29 | A kind of user's virtual disk image file guard method based on credible password module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102662872A CN102662872A (en) | 2012-09-12 |
| CN102662872B true CN102662872B (en) | 2016-05-25 |
Family
ID=46772368
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210087649.2A Active CN102662872B (en) | 2012-03-29 | 2012-03-29 | A kind of user's virtual disk image file guard method based on credible password module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102662872B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103679066A (en) * | 2013-04-26 | 2014-03-26 | 厦门密安信息技术有限责任公司 | Implement method of dependable security disk |
| CN103823732A (en) * | 2014-02-27 | 2014-05-28 | 山东超越数控电子有限公司 | Method for monitoring file integrity under LINUX operation system |
| CN105389522B (en) * | 2015-12-23 | 2022-03-04 | 普华基础软件股份有限公司 | Virtual machine safety management system and computer terminal |
| CN107179882B (en) * | 2017-05-19 | 2020-05-08 | 广州瑞特租赁服务有限公司 | Electronic data destruction method |
| CN108650095A (en) * | 2018-04-17 | 2018-10-12 | 四川长虹电器股份有限公司 | A kind of file encryption-decryption method based on redis |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553347A (en) * | 2003-05-28 | 2004-12-08 | 联想(北京)有限公司 | Computer data protective method |
| CN102053925A (en) * | 2009-11-04 | 2011-05-11 | 许燕 | Realization method of data encryption in hard disk |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SG154348A1 (en) * | 2008-01-09 | 2009-08-28 | Dallab S Pte Ltd | Limiting access to file and folder on a storage device |
-
2012
- 2012-03-29 CN CN201210087649.2A patent/CN102662872B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553347A (en) * | 2003-05-28 | 2004-12-08 | 联想(北京)有限公司 | Computer data protective method |
| CN102053925A (en) * | 2009-11-04 | 2011-05-11 | 许燕 | Realization method of data encryption in hard disk |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102662872A (en) | 2012-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Basharat et al. | Database security and encryption: A survey study | |
| US8261320B1 (en) | Systems and methods for securely managing access to data | |
| CN102662872B (en) | A kind of user's virtual disk image file guard method based on credible password module | |
| US8656455B1 (en) | Managing data loss prevention policies | |
| US8782403B1 (en) | Method and apparatus for securing confidential data for a user in a computer | |
| US20100275265A1 (en) | System for securing transactions across insecure networks | |
| CN107908574B (en) | Safety protection method for solid-state disk data storage | |
| CN106991329A (en) | A kind of trust calculation unit and its operation method based on domestic TCM | |
| CN102948114A (en) | Single-use authentication methods for accessing encrypted data | |
| US11693981B2 (en) | Methods and systems for data self-protection | |
| CN104102595A (en) | High security removable storage device | |
| CN101237353A (en) | A method and system for monitoring mobile storage device based on USBKEY | |
| Vegesna | Investigations on Different Security Techniques for Data Protection in Cloud Computing using Cryptography Schemes | |
| Adeniyi et al. | Enhanced security and privacy issue in multi-tenant environment of green computing using blockchain technology | |
| Gupta et al. | A light weight centralized file monitoring approach for securing files in cloud environment | |
| Yao et al. | Privacy information antistealing control method of medical system based on cloud computing | |
| Kavitha et al. | Survey on cloud computing security and scheduling | |
| Yan et al. | Cloud computing security and privacy | |
| KR20130005950A (en) | System and method for strengthening security of mobile terminal | |
| Patil et al. | Secured cloud computing with decoy documents | |
| Spyra et al. | Sticky policy enabled authenticated OOXML | |
| Malathi | Cloud Computing Issues-A Survey | |
| KR101068768B1 (en) | A secure-kernel access control method by approving kernel jobs | |
| CN110287736A (en) | A kind of safety mobile terminal system based on safety chip | |
| Scarfone | The true story of data-at-rest encryption & the cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201222 Address after: 1218-18, building 3, No. 1366, Hongfeng Road, Huzhou Economic and Technological Development Zone, Huzhou City, Zhejiang Province Patentee after: Zhejiang Chaoyue CNC Electronic Technology Co.,Ltd. Address before: 250100 No. 2877 Kehang Road, Sun Village Town, Jinan High-tech District, Shandong Province Patentee before: SHANDONG CHAOYUE NUMERICAL CONTROL ELECTRONIC Co.,Ltd. |