CN102902914A - Method and device for achieving terminal tracelessness - Google Patents
Method and device for achieving terminal tracelessness Download PDFInfo
- Publication number
- CN102902914A CN102902914A CN2012103248404A CN201210324840A CN102902914A CN 102902914 A CN102902914 A CN 102902914A CN 2012103248404 A CN2012103248404 A CN 2012103248404A CN 201210324840 A CN201210324840 A CN 201210324840A CN 102902914 A CN102902914 A CN 102902914A
- Authority
- CN
- China
- Prior art keywords
- file
- memory
- accessing operation
- mapped disk
- disk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method and a device for achieving a traceless terminal. The method comprises the steps of receiving access requests for corresponding files stored in a server; downloading files into a local memory mapping disc and conducting encryption processing; and performing access operation on files in the memory mapping disc, wherein the memory mapping disc is obtained by mounting of a file system device which is virtualized in the local memory space. According to the method and the device, files are accessed through the memory mapping disc, so that the terminal tracelessness can be achieved.
Description
Technical field
The present invention relates to field of computer technology, more particularly, relate to a kind of method and device of realizing that terminal is seamless.
Background technology
Along with the development of infotech, increasing enterprises and institutions handle official business with the electronic document form.Electronic document has become the especially maintenance form of secret, secret papers of enterprises and institutions' valuable source.In order to prevent that effectively the vital documents such as secret, secret from divulging a secret, many enterprises and institutions take the form of centralized management or storage to the vital document such as secret, secret in management.Yet, often need to use the vital documents such as secret, secret in the office process.Therefore, in the system of document centralized management or storage, need in the vital document use procedure such as secret, secret, realize the seamless function of terminal.
At present, with the seamless related technology of terminal sandbox technology is arranged.The main implementation method that realizes the seamless function of terminal in sandbox technology is: in the zone that generation that will be relevant with shielded program and revised file are redirected to appointment; the zone of this appointment can be file form or document form, and the area data that will be written to simultaneously this appointment is encrypted processing.
In sandbox technology, exist in the local disk for the form of the data after being redirected with file or file, the user can see, and can the data of file or document form be taken away by the mode that copies, the disabled user can also obtain data in the file or folder by means such as Brute Forces; In addition; the deletion mode that is redirected data mainly is: initiatively remove to delete redirected data content by program; generally be the sandbox instrument withdraw from or shielded program when withdrawing from just with the data deletion that is redirected; may be because data file be occupied or locking and can't successfully deleting when the deletion that is redirected data; and the file in local disk deletion is not thoroughly the time; can pass through some data restoration methods, related data is reduced.
As seen, prior art can't realize really that terminal is seamless.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of method and device of realizing that terminal is seamless, by the access of memory-mapped disk realization to file, reaches the seamless purpose of terminal.
The embodiment of the invention provides a kind of method that realizes that terminal is seamless, comprising:
Reception is to the request of access of the corresponding document deposited in the server;
Described file is downloaded to local memory-mapped disk, and carries out encryption;
In described memory-mapped disk, described file is carried out accessing operation;
Wherein, described memory-mapped disk is obtained by the file system device carry that fictionalizes in the local memory headroom.
Preferably, describedly in described memory-mapped disk, described file is carried out accessing operation, comprising:
Whether the process of judging described accessing operation is trusted process;
If so, then allow described process to carry out described accessing operation; Otherwise, forbid that described process carries out described accessing operation.
Preferably, describedly judge whether the process of described accessing operation is trusted process, comprising:
Obtain the Process identifier of described accessing operation;
Obtain the executable file of described process according to described Process identifier;
Whether the file characteristic value of judging described executable file is present in the trusted process tabulation of presetting, and if so, then described process is trusted process; Otherwise described process is untrusted process.
Preferably, if trusted process is carried out described accessing operation, then also comprise:
The file that creates in the described trusted process accessing operation process and the temporary file of generation are encrypted, and are stored in the described memory-mapped disk.
Preferably, described access comprises: read described file, to described file or to described memory-mapped disk data writing.
A kind of device of realizing that terminal is seamless comprises:
The request receiving module is for the request of access that receives the corresponding document that server is deposited;
Download module is used for described file is downloaded to local memory-mapped disk, and carries out encryption;
Access modules is used at described memory-mapped disk described file being carried out accessing operation;
Wherein, described memory-mapped disk is obtained by the file system device carry that fictionalizes in the local memory headroom.
Preferably, described access control module comprises:
Judge submodule, be used for judging whether the process of described accessing operation is trusted process; If so, then trigger first module that bears fruit; Otherwise, trigger second module that bears fruit;
Described first module that bears fruit is used for allowing described process to carry out described accessing operation;
Described second module that bears fruit is used for forbidding that described process carries out described accessing operation.
Preferably, described judgement submodule comprises:
The first acquiring unit is for the Process identifier that obtains described accessing operation;
Second acquisition unit is for the executable file that obtains described process according to described Process identifier;
Judging unit is used for judging whether the file characteristic value of described executable file is present in the trusted process tabulation of presetting, and if so, then triggers first module; Otherwise, trigger second unit;
Described first module is used for determining that described process is trusted process;
Described second unit, being used for described process is untrusted process.
Preferably, also comprise:
Memory module is encrypted for the file that described trusted process accessing operation process is created and the temporary file of generation, and is stored in the described memory-mapped disk.
Preferably, described access comprises: read described file, to described file or to described memory-mapped disk data writing.
In the embodiment of the invention, in local internal memory, distribute certain space as the space of memory-mapped disk, when the file of depositing in need to be to server is carried out access, at first corresponding document is downloaded in the memory-mapped disk, then in the memory-mapped disk, carry out the accessing operation to this document, can not produce any intermediate data file in the local disk, for the memory-mapped disk, operating system shutdown or when restarting system, the memory-mapped disk can disappear along with resetting of memory headroom, therefore, the file data of depositing in the memory-mapped disk also can disappear along with the disappearance of memory-mapped disk, thereby realizes that terminal is seamless.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, the below will do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art, apparently, accompanying drawing in the following describes only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
A kind of method flow synoptic diagram of realizing that terminal is seamless that Fig. 1 provides for the embodiment of the invention;
The synoptic diagram of the carry memory-mapped disk that Fig. 2 provides for the embodiment of the invention;
The realization flow synoptic diagram of in described memory-mapped disk, described file being carried out accessing operation that Fig. 3 provides for the embodiment of the invention;
Fig. 4 is the realization flow synoptic diagram of step 301 among Fig. 3;
A kind of apparatus structure synoptic diagram of realizing that terminal is seamless that Fig. 5 provides for the embodiment of the invention;
Fig. 6 realizes the seamless apparatus structure synoptic diagram of terminal for the another kind that the embodiment of the invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
In the embodiment of the invention, terminal is seamless to be exactly can not to stay all or part of file content of this document on client in client is opened file process on the server.Usually, in order to reach the seamless function of terminal, need to satisfy following 2 points:
It is seamless when 1, server file downloads to local cache;
2, the ephemeral data that the process that opens file produces is seamless.
At first, a kind of seamless method of terminal that realizes provided by the invention is described, as shown in Figure 1, described method comprises:
In this step, request of access can be by IE(Internet Explorer, the internet browser) to initiate, request of access is pointed to the server at storage system place in the document sets; Also can be to be initiated by the client that connects storage system place server in the document sets;
In this step, after determining accessed file, directly this document is not carried out concrete accessing operation, but this document is downloaded to local memory-mapped disk;
Wherein, described memory-mapped disk is obtained by the file system device carry that fictionalizes in the local memory headroom.
In the embodiment of the invention, utilize under internal memory outage or the system off state at once automatically reset characteristic of internal memory, realize opening the seamless function of network file terminal.At first, the interior existence under paging and the state without paging, to be directly used in storage file technically, and can not be employed procedure identification, therefore, need to use " internal memory virtual disk technology " in internal memory, to distribute certain space virtual to become file system volume equipment, and with virtual file system mounted be the memory-mapped disk.
As shown in Figure 2, be the synoptic diagram of carry memory-mapped disk.Particularly, distribute certain space as the space of memory-mapped disk from internal memory, the space is carried out initialization and made up virtual file system, the symbol that creates disk connects, with virtual file system mounted be the memory-mapped disk.During implementation, can when system boot, be allocated in advance the space size of memory-mapped disk according to the strategy in the registration table by the memory-mapped disk driver, optional mode comprises: the memory-mapped disk accounts for the number percent of memory headroom or concrete size is set, and when client-side program starts, inform the local disk magnetic symbol that need to carry out carry.
In the embodiment of the invention, in local internal memory, distribute certain space as the space of memory-mapped disk, when the file of depositing in need to be to server is carried out access, at first corresponding document is downloaded in the memory-mapped disk, then in the memory-mapped disk, carry out the accessing operation to this document, can not produce any intermediate data file in the local disk, for the memory-mapped disk, operating system shutdown or when restarting system, the memory-mapped disk can disappear along with resetting of memory headroom, therefore, the file data of depositing in the memory-mapped disk also can all disappear along with the disappearance of memory-mapped disk, thereby realizes that terminal is seamless.
Network file is left in the memory-mapped disk, avoid cache file in local disk, can solve the situation of divulging a secret that local disk buffer memory network data file produces.In addition, equal from internal memory, to read and write data from the efficient of memory-mapped disk read-write data, be higher than the efficient that from local disk, reads and writes data from the efficiency far of memory read-write data, therefore, come cache file can greatly improve the read or write speed of file by memory-mapped disk mode.
For the ease of the understanding to technical solution of the present invention, below by concrete example overall plan is described in detail explanation.
In the embodiment of the invention, as shown in Figure 3, in described memory-mapped disk, can may further comprise the steps the implementation of described file execution accessing operation:
Among this embodiment, because the memory-mapped disk is visible to the user under " my computer ", the user can directly conduct interviews to the data file in the internal memory Map Disk.In order to improve the security of access, in above-described embodiment, need to realize access control to the internal memory Map Disk by kernel level file access control mode, herein, kernel refers to the driving layer of operating system.Be specially: concrete access process is authorized, believable process can reading out data, incredible process can not reading out data, to reach illegal program or hacker in system boot or shutdown even to obtain in the situation of hard disk, all can't steal the purpose of data from the memory-mapped disk.
In above-described embodiment, as shown in Figure 4, judge described in the step 301 whether the process of described accessing operation is trusted process, can may further comprise the steps:
Step 401, obtain the Process identifier of described accessing operation;
Step 402, obtain the executable file of described process according to described Process identifier;
Whether step 403, the file characteristic value of judging described executable file are present in the trusted process tabulation of presetting, and if so, then continue step 404; Otherwise, continue step 405;
Step 404, determine that described process is trusted process;
Step 405, determine that described process is untrusted process.
This embodiment has illustrated whether how to carry out the judgment mode of trusted process.Particularly, kernel level control is used in data access control in the memory-mapped disk, when process triggers is read in the dish during request of data, be kernel File operation Fast I/O(Fast Input/Output, fast I/O) request and IRP(I/ORequest Package, the input output request bag), PID(Process identifier according to the process of this request), obtain the application program executable file of process, judge the program file eigenwert of executable file, that is: the HASH value of executable file, if the file characteristic value is in the trusted process tabulation, represent that this program is believable, processing mode is that the read data of this program is let pass and the data of reading are decrypted; If the file characteristic value in the trusted process tabulation, does not represent that this program is incredible, processing mode is to forbid that this program reads the data in the memory-mapped disk.Wherein, the trusted process tabulation can set in advance in server, is obtained and pass to the driver of memory-mapped disk from server by application program.
In another preferred embodiment of the present invention, when trusted process is carried out accessing operation to the internal memory Map Disk, the file that creates in the described trusted process accessing operation process and the temporary file of generation are encrypted, and are stored in the described memory-mapped disk.
Among this embodiment, after opening file in the memory-mapped disk for trusted process, need to be to the trusted process control of preventing divulging a secret, prevent from depositing in addition file outside the memory-mapped disk by trusted process, here use " process redirecting technique " to reach this function, write unloadings such as temporary file that supplemental data produces to the memory-mapped disk with the file of process creation or to already present file, thereby in local disk, do not produce any intermediate data file.
During implementation, can the file system volume equipment in kernel on binding file filtration drive equipment, utilize this document filtration drive equipment the data access of file system volume equipment is judged and to be monitored.Need to prove that this document filtration drive equipment is a driving arrangement in the driver of the corresponding exploitation of memory-mapped disk, its effect is that the physical disk file is implemented interception and filtered.
In addition, carrying out file filter in kernel, is to create file and to the file data writing, then this document operation is forwarded in the memory-mapped disk if the PID of process is the PID of trusted process and file operation.When forwarding file operation to the memory-mapped disk, exist if judge original, need first original to be copied to the correspondence position in the memory-mapped disk.This be because, for realize seamless can not be directly in the local disk already present file data writing, but need to be the file copy in the local disk in the memory-mapped disk, data writing in this document in the internal memory Map Disk again.
Need to prove that in above-described embodiment, the file that is written in the memory-mapped disk becomes encrypt file automatically, the file that writes comprises from server and is downloaded to file the memory-mapped disk, and the data file that writes to internal memory Map Disk File.Concrete cipher mode can for: when in the memory-mapped disk drive, processing file operation distribution function, in write distribution function is processed, corresponding contents is encrypted.And the user opens file in the memory-mapped disk by some mode, can check, edit file and preservation etc., and be transparent to the user.This be because, in the present embodiment, during the file of trusted process in the rdma read Map Disk, corresponding document can be deciphered automatically, and the file data that generates when file carried out write operation can be encrypted automatically.Be understandable that this encryption and decryption mode essence is a kind of transparent encryption and decryption technology.Trusted process uses transparent encryption and decryption technology that file is carried out encryption and decryption during reading and writing of files in the memory-mapped disk, can not affect user's use habit.
The seamless embodiment of the method for corresponding above-mentioned realization terminal, the present invention also provides a kind of device of realizing that terminal is seamless, and as shown in Figure 5, described device specifically can comprise:
Request receiving module 501 is for the request of access that receives the corresponding document that server is deposited;
Wherein, described memory-mapped disk is obtained by the file system device carry that fictionalizes in the local memory headroom.
Described access comprises: read described file, to described file or to described memory-mapped disk data writing.
In the embodiment of the invention, in local internal memory, distribute certain space as the space of memory-mapped disk, when the file of depositing in need to be to server is carried out access, at first corresponding document is downloaded in the memory-mapped disk, then in the memory-mapped disk, carry out the accessing operation to this document, can not produce any intermediate data file in the local disk, for the memory-mapped disk, operating system shutdown or when restarting system, the memory-mapped disk can disappear along with resetting of memory headroom, therefore, the file data of depositing in the memory-mapped disk also can all disappear along with the disappearance of memory-mapped disk, thereby realizes that terminal is seamless.
During implementation, described access control module can comprise:
Judge submodule, be used for judging whether the process of described accessing operation is trusted process; If so, then trigger first module that bears fruit; Otherwise, trigger second module that bears fruit;
Described first module that bears fruit is used for allowing described process to carry out described accessing operation;
Described second module that bears fruit is used for forbidding that described process carries out described accessing operation.
Among this embodiment, because the memory-mapped disk is visible to the user under " my computer ", the user can directly conduct interviews to the data file in the internal memory Map Disk.In order to improve the security of access, in above-described embodiment access control module, need to realize access control to the internal memory Map Disk by kernel level file access control mode, herein, kernel refers to the driving layer of operating system.Be specially: concrete access process is authorized, believable process can reading out data, incredible process can not reading out data, to reach illegal program or hacker in system boot or shutdown even to obtain in the situation of hard disk, all can't steal the purpose of data from the memory-mapped disk.
Further, described judgement submodule can comprise:
The first acquiring unit is for the Process identifier that obtains described accessing operation;
Second acquisition unit is for the executable file that obtains described process according to described Process identifier;
Judging unit is used for judging whether the file characteristic value of described executable file is present in the trusted process tabulation of presetting, and if so, then triggers first module; Otherwise, trigger second unit;
Described first module is used for determining that described process is trusted process;
Described second unit, being used for described process is untrusted process.
As seen, among this embodiment, kernel level control is used in data access control in the memory-mapped disk, when process triggers is read in the dish during request of data, described judgement submodule is according to the PID of the process of this request, obtain the application program executable file of process, judge the program file eigenwert of executable file, that is: the HASH value of executable file, if the file characteristic value is in the trusted process tabulation, represent that this program is believable, processing mode is that the read data of this program is let pass and the data of reading are decrypted; If the file characteristic value in the trusted process tabulation, does not represent that this program is incredible, processing mode is to forbid that this program reads the data in the memory-mapped disk.Wherein, the trusted process tabulation can set in advance in server, is obtained and pass to the driver of memory-mapped disk from server by application program.
In another preferred embodiment of the present invention, as shown in Figure 6, the seamless device of above-mentioned realization terminal can also comprise:
Among this embodiment, after opening file in the memory-mapped disk for trusted process, need to be to the trusted process control of preventing divulging a secret, prevent from depositing in addition file outside the memory-mapped disk by trusted process, here use " process redirecting technique " to reach this function, by this memory module, write unloadings such as temporary file that supplemental data produces to the memory-mapped disk with the file of process creation or to already present file, thereby in local disk, do not produce any intermediate data file.
For device embodiment, because it is substantially corresponding to embodiment of the method, so describe fairly simplely, relevant part gets final product referring to the part explanation of embodiment of the method.Device embodiment described above only is schematic, wherein said unit as the separating component explanation can or can not be physically to separate also, the parts that show as the unit can be or can not be physical locations also, namely can be positioned at a place, perhaps also can be distributed on a plurality of network element.Can select according to the actual needs wherein some or all of module to realize the purpose of present embodiment scheme.Those of ordinary skills namely can understand and implement in the situation of not paying creative work.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in above-described embodiment method, to come the relevant hardware of instruction to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process such as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or store-memory body (Random Access Memory, RAM) etc. at random.
To the above-mentioned explanation of the disclosed embodiments, make this area professional and technical personnel can realize or use the present invention.Multiple modification to these embodiment will be apparent concerning those skilled in the art, and General Principle as defined herein can in the situation of the spirit or scope that do not break away from the embodiment of the invention, realize in other embodiments.Therefore, the embodiment of the invention will can not be restricted to these embodiment shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (10)
1. a method that realizes that terminal is seamless is characterized in that, comprising:
Reception is to the request of access of the corresponding document deposited in the server;
Described file is downloaded to local memory-mapped disk, and carries out encryption;
In described memory-mapped disk, described file is carried out accessing operation;
Wherein, described memory-mapped disk is obtained by the file system device carry that fictionalizes in the local memory headroom.
2. the seamless method of realization terminal according to claim 1 is characterized in that, describedly in described memory-mapped disk described file is carried out accessing operation, comprising:
Whether the process of judging described accessing operation is trusted process;
If so, then allow described process to carry out described accessing operation; Otherwise, forbid that described process carries out described accessing operation.
3. the seamless method of realization terminal according to claim 2 is characterized in that, describedly judges whether the process of described accessing operation is trusted process, comprising:
Obtain the Process identifier of described accessing operation;
Obtain the executable file of described process according to described Process identifier;
Whether the file characteristic value of judging described executable file is present in the trusted process tabulation of presetting, and if so, then described process is trusted process; Otherwise described process is untrusted process.
4. the seamless method of realization terminal according to claim 2 is characterized in that, if trusted process is carried out described accessing operation, then also comprises:
The file that creates in the described trusted process accessing operation process and the temporary file of generation are encrypted, and are stored in the described memory-mapped disk.
5. the seamless method of realization terminal according to claim 1 is characterized in that described access comprises: read described file, to described file or to described memory-mapped disk data writing.
6. a device of realizing that terminal is seamless is characterized in that, comprising:
The request receiving module is for the request of access that receives the corresponding document that server is deposited;
Download module is used for described file is downloaded to local memory-mapped disk, and carries out encryption;
Access modules is used at described memory-mapped disk described file being carried out accessing operation;
Wherein, described memory-mapped disk is obtained by the file system device carry that fictionalizes in the local memory headroom.
7. the seamless device of realization terminal according to claim 6 is characterized in that described access control module comprises:
Judge submodule, be used for judging whether the process of described accessing operation is trusted process; If so, then trigger first module that bears fruit; Otherwise, trigger second module that bears fruit;
Described first module that bears fruit is used for allowing described process to carry out described accessing operation;
Described second module that bears fruit is used for forbidding that described process carries out described accessing operation.
8. the seamless device of realization terminal according to claim 7 is characterized in that, described judgement submodule comprises:
The first acquiring unit is for the Process identifier that obtains described accessing operation;
Second acquisition unit is for the executable file that obtains described process according to described Process identifier;
Judging unit is used for judging whether the file characteristic value of described executable file is present in the trusted process tabulation of presetting, and if so, then triggers first module; Otherwise, trigger second unit;
Described first module is used for determining that described process is trusted process;
Described second unit, being used for described process is untrusted process.
9. the seamless device of realization terminal according to claim 7 is characterized in that, also comprises:
Memory module is encrypted for the file that described trusted process accessing operation process is created and the temporary file of generation, and is stored in the described memory-mapped disk.
10. the seamless device of realization terminal according to claim 6 is characterized in that described access comprises: read described file, to described file or to described memory-mapped disk data writing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210324840.4A CN102902914B (en) | 2012-09-05 | 2012-09-05 | Method and device for achieving terminal tracelessness |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210324840.4A CN102902914B (en) | 2012-09-05 | 2012-09-05 | Method and device for achieving terminal tracelessness |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102902914A true CN102902914A (en) | 2013-01-30 |
| CN102902914B CN102902914B (en) | 2015-06-03 |
Family
ID=47575141
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210324840.4A Active CN102902914B (en) | 2012-09-05 | 2012-09-05 | Method and device for achieving terminal tracelessness |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102902914B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106611138A (en) * | 2016-12-12 | 2017-05-03 | 北京鼎普科技股份有限公司 | GHOST file security check method and apparatus |
| CN106612280A (en) * | 2016-12-26 | 2017-05-03 | 北京鼎普科技股份有限公司 | Virtualization management method and system of terminal equipment |
| WO2017097047A1 (en) * | 2015-12-11 | 2017-06-15 | 北京奇虎科技有限公司 | Method for using mobile terminal without traces, and mobile terminal |
| CN108762821A (en) * | 2017-04-18 | 2018-11-06 | 海马云(天津)信息技术有限公司 | Device and method, the electronic equipment of electronic equipment operation application |
| CN109558375A (en) * | 2018-12-05 | 2019-04-02 | 武汉斗鱼网络科技有限公司 | A kind of file memory method of optimization, storage medium, equipment and system |
| CN109918907A (en) * | 2019-01-30 | 2019-06-21 | 国家计算机网络与信息安全管理中心 | Linux platform proceeding internal memory malicious code evidence collecting method, controller and medium |
| CN110020533A (en) * | 2018-01-08 | 2019-07-16 | 福建天泉教育科技有限公司 | A kind of method for security protection and terminal of VR resource |
| CN110134339A (en) * | 2019-05-22 | 2019-08-16 | 北京明朝万达科技股份有限公司 | A kind of data guard method and system based on file virtual disk |
| CN110232261A (en) * | 2019-06-03 | 2019-09-13 | 浙江大华技术股份有限公司 | Operating method, document handling apparatus and the equipment with store function of APMB package |
| CN110457870A (en) * | 2019-08-01 | 2019-11-15 | 浙江大华技术股份有限公司 | Processing method and processing device, embedded device and the storage medium of executable file |
| CN110837648A (en) * | 2019-10-23 | 2020-02-25 | 云深互联(北京)科技有限公司 | Document processing method, device and equipment |
| US10936728B2 (en) | 2017-02-23 | 2021-03-02 | Red Hat, Inc. | Non-persistent mode for network connection |
| US11025621B2 (en) | 2017-02-24 | 2021-06-01 | Red Hat, Inc. | Enhancing privacy of network connections |
| CN113946873A (en) * | 2021-12-21 | 2022-01-18 | 天津联想协同科技有限公司 | Off-disk file tracing method and device, terminal and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100036884A1 (en) * | 2008-08-08 | 2010-02-11 | Brown Robert G | Correlation engine for generating anonymous correlations between publication-restricted data and personal attribute data |
| CN102214127A (en) * | 2010-11-15 | 2011-10-12 | 上海安纵信息科技有限公司 | Method for intensively storing and backing up data based on operating system virtualization theory |
| CN102222189A (en) * | 2011-06-13 | 2011-10-19 | 上海置水软件技术有限公司 | Method for protecting operating system |
| CN102467566A (en) * | 2010-11-19 | 2012-05-23 | 奇智软件(北京)有限公司 | Method and system for browsing web pages without traces |
-
2012
- 2012-09-05 CN CN201210324840.4A patent/CN102902914B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100036884A1 (en) * | 2008-08-08 | 2010-02-11 | Brown Robert G | Correlation engine for generating anonymous correlations between publication-restricted data and personal attribute data |
| CN102214127A (en) * | 2010-11-15 | 2011-10-12 | 上海安纵信息科技有限公司 | Method for intensively storing and backing up data based on operating system virtualization theory |
| CN102467566A (en) * | 2010-11-19 | 2012-05-23 | 奇智软件(北京)有限公司 | Method and system for browsing web pages without traces |
| CN102222189A (en) * | 2011-06-13 | 2011-10-19 | 上海置水软件技术有限公司 | Method for protecting operating system |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017097047A1 (en) * | 2015-12-11 | 2017-06-15 | 北京奇虎科技有限公司 | Method for using mobile terminal without traces, and mobile terminal |
| CN106874782A (en) * | 2015-12-11 | 2017-06-20 | 北京奇虎科技有限公司 | The seamless application method and mobile terminal of a kind of mobile terminal |
| CN106874782B (en) * | 2015-12-11 | 2021-01-29 | 北京奇虎科技有限公司 | Traceless use method of mobile terminal and mobile terminal |
| CN106611138B (en) * | 2016-12-12 | 2020-03-31 | 北京鼎普科技股份有限公司 | GHOST file security check method and device |
| CN106611138A (en) * | 2016-12-12 | 2017-05-03 | 北京鼎普科技股份有限公司 | GHOST file security check method and apparatus |
| CN106612280A (en) * | 2016-12-26 | 2017-05-03 | 北京鼎普科技股份有限公司 | Virtualization management method and system of terminal equipment |
| CN106612280B (en) * | 2016-12-26 | 2019-10-22 | 北京鼎普科技股份有限公司 | A kind of method and system of terminal device virtual management |
| US10936728B2 (en) | 2017-02-23 | 2021-03-02 | Red Hat, Inc. | Non-persistent mode for network connection |
| US11025621B2 (en) | 2017-02-24 | 2021-06-01 | Red Hat, Inc. | Enhancing privacy of network connections |
| CN108762821A (en) * | 2017-04-18 | 2018-11-06 | 海马云(天津)信息技术有限公司 | Device and method, the electronic equipment of electronic equipment operation application |
| CN108762821B (en) * | 2017-04-18 | 2023-04-25 | 海马云(天津)信息技术有限公司 | Device and method for running application of electronic equipment and electronic equipment |
| CN110020533B (en) * | 2018-01-08 | 2021-02-09 | 福建天泉教育科技有限公司 | Safety protection method for VR resources and terminal |
| CN110020533A (en) * | 2018-01-08 | 2019-07-16 | 福建天泉教育科技有限公司 | A kind of method for security protection and terminal of VR resource |
| CN112651038A (en) * | 2018-01-08 | 2021-04-13 | 福建天泉教育科技有限公司 | VR resource security protection method and terminal for reducing space and time |
| CN112651038B (en) * | 2018-01-08 | 2023-06-16 | 福建天泉教育科技有限公司 | VR resource safety protection method and terminal capable of reducing space and time |
| CN109558375A (en) * | 2018-12-05 | 2019-04-02 | 武汉斗鱼网络科技有限公司 | A kind of file memory method of optimization, storage medium, equipment and system |
| CN109918907A (en) * | 2019-01-30 | 2019-06-21 | 国家计算机网络与信息安全管理中心 | Linux platform proceeding internal memory malicious code evidence collecting method, controller and medium |
| CN110134339A (en) * | 2019-05-22 | 2019-08-16 | 北京明朝万达科技股份有限公司 | A kind of data guard method and system based on file virtual disk |
| CN110232261A (en) * | 2019-06-03 | 2019-09-13 | 浙江大华技术股份有限公司 | Operating method, document handling apparatus and the equipment with store function of APMB package |
| CN110457870A (en) * | 2019-08-01 | 2019-11-15 | 浙江大华技术股份有限公司 | Processing method and processing device, embedded device and the storage medium of executable file |
| CN110837648A (en) * | 2019-10-23 | 2020-02-25 | 云深互联(北京)科技有限公司 | Document processing method, device and equipment |
| CN113946873A (en) * | 2021-12-21 | 2022-01-18 | 天津联想协同科技有限公司 | Off-disk file tracing method and device, terminal and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102902914B (en) | 2015-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102902914B (en) | Method and device for achieving terminal tracelessness | |
| EP3420492B1 (en) | Idps access-controlled and encrypted file system design | |
| US8302178B2 (en) | System and method for a dynamic policies enforced file system for a data storage device | |
| US11675919B2 (en) | Separation of managed and unmanaged data in a computing device | |
| US9473297B2 (en) | Achieving storage efficiency in presence of end-to-end encryption using downstream decrypters | |
| US11809584B2 (en) | File system metadata protection | |
| CN103825953B (en) | A kind of user model encrypted file system | |
| US9135464B2 (en) | Secure storage system for distributed data | |
| CN107301544A (en) | A kind of safe Wallet System of block chain | |
| CN101853363A (en) | File protection method and system | |
| TWI496023B (en) | Software modification for partial secure memory processing | |
| TW200830830A (en) | Hard disc streaming cryptographic operations with embedded authentication | |
| CN101847184A (en) | Method for encrypting files by adopting encryption sandbox | |
| US11755753B2 (en) | Mechanism to enable secure memory sharing between enclaves and I/O adapters | |
| CN201682524U (en) | Document transfer authority control system based on document filtering driver | |
| Onarlioglu et al. | Privexec: Private execution as an operating system service | |
| US9075999B2 (en) | Memory device and method for adaptive protection of content | |
| CN102693399A (en) | System and method for on-line separation and recovery of electronic documents | |
| CN104156672A (en) | Data encryption protection method and system based on LINUX | |
| CN111177773B (en) | Full disk encryption and decryption method and system based on network card ROM | |
| CN103379133A (en) | Safe and reliable cloud storage system | |
| WO2024021496A1 (en) | Transparent encryption method and apparatus, electronic device, and storage medium | |
| CN111159726A (en) | Full disk encryption and decryption method and system based on UEFI (unified extensible firmware interface) environment variable | |
| CN105787304A (en) | DRM (digital rights management) method based on device binding | |
| CN112784321B (en) | Disk resource security system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210309 Address after: Room 205, building 22, 785 Hutai Road, Jing'an District, Shanghai Patentee after: Shanghai Rongan Technology Co.,Ltd. Address before: 4f, area B, Fujian Overseas Students Pioneer Park, 108 Jiangbin East Avenue, Mawei District, Fuzhou City, Fujian Province, 350015 Patentee before: FUJIAN ETIM INFORMATION & TECHNOLOGY Co.,Ltd. |