CN104125069A - Secure file catalogue file encryption system towards sharing - Google Patents

Secure file catalogue file encryption system towards sharing Download PDF

Info

Publication number
CN104125069A
CN104125069A CN201410323581.2A CN201410323581A CN104125069A CN 104125069 A CN104125069 A CN 104125069A CN 201410323581 A CN201410323581 A CN 201410323581A CN 104125069 A CN104125069 A CN 104125069A
Authority
CN
China
Prior art keywords
file
encrypt
control strategy
encryption
directory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410323581.2A
Other languages
Chinese (zh)
Other versions
CN104125069B (en
Inventor
龙毅宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiaxing Guao Gene Technology Co., Ltd.
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN201410323581.2A priority Critical patent/CN104125069B/en
Publication of CN104125069A publication Critical patent/CN104125069A/en
Application granted granted Critical
Publication of CN104125069B publication Critical patent/CN104125069B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention relates to a secure file catalogue file encryption system towards sharing. The secure file catalogue file encryption system towards the sharing comprises a secure file catalogue, a file encryption filter and a file encryption filter auxiliary process, wherein files in the secure file catalogue is automatically encrypted by the file encryption filter, each file catalogue in the secure file catalogue is provided with or inherits a corresponding file decryption control strategy which is used to restrict certain person authorization users and community authorization users to decrypt encryption files in each file catalogue, and when the file encryption filter encrypts the files, the file decryption control strategies in the file catalogues where the files are located are used as file decryption control strategies of the encryption files, and then converted into file decryption control data, and finally stored in decryption files, and the file encryption filter auxiliary process is used to complete operation which can not be completed by the file encryption filter in an inner nuclear layer, and used to set a client end of a cloud storage system as a non-accredited process during the file cloud storage process, and thereby guarantees that the files uploaded to the cloud storage system are encrypted.

Description

A kind of towards shared secure file catalogue file encryption system
Technical field
The invention belongs to field of information security technology, is a kind of towards shared secure file catalogue file encryption system, and particularly a kind of being applicable to is stored in by cloud the file encryption system of sharing and use safely file between many people.
Background technology
File cloud is stored to user and is brought great convenience, and has been subject to users' welcome.Not only personal user is using file cloud storage system now, and increasing enterprise, particularly medium-sized and small enterprises, mechanism, also using file cloud storage system, comprise public cloud storage system in mechanism.
Many file cloud storage systems all provide file-sharing function at present, a user specifies and can share the user who uses file in the high in the clouds system that a file is uploaded to file cloud storage system, comprises and specifies specific personal user or group user.Current file cloud storage system be mostly by access control mechanisms realize file safety share.The shortcoming of this technical scheme is: if shared file relates to individual privacy or corporate secret, the operation maintenance person of cloud storage system (O&M person) is the content that can see shared file so, or in the time that cloud storage system is subjected to assault, likely occur the situation that file is stolen, private information is revealed, these are all the problems that cloud storage user worries very much.The best solution that solves this safety problem is user, file to be uploaded to before the high in the clouds system of cloud storage system first to file encryption, and ensures to only have licensed user could decipher encrypted file (encrypt file).But, for personal document's encryption from be different for the encryption of shared file, the latter is more complicated, needs consider how to distribute, the problem of shared file encryption key, and under public cloud storage environment, realize shared file and encrypt and also must consider a factor: for realize file encryption particularly shared file to encrypt and the cloud storage system of having disposed is modified be almost impossible, accepted by cloud storage operator for the scheme file cloud storage system transformed to shared file increase encryption function is very difficult.For the cryptography issue of cloud storage shared file, the applicant is at its patent application " a kind of file encryption system towards shared file " (number of patent application: proposed a kind of shared file encipherment scheme without file cloud storage system is transformed 201410151619.2).This scheme combines (file encryption filter is only responsible for deciphering) by manual file encryption with the autofile deciphering based on file encryption filter, user can be encrypted operation to the All Files in single or a file directory by manual mode and individual sharing users, colony's sharing policy to file manages (comprise strategy setting, amendment and delete or remove) and encrypt file is encrypted to PKI and upgrade operation, then the file after encrypting is uploaded to cloud storage system and shares for authorized user; The user who has downloaded encryption shared file from cloud storage system can automatically be decrypted processing to encrypting shared file by file encryption filter in using encryption shared file, thereby in the case of not changing the use that realizes encryption shared file shared file user's operation use habit and the operational processes mode of program.But also there are the following problems for the scheme in patent application 201410151619.2: 1) need user to carry out file encryption by manual mode; 2) although can the All Files in a file directory be arranged individual sharing users and colony's sharing policy and is encrypted by manual mode, if but add again new file, the file newly adding still to need again mode by hand individual and colony's sharing policy to be set and to be encrypted after the setting of file strategy and cryptographic operation in file directory completing.All these has brought very big inconvenience to user.
The present invention is by the basis of the file encryption system in patent application 201410151619.2, in conjunction with the transparent file encipherment scheme based on file encryption filter, propose a kind of carry out file encryption without user by manual mode and repeatedly arrange deciphering shared file encipherment scheme control strategy, that be suitable for the storage of file cloud.
Summary of the invention
The object of the invention is to propose a kind of file cloud storage system that is adapted to pass through and realize the shared file encryption system of file security, to overcome the deficiency of existing scheme.
To achieve these goals, the technical solution adopted in the present invention is:
Towards a shared secure file catalogue file encryption system, described file encryption system comprises secure file catalogue, file encryption filter and file encryption filter assisted process, wherein:
Secure file catalogue a: file directory of the selected computer file system that carries out safeguard protection of user, the file of preserving in described secure file catalogue, and the file of preserving in subordinate's file directory of secure file catalogue is the encrypt file of automatically being encrypted generation by file encryption filter, described encrypt file has same file suffixes with the file before encryption, before and after file encryption, keeps file type constant, described secure file catalogue and subordinate's file directory thereof are provided with or have inherited file decryption control strategy, the file decryption control strategy of a file directory (arrange or inherit) has specified default deciphering control strategy and the authorized user of the encrypt file under file directory, if a file directory in secure file catalogue (comprising direct subordinate or the indirect subordinate file directory of secure file catalogue) does not arrange file decryption control strategy, this file directory is inherited the file decryption control strategy of its higher level's file directory, if a file directory in secure file catalogue does not arrange file decryption control strategy, its higher level's file directory does not arrange file decryption control strategy yet, the file decryption control strategy of its higher level's file directory is inherited the more file decryption control strategy of upper level file directory, with north on this until inherit a file decryption control strategy that is provided with higher level's file directory of file decryption control strategy, the file decryption control strategy of described file directory comprises for personal user's individual deciphers control strategy and the colony's deciphering control strategy for group user, wherein, one of file directory individual's deciphering control strategy specify a concrete personal user have deciphering individual decipher control strategy for or the file directory that acts under the authority of close encrypt file, and colony of file directory deciphering control strategy specify to have user's (as belonged to certain group or having certain role's user) of given feature or the user that meets specified criteria have deciphering colony decipher control strategy for or the file directory that acted under the authority of encrypt file, the described individual by file directory decipher control strategy license can enabling decryption of encrypted file personal user be called individual's deciphering control strategy for or the file directory that acted on and the individual authorized user of encrypt file, described individual authorized user is divided into again leading subscriber and domestic consumer, described leading subscriber refers to user's (different file directorys can have different leading subscribers) that can the file decryption control strategy of the file directory in secure file catalogue (comprising secure file catalogue self) and encrypt file be managed and the encrypted public key of encrypt file is upgraded, described by the license of the colony of file directory deciphering control strategy can enabling decryption of encrypted file user be called colony's deciphering control strategy for or the file directory that acted on and colony's authorized user of encrypt file, a file decryption control strategy of described file directory (comprising individual's deciphering control strategy and colony's deciphering control strategy) institute for or the file directory of effect refer to setting or inherited the file directory of this file control strategy, a file decryption control strategy of described file directory for or the encrypt file that acts on refer to directly leave in this file decryption control strategy for or the file directory that acts under encrypt file, described secure file catalogue generates in the time creating has a default individual for creating user to decipher control strategy, the establishment user of regulation secure file catalogue is the leading subscriber of secure file catalogue, thereby has the authority of the file decryption control strategy of file directory in Administrative Security file order and encrypt file, when generating, automatically inherits an encrypt file file decryption control strategy of place file directory, the individual of an encrypt file deciphers control strategy and has specified that the individual authorized user that can decipher this encrypt file comprises leading subscriber and domestic consumer, colony's deciphering control strategy of an encrypt file has specified to decipher colony's authorized user of this encrypt file, the data of each encrypt file in secure file catalogue (comprising the encrypt file in the subprime directory of secure file catalogue) comprise two parts: file data and file decryption control data, the file data of encrypt file is to adopt through a random symmetric key generating the data that form after symmetric key cipher algorithm for encryption by the non-encrypted file data of the original before the corresponding encryption of encrypt file, the symmetric key of described random generation is called file encryption key, the file decryption control data of encrypt file produce according to the file decryption control strategy of this encrypt file, decipher control strategy and colony's deciphering control strategy corresponding to the individual of encrypt file, the file decryption control data of encrypt file comprise that data are controlled in individual's deciphering and data are controlled in colony's deciphering, wherein, people deciphers and controls the file encryption key that PKI that data comprise each individual authorized user of uses (every of encrypt file individual's deciphering control strategy defined) encrypt file encrypts respectively and (have how many individual individual authorized users, the file encryption key that just has the PKI of the how many parts of individual authorized users of use to encrypt respectively), and colony's deciphering control strategy that data comprise the file encryption key of encrypting by shared encrypted public key and the encrypt file of encrypting with file encryption key is controlled in colony's deciphering, described shared encrypted public key is a public PKI that the file encryption key of encrypt file is encrypted, and its corresponding private key is for the file decryption processing of colony's authorized user, the file decryption control data of described encrypt file produce in the time that encrypt file generates, the file decryption control data of described encrypt file change through leading subscriber revised file deciphering control strategy after encrypt file generates,
File encryption filter: comprise being kept at file in described secure file catalogue file in the subprime directory of secure file catalogue be automatically encrypted with the driving stack that is inserted into computer file system of decryption processing in the driving of a filter type; In the time that a process (trusted or non-trusted process) is saved in a unencrypted file in subordinate's file directory that secure file catalogue comprises secure file catalogue, described file encryption filter is encrypted automatically to the file of preserving; In the time that a process is opened a unencrypted file in the subprime directory that a unencrypted file in secure file catalogue comprises secure file catalogue, described file encryption filter first becomes encrypt file by unencrypted file encryption, and then carries out follow-up operational processes; File encryption filter, a unencrypted file encryption is become in the process of an encrypt file, generates the file decryption control data of encrypt file according to the file decryption control strategy of the file directory at file place (arrange or inherit); In the time that a trusted process comprises that to the encrypt file in described secure file catalogue encrypt file in subordinate's file directory of secure file catalogue reads or deposits write operation, file encryption filter is decrypted or encryption reading or deposit the file data of writing automatically; In the time that a non-trusted process comprises that to the encrypt file in described secure file catalogue encrypt file in subordinate's file directory of secure file catalogue carries out read operation, the file data that described file encryption filter does not read non-trusted process is decrypted processing; Described trusted process is the program process that is allowed to read with plaintext form the file data of encrypt file; Described non-trusted process is the program process that is not allowed to read with clear-text way the file data of encrypt file; Described trusted process and non-trusted process are determined when the system development by described file encryption system developer and are dynamically updated by online updating mode, or set by the user's manual configuration that uses file encryption system; Share while using for uploading or be synchronized to file cloud storage system (or general file storage system) when the encrypt file in described secure file catalogue comprises encrypt file in the subprime directory of secure file catalogue, the client of file cloud storage system is set to non-trusted process; Described file encryption filter provides the file decryption control strategy of right mouse button menu for the file directory to secure file catalogue (comprising secure file catalogue self) and encrypt file (comprising individual's deciphering control strategy and colony's deciphering control strategy) and manages, comprise setting, amendment, remove deciphering control strategy, and the encrypted public key in the file decryption control data of encrypt file (comprising PKI and the shared encrypted public key of individual authorized user) is upgraded to operation;
File encryption filter assisted process: one operates in the program process of (User Mode) (or client layer or application layer) under subscriber computer operating system user model, has been responsible for the operational processes that file encryption filter can not complete at System kernel mode (Kernel Mode) (or inner nuclear layer);
In the time that a user manages operation by right mouse button menu to the deciphering control strategy of the file directory in secure file catalogue and encrypt file or while being encrypted the encrypted public key renewal operation of file, file encryption filter or file encryption filter assisted process first determine whether user is a leading subscriber of file directory or encrypt file, if, continue operational processes, otherwise, hang up processing.
When the encrypted public key that by right mouse button menu, the file decryption control strategy of the file directory in secure file catalogue and encrypt file is managed to when operation or be encrypted file as a user is upgraded operation, described file encryption filter or file encryption filter assisted process determine whether user is a leading subscriber of file directory or encrypt file as follows:
If what user operated by right mouse button menu is a file directory, file encryption filter or file encryption filter assisted process are first obtained the file decryption control strategy of the operated file directory of user, then check determine subscriber computer this locality (in crypto module) whether have in file decryption control strategy one individual's deciphering control strategy for the private key of leading subscriber, if have, determine that user is a leading subscriber of file directory, otherwise uncertain user is a leading subscriber of file directory;
If what user operated by right mouse button menu is an encrypt file, the individual that file encryption filter or file encryption filter assisted process are first obtained in the file decryption control data of file deciphers control data, then check and determine whether a guy deciphers the corresponding private key of PKI of controlling the leading subscriber in data, file encryption key being encrypted in subscriber computer this locality (in crypto module), if have, determine that user is the leading subscriber of encrypt file, otherwise uncertain user is a leading subscriber of encrypt file.
In the time of file directory and encrypt file establishment or generation, described file encryption filter carries out title conversion to the title of the file directory in secure file catalogue and encrypt file, comprises the title of the encrypt file in subordinate's file directory and subordinate's file directory of secure file catalogue self and secure file catalogue is carried out to title conversion (being kept at name on storage medium and being the name after conversion); When open file operation (as file is enumerated) carries out name inverse transformation again carrying out file I/O when operation, thus (original) file directory title different with encrypt file title (as being shown as mess code) that when file encryption filter is not normally started, user or the being seen file directory title of program process adopt during with file directory and encrypt file establishment with encrypt file title.
Described file encryption filter generates as follows the file decryption control data of encrypt file in the time that the unencryption file in secure file catalogue comprises that unencryption file in subordinate's file directory of secure file catalogue is encrypted:
Obtain the file decryption control strategy (the file decryption control strategy that file directory directly arranges or the file decryption control strategy of succession) of unencryption file place file directory, and become the file decryption control strategy of encrypt file with this; Use every individual deciphering control strategy in the file decryption control strategy obtaining for the PKI of each individual authorized user respectively the file encryption key of random generation is encrypted, the individual who forms encrypt file deciphers control data, use shared encrypted public key to be encrypted the file encryption key of random generation and with file encryption key, control strategy is deciphered to by the colony in the file decryption control strategy obtaining to be encrypted, form colony's deciphering control data of encrypt file; The individual of formation is deciphered to the file decryption control data of controlling data and colony's deciphering control data merging formation encrypt file, then the file decryption control data of formation are put in encrypt file.
When user is comprised an encrypt file in subordinate's file directory of secure file catalogue is carried out to the setting of file decryption control strategy or when amendment an encrypt file in secure file catalogue by right mouse button menu, described file encryption filter or file encryption filter assisted process determine user be the leading subscriber of encrypt file after as follows file decryption control strategy set to leading subscriber or amendment process:
Use the individual of the private key enabling decryption of encrypted file of the current leading subscriber that is carrying out the setting of file decryption control strategy or retouching operation to decipher the file encryption key of the public key encryption of controlling the current leading subscriber of use in data; Then use every individual's deciphering control strategy institute in the file decryption control strategy of current leading subscriber setting or amendment for each individual authorized user comprise that the PKI of current leading subscriber is encrypted file encryption key respectively, the individual of formation encrypt file deciphers control data; Use shared encrypted public key to be encrypted file encryption key and with file encryption key, control strategy is deciphered to by the colony in the file decryption control strategy of current leading subscriber setting or amendment to be encrypted, data are controlled in the colony's deciphering that forms encrypt file; The individual of formation is deciphered to the file decryption control data of controlling data and colony's deciphering control data merging formation encrypt file, finally by original file decryption control data in the file decryption control data replacement encrypt file forming;
In the file decryption control strategy of or amendment set at current leading subscriber, arrange or the file decryption control strategy of always set or amendment of the current leading subscriber of retouching operation in individual's deciphering control strategy for leading subscriber.
When user comprises when the file decryption control strategy of an encrypt file in subordinate's file directory of secure file catalogue is removed an encrypt file in secure file catalogue by right mouse button menu, described file encryption filter or file encryption filter assisted process are processed clear operation as follows determining after user is the leading subscriber of encrypt file:
The colony deciphering of removing encrypt file is controlled data and individual's deciphering and is controlled in data except using the file encryption key of useful other public key encryptions of institute the file encryption key of the public key encryption that is carrying out the leading subscriber of clear operation and using the colony that file encryption key is encrypted to decipher control strategy.
In the time that user carries out the setting of file decryption control strategy or amendment by right mouse button menu to a file directory in secure file catalogue, after the leading subscriber that described file encryption filter or file encryption filter assisted process are file directorys definite user, file decryption control strategy set to leading subscriber or amendment is processed as follows:
The file decryption control strategy of the file directory that the file decryption control strategy replacement management user of use leading subscriber setting or amendment is operating, wherein, in the file decryption control strategy of or amendment set at leading subscriber, arranging or the file decryption control strategy of always set or amendment of the leading subscriber of retouching operation in individual's deciphering control strategy for leading subscriber; The file decryption control strategy that is arranging or revising for leading subscriber for or each encrypt file of acting on, encrypt file is arranged by right mouse button menu by leading subscriber or processing mode when the operation of revised file deciphering control strategy to arranging or the file decryption control strategy of amendment is processed.
In the time that user removes file decryption control strategy by right mouse button menu to a file directory in secure file catalogue, after the leading subscriber that described file encryption filter or file encryption filter assisted process are file directorys definite user, as follows the operation of leading subscriber removing file decryption control strategy is processed:
Remove leading subscriber and decipher the every other file decryption control strategy control strategy by the individual except the leading subscriber for operating in the file decryption control strategy of the file directory of right mouse button menu operation, comprise individual's deciphering control strategy and colony's deciphering control strategy; The file decryption control strategy of removing for leading subscriber for or each encrypt file of effect, by right mouse button menu, encrypt file is removed to the processing that the processing mode in file decryption control strategy when operation is removed file decryption control strategy by leading subscriber.
When user comprises that to an encrypt file in secure file catalogue an encrypt file in subordinate's file directory of secure file catalogue is encrypted to PKI upgrades when operation by right mouse button menu, described file encryption filter or file encryption filter assisted process are after definite user is the leading subscriber of encrypt file, check leading subscriber be encrypted PKI upgrade operation for the file decryption control data of encrypt file in each PKI that file encryption key is encrypted, comprise PKI and the shared encrypted public key of the authorized user that file encryption key is encrypted, determine whether each checked PKI has the PKI of renewal, if have, first with the individual who is being encrypted PKI and upgrades the private key enabling decryption of encrypted file of the current leading subscriber of operation decipher control in data by the file encryption key of current leading subscriber public key encryption, then the file encryption key again deciphering being obtained with the PKI upgrading is encrypted, afterwards with the file encryption key of the original public key encryption of use in the file decryption control data of the file encryption key Substitution encryption file after re-encrypted.
In the time that user comprises that to a file directory in secure file catalogue secure file catalogue self is encrypted PKI renewal operation by right mouse button menu, described file encryption filter or file encryption filter assisted process are after definite user is the leading subscriber of encrypt file, each encrypt file in the file directory operating for leading subscriber comprises the encrypt file in subordinate's file directory of the file directory that leading subscriber operating, processing mode while encrypt file being encrypted to PKI renewal operation by leading subscriber by right mouse button menu is encrypted the processing that PKI upgrades.
Can see from the above description, the present invention is by encrypting based on the transparent file of file encryption filter and for the setting of the file decryption control strategy of secure file catalogue and subordinate's file directory thereof, realize the automatic generation of the automatic encryption of the shared file in file directory and the deciphering control data of encrypt file, avoid user repeatedly to carry out craft to shared file and encrypt and tactful setting operation.Further, the present invention carries out title conversion by the file directory title in secure file catalogue and file name, the file directory title and the file name that when when file encryption filter is not normally started, user or the being seen file directory title of program process create from file directory and encrypt file with encrypt file title, adopt are different, such as being shown as mess code, reminding user file encryption filter not yet starts, avoid because file encryption filter does not normally start and makes the file in secure file catalogue not encrypted, and the file of avoiding uploading to file cloud storage system is not encrypted.When for the storage of file cloud, be set to non-trusted process by the client of file cloud storage system, the file for shared that makes to upload to file cloud storage system is encrypted, and can between the user who authorizes, realize safety and share.
Brief description of the drawings
Fig. 1 is the structure chart of system of the present invention.
Fig. 2 is the data composition schematic diagram of encrypt file of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the invention will be further described.
System of the present invention can be at another patent application of the applicant " a kind of file encryption system towards shared file " (number of patent application: implement on the basis of the shared file encipherment scheme 201410151619.2), permitted many-sided enforcement and the enforcement in patent application 201410151619.2 and be the same or similarly or expansion in the above, specific as follows.
Public-key cipher technology: the public-key cipher technology using for encrypt file is with in patent application 201410151619.2, can use encryption technology (the Identity Based Encryption based on mark, IBE), comprise and expand the use of identify label and the enforcement of IBE cipher key service system.
Individual authorized user and colony's authorized user: the individual authorized user in the present invention is corresponding to the individual sharing users in patent application 201410151619.2, but individual authorized user in the present invention is further divided into again leading subscriber and domestic consumer; Colony of the present invention authorized user is corresponding to the colony's sharing users in patent application 201410151619.2.
Secure file catalogue: secure file catalogue can be any file directory of subscriber computer file system, user can be secure file catalogue by certain file directory of right mouse button menu designated computer file system, or cancel the secure file catalogue that arranged, relevant configuration information can leave in the file directory that file encryption system program deposits.
File decryption control strategy: the colony's deciphering control strategy in the present invention is corresponding to the colony's sharing policy in patent application 201410151619.2; Individual's deciphering control strategy of the present invention does not have correspondence in patent application 201410151619.2; The form of individual's deciphering control strategy of the present invention and colony's deciphering control strategy can customize (text or XML) or adopts standard criterion form (as XACML, eXtensible Access Control Markup Language).For depositing of the file decryption control strategy of each file directory and encrypt file in secure file catalogue (comprise individual and colony decipher control strategy), can adopt and leave concentratedly or disperse the mode of depositing, such as, leave concentratedly in a toy data base on subscriber computer, or the file of the file decryption control strategy that comprises All Files catalogue and encrypt file (being strategy file) is left in the file directory that file encryption system program deposits, or the strategy file of the file decryption control strategy that comprises All Files catalogue and encrypt file is left in secure file catalogue (root), or a file directory and the strategy file that is directly stored in the file decryption control strategy of the encrypt file under this file directory are deposited to (dispersion storage scheme) under this file directory.
If leaving concentratedly in secure file catalogue or dispersion, the strategy file of preservation file decryption control strategy leaves in each file directory of secure file catalogue, the filename of strategy file also carries out name conversion and preserves with the form of hidden file, file encryption filter, in the time processing file enumeration operation, does not return to the information of enumerating to strategy file.In order to ensure the safety of file decryption control strategy, prevent unauthorized amendment, the private key digital signature that strategy file can be deciphered the leading subscriber of control strategy with (last) setting or revised file.
Encrypt file: the specific embodiments (being the formation of file data) of encrypted file data is in fact the same with the embodiment of the encrypt file in patent application 201410151619.2, just the individual in the file decryption control data of the encrypt file in the present invention deciphers control data, corresponding to the PKI of the individual sharing users of use in the key data of the encrypt file in application for a patent for invention 201410151619.2, file encryption key is encrypted to rear formed data, the file encryption key that the colony's deciphering control data in the file decryption control data of the encrypt file in the present invention are encrypted corresponding to the shared encrypted public key of the use in the key data of the encrypt file in application for a patent for invention 201410151619.2 and the colony's sharing policy with file encryption key encryption.Should be noted, although the individual that encrypt file includes or indirectly comprise encrypt file deciphers control strategy and colony's deciphering control strategy, in the file decryption control strategy database in secure file catalogue or strategy file, still preserve the file decryption control strategy of encrypt file.
File encryption filter: file encryption filter can be in patent application 201410151619.2 expansion on the basis of file encryption filter, increase file encryption function of the present invention.
File encryption filter assisted process: can use any application-development technologies exploitation that is suitable for subscriber computer.Data exchange mechanism between inner nuclear layer and the client layer that operating system provides (data exchange mechanism between inner nuclear layer and the client layer providing as Windows) can be provided exchanges data between file encryption filter assisted process and file encryption filter.
File name and the conversion of file directory title: a kind of embodiment of file name and the conversion of file directory title is that low 7 of each byte of the byte serial of name are carried out to ring shift left or move to right 1; Or by low 7 merging of all bytes of the byte serial of name, after merging, carry out ring shift left or move to right 1, then by the data after displacement by every 7 the corresponding bytes that are assigned to the byte serial of name; Or directly file name and file directory title are carried out to Base64 coding (this scheme can change the length of name).Name conversion is to carry out in the time of file directory or encrypt file establishment; In the time carrying out file I/O operation, carry out inverse transformation (as carrying out shift reverse or Base64 decoding).File name and the conversion of file directory title and inverse transformation are undertaken by file encryption filter.
PKI upgrades: the same with patent application 201410151619.2 of the meaning of the PKI of renewal of the present invention.
The deciphering of encrypt file: the embodiment of individual authorized user decryption sharing encrypt file of the present invention is identical with the embodiment of the individual sharing users decryption sharing encrypt file in patent application 201410151619.2; The embodiment of the colony's authorized user decryption sharing encrypt file in the present invention is identical with the scheme of the colony's sharing users decryption sharing encrypt file in patent application 201410151619.2, comprises for the user of colony and implements file decryption server and the identity management system in patent application 201410151619.2.
Other aspects that realize for technology are self-explantory for the technology developer of association area.

Claims (10)

1. towards a shared secure file catalogue file encryption system, described file encryption system comprises secure file catalogue, file encryption filter and file encryption filter assisted process, wherein:
Secure file catalogue a: file directory of the selected computer file system that carries out safeguard protection of user, the file of preserving in described secure file catalogue, and the file of preserving in subordinate's file directory of secure file catalogue is the encrypt file of automatically being encrypted generation by file encryption filter, described encrypt file has same file suffixes with the file before encryption, before and after file encryption, keeps file type constant, described secure file catalogue and subordinate's file directory thereof are provided with or have inherited file decryption control strategy, the file decryption control strategy of a file directory has specified default deciphering control strategy and the authorized user of the encrypt file under file directory, if a file directory in secure file catalogue does not arrange file decryption control strategy, this file directory is inherited the file decryption control strategy of its higher level's file directory, if a file directory in secure file catalogue does not arrange file decryption control strategy, its higher level's file directory does not arrange file decryption control strategy yet, the file decryption control strategy of its higher level's file directory is inherited the more file decryption control strategy of upper level file directory, with north on this until inherit a file decryption control strategy that is provided with higher level's file directory of file decryption control strategy, the file decryption control strategy of described file directory comprises for personal user's individual deciphers control strategy and the colony's deciphering control strategy for group user, wherein, one of file directory individual's deciphering control strategy specify a concrete personal user have deciphering individual decipher control strategy for or the file directory that acts under the authority of close encrypt file, and colony of file directory deciphering control strategy specify the user who there is the user of given feature or meet specified criteria have deciphering colony decipher control strategy for or the file directory that acts under the authority of encrypt file, the described individual by file directory decipher control strategy license can enabling decryption of encrypted file personal user be called individual's deciphering control strategy for or the file directory that acted on and the individual authorized user of encrypt file, described individual authorized user is divided into again leading subscriber and domestic consumer, described leading subscriber refers to the user that can the file decryption control strategy of the file directory in secure file catalogue and encrypt file be managed and the encrypted public key of encrypt file is upgraded, described by the license of the colony of file directory deciphering control strategy can enabling decryption of encrypted file user be called colony's deciphering control strategy for or the file directory that acted on and colony's authorized user of encrypt file, a file decryption control strategy of described file directory for or the file directory of effect refer to and arrange or inherited the file directory of this file control strategy, a file decryption control strategy of described file directory for or the encrypt file that acts on refer to directly leave in this file decryption control strategy for or the file directory that acts under encrypt file, described secure file catalogue generates in the time creating has a default individual for creating user to decipher control strategy, the establishment user of regulation secure file catalogue is the leading subscriber of secure file catalogue, thereby has the authority of the file decryption control strategy of file directory in Administrative Security file order and encrypt file, when generating, automatically inherits an encrypt file file decryption control strategy of place file directory, the individual of an encrypt file deciphers control strategy and has specified that the individual authorized user that can decipher this encrypt file comprises leading subscriber and domestic consumer, colony's deciphering control strategy of an encrypt file has specified to decipher colony's authorized user of this encrypt file, the data of the each encrypt file in secure file catalogue comprise two parts: file data and file decryption control data, the file data of encrypt file is to adopt through a random symmetric key generating the data that form after symmetric key cipher algorithm for encryption by the non-encrypted file data of the original before the corresponding encryption of encrypt file, the symmetric key of described random generation is called file encryption key, the file decryption control data of encrypt file produce according to the file decryption control strategy of this encrypt file, decipher control strategy and colony's deciphering control strategy corresponding to the individual of encrypt file, the file decryption control data of encrypt file comprise that data are controlled in individual's deciphering and data are controlled in colony's deciphering, wherein, people deciphers control data and comprises the file encryption key that the PKI of the each individual authorized user that uses encrypt file is encrypted respectively, and colony's deciphering control strategy that data comprise the encrypt file of using the file encryption key of shared encrypted public key encryption and encrypt with file encryption key is controlled in colony's deciphering, described shared encrypted public key is a public PKI that the file encryption key of encrypt file is encrypted, and its corresponding private key is for the file decryption processing of colony's authorized user, the file decryption control data of described encrypt file produce in the time that encrypt file generates, the file decryption control data of described encrypt file change through leading subscriber revised file deciphering control strategy after encrypt file generates,
File encryption filter: comprise being kept at file in described secure file catalogue file in the subprime directory of secure file catalogue be automatically encrypted with the driving stack that is inserted into computer file system of decryption processing in the driving of a filter type; In the time that a process is saved in a unencrypted file in subordinate's file directory that secure file catalogue comprises secure file catalogue, described file encryption filter is encrypted automatically to the file of preserving; In the time that a process is opened a unencrypted file in the subprime directory that a unencrypted file in secure file catalogue comprises secure file catalogue, described file encryption filter first becomes encrypt file by unencrypted file encryption, and then carries out follow-up operational processes; File encryption filter, a unencrypted file encryption is become in the process of an encrypt file, generates the file decryption control data of encrypt file according to the file decryption control strategy of the file directory at file place; In the time that a trusted process comprises that to the encrypt file in described secure file catalogue encrypt file in subordinate's file directory of secure file catalogue reads or deposits write operation, file encryption filter is decrypted or encryption reading or deposit the file data of writing automatically; In the time that a non-trusted process comprises that to the encrypt file in described secure file catalogue encrypt file in subordinate's file directory of secure file catalogue carries out read operation, the file data that described file encryption filter does not read non-trusted process is decrypted processing; Described trusted process is the program process that is allowed to read with plaintext form the file data of encrypt file; Described non-trusted process is the program process that is not allowed to read with clear-text way the file data of encrypt file; Described trusted process and non-trusted process are determined when the system development by described file encryption system developer and are dynamically updated by online updating mode, or set by the user's manual configuration that uses file encryption system; Share while using for uploading or be synchronized to file cloud storage system when the encrypt file in described secure file catalogue comprises encrypt file in the subprime directory of secure file catalogue, the client of file cloud storage system is set to non-trusted process; Described file encryption filter provides right mouse button menu and manages for the file decryption control strategy of the file directory to secure file catalogue and encrypt file, comprise setting, amendment, remove deciphering control strategy, and the encrypted public key in the file decryption control data of encrypt file is upgraded to operation;
File encryption filter assisted process: a program process operating under subscriber computer operating system user model, be responsible for the operational processes that file encryption filter can not complete at System kernel mode;
In the time that a user manages operation by right mouse button menu to the deciphering control strategy of the file directory in secure file catalogue and encrypt file or while being encrypted the encrypted public key renewal operation of file, file encryption filter or file encryption filter assisted process first determine whether user is a leading subscriber of file directory or encrypt file, if, continue operational processes, otherwise, hang up processing.
2. according to claim 1 towards shared secure file catalogue file encryption system, it is characterized in that: when the encrypted public key that by right mouse button menu, the file decryption control strategy of the file directory in secure file catalogue and encrypt file is managed to when operation or be encrypted file as a user is upgraded operation, described file encryption filter or file encryption filter assisted process determine whether user is a leading subscriber of file directory or encrypt file as follows:
If what user operated by right mouse button menu is a file directory, file encryption filter or file encryption filter assisted process are first obtained the file decryption control strategy of the operated file directory of user, then check determine subscriber computer this locality whether have individual's deciphering control strategy in file decryption control strategy for the private key of leading subscriber, if have, determine that user is a leading subscriber of file directory, otherwise uncertain user is a leading subscriber of file directory;
If what user operated by right mouse button menu is an encrypt file, the individual that file encryption filter or file encryption filter assisted process are first obtained in the file decryption control data of file deciphers control data, then check and determine whether a guy deciphers the corresponding private key of PKI of controlling the leading subscriber in data, file encryption key being encrypted in subscriber computer this locality, if have, determine that user is the leading subscriber of encrypt file, otherwise uncertain user is a leading subscriber of encrypt file.
3. according to claim 1 towards shared secure file catalogue file encryption system, it is characterized in that:
In the time of file directory and encrypt file establishment or generation, described file encryption filter carries out title conversion to the title of the file directory in secure file catalogue and encrypt file, comprises the title of the encrypt file in subordinate's file directory and subordinate's file directory of secure file catalogue self and secure file catalogue is carried out to title conversion; Time carry out again name inverse transformation carrying out file I/O operation, thereby the file directory title that when file encryption filter is not normally started, user or the being seen file directory title of program process adopt during with file directory and encrypt file establishment with encrypt file title is different with encrypt file title.
4. according to claim 1 towards shared secure file catalogue file encryption system, it is characterized in that:
Described file encryption filter generates as follows the file decryption control data of encrypt file in the time that the unencryption file in secure file catalogue comprises that unencryption file in subordinate's file directory of secure file catalogue is encrypted:
Obtain the file decryption control strategy of unencryption file place file directory, and become the file decryption control strategy of encrypt file with this; Use every individual deciphering control strategy in the file decryption control strategy obtaining for the PKI of each individual authorized user respectively the file encryption key of random generation is encrypted, the individual who forms encrypt file deciphers control data, use shared encrypted public key to be encrypted the file encryption key of random generation and with file encryption key, control strategy is deciphered to by the colony in the file decryption control strategy obtaining to be encrypted, form colony's deciphering control data of encrypt file; The individual of formation is deciphered to the file decryption control data of controlling data and colony's deciphering control data merging formation encrypt file, then the file decryption control data of formation are put in encrypt file.
5. according to claim 1 towards shared secure file catalogue file encryption system, it is characterized in that:
When user is comprised an encrypt file in subordinate's file directory of secure file catalogue is carried out to the setting of file decryption control strategy or when amendment an encrypt file in secure file catalogue by right mouse button menu, described file encryption filter or file encryption filter assisted process determine user be the leading subscriber of encrypt file after as follows file decryption control strategy set to leading subscriber or amendment process:
Use the individual of the private key enabling decryption of encrypted file of the current leading subscriber that is carrying out the setting of file decryption control strategy or retouching operation to decipher the file encryption key of the public key encryption of controlling the current leading subscriber of use in data; Then use every individual's deciphering control strategy institute in the file decryption control strategy of current leading subscriber setting or amendment for each individual authorized user comprise that the PKI of current leading subscriber is encrypted file encryption key respectively, the individual of formation encrypt file deciphers control data; Use shared encrypted public key to be encrypted file encryption key and with file encryption key, control strategy is deciphered to by the colony in the file decryption control strategy of current leading subscriber setting or amendment to be encrypted, data are controlled in the colony's deciphering that forms encrypt file; The individual of formation is deciphered to the file decryption control data of controlling data and colony's deciphering control data merging formation encrypt file, finally by original file decryption control data in the file decryption control data replacement encrypt file forming;
In the file decryption control strategy of or amendment set at current leading subscriber, arrange or the file decryption control strategy of always set or amendment of the current leading subscriber of retouching operation in individual's deciphering control strategy for leading subscriber.
6. according to claim 1 towards shared secure file catalogue file encryption system, it is characterized in that:
When user comprises when the file decryption control strategy of an encrypt file in subordinate's file directory of secure file catalogue is removed an encrypt file in secure file catalogue by right mouse button menu, described file encryption filter or file encryption filter assisted process are processed clear operation as follows determining after user is the leading subscriber of encrypt file:
The colony deciphering of removing encrypt file is controlled data and individual's deciphering and is controlled in data except using the file encryption key of useful other public key encryptions of institute the file encryption key of the public key encryption that is carrying out the leading subscriber of clear operation and using the colony that file encryption key is encrypted to decipher control strategy.
7. according to claim 1 or 5 towards shared secure file catalogue file encryption system, it is characterized in that:
In the time that user carries out the setting of file decryption control strategy or amendment by right mouse button menu to a file directory in secure file catalogue, after the leading subscriber that described file encryption filter or file encryption filter assisted process are file directorys definite user, file decryption control strategy set to leading subscriber or amendment is processed as follows:
The file decryption control strategy of the file directory that the file decryption control strategy replacement management user of use leading subscriber setting or amendment is operating, wherein, in the file decryption control strategy of or amendment set at leading subscriber, arranging or the file decryption control strategy of always set or amendment of the leading subscriber of retouching operation in individual's deciphering control strategy for leading subscriber; The file decryption control strategy that is arranging or revising for leading subscriber for or each encrypt file of acting on, encrypt file is arranged by right mouse button menu by leading subscriber or processing mode when the operation of revised file deciphering control strategy to arranging or the file decryption control strategy of amendment is processed.
According to described in claim 1 or 6 towards shared secure file catalogue file encryption system, it is characterized in that:
In the time that user removes file decryption control strategy by right mouse button menu to a file directory in secure file catalogue, after the leading subscriber that described file encryption filter or file encryption filter assisted process are file directorys definite user, as follows the operation of leading subscriber removing file decryption control strategy is processed:
Remove leading subscriber and decipher the every other file decryption control strategy control strategy by the individual except the leading subscriber for operating in the file decryption control strategy of the file directory of right mouse button menu operation, comprise individual's deciphering control strategy and colony's deciphering control strategy; The file decryption control strategy of removing for leading subscriber for or each encrypt file of effect, by right mouse button menu, encrypt file is removed to the processing that the processing mode in file decryption control strategy when operation is removed file decryption control strategy by leading subscriber.
9. according to claim 1 towards shared secure file catalogue file encryption system, it is characterized in that:
When user comprises that to an encrypt file in secure file catalogue an encrypt file in subordinate's file directory of secure file catalogue is encrypted to PKI upgrades when operation by right mouse button menu, described file encryption filter or file encryption filter assisted process are after definite user is the leading subscriber of encrypt file, check leading subscriber be encrypted PKI upgrade operation for the file decryption control data of encrypt file in each PKI that file encryption key is encrypted, comprise PKI and the shared encrypted public key of the authorized user that file encryption key is encrypted, determine whether each checked PKI has the PKI of renewal, if have, first with the individual who is being encrypted PKI and upgrades the private key enabling decryption of encrypted file of the current leading subscriber of operation decipher control in data by the file encryption key of current leading subscriber public key encryption, then the file encryption key again deciphering being obtained with the PKI upgrading is encrypted, afterwards with the file encryption key of the original public key encryption of use in the file decryption control data of the file encryption key Substitution encryption file after re-encrypted.
10. according to claim 9 towards shared secure file catalogue file encryption system, it is characterized in that:
In the time that user comprises that to a file directory in secure file catalogue secure file catalogue self is encrypted PKI renewal operation by right mouse button menu, described file encryption filter or file encryption filter assisted process are after definite user is the leading subscriber of encrypt file, each encrypt file in the file directory operating for leading subscriber comprises the encrypt file in subordinate's file directory of the file directory that leading subscriber operating, processing mode while encrypt file being encrypted to PKI renewal operation by leading subscriber by right mouse button menu is encrypted the processing that PKI upgrades.
CN201410323581.2A 2014-07-07 2014-07-07 It is a kind of towards shared secure file catalogue file encryption system Active CN104125069B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410323581.2A CN104125069B (en) 2014-07-07 2014-07-07 It is a kind of towards shared secure file catalogue file encryption system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410323581.2A CN104125069B (en) 2014-07-07 2014-07-07 It is a kind of towards shared secure file catalogue file encryption system

Publications (2)

Publication Number Publication Date
CN104125069A true CN104125069A (en) 2014-10-29
CN104125069B CN104125069B (en) 2017-07-25

Family

ID=51770341

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410323581.2A Active CN104125069B (en) 2014-07-07 2014-07-07 It is a kind of towards shared secure file catalogue file encryption system

Country Status (1)

Country Link
CN (1) CN104125069B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104734847A (en) * 2015-04-21 2015-06-24 武汉理工大学 Shared symmetric key data encrypting and decrypting method for public key cryptography application
CN105224882A (en) * 2015-09-23 2016-01-06 武汉理工大学 A kind of file encryption system based on bridge file system
CN105426766A (en) * 2015-10-27 2016-03-23 武汉理工大学 File encryption system based on shadow file
CN105590067A (en) * 2015-12-17 2016-05-18 武汉理工大学 User space file system based file encryption system
CN105740725A (en) * 2016-01-29 2016-07-06 北京大学 File protection method and system
CN106599728A (en) * 2016-12-02 2017-04-26 山东中创软件商用中间件股份有限公司 File filtering drive framework-based system file protection method and apparatus
CN106650492A (en) * 2016-12-14 2017-05-10 北京大学 Multi-device file protection method and device based on security catalog
CN108632206A (en) * 2017-03-19 2018-10-09 上海格尔软件股份有限公司 A kind of system that encryption cloud storage is combined with explorer
CN110381029A (en) * 2019-06-20 2019-10-25 视联动力信息技术股份有限公司 A kind of monitoring resource synchronization method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090265562A1 (en) * 2007-01-24 2009-10-22 Humming Heads Inc. Data conversion method on storage medium, apparatus and program
CN103825953A (en) * 2014-03-04 2014-05-28 武汉理工大学 User mode encrypt file system
CN103841113A (en) * 2014-03-20 2014-06-04 武汉理工大学 Safe network file system based on user mode file system
CN103888467A (en) * 2014-03-31 2014-06-25 武汉理工大学 Sharing-oriented safety file folder encryption system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090265562A1 (en) * 2007-01-24 2009-10-22 Humming Heads Inc. Data conversion method on storage medium, apparatus and program
CN103825953A (en) * 2014-03-04 2014-05-28 武汉理工大学 User mode encrypt file system
CN103841113A (en) * 2014-03-20 2014-06-04 武汉理工大学 Safe network file system based on user mode file system
CN103888467A (en) * 2014-03-31 2014-06-25 武汉理工大学 Sharing-oriented safety file folder encryption system

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104734847B (en) * 2015-04-21 2018-01-19 武汉理工大学 Towards the shared symmetric key data encryption and decryption method of public key cryptography application
CN104734847A (en) * 2015-04-21 2015-06-24 武汉理工大学 Shared symmetric key data encrypting and decrypting method for public key cryptography application
CN105224882A (en) * 2015-09-23 2016-01-06 武汉理工大学 A kind of file encryption system based on bridge file system
CN105224882B (en) * 2015-09-23 2018-04-20 武汉理工大学 A kind of file encryption system based on bridge file system
CN105426766A (en) * 2015-10-27 2016-03-23 武汉理工大学 File encryption system based on shadow file
CN105426766B (en) * 2015-10-27 2018-05-18 武汉理工大学 A kind of file encryption system based on shadow file
CN105590067B (en) * 2015-12-17 2018-06-19 武汉理工大学 A kind of file encryption system based on user's space file system
CN105590067A (en) * 2015-12-17 2016-05-18 武汉理工大学 User space file system based file encryption system
CN105740725B (en) * 2016-01-29 2018-08-28 北京大学 A kind of document protection method and system
CN105740725A (en) * 2016-01-29 2016-07-06 北京大学 File protection method and system
CN106599728A (en) * 2016-12-02 2017-04-26 山东中创软件商用中间件股份有限公司 File filtering drive framework-based system file protection method and apparatus
CN106650492A (en) * 2016-12-14 2017-05-10 北京大学 Multi-device file protection method and device based on security catalog
CN106650492B (en) * 2016-12-14 2019-06-07 北京大学 A kind of multiple device file guard method and device based on security catalog
CN108632206A (en) * 2017-03-19 2018-10-09 上海格尔软件股份有限公司 A kind of system that encryption cloud storage is combined with explorer
CN110381029A (en) * 2019-06-20 2019-10-25 视联动力信息技术股份有限公司 A kind of monitoring resource synchronization method and device
CN110381029B (en) * 2019-06-20 2022-03-01 视联动力信息技术股份有限公司 Monitoring resource synchronization method and device

Also Published As

Publication number Publication date
CN104125069B (en) 2017-07-25

Similar Documents

Publication Publication Date Title
CN104125069A (en) Secure file catalogue file encryption system towards sharing
CN108259169B (en) File secure sharing method and system based on block chain cloud storage
WO2018032374A1 (en) Encrypted storage system for block chain and method using same
CA2623137C (en) Cryptographic control for mobile storage means
US8625802B2 (en) Methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management
US9031876B2 (en) Managing keys for encrypted shared documents
CN103561034B (en) A kind of secure file shared system
CN103530570A (en) Electronic document safety management system and method
CN103679050A (en) Security management method for enterprise-level electronic documents
CN105378649A (en) Multiple authority data security and access
CN101938497A (en) Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof
CN102567688B (en) File confidentiality keeping system and file confidentiality keeping method on Android operating system
CN103916480B (en) A kind of file encryption system towards shared file
CN105100083A (en) Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo
CN103546547A (en) Cryptosystem for cloud storage files
CN103841113A (en) Safe network file system based on user mode file system
US10671748B2 (en) Secrets as a service
CN102215214B (en) Selective-transparent-encryption/decryption-based file protection method and system
CN105072134A (en) Cloud disk system file secure transmission method based on three-level key
TW200830200A (en) Information security management system and method for electronic document
JP2015056090A (en) File access control device, file access control program, and file access control method
TWI381285B (en) Rights management system for electronic files
WO2016087837A1 (en) Secure document management
TWI590069B (en) Application of data encryption and decryption in the cloud computing environment to share mechanisms and rights management methods
Sharma et al. Transcrypt: A secure and transparent encrypting file system for enterprises

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20190813

Address after: 314112 2 Floor 2, No. 383 Huimin Avenue, Huimin Street, Jiashan County, Jiaxing City, Zhejiang Province

Patentee after: Jiaxing Guao Gene Technology Co., Ltd.

Address before: 430070 Hubei Province, Wuhan city Hongshan District Luoshi Road No. 122

Patentee before: Wuhan University of Technology